Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Spam protection failing too often - Advice?
  •  
60six

Messages: 7
Karma: 0
Send a private message to this user
Hi

Kerio has been installed now for 2 years, and I am happy with everything apart from the ineffective spam system. Out of the other four email systems used, Kerio's spam protection is the least effective.

I am having spam from various sources which I cannot block with any rule - A header is below

Return-Path: <GarciniaCambogiaExtract<_at_>wulugh.eu>
X-Spam-Status: No, hits=0.0 required=1.0
tests=BAYES_00: -1.665,HTML_FONT_SIZE_HUGE: 0.001,HTML_MESSAGE: 0.001,
T_REMOTE_IMAGE: 0.01,UNPARSEABLE_RELAY: 0.001,TOTAL_SCORE: -1.652,autolearn=ham
X-Spam-Level:
Received: from 0000d610.wulugh.eu

It has a bayes score of minus one. I'm getting about 50-100 a day of these type which sail straight through the system. The spam sliders are both set to 1. Even if it was at 0 these still get through.

The spam rules are also completely ineffective and never seem to correctly check the body of the message.

Problem is that the directors have had enough, and want me to fix it even if it means dumping kerio for another mail program.

What else can I do? Is there a third party spam system I can run which is more effective than what kerio currently has? I cannot use external mail checking systems due to everything needing to be in-house, so any other system which can be placed in front of kerio can be considered.

[Updated on: Wed, 25 March 2015 01:08]

  •  
Pavel Dobry (Kerio)

Messages: 5177
Karma: 245
Send a private message to this user
It is hard to answer if we do not know the whole configuration.

In general, if the spam message looks perfectly normal and does not match any DNS blacklist or SURBL it is possible to increase HTML_MESSAGE score from 0.001 to 0.1 in spamassassin/rules/*.cf files. This will ensure that these messages will not be auto-learned as hams and makes user's input via Spam/Not Spam buttons in email clients effective.

[Updated on: Tue, 24 March 2015 21:20]


Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
60six

Messages: 7
Karma: 0
Send a private message to this user
Let me know what you need to know, and I will tell you - what are 'hams'?
  •  
60six

Messages: 7
Karma: 0
Send a private message to this user
So I have to edit all the .db files in the rules folder ?
  •  
freakinvibe

Messages: 1487
Karma: 57
Send a private message to this user
No, you should not touch the DB files.

Have you enabled any Blacklists? They are normally catching 80% of the Spams for me. Also, Spam Repellent is quite effective.

By the way

Spam = Message considered as Spam
Ham = Message not considered as Spam

Dexion AG - The Blackberry Specialists in Switzerland
http://www.dexionag.ch
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
You should read my post on this very subject.
http://forums.kerio.com/t/27477//

Spam Assassin is designed to be customized. Part of the way you can tell is the scores that return a .001 scoring, and SA's default threshold of 5 to mark as spam. It would take 5000 of those rule hits with a score of .001 just to reach the threshold. Of course, not all rules start that low thankfully.

I have attached an updated copy of the custom rule file that I am using. It would be a good starting spot for you. I have the marking threshold set at 5 and auto delete at 8.

Just put a copy of the file in your .\plugins\spamserver\spamassassin\rules\ folder, and apparently you can get just SA to restart by going to:
the Admin panel,
Configuration > Spam Filter > SpamAssassin tab,
UNCHECK/UNSELECT "Check every incoming message in ...", click APPLY,
CHECK/SELECT "Check every incoming message in ...", click APPLY.

That will get SA to reread all of the rule files again. MUCH faster than restarting the Kerio service or the server.

In my post, I also explain how to write some simple rules if you want to customize for what you are seeing, or you can just add to the rules that are already in the file.

  • Attachment: zMyRules.cf
    (Size: 4.81KB, Downloaded 73 times)
  •  
rigo

Messages: 117
Karma: -3
Send a private message to this user
Previous Topic: Google Forms Emailed Responses
Next Topic: Stop Services
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Mar 23 03:10:46 CET 2017

Total time taken to generate the page: 0.00752 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.