Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » some spam still slips through
  •  
ahu

Messages: 38

Karma: 0
Send a private message to this user
Hi all,

I have pretty much everything activated to filter Spam in our Kerio Connect Mailserver:
- Blacklists
- SpamAssassin
- Caller ID
- SPF
- Greylisting
- Spam Repellent

Now one of my colleagues forwarded me this mail he received:
From: <disregarding999<_at_>4dorganising.co.uk>
Subject: Nice medical store
Cheap prices!Get it now!
http://t.co/ydi1C2th6A

For me this is pretty obvious spam! Why doesn't Kerio recognize that?
[13/Jun/2013 15:58:00] Recv: Queue-ID: 51b9cfe8-000085fe, Service: SMTP, From: <disregarding999@4dorganising.co.uk>, To: <someone@mycompany.com>, Size: 956, Sender-Host: 194.25.242.123, SSL: yes, Subject: Nice medical store, Msg-Id: <51B9CE3A.803030<_at_>4dorganising.co.uk>

The Sender-Host is a bit strange: 194.25.242.123
123.242.25.194.in-addr.arpa domain name pointer mforward.dtag.de.
Which is the mailer from our internet provider we use as fallback:
mycompany.com mail is handled by 10 kerio.mycompany.com.
mycompany.com mail is handled by 20 mforward.dtag.de.

Any ideas what I could optimize here?

EDIT: okay already fixed! I asked my colleague for the Sourcecode of that mail and is was actually detected and marked by our Spam filter because of Caller ID, I changed the settings so Caller ID will raise the Score up that such mails get blocked totaly.

[Updated on: Fri, 14 June 2013 12:00]

  •  
ahu

Messages: 38

Karma: 0
Send a private message to this user
again some spam

X-Spam-Status: No, hits=3.5 required=6.0 tests=BAYES_60: 3.515,TOTAL_SCORE: 3.515,autolearn=no
X-Spam-Level: ***
Received: from mforward1.dtag.de ([194.25.242.123]) by mail.mycompany.com (using TLSv1/SSLv3 with cipher AES256-SHA (256 bits)) for someguy<_at_>mycompany.com; Mon, 17 Jun 2013 04:22:32 +0200
Received: from mforward.dtag.de (ironport04-nat [192.168.0.11]) by mforward1.dtag.de (8.14.3/8.14.3) with ESMTP id r5H2MHpl029717 for <someguy<_at_>mycompany.com>; Mon, 17 Jun 2013 04:22:17 +0200
Received: from client-200.121.149.222.speedy.net.pe ([200.121.149.222]) by mforward.dtag.de with ESMTP; 17 Jun 2013 04:22:16 +0200


While mforward.dtag.de is the relay at our ISP and set to be second MX entry to our domain. So it should get only such mails, while our mailserver is down.
Does Kerio just not recognize it as SPAM, or is it okay, because all kinds of test like Greylisting and so on testing mforward.dtag.de and not the real origin IP?
  •  
clan

Messages: 236
Karma: 22
Send a private message to this user
The score in the MX setting is just a hint on which mail server to prefer, it is not illegal to use it anyway. Some spammers use the secondary because it often is less well guarded.
Previous Topic: Mailing list using groups
Next Topic: Mailbox Quota issues
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Oct 22 08:32:08 CEST 2017

Total time taken to generate the page: 0.00466 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.