Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » spam issues - custom whitelist item still being tagged
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
howdy

i have added an address to our server whitelist

HOWEVER... email from the sender is being routed to our spam folder with a low score

it as my impression that if the address was on the whitelist... the email bypassed all spam checking and was delivered

here with a copy of the email header (slightly modified for anon)

Return-Path: <sender<_at_>aim.com>
X-Envelope-To: recipient<_at_>emailAddress.com
X-Spam-Status: No, hits=0.0 required=4.0
tests=DNSBL_SPAM.DNSBL.SORBS.NET: 1.00,DNSBL_MULTI.URIBL.COM: 4.00,AWL: -0.000,
BAYES_00: -1.665,HTML_MESSAGE: 0.001,LOTS_OF_MONEY: 0.001,
CUSTOM_RULE_FROM: ALLOW,TOTAL_SCORE: 3.337,autolearn=spam


as you can see in RED.. there is a custom allow rule... however... other blacklists appear to be tagging it

am i missing something?

thank in advance

yukioMishima
  •  
Pavel Dobry (Kerio)

Messages: 5223
Karma: 251
Send a private message to this user
Is there any X-Spam-Flag header in the message headers?
It appears that the message was not moved to spam folder by server but by email client itself.
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
thanks for the prompt reply

here with the X-Spam info:

X-Spam-Level:
Received: from xxx-xxx.xx.aol.com ([xx.xx.xxx.xxx])
by mail.recipient.com (Kerio Connect 8.3.4 patch 1)
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256 bits))
for user<_at_>recipient.com;
Wed, 8 Jul 2015 14:25:31 -0400
Received: from xxx-xxx.xx.aol.com (xxx-xxx.xx.aol.com [xx.xx.xxx.xx])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxx-xxx.xx.aol.com (AOL Outbound OMS Interface) with ESMTPS id 3FD7A38001C0E
for <user<_at_>recipient.com>; Wed, 8 Jul 2015 14:00:58 -0400 (EDT)
Received: from xxx-xxx.xx.aol.com (xxx-xxx.xx.aol.com [xxx.xx.xxx.xx])
by xxx-xxx.xx.aol.com (Outbound Mail Relay) with ESMTP id 33150705856E9;
Wed, 8 Jul 2015 14:00:58 -0400 (EDT)
Received: from xxx-xxx.xx.aol.com (xxx-xxx.xx.aol.com [xxx.xx.xx.xx])
by xxx-xxx.xx.aol.com (OMAG/Core Interface) with ESMTP id 6A94A38000086;
Wed, 8 Jul 2015 14:00:57 -0400 (EDT)


is that the info that you need?

also.... i am logging in to this account only using kerio webmail... no active mail client... so.. are you saying that kerio is moving the mail?

also

as per earlier question.. i thought whitelist items were sent straight thru... no blacklist / spamassassin checks etc.... or is that not correct?

thanks

yukioMishima
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
x spam flag info:

X-SPAM-FLAG: YES
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aim.com;
s=20150623; t=1436378458;
bh=a79HD79q1u1T5yqnT6Fy41YZHKPBEfVNPsMBMksWtKE=;
h=From:To:Subject:Message-Id:Date:MIME-Version:Content-Type;
b=APKeh/I31+/Bv3Y6sxyHYuX4QEIh0caJv3m47hayVX05CUX1fYHnJK9MO4 oit9t6z
seN7409UibOxHNGb/+s48eP5woXpmvtsapyBLtcjKXAoJOBGv0x4ACLS8Gxu RBljbB
oSM0knnQg458dGzPgaKZf4g9FKck87256UMSo1bQ=
X-AOL-OVERRIDE-PIK-REASON: Y
X-AOL-REROUTE: YES
x-aol-sid: 3039ac1afc10559d65594792
  •  
Pavel Dobry (Kerio)

Messages: 5223
Karma: 251
Send a private message to this user
The message has been marked as a spam by other server on a route to final destination. Whitelist in Kerio Connect is valid only for spam filter in the product. It does not revert spam flags added by other mail servers.
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
thanks for the reply

out of interest.. where in the info that i sent you does it show that it was tagged prior to reaching us

and

how can i prevent the mail from being auto routed to the spam folder... as.. the sender is a trusted client.. and often sends multiple emails per day.. to multiple internal recipients.. and they are all saying that the email is routed to junk

this has only just started happening... received email from them for years without issue

thanks

yukioMishima

[Updated on: Wed, 08 July 2015 21:28]

