Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Spam Assassin is running wild
  •  
Macoperator

Messages: 7
Karma: 0
Send a private message to this user
We have been using Kerio Connect on several Mac servers for some years now and never really had any big problems. So I am genereally really convinced of this piece of software!
Yet over the last few weeks I ran into issues concerning spam that I didn't take too serious at first, until I discovered that even corporate mails between Kerio users suddenly got marked as spam and landed in the recipients' junk folders. Today then I discovered by analyzing the spam log that a few dozen valid emails by customers as well as internal users were discarded by the server having a score of above 9.5!

So I thought by myself I would reset the server's spam filter and even found a Kerio KB article promising to cover that specific topic, but unfortunately it says "Access denied" (kb.kerio.com/product/kerio-connect/server-configuration/ant ispam/how-to-reset-the-spam-assassin-plugin-and-bayes-databa se-1200.html). Can anybody here provide me with some valid information how to reset SpamAssassin in the latest version of Kerio Connect?

Thanks in advance!
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Have you look into the message headers to find out which spam filter rules have been triggered with that email? Resetting Bayes might not be right solution and might not help.
  •  
Ernesto (Kerio)

Messages: 90
Karma: 7
Send a private message to this user
Hello,

To reset the Bayes database, do the following:

1. Stop Kerio Connect Service
2. Using the file browser or Terminal at the OS file system level navigate to where the messge store resides (default location is at: /usr/local/kerio/mailserver/store) and open the folder spamassassin/
3. Rename the subfolder bayes/ to bayes_bad/
4. Restart Kerio Connect service


Sales Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Macoperator

Messages: 7
Karma: 0
Send a private message to this user
Pavel Dobry (Kerio) wrote on Tue, 07 January 2014 23:40
Have you look into the message headers to find out which spam filter rules have been triggered with that email? Resetting Bayes might not be right solution and might not help.

I can give you an example (hope I am giving you the right snippet):

X-Spam-Status: Yes, hits=10.0 required=5.0
tests=FROM_12LTRDOM: 2,HTML_MESSAGE: 0.001,T_SURBL_MULTI1: 0.01,
T_SURBL_MULTI2: 0.01,T_SURBL_MULTI3: 0.01,T_URIBL_BLACK_OVERLAP: 0.01,
T_URIBL_SEM: 0.01,T_URIBL_SEM_FRESH: 0.01,T_URIBL_SEM_FRESH_10: 0.01,
T_URIBL_SEM_FRESH_15: 0.01,T_URIBL_SEM_RED: 0.01,URIBL_AB_SURBL: 4.499,
URIBL_BLACK: 1.775,URIBL_GREY: 1.084,URIBL_OB_SURBL: 0.785,
URIBL_PH_SURBL: 0.001,URIBL_RED: 0.001,URIBL_RHS_DOB: 0.276,
URIBL_SC_SURBL: 0.001,URIBL_WS_SURBL: 1.659,TOTAL_SCORE: 12.172,autolearn=spam
X-Spam-Flag: YES
  •  
Macoperator

Messages: 7
Karma: 0
Send a private message to this user
Here is another example of a local user of the Kerio server sending an email via the local network to another local user. We have seen this behavior hundreds of times over the last couple of days:

X-Spam-Status: Yes, hits=7.5 required=5.4
tests=AWL: -1.949,BAYES_00: -1.665,HTML_MESSAGE: 0.001,
T_SURBL_MULTI1: 0.01,T_SURBL_MULTI2: 0.01,T_SURBL_MULTI3: 0.01,
T_URIBL_BLACK_OVERLAP: 0.01,T_URIBL_SEM: 0.01,T_URIBL_SEM_FRESH: 0.01,
T_URIBL_SEM_FRESH_10: 0.01,T_URIBL_SEM_FRESH_15: 0.01,T_URIBL_SEM_RED: 0.01,
URIBL_AB_SURBL: 4.499,URIBL_BLACK: 1.725,URIBL_GREY: 0.424,
URIBL_OB_SURBL: 0.122,URIBL_PH_SURBL: 0.61,URIBL_RED: 0.001,
URIBL_RHS_DOB: 1.514,URIBL_SC_SURBL: 0.568,URIBL_WS_SURBL: 1.608,
TOTAL_SCORE: 7.548,autolearn=no
X-Spam-Flag: YES
X-Spam-Level: *******
  •  
yois

Messages: 2
Karma: 0
Send a private message to this user
The URIBL_BLACK etc. are for links in the message that point to blacklisted sites. Are there any links in the email at all? Send a test message within your domain and see if that also triggers that flag.

Resetting the bayes database won't help here at all. Bayes is detecting this as ham.

It's possible your rules or plugins are corrupted. On the Windows versions, you can stop the mailserver, delete the plugins/spamserver directory (or just rename it), run a repair install, and restart the server to have a fresh copy of spamassassin. It may be the same with Mac.

[Updated on: Wed, 08 January 2014 04:36]

  •  
Macoperator

Messages: 7
Karma: 0
Send a private message to this user
Yes, most of the time we have links in our emails because of our standard mail footer.
If I interpret the answers correctly it seems that deleting the spamassassin/bayes folder does not help in this case (which I can verify). But since the KB article is still offline, how am I supposed to deal with the situation now?
  •  
Macoperator

Messages: 7
Karma: 0
Send a private message to this user
The next oddity. I am still occupied scanning my spam log in order to write to customers whose mail got deleted during the last few weeks until I discovered an email that I had tried to send which Kerio killed as spam. So I thought I'd resend it, but it got killed again right away! This is what I get:

<xyz<_at_>freenet.de> (mx.freenet.de: 550 No valid sender in Sender:, Reply-T
o:, or From:)
--MIME-1902454874-719389005-delim
Content-Type: message/delivery-status

Reporting-MTA: dns; my.mailserver.de
Arrival-Date: Wed, 8 Jan 2014 11:28:10 +0100

Original-Recipient: xyz<_at_>freenet.de
Final-Recipient: rfc822;xyz<_at_>freenet.de
Action: failed
Status: 5.3.2
Remote-MTA: mx.freenet.de
Diagnostic-Code: SMTP; 550 No valid sender in Sender:, Reply-To:, or From:
  •  
Macoperator

Messages: 7
Karma: 0
Send a private message to this user
So after analyzing more than 2.000 lines of Kerio's spam log I can say that the odd behaviour started around December 16th, which was immediately after I updated Kerio Connect to version 8.2.2. Since then more than 100 false positives with a score of 9.5 or above got "assassined" compared to almost 0 before.
I followed your advice, yois, by renaming the plugins/spamserver folder and installing Kerio 8.2.2 again, and am monitoring now ...
  •  
Macoperator

Messages: 7
Karma: 0
Send a private message to this user
... and the issue seems to be resolved!
So in the end the solution was not deleting the mailstore/spamassassin/bayes folder but plugins/spamserver along with reapplying the latest Kerio update, that seems to have done the trick.
Previous Topic: Renaming inbox folder
Next Topic: Folders to Sync - Unchecks
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Aug 21 08:19:05 CEST 2017

Total time taken to generate the page: 0.00489 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.