Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » New Kerio Anti-Spam (More spam mail being delivered )
  •  
PPG

Messages: 67
Karma: 3
Send a private message to this user
Just trying to share experiences. Since upgrading to version 9.03 and enabling the new Kerio Anti-spam filter I'm definitely receiving more spam e-mails.

What's your experience on this?
  •  
Heather P (Kerio)

Messages: 10
Karma: 0
Send a private message to this user
Please refer to our Knowledge Base articles to ensure you're configuring Kerio Anti-spam correctly. Did you change any of the default settings?
Configuring Spam Control in Kerio Connect
and
Kerio Anti-spam Filter
We updated our spam filtering in Kerio Connect 9.0.2, and Kerio Connect 9.0.3 with Kerio Anti-spam should be giving you >30% efficiency in catching spam.

If you have enabled Kerio Anti-spam, you can compare it to the basic spam filter by turning it on/off in the Spam Filter -> Kerio Anti-spam settings.

[Updated on: Wed, 20 April 2016 07:59]


Heather Paunet
VP, Product & Design | Kerio

  •  
irow

Messages: 56
Karma: 4
Send a private message to this user
PPG:

I too have seen an increase in spam since purchasing and enabling the BitDefender Anti-Spam service. I believe this is attributed to the fact that Kerio assigns a negative score (-1, -2, or -3 depending on your setting) to any message that BitDefendant does not identify as spam. I have attempted to modify mail server.cfg to set the NegativeSpamScore variable to 0, but Kerio still shows KERIO_ANTI_SPAM: -1.000.

This is a problem for at least two reasons: (1) it appears that manually setting the NgativeSpamScore variable does not work and (2) Kerio's assumption that a non-hit on BitDefender means that a message is less likely to be spam is wrong. All that a non-hit on BitDefender tells us is that BitDefender doesn't know anything about the message. It is not a whitelist and should not be confused for one.
  •  
PPG

Messages: 67
Karma: 3
Send a private message to this user
Heather P (Kerio) wrote on Wed, 20 April 2016 07:57
Please refer to our Knowledge Base articles to ensure you're configuring Kerio Anti-spam correctly. Did you change any of the default settings?
Configuring Spam Control in Kerio Connect
and
Kerio Anti-spam Filter
We updated our spam filtering in Kerio Connect 9.0.2, and Kerio Connect 9.0.3 with Kerio Anti-spam should be giving you >30% efficiency in catching spam.

If you have enabled Kerio Anti-spam, you can compare it to the basic spam filter by turning it on/off in the Spam Filter -> Kerio Anti-spam settings.


My settings are exactly the same as the proposed defaults. This entire week i didn't see one message getting tagged as spam and being delivered tot the spam mail delivery adress. I did however receive a lot of spam in my inbox. I'll be giving this a few more days but if behavior doesn't change will revert to using Spamassasin.
  •  
PPG

Messages: 67
Karma: 3
Send a private message to this user
Done some more research, and think i've got the solution. Adjusted NAT settings on the firewall, now the firewall was being marked as the sending party and thus as a trusted sender. This resulted in "{spam} Spam Filter rating disabled for message 571b06a1-00000053. Message from <*@*.*> to <*<_at_>*.*> has been sent from trusted host 192.168.*.*."
Now messages do get rated. Will keep monitoring this.
  •  
Chris Peluso (Kerio)

Messages: 2
Karma: 0
Send a private message to this user
PPG wrote on Sat, 23 April 2016 09:32
Done some more research, and think i've got the solution. Adjusted NAT settings on the firewall, now the firewall was being marked as the sending party and thus as a trusted sender. This resulted in "{spam} Spam Filter rating disabled for message 571b06a1-00000053. Message from <*<_at_>*.*> to <*<_at_>*.*> has been sent from trusted host 192.168.*.*."
Now messages do get rated. Will keep monitoring this.

Thanks for the update PPG! Please let us know how it goes. I've seen a dramatic improvement on my 10+ year old Kerio mailbox with the new anti-spam feature (from over 20 per day to less than 5).
  •  
PPG

Messages: 67
Karma: 3
Send a private message to this user
Chris Peluso (Kerio) wrote on Sat, 23 April 2016 16:01
PPG wrote on Sat, 23 April 2016 09:32
Done some more research, and think i've got the solution. Adjusted NAT settings on the firewall, now the firewall was being marked as the sending party and thus as a trusted sender. This resulted in "{spam} Spam Filter rating disabled for message 571b06a1-00000053. Message from <*<_at_>*.*> to <*<_at_>*.*> has been sent from trusted host 192.168.*.*."
Now messages do get rated. Will keep monitoring this.

Thanks for the update PPG! Please let us know how it goes. I've seen a dramatic improvement on my 10+ year old Kerio mailbox with the new anti-spam feature (from over 20 per day to less than 5).


