Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Black list only if not SSL
  •  
defago

Messages: 13
Karma: 0
Send a private message to this user
Hello,

When I activate the black list server like Spamcop or Spamhaus. A lot of good mail go as Spam, because now a lot of Hot Spot (airport, train station, ...) are black listed.

It is possible to use the blacklist only if the email are not sent with a authenfication or a SSL connection? Or how I can avoid this problem?
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
#1, post a couple of full email headers from these mismarked spams. That would help to see why it is being marked as spam.
#2, what is your spam setup? Is spam assassin turned on? Do you have a lot of Kerio spam custom rules?
#3, what is your spam marking threshold and spam delete threshold values?

#4, What you are asking sounds like a good idea, but I would be cautious of implementing that since it could cause other good emails to end up being marked as spam. But of course you can try it out, I would just make sure that you do a test period where you can back out the change quickly in case it causes a bigger problem.
If the email was transmitted at some point in its journey with encryption, the received header should have the word "cipher" in it. From the email headers that I looked at, that is really only going to be the consistent identifier. Everything else identifying if and which encryption was used can very.

Examples from just one email:
Received: from zixvpm1.server1.com ([ipaddress])
by mail.myemailsrvr.com
(using TLSv1/SSLv3 with cipher AES256-SHA (256 bits))
for me<_at_>myemailsrvr.com;
Fri, 16 Nov 2012 02:00:35 -0800
Received: from zixvpm1.server1.com (ZixVPM [127.0.0.1])
by Outbound.server1.com (Proprietary) with ESMTP id 6B73E940691
for <me<_at_>myemailsrvr.com>; Fri, 16 Nov 2012 05:00:11 -0500 (EST)
Received: from mail3.server1.com (unknown [ipaddress])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by zixvpm1.server1.com (Proprietary) with ESMTP id A0DDB940730
for <me<_at_>myemailsrvr.com>; Fri, 16 Nov 2012 05:00:10 -0500 (EST)
Received: from mail3.server1.com (vasdlp [ipaddress])
by mail3.server1.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id qAGA0AoF025929
(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
for <me<_at_>myemailsrvr.com>; Fri, 16 Nov 2012 05:00:10 -0500

You can see that each particular server adds the cipher information in a different format; such as "using TLSv1/SSLv3" vs "version=TLSv1/SSLv3", and "with cipher " vs "cipher=".

I personally would not use this as a heavy weighted deciding factor for the following reasons. 1-Not every email server out there will transmit using encryption, even though it is almost the year 2016. 2-If you search the email Received headers for "cipher", what if there are multiple hops and only one of them used encryption?

To find this information, I searched through 17,500+ emails, and of those only 5400 had the word "cipher" in it. That is less than 33%. Depending on how you implement this, you could risk changing that 66%+ in to mismarked spam.
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
#5 - What is the rating that you are giving to the offending blacklists? You may need to lower the score that is added for a particular blacklist(s).
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
Another example:
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128 bits))
  •  
Pavel Dobry (Kerio)

Messages: 5152
Karma: 241
Send a private message to this user
defago wrote on Thu, 31 December 2015 15:39

It is possible to use the blacklist only if the email are not sent with a authenfication or a SSL connection? Or how I can avoid this problem?


Use SMTP Submission port 587 for sending emails by users. This protocol is intended for this and some antispam features are not applied here (because user has to be authenticated in order to send an email).

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
I guess I read the original post as incoming email marked as spam, since he was referring to blacklists being applied. Guess it depends on if it is their people sending the emails in to their server.
  •  
defago

Messages: 13
Karma: 0
Send a private message to this user
Hi, Thanks for you answer.

So the setup is like this:

- Around 80 custom rules
- Spamassassin is activated
- SPF is activated
- Block score is on 3.1

When I activated the Blacklist, I don't set a score, but I just blocked the message. Maybe should I try with a score, how much?

  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
With a low block score of 3.1, I probably won't go higher than 1.5 with the other spam settings in place.
Previous Topic: Only shared "contacts" folder accessible per Carddav?
Next Topic: Backup Alerts from address
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Jan 18 08:58:53 CET 2017

Total time taken to generate the page: 0.01190 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.