Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Spam not getting caught (Modified Spam Filter, Reset Spam Assassin DB)
  •  
kgpj

Messages: 17
Karma: 0
Send a private message to this user
Hey guys, I'm having issues with Spam lately where no matter what I did, the spam is not getting caught. I currently have Kerio v.7.4.1. I have these spam where even if I put a substring from subject "getting skinny" or from header "thin.secret", it still not being tagged as spam by Spamassassin. I've manually tagged it from the mailbox but it still coming as a regular email. I checked the headers and there's nothing indicating that it's adding any X-Spam.

I thought that spam assassin has been poisoned and what I did was rename the Bayes folder and restarted Kerio. It's been better now since not most of the users are complaining but I'm not sure why it's not getting caught. Upon further investigation, I saw that there's hidden text within the message body. The font color is white so it's not visible.

My last ditch effort to combat this is to create a specific rule within this mailbox where it moves to the Junk E-mail folder. That worked so far but my concern is this is not very efficient and why does this email not getting caught?
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
There might be a lot of reasons why. I'd suggest to enable antispam debug log and there should be more info checking emails by antispam module.

Petr Dobry
Product Development Manager | Kerio
  •  
kgpj

Messages: 17
Karma: 0
Send a private message to this user
Just went to the debug log and fortunately I've enabled the debug log to capture spam filter messages. I received a different spam but it's a similar case. This time it was sent by fat.gone<_at_>xxxx.com

I saw the logs and spam filter being disabled because it's in the trusted host. I checked my bypass and we're only using the local network to disable the spam filter ratings. I've never seen in the log that it's been treated as Ham.
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Does your mailserver have public IP ?
trusted IPs are by default only 172.16, 192.168 and 10. IPs.

Petr Dobry
Product Development Manager | Kerio
  •  
kgpj

Messages: 17
Karma: 0
Send a private message to this user
Yes, I have private IP. Upon checking the IP Address Groups, I saw that someone added a bunch of IP address and one of them was 207.x.x.x - 255.255.255.0!! And the spammer's IP where it came from was 209.223.36.234.

That's probably why these messages are getting through. Instead of adding a specific subnet, it was added as range. Such a headache. I'll keep checking the logs and see if these keeps coming. Thanks for guiding me to the right direction. I'll check back tomorrow if the spam keeps coming.
Previous Topic: Disable user temporarily, forward emails
Next Topic: Connect Client - Meeting Invite w/ Attachment
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Oct 22 21:12:10 CEST 2017

Total time taken to generate the page: 0.00382 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.