Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » spam issue?
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
howdy

seem to be having a lot of spam getting thru recently.. even though it seems to be getting scored.. it is not getting tagged and thus either blocked... or routed to the spam/junk folder

from a recent header:

X-Spam-Status: No, hits=0.0 required=4.0
tests=DNSBL_BL.SPAMCOP.NET: 3.70,DNSBL_B.BARRACUDACENTRAL.ORG: 4.90,DNSBL_CBL.ABUSEAT.ORG: 5.00,

DNSBL_DNSBL-1.UCEPROTECT.NET: 3.00,DNSBL_ALL.SPAMRATS.COM: 5.00,DNSBL_MULTI.URIBL.COM: 1.00,

BAYES_99: 4.07,HELO_DYNAMIC_IPADDR: 1.951,HTML_IMAGE_ONLY_24: 1.618,

HTML_MESSAGE: 0.001,URIBL_JP_SURBL: 1.25,CUSTOM_RULE_FROM: ALLOW,

TOTAL_SCORE: 31.490,autolearn=no


any help greatly appreciated

thanks
  •  
Radek Sip (Kerio)

Messages: 1309
Karma: 48
Send a private message to this user
CUSTOM_RULE_FROM: ALLOW

Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
ahh... thanks

is there any way of knowing which allow was triggered

also

it doesn't seem like the allow/reject list sorts according to which column is selected

and
are there any plans to separate out the allow from the reject.. at the moment.. our custom rule list is HUGE... & totally disorganised.. being ordered by when the entries were added

thanks
  •  
Radek Sip (Kerio)

Messages: 1309
Karma: 48
Send a private message to this user
If you need more advanced options when working with custom rules or keep them organized, please see Administration API.
http://www.kerio.com/learn-community/developer-zone

Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
freakinvibe

Messages: 1479
Karma: 55
Send a private message to this user
Quote:
it doesn't seem like the allow/reject list sorts according to which column is selected

Sorting is disabled as the order of the rules is important. You can move rules up and down.

Quote:
is there any way of knowing which allow was triggered

In the rules list on the upper right corner you can search. As a FROM rule was triggered, just look at the FROM in the email and search for that address. It will show the rule that was triggered by this address.

Quote:
are there any plans to separate out the allow from the reject.. at the moment.. our custom rule list is HUGE... & totally disorganised.. being ordered by when the entries were added

You have to decide if you want to have the reject rules on top (we do) and then move them on top.

[Updated on: Fri, 28 August 2015 16:27]


Dexion AG - The Blackberry Specialists in Switzerland
http://www.dexionag.ch
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
radek sip
thanks.. i will take a look

freakinvibe
huge thanks for the explanation.... very helpful

currently we have our llow rules on top...i assume from your reply that they would be better on the bottom

unfort... there doesn't appear to be a quick way of re-sorting.. apart from selecting.. and then clicking on the arrows... which... when you have multiple hundreds of rules... is a gigantic PITA (unless i am missing something)

thanks
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
moving the rules around is a huge PITA... i have hundreds and hundreds of rules.... and the only way to currently move them... is to select... then click on the up/down arrow to move them 1 increment at a time

would be ideal if i could select multiple items... and have the option to "move to top"... or... "move to bottom"

also

have the ability to save views sets (of how the rules are displayed)... for example.. save a view "active - ALLOW at top"... or.. "active - REJECT on top"...so that you can select a view set that kerio processes by... which would then allow you to use column sorting to be able to view the list in other ways... surely.. in this day and age we should be able to view and manipulate/move these rules around a lot me freely/easily/quickly than we can now

thanks
  •  
ksnyder (KERIO)

Messages: 549
Karma: 35
Send a private message to this user
Have you actually tried it? I am able to use standard hot-keys (ctrl or cmd) to select multiple custom rules and move them using the arrows. I can also drag the selected rules anywhere I'd like using the mouse.

Ken Snyder
Director, Sales Engineering | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
thanks for the reply

yes i have tried it... and i agree... you can select contiguous/non-contiguous rules... and can drag and drop them... however... when you are moving them withing hundreds and hundreds of rules it is still slow/cumbersome... a simple... move to top/bottom would help enrmously

thanks
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
any idea why the following has a total score of 43... yet was not tagged?

X-Spam-Status: Yes, hits=10.0 required=3.5

tests=DNSBL_BL.SPAMCOP.NET: 3.70,DNSBL_B.BARRACUDACENTRAL.ORG: 4.90,DNSBL_CBL.ABUSEAT.ORG: 5.00,

DNSBL_DNSBL-1.UCEPROTECT.NET: 3.00,DNSBL_DNSBL-2.UCEPROTECT.NET: 3.00,DNSBL_IX.DNSBL.MANITU.NET: 3.00,

DNSBL_TRUNCATE.GBUDB.NET: 2.50,DNSBL_ALL.SPAMRATS.COM: 5.00,DNSBL_SPAM.DNSBL.SORBS.NET: 1.00,

DNSBL_MULTI.URIBL.COM: 1.00,BAYES_80: 3.608,DATE_IN_FUTURE_06_12: 1.947,

DOS_OUTLOOK_TO_MX: 2.845,HTML_MESSAGE: 0.001,T_SURBL_MULTI1: 0.01,

URIBL_JP_SURBL: 1.25,URIBL_WS_SURBL: 1.608,TOTAL_SCORE: 43.369,autolearn=no


it is from an email that has both a recipient and sender that is pretending to be from one of our email addreses.. yet is coming from a spammer's IP

thanks

[Updated on: Sat, 12 September 2015 15:17]

  •  
Pavel Dobry (Kerio)

Messages: 5153
Karma: 243
Send a private message to this user
Probably because your mail filter rule is configured to trust all senders from your email domain. And you are not using SPF nor Sender Policy setting to eliminate spoofed sender addresses.

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
thanks for the reply

i have spf check enabled... is there something else that needs doing?

& for sender spoofing?

can i add IP addresses to the custom blacklist.. and.. if so.. using what seetings

thanks
  •  
freakinvibe

Messages: 1479
Karma: 55
Send a private message to this user
In the Kerio WebAdmin Console, go to

Domains > Your Domain > Edit

On the "Security" tab, tick the box next to

"Reject messages with spoofed sender identity"

Dexion AG - The Blackberry Specialists in Switzerland
http://www.dexionag.ch
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
thanks for the reply

that box is already checked

any other possible settings i need to take in to consideration

huge thanks again for all your help
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
actually... the box was not checked (apologies.. i was looking at another domain at the time)... i have checked it... but now am getting errors when i try to send from mobile devices or offsite machines.. as follows:

15/Sep/2015 05:45:21] SMTP: Message from IP address xxx.xx.xx.xxx was rejected because of missing authentication for local domain sender

anything i can do to sort this out?

thanks
Previous Topic: out of office auto-reply
Next Topic: Loosing Incoming Messages
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Jan 21 01:22:22 CET 2017

Total time taken to generate the page: 0.02261 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.