Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Spam (Better spam prevention)
  •  
_air_

Messages: 6
Karma: 0
Send a private message to this user
Kerio Connect is a great product. It provides an excellent small/medium business alternative to Exchange, with all the features a business requires.
One thing missing however is good built-in spam control. Even with the built-in features, a lot of obvious spam gets through. A particular example is attachment spam (or malware).
Currently I pay almost the same again as a license fee to use a separate anti-spam product. This really knocks the cost-effectiveness of Kerio, and pushes you towards a cloud solution.
Would it be possible to add some more anti-spam features without significantly increasing the cost? Maybe Kerio even needs to provide its own mail gateway service.
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
Question is if you have configured Anti-Spam in an optimal way. There are many settings you can change to reduce Spam. We use only Kerio as an Anti-Spam and we don't get much Spam through.

What are you Anti-Spam settings?

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
One of the anti-spam things that you can do is to adjust your Spam Assassin ratings for the particular type of spam you are receiving. The default rules will sometimes add weighted scores such as ".001", which does not go very far if you have your Spam/NotSpam threshold set at maybe 5. The best method would be to enter in your own overriding scores for the rules that you see being hit.

So basically, you can spend your time to adjust the spam rules, or you can pay someone else to spend their time to adjust their spam rules for your outsourced filtering.

It is very easy to create your own scoring. You create your own scoring file, I would suggest starting it with the letter "z" because I believe it processes the rule files in filename order, so use something like ..\MailServer\plugins\spamserver\spamassassin\rules\zMyRules .cf. Then literally copy-and-paste and enter your new scoring for the rule you want a higher / lower score on.
  •  
_air_

Messages: 6
Karma: 0
Send a private message to this user
My settings are filtering out a lot of spam, but a lot still gets though.
Obviously the spam is designed to get through filters, but when you see it, it is still obviously spam.
Its a good idea to create a custom scoring file. I will try that.
One bugbear is attachment spam (or malware). The e-mail itself contains little information, hence it is hard to filter. For example from HMRC saying "here is your receipt". I don't know how you kill that. Doing a virus scan of the attachment is pointless, as it is already obviously spam.
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
I catch most spams with Blacklists. It is important not only to use the ones that are in KC by default, but also add others.

I also use Spam repellent with 16 seconds delay and that stops a lot of Spams as well.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Kedar

Messages: 1320
Karma: 48
Send a private message to this user
I agree with freakinvibe, the Spam Repellent is very effective.

On my personal Kerio Connect, I set to 12 seconds. It looks many spam bots wait only for 5-10 seconds.

I guess freakinvibe chose 16 seconds, not 15, for same reason Very Happy

My statistics for last days:
11800 connections to SMTP server ->
-> 4655 (40%) was impatient spam bots killed by Spam Repellent, non-existing DNS records... ->
-> 98 (1%) was servers defined in my custom IP black list (tireless spam services)
-> 226 (2%) servers tried to deliver spam to harvested fake addresses from my traps and were blocked for one hour.
  •  
_air_

Messages: 6
Karma: 0
Send a private message to this user
Done all of those. This spam is sneaky, for example a simple attachment that pretends to be a scanned document.
  •  
Kedar

Messages: 1320
Karma: 48
Send a private message to this user
There is default limit 128kB, bigger messages are not processed by SpamAssassin.
If it's your case and spams contain attachments over this limit, stop Kerio Connect, find in mailserver.cfg:
<table name="SpamFilter">
...
<variable name="MessageSizeLimit">128</variable>


and increase this limit, allowed maximum is "10240", ie. 10MB.
Kerio Connect must be stopped while you modify mailserver.cfg
  •  
_air_

Messages: 6
Karma: 0
Send a private message to this user
Thanks, that's a good one, I will try that
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
Huh... I'm at 22 seconds for Spam Repellent. Used to be at the full 30 seconds. Tried shorter times, but the spam increased too much. 22 seems to be my magic number.
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
_air_ wrote on Wed, 23 April 2014 02:35
One bugbear is attachment spam (or malware). The e-mail itself contains little information, hence it is hard to filter. For example from HMRC saying "here is your receipt". I don't know how you kill that. Doing a virus scan of the attachment is pointless, as it is already obviously spam.


You can use the Custom Spam Filter to search the Body or Subject (or 2 rules for both) for the phrase "here is your receipt", and then either add to the spam scoring or flat out mark it as spam. I have done that before.
Previous Topic: Would like to go back to OD Mapping
Next Topic: recently added user not appearing in list of users public folders
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 14:54:26 CEST 2017

Total time taken to generate the page: 0.00475 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.