Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Spam Headers: False Positve (TVD_FROM_1 & HTML_TITLE_SUBJ_DIFF)
  •  
kgpj

Messages: 17
Karma: 0
Send a private message to this user
I'm receiving an email that's always being tagged as spam. I've already added the domain of this user to the Custom Rules in Spam Filters to allow it. Still, this user is getting tagged as spam.

I've checked the headers and found two high scores which are HTML_TITLE_SUBJ_DIFF and TVD_FROM_1. I've searched the SpamAssassin's site for these rules but didn't find anything. Anyone knows anything about this header?
  •  
freakinvibe

Messages: 1526
Karma: 60
Send a private message to this user
HTML_TITLE_SUBJ_DIFF: In the HTML mail, the title tag differs from the subject

TVD_FROM_1: Sender domain ends in numbers

You could change the scores.cf to lower the scores for that rules, but the better solution is to white list the sender domain. I wonder why this didn't work. How exactly have you setup the custom rule?

[Updated on: Thu, 13 September 2012 16:40]


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
kgpj

Messages: 17
Karma: 0
Send a private message to this user
Thanks for the info. The white list setting for this the following:
Mail header
Header: From
Type: contains domain
Content: <domain>

Action: Treat the message as non-spam
rule enabled


This rule is being triggered and currently it was used in the past 12 hours. According to the header below, It did have the 'CUSTOM_RULE_FROM: ALLOW' but it still get a Total score of 1.198

X-Spam-Status: No, hits=0.0 required=2.5
	tests=AWL: 0.162,BAYES_00: -1.665,HTML_MESSAGE: 0.001,
	MIME_HTML_ONLY: 0.001,TVD_FROM_1: 2.699,CUSTOM_RULE_FROM: ALLOW,
	TOTAL_SCORE: 1.198,autolearn=no


Another header Xspam header. It seems the above one was created when the user move the mail from spam to inbox.

X-Spam-Status: Yes, hits=5.8 required=5.0
	tests=AWL: -0.472,BAYES_50: 1.567,HTML_MESSAGE: 0.001,
	HTML_TITLE_SUBJ_DIFF: 2.036,MIME_HTML_ONLY: 0.001,TVD_FROM_1: 2.699,
	TOTAL_SCORE: 5.832,autolearn=no

[Updated on: Thu, 13 September 2012 20:04]

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
This is correct. The header contains debugging messages. Total message score is "hits=0.0" and it is not marked as a spam.
  •  
freakinvibe

Messages: 1526
Karma: 60
Send a private message to this user
So the custom rule seems to work for the first mail.

In the header of the first mail, I see that the you have a threshold of 2.5 which seems low to me, recommended is 5.0. In the second mail, this seems to be correct. Have you changed it inbetween?

The second mail doesn't trigger the custom rule. Is it from the same domain?

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
kgpj

Messages: 17
Karma: 0
Send a private message to this user
Actually both headers are in the same email. The first part, I think when it was moved to inbox from junk. The second I the one that tagged it as spam. I'm baffled why it had two X-Spam rules in just one email.

Yes, I know the threshold is very low. But that's what they wanted it to be set. They want to aggressively remove spam from their inbox.
  •  
freakinvibe

Messages: 1526
Karma: 60
Send a private message to this user
The second one must come from another mail server. This can be either from a security appliance or some server the mail passed through.

If you look at the routing information in the header you might find out which server added the second X-Spam header.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
kgpj

Messages: 17
Karma: 0
Send a private message to this user
It seems you are right. When I checked the header, the mail server is different from the domain of the sender. When I checked the mail server, it also uses Kerio, that's probably why the X-Spam is so similar.

Would it be possible to have two X-Spam headers in one email?
  •  
freakinvibe

Messages: 1526
Karma: 60
Send a private message to this user
You can have many X-Spam headers in an e-mail. Any mail server the mail passes through can add any header it likes.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: Migrate to MS Exchange
Next Topic: Server Administration
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Sep 20 23:40:51 CEST 2017

Total time taken to generate the page: 0.00469 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.