Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SPAM
  •  
Blisk

Messages: 59
Karma: 0
Send a private message to this user
Can someone helps me with SPAM.
I get email every day for Ray Ban and whatever I put in custom rules I still get Ray Ban SPAM.
It is a picture and bottom is text.
I have a rule when text contains unsubscribe it must be treated as spam, but it is not.
Can someone helps me to block these emails?
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
Been there, frustrated, and did something about it.

First off, post the headers from the email. That will help to see how to maybe caught it.

Second off, use Spam Assassin's real abilities by adding some rules to it. I have posted a how-to to write some basic rules, and I have posted the custom rule file that I have created. That took us from people getting 20 to 60 spams a day, down to maybe 2 or 3 a week. You do this in 2 steps.

Run with the MessageSizeLimit set to 2048 in the mailserver.cfg. Default size of 128 is too small. Just leave it at this new setting. It will help by itself.
Requires Connect to be stopped when making the change, then start Connect again.
<variable name="MessageSizeLimit">2048</variable>

Then read my posts about boosting SA's ability. There are rule files that you can put in to place and see if they help. If they don't, you can either edit the rules, or take them out.
http://forums.kerio.com/mv/msg/27477/0/0/
Though the post says to stop the server to put this in to place, you don't have to do that. Put the file in to place, go in to Admin, on the Configuration page, Spam settings, turn off Spam Assassin, save, turn On Spam Assassin, and save. That will read in the new rules file without having to stop the server all together. Same goes for removing the rules file, if you want to.

The latest copy of the file I am using is attached, and it will help A LOT! As I mention in the post, you may need to edit the rules some rules to fit the industry's emails that you are in. I've been on vacation, and have seen a few new spams slip through, so I will be updating this file soon.

Read the post. Yes, it is a bit long. Give it a try, it is free and is part of the built in features of Connect.

  •  
Spacey

Messages: 147
Karma: -9
Send a private message to this user
The SA rules file is great - thanks a lot! Work's for me very good since several weeks. Unfortunately this whole thing is a bit tricky for non cmd line admins. It'd be nice if Kerio implements some kind of standard rules into the GUI so every Kerio admin can access this easily.
  •  
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
Spacey,
I agree, but I don't see that happening any time soon. Though Kerio doesn't object to using additional rule files, I don't think they endorse it either; they are kind of neutral on the issue.
It can be confusing at first, but a little time spent figuring out the basics of it can give you a lot of spam filtering power.
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
Sometimes it can be a challenge to block legitimate spam, meaning sales emails from legitimate companies that you just don't want. (I mean legit since they have a valid domainkey setup, versus using a spoofed email address.)

This is where I started looking at email headers and body content to create filters to cut out the spams. In my case, for my company, I would probably put something in place to catch the phrase "Crazy Sale", maybe "Free Shipping", and most likely the "Dear ," (missing a name there).
Subject: Dear ,Christmas Crazy SALE - Starting At $1.99, ALL with Free Shipping

Then also look at the body of the email to see if there are catch phrases in it to filter on as well.

Looking at your spam headers:
X-Spam-Status: No, hits=1.2 required=6.0 tests=AWL: -1.342,BAYES_00: -1.665,HTML_IMAGE_RATIO_02: 0.437, HTML_MESSAGE: 0.001,MIME_HTML_MOSTLY: 0.428,URIBL_BLACK: 1.725, URIBL_DBL_SPAM: 1.7,TOTAL_SCORE: 1.284,autolearn=no

Personally, I give a minor score to HTML_MESSAGE of 0.5. I wonder if your URIBL scores are maybe on the low side? I actually have mine set even lower than you (1.0) because I found that it was mis-marking good emails too much for me. Maybe that blacklist works better for you. It is just a matter of putting in to place enough scores to hit your threshold. It can take some work, but in the end it pays off.

I'm not shooting for a spam catch rate of 100%. Looking at my spam stats, I'm at the 87% catch rate, which I'm happy with.
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
I would also wonder if your Bayes filter needs to be reset. The negative score would concern me depending on what the body of the spam looks like.
  •  
Spacey

Messages: 147
Karma: -9
Send a private message to this user
Was just a thought to make handling a bit easier for many admins out there. I personally got no problem with terminal... Very Happy
  •  
freakinvibe

Messages: 1485
Karma: 57
Send a private message to this user
I would not recommend to put in a rule that marks each mails that contians "unsubscribe" as Spam. Many legit newsletters contain this, so users can unsubscribe.

I would also try to use Spam Repellent and tweak your Blacklists to improve your Spam hit rate.

[Updated on: Thu, 19 November 2015 09:39]


Dexion AG - The Blackberry Specialists in Switzerland
http://www.dexionag.ch
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
Quote:
"I have a rule when text contains unsubscribe it must be treated as spam, but it is not."


I have to agree with not using unsubscribe as a spam filter. Legit newsletters and mailing list typically contain an unsubscribe option.

That said, it depends on how you were trying to detect it and how the spam is composed. Is the spam simple text, html, or is it obfuscated by using code instead of readable content?

[Updated on: Tue, 17 November 2015 19:54]

  •  
barneyRubble

Messages: 30
Karma: 0
Send a private message to this user
howdy

i just create the following mail body custom rule:

/\Complete Compliance Update Service\b/i

i assume that this is going to catch the entire phrase... and not tag each individual word?

is there somewhere i can read up about creating custom rules with the kerio gui (not custome SA rules as markk has done)

thanks

barney rubble
  •  
Pavel Dobry (Kerio)

Messages: 5161
Karma: 242
Send a private message to this user
barneyRubble wrote on Thu, 26 November 2015 17:14


is there somewhere i can read up about creating custom rules with the kerio gui (not custome SA rules as markk has done)


Hmm. I wish to have some place to get more details. Perhaps some KnowledgeBase article.. Oh, wait! I know one: http://kb.kerio.com/product/kerio-connect/server-configurati on/antispam/creating-custom-rules-for-spam-control-in-kerio- connect-1174.html
Razz

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
Quote:
i just create the following mail body custom rule:

/\Complete Compliance Update Service\b/i

i assume that this is going to catch the entire phrase... and not tag each individual word?


Yes, but...

Yes, it will only match the phrase "Complete Compliance Update Service" regardless of letter case.

But, it will NOT match the phrase "Complete Compliance Update Services" because of the "\ \b" sequence that means it must ONLY match the specified word(s).

/Complete Compliance Update Service/i will catch both phrases "Complete Compliance Update Service" and "Complete Compliance Update Services"
  •  
barneyRubble

Messages: 30
Karma: 0
Send a private message to this user
brilliant

thank you both for your replies

barney rubble
barneyRubble

Messages: 30
Karma: 0
Send a private message to this user
out of interest... is it better to customise the briliant markk .cf file with spam rules.... or add to the blacklist/whitelist in the gui

thanks again for all

barney rubble
Previous Topic: Public Folders: Custom Forms
Next Topic: Sending spam reports to admin
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Feb 19 15:18:00 CET 2017

Total time taken to generate the page: 0.01461 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.