Adjusting the NAT settings definitely did the trick. KAS is working as expected and I'm receiving less spam than before v9.0.3.
  •  
Chris Peluso (Kerio)

Messages: 2
Karma: 0
Send a private message to this user
  •  
McIrish

Messages: 225
Karma: 8
Send a private message to this user
PPG wrote on Wed, 27 April 2016 03:42
Chris Peluso (Kerio) wrote on Sat, 23 April 2016 16:01
PPG wrote on Sat, 23 April 2016 09:32
Done some more research, and think i've got the solution. Adjusted NAT settings on the firewall, now the firewall was being marked as the sending party and thus as a trusted sender. This resulted in "{spam} Spam Filter rating disabled for message 571b06a1-00000053. Message from <*<_at_>*.*> to <*<_at_>*.*> has been sent from trusted host 192.168.*.*."
Now messages do get rated. Will keep monitoring this.

Thanks for the update PPG! Please let us know how it goes. I've seen a dramatic improvement on my 10+ year old Kerio mailbox with the new anti-spam feature (from over 20 per day to less than 5).


Adjusting the NAT settings definitely did the trick. KAS is working as expected and I'm receiving less spam than before v9.0.3.


Can you give a few more details on this? Are you talking about NAT on your main company firewall?
  •  
jimsky7

Messages: 24
Karma: 1
Send a private message to this user
Not seeing any real change. Particularly when we receive a dozen (or so) identical spam messages ("quick MBA" etc.) to an account all at once. These floods seem to come through undetected. We've had it in place 6 days now.
  •  
jimsky7

Messages: 24
Karma: 1
Send a private message to this user
The X-Spam headers also give no indication that the new anti-spam is in place. There are bayesian and RBL scores, but nothing specifically shown for Kerio-antispam or bitdefender. The spams that do pass through are generally seeing scores down around 1.5 from the anti-spam system, so a long ways to go before they'd be blocked.
  •  
irow

Messages: 56
Karma: 4
Send a private message to this user
jimsky7:

I recommend setting the Kerio Anti-Spam "contribution to spam rating" to "moderate." This is because Anti-Spam assigns a negative score to any message that is not flagged as spam by Bitdefender. This counteracts your other spam defenses. You may also chose to increase the score contributions to your other spam detection methods to counteract the -1 score that Anti-Spam will assign to all "non Bitdefender hit" messages when set to "moderate."

I hope this is something that Kerio will address in the future. There is room for debate in most areas of spam defense, but it is clear that the current implantation is not working as well as many of us had expected it to.
  •  
jimsky7

Messages: 24
Karma: 1
Send a private message to this user
I was on "moderate" already and switched it to "high" -- I'm now also logging. So far no false positives -- everything caught is indeed spam. I completely agree that a negative from Bitdefender just means "we haven't seen this one yet" and should not be included in the calculation. The spam storms change too rapidly.
  •  
irow

Messages: 56
Karma: 4
Send a private message to this user
jimsky7 wrote on Wed, 04 May 2016 12:08
I was on "moderate" already and switched it to "high" -- I'm now also logging.


The problem with the "high" setting is it causes a Bitdefender non-hit to be scored as -3 in the spam score. I recommend modifying the mailserver.cfg file and manually setting the NegativeSpamScore variable to 1. The NegativeSpamScore must be a positive integer. This will allow you to keep your +14 score for Bitdefender hits, but not take the -3 penalty for messages Bitdefender hasn't hit on. Just a note: the KB article used to contain instructions for modifying mailserver.cfg in this way, but it appears they have updated the article to remove the instructions.

FWIW: I have seen a handful of false positives from Bitdefender, although I can usually understand the reason they were flagged.
Pavel Dobry (Kerio)

Messages: 5141
Karma: 241
Send a private message to this user
irow wrote on Wed, 04 May 2016 18:19
jimsky7:

I recommend setting the Kerio Anti-Spam "contribution to spam rating" to "moderate." This is because Anti-Spam assigns a negative score to any message that is not flagged as spam by Bitdefender. This counteracts your other spam defenses. You may also chose to increase the score contributions to your other spam detection methods to counteract the -1 score that Anti-Spam will assign to all "non Bitdefender hit" messages when set to "moderate."

I hope this is something that Kerio will address in the future. There is room for debate in most areas of spam defense, but it is clear that the current implantation is not working as well as many of us had expected it to.


SpamAssassin does the same with AWL and BAYES_00 tests. It usually adds -1.7 points to these "unseen" messages. Because spam test scores for SpamAssassin used with Bitdefender are higher that for standalone SpamAssassin in Kerio Connect, missing negative score from Bayes and higher spam test numbers are compensated with negative spam score. This is not applied to emails marked by Bitdefender as "marketing".

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
Previous Topic: how to use smtp by C# winform Application
Next Topic: Error 28101 while upgrading KOC to 9.1.1
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Dec 03 22:48:27 CET 2016

Total time taken to generate the page: 0.01223 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.