  •  
Pavel Dobry (Kerio)

Messages: 5223
Karma: 251
Send a private message to this user
Because of this header: "X-SPAM-FLAG: YES". It is in upper-case and therefore not added by Kerio Connect. It is also right after AOL headers so I assume it was AOL who marked the message as a spam.
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
thanks

so.. as per above:

how can i prevent the mail from being auto routed to the spam folder... as.. the sender is a trusted client.. and often sends multiple emails per day.. to multiple internal recipients.. and they are all saying that the email is routed to junk

this has only just started happening... received email from them for years without issue

thanks

yukioMishima
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
i have changed the whitelist entry from "allow" to "add spam score to the message".. and have used a negative number (does it matter what number i use here... i popped in -5.. as the mesages that were coming in from the sender were showing a spam score of +4ish)

i assume that that should clear out the spam score that it picked up along the way and ensure that the email is not routed thru to the junk folder (even though it was showing a score LESS than our spam rating lower limit.. was not tagged with a prefix.. but.. was still being routed to junk)

anyone?

HUGE thanks in advance

yukioMishima
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
so

as above.. i have added a -5 score to the email address

here with a copy of the header from the most recent email:

X-Spam-Status: No, hits=0.0 required=4.0

tests=DNSBL_SPAM.DNSBL.SORBS.NET: 1.00,DNSBL_MULTI.URIBL.COM: 1.00,AWL:
-0.000,BAYES_00: -1.665,HTML_MESSAGE: 0.001,LOTS_OF_MONEY: 0.001,
CUSTOM_RULE_FROM: -5.00,CUSTOM_RULE_FROM: ALLOW,TOTAL_SCORE: -4.663,autolearn=


as you can see.. the score is now a negative number

the email is not being tagged with a prefix (as expected).. HOWEVER... the email is still being routed thru to the junk mail folder on the recipients machine

in addition.. they have setup a rule within outlook to re-route the email back to the inbox.. and that does not appear to be working either

any help/insight greatly appreciated

thanks

yukioMishima
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
Just wondering if a Sieve rule could be written to detect the all caps X-SPAM-FLAG header, delete it, and move the message back in to the Inbox. Sieve is the email filtering rule language. I know that it can search by case sensitive, but I do not know if that applies to the header names versus searching the header contents. There is also the ability to add and delete headers, if Kerio has implemented / allowed those sieve commands. Most likely in your mail server cfg file, it is set to create a default sieve rule for new users.

Or you may be able to test for the sender's email address that you know is valid, remove the header, and move back to the Inbox.

tools.ietf.org/html/rfc5293 has the info on the sieve command to delete headers.

I think the script would look something like this.
(Haven't tried it, use at your own risk, don't know if it will work or not.)

if address :all :contains "From" "johndoe<_at_>goodsender.com"
{
if header :contains "X-SPAM-FLAG"
"YES" {
deleteheader :index 1 :contains "X-SPAM-FLAG"
"YES";
}
keep;
fileinto "~me<_at_>mydomain.com/INBOX";
}

Of course you would have to enter in the correct items for johndoe@goodsender.com and ~me<_at_>mydoamin.com/INBOX.

You can use the webmail client to enter in a basic filter, then use the Edit Script button to actually put in the above code. Should not blow up your server or the user's email account, I hope, since it is pretty specific on what it is looking at and doing. Then have the good sender send a test email that is typically routed to junk.
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
markK

awesome stuff... again Smile

i will pop this into the multiple recipients webmail scripts.. to see if that helps

all seems like a lot of kerfuffle... esp as the sender is with AOL... so it is a bit weird that they are then tagging the email as spam???

btw.. there is no record of the email in the spam logs within kerio.... i guess that externally applied FLAG is playing havoc

thanks again

yukioMishima

[Updated on: Fri, 10 July 2015 19:31]

Previous Topic: 442 Unable to deliver message within specified time.
Next Topic: 10.10.4 and sending mail
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Apr 26 11:58:14 CEST 2017

Total time taken to generate the page: 0.00586 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.