Home » Kerio User Forums » Kerio Connect » Spam filter custom rules odd behaviour
Matt S

Messages: 42
Karma: 6
Send a private message to this user
I've been trying to block some troublesome spam using the custom filter and I'm seeing odd results.

Below is a header (addresses removed). I've created a custom rule that says if the subject contains substring "Blood Test Results Email" reject the message. But these messages carry on coming through. What have I missed?

X-Spam-Status: No, hits=0.0 required=3.5
	tests=TOTAL_SCORE: 0.000
Received: from host-2-98-115-250.as13285.net ([])
	by mail.domain.org (Kerio Connect 8.2.2)
	for user<_at_>domain.org;
	Mon, 24 Mar 2014 10:04:57 +0000
Received: from [] (account decorousw3<_at_>gmail.com HELO wlicdtjj.irzosykfjur.ua)
	by host-2-98-115-250.as13285.net (CommuniGate Pro SMTP 5.2.3)
	with ESMTPA id 285434651 for user<_at_>domain.org; Mon, 24 Mar 2014 12:04:52 +0200
From: " National Institute for Health and Care Excellence" <results<_at_>nice.org.uk>
To: <user<_at_>domain.org>
Subject: Blood Test Results Email
Date: Mon, 24 Mar 2014 12:04:52 +0200
MIME-Version: 1.0
X-Priority: 3
X-Mailer: skuoidc.47
Message-ID: <9579257721.9WU9HFU1016316<_at_>yneswlzpjsda.hzorcxvhnecy.tv>

I've also seen some weird stuff in the debug log like this where a custom rule again seems to be ignored:

[24/Mar/2014 12:27:45][28651] {spam} Spam Filter: calculating spam rating for message 533024c0-000028ff from <PimsleurApproachOffer@pbscuiejocozie.us> to <matt<_at_>fivesmallponies.com>...
[24/Mar/2014 12:27:49][28651] {spam} SpamAssassin result string for message file /opt/kerio/mailserver/store/queue/0d/533024c0-000028ff.eml, intrinsic time 4.36s, total time 4.36s: Yes, 7.363,5,BAYES_50: 1.567,CUSTOM_BODY_0: 3,HTML_EXTRA_CLOSE: 0.001,HTML_MESSAGE: 0.001,T_URIBL_SEM_FRESH: 0.01,T_URIBL_SEM_FRESH_10: 0.01,T_URIBL_SEM_FRESH_15: 0.01,URIBL_JP_SURBL: 1.25,URIBL_RHS_DOB: 1.514,autolearn=no
[24/Mar/2014 12:27:49][28651] {spam} Spam Filter: SpamAssassin check finished, adding score 7.36
[24/Mar/2014 12:27:49][28651] {spam} Message from <PimsleurApproachOffer@pbscuiejocozie.us> to <matt<_at_>fivesmallponies.com> matched body SCORE (3.0) rule: "font-size:xx-small" test matched.
[24/Mar/2014 12:27:49][28651] {spam} Spam Filter: Custom spam rules check finished, adding score 0.00
[24/Mar/2014 12:27:49][28651] {spam} Spam Filter: Message 533024c0-000028ff from <PimsleurApproachOffer@pbscuiejocozie.us> to <matt<_at_>fivesmallponies.com> got 7.36 hits, total spam score is 7.363

In this case the message is rejected because our threshold is much lower... However it looks like the custom rule is completely ignored, despite being matched.

Messages: 491
Karma: 70
Send a private message to this user
It looks like an other rule is matched:

[24/Mar/2014 12:27:49][28651] {spam} Message from <PimsleurApproachOffer<_at_>pbscuiejocozie.us> to <matt<_at_>fivesmallponies.com> matched body SCORE (3.0) rule: "font-size:xx-small" test matched.

If you have multiple rules defined, move the one that should block the message on top and try again.

Dexion AG - The Blackberry Specialists in Switzerland
Matt S

Messages: 42
Karma: 6
Send a private message to this user
I can't see another rule being matched, but I've reordered things as you suggest. Makes sense.

[Updated on: Mon, 24 March 2014 15:13]

Previous Topic: Rejecting attachment messages
Next Topic: wich folder are posible for archiving
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 18 17:30:28 CET 2018

Total time taken to generate the page: 0.78594 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.