Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Spam filtering through... (Receiving spam, although all services seem to be enabled)
  •  
quicktech

Messages: 3
Karma: 0
Send a private message to this user
I am receiving spam messages that are getting past the Kerio spam filtering, even though they are scoring above the spam threshold and should be black holed.
I have about 6 emails I can post headers of, but we'll start with two for now; let me know if others will help.
I have changed the client's domain name to domain.com
---8<---
Email 1
---8<---
Return-Path: <nolanj8<_at_>gmail.com>
X-Spam-Status: Yes, hits=8.1 required=5.0
tests=DNSBL_DNSBL-1.UCEPROTECT.NET: 1.50,AXB_HELO_HOME_UN: 0.018,BAYES_99: 4.07,
FSL_HELO_DEVICE: 0.806,HELO_LH_HOME: 1.736,TOTAL_SCORE: 8.130,autolearn=no
Received: from device.lan ([31.185.188.217])
by mail.domain.com (Kerio Connect 8.0.0)
for giulia<_at_>domain.com;
Sat, 23 Mar 2013 14:49:28 -0700
Received: from apache by qdgfdacesssasstdb.etisbew.com with local (Exim 4.67)
(envelope-from <<giulia<_at_>domain.com>>)
id AX9KIP-OBF2JR-RC
for <giulia<_at_>domain.com>; Sat, 23 Mar 2013 21:52:11 +0000
To: <giulia<_at_>domain.com>
Subject: this is a gamechaging goldmine
X-PHP-Script: qdgfdacesssasstdb.bernina.co.il/sendmail.php for 31.185.188.217
From: <giulia<_at_>domain.com>
X-Sender: <giulia<_at_>domain.com>
X-Mailer: PHP
X-Priority: 1
Content-Type: text/plain; charset="Windows-1252"
Message-ID: <QBBJZ6-I6JPU8-DT<_at_>qdgfdacesssasstdb.deltamar.net>
Date: Sat, 23 Mar 2013 21:52:11 +0000
MIME-Version: 1.0
---8<---
Email 2
---8<---
Return-Path: <dinsw<_at_>gmail.com>
X-Spam-Status: Yes, hits=7.5 required=5.0
tests=DNSBL_DNSBL-1.UCEPROTECT.NET: 1.50,AWL: -7.736,BAYES_99: 4.07,
FH_HELO_EQ_D_D_D_D: 3.177,HELO_DYNAMIC_IPADDR2: 3.607,TVD_RCVD_IP: 0.001,
URIBL_DBL_SPAM: 1.7,URIBL_JP_SURBL: 1.25,TOTAL_SCORE: 7.569,autolearn=no
Received: from 188-230-193-190.cab.prima.net.ar ([190.193.230.188])
by mail.domain.com (Kerio Connect 8.0.0);
Sat, 23 Mar 2013 18:47:51 -0700
Message-ID: <514E5AF1.403090<_at_>domain.com>
Date: Sat, 23 Mar 2013 22:50:35 -0300
From: <info<_at_>domain.com>,
<giulia<_at_>domain.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: <info<_at_>domain.com>,
<giulia<_at_>domain.com>
Subject: the gurus get insane right now
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 7bit

Thank you in advance for any direction
  •  
Michael Ruffin

Messages: 172
Karma: 4
Send a private message to this user
Are all the spam messages coming through have a gmail email address?
  •  
quicktech

Messages: 3
Karma: 0
Send a private message to this user
Yes, actually they are all from <_at_>gmail.com...
  •  
Michael Ruffin

Messages: 172
Karma: 4
Send a private message to this user
I know that the old Webmail interface has in it's settings a spam whitelist. Is <_at_>gmail.com in that list for the user(s) that are receiving spam? If so, I'd say it's just letting it all through regardless of what it scores..
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
It seems your Spam filter is not configured to use SPF (which should stop these emails) and the messages are allowed because of this: http://forums.kerio.com/mv/msg/24142/100012/#msg_100012
  •  
quicktech

Messages: 3
Karma: 0
Send a private message to this user
I have noticed that this particular client has info@ and giulia<_at_>domain.com in her whitelist, I am removing both of the addresses to see if it is or part of the problem.
I'll follow up once I am sure of the fix, SPF filtering is already enabled.
Previous Topic: Outlook 2011 (Mac) Folder Structure does not Sync 7.4.2
Next Topic: Existing Adressbook add Telephone Numbers or Extensions to Users
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 24 13:16:14 CEST 2017

Total time taken to generate the page: 0.00419 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.