Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Detecting SPAM with image (Not able to detect SPAM with Image)
  •  
Jmast

Messages: 10
Karma: 1
Send a private message to this user
We are getting a lot of SPAM messages where the email is mainly comprised of just a picture with a hyperlink. We have all of the SPAM filtering enabled in Kerio but it does not able to recognize this as SPAM. I am able to view source, which I have attached to this post. And you can see that they the sender is crafting the html to bypass filters. Has anyone else able detect these emails as SPAM? Are there some custom rules that might help detecting these as SPAM? Any help is appreciated.



X-Spam-Status: No, hits=0.0 required=1.5 tests=TOTAL_SCORE: 0.000
X-Spam-Level:
Received: from comece.biz ([141.255.162.251]) by mail.*.com
for *.com; Tue, 17 Dec 2013 10:17:34 -0500
Subject: Up to 75% Savings on Electricity
Message-ID: <CCD443EF.DA03.45E2.14E6<_at_>comece.biz>
X-check: bZGFuaWVsLnpvb2tAbGVobWFucy5jb20=
MIME-Version: 1.0
Date: Tue, 17 Dec 2013 10:04:56 -0500
Importance: Normal
X-Priority: 3
Thread-Index: Ac77ctKemiI4/z0cuEa7CFq9Z5HDZg==
From: Solar America <vivianau<_at_>hoeing.comece.biz>
To: Recipient <dsepulveda<_at_>infohighway.com>

Content-Type: multipart/related; boundary="=-OoxwnUOi0AVuf/PXQeh6"


  •  
freakinvibe

Messages: 1508
Karma: 58
Send a private message to this user
For a custom filter, you must find some common things on the spam mails. With only one sample in your post it is impossible to suggest anything.

Also, how big is the total size of such a mail? Spamassassin skips mails that are bigger than a certain size.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Jmast

Messages: 10
Karma: 1
Send a private message to this user
The emails are not that big, generally less than 350 KB.

I did notice that most of them were coming from common domain names(.me .mobi and .biz). So I just added a custom spam rule, to add to the SPAM score if emails are received from these domains. For the last several days this seems to be making a big difference. I will just have to keep watching to make sure that legitimate HAM is not being filtered as SPAM.
  •  
camisy

Messages: 114
Karma: 12
Send a private message to this user
which anti spam features are you using and how is your server connected? POP3 or MX?
  •  
Jmast

Messages: 10
Karma: 1
Send a private message to this user
We currently have all of the spam features that Kerio has available, enabled. I think we noticed the biggest difference when we added a custom rule, that increased spam score for the three domains mentioned earlier and also add some custom scoring to the spam assassin filter by following suggestions by MarkK. Message 109102, trouble with spam
  •  
camisy

Messages: 114
Karma: 12
Send a private message to this user
and how is your MTA connected?
  •  
Jmast

Messages: 10
Karma: 1
Send a private message to this user
  •  
camisy

Messages: 114
Karma: 12
Send a private message to this user
That's good. As freakinvibe suggested you must find something in common. are these mails only be sent from the the IP? Same Domain? Subject? Or does everything change with every mail?

The mentioned IP appears on some smaller BL, maybe you can subscribe these.

http://multirbl.valli.org/lookup/141.255.162.251.html
Previous Topic: Archive Location
Next Topic: Contacts are on iPhone but not on server, how do I get them?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Aug 19 11:08:20 CEST 2017

Total time taken to generate the page: 0.00470 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.