Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Anti spam (Problem with spam in Kerio)
  •  
bareare

Messages: 27
Karma: 0
Send a private message to this user
We have a big problem with spam getting through our mailservers and was hoping that Kerio Antispam and Sopheus would take care of it.

However, the spam just keeps on coming in. We have adjusted the score to be super low, but this only keeps the legitim mail out. This have been going on for a year now and users are complaining. We are running the default anti-spam lists delivered with Kerio, but it doesn't seem to help.

The emails is mainly fraud like "you have gotten an approved load" and similar scams (in my own countrys language).


Return-Path: <marcel-oberikat<_at_>t-online.de>
X-Envelope-To: user<_at_>ourdomain.com
X-Kerio-Anti-Spam: Build: [Engines: 2.15.7.1061, Stamp: 3], Multi: [Enabled, t: (0.000007,0.020292)], BW: [Enabled, t: (0.000009)], RTDA: [Enabled, t: (0.055901), Hit: No, Details: v2.4.0; Id: 2m1gj28.1avqr9a3e.pic], total: 0(700)
X-Spam-Status: No, hits=1.9 required=2.9
tests=KERIO_ANTI_SPAM: -0.000, HTML_MESSAGE: 0.001, HTML_MIME_NO_HTML_TAG: 0.521,
MIME_HTML_ONLY: 1.399, TOTAL_SCORE: 1.921,autolearn=disabled
X-Spam-Level: *
Received: from mailout06.t-online.de ([194.25.134.19])
by mailserver.ourdomain.com with ESMTPS
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits))
for user<_at_>ourdomain.com;
Mon, 24 Oct 2016 10:20:03 +0200
Received: from fwd20.aul.t-online.de (fwd20.aul.t-online.de [172.20.26.140])
by mailout06.t-online.de (Postfix) with SMTP id 93FCA41C422A;
Mon, 24 Oct 2016 10:19:52 +0200 (CEST)
Received: from localhost (V+RWmYZeghQRrxl1V0U7oGzNZtOM5mDPj2dq3OVv-EpDHtqULOGzduF1Xgs nhHfwbG <_at_>[5.254.97.98]) by fwd20.t-online.de
with (TLSv1:ECDHE-RSA-AES256-SHA encrypted)
esmtp id 1byaTy-0Fg3t20; Mon, 24 Oct 2016 10:19:46 +0200
To: <mhshp<_at_>mail.dk>
Subject: Hello.
From: Beauty Kristina <marcel-oberikat<_at_>t-online.de>
Reply-To: Beauty Kristina < beautylovb<_at_>gmail.com>
Errors-To: Beauty Kristina <marcel-oberikat<_at_>t-online.de>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="e4ba2ddc41ffdaf7a7f0f7168087d84e"
Date: Mon, 24 Oct 2016 10:19:40 +0200
Message-ID: <20161024101942.4388.marcel-oberikat<_at_>t-online.de>
....
Content-Type: image/jpeg; name=" PCX917.jpg"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=" PCX917.jpg"
  •  
Badr

Messages: 5
Karma: 0
Send a private message to this user
We have the same problem since the upgrade to kerio connect 9.
I've checked the anti-spam setting and adjust them many times but we keep getting spams.



Return-Path: <difinattyo<_at_>yandex.com>
X-Envelope-To: info@opengeogroep.nl, badrahmad@b3partners.nl, chrisvanlith<_at_>b3partners.nl,
dankacieskova@b3partners.nl, matthijslaan<_at_>b3partners.nl
X-Spam-Status: No, hits=0.0 required=5.0
tests=LOTS_OF_MONEY: 0.001, TOTAL_SCORE: 0.001,autolearn=disabled
X-Spam-Level:
Received: from hadid.642064.com ([31.220.43.46])
by kmail.b3partners.nl (Kerio Connect 9.0.4 patch 1) with ESMTP
for info<_at_>opengeogroep.nl;
Mon, 24 Oct 2016 08:56:16 +0200
To: info<_at_>opengeogroep.nl
Subject: Sitz Heizung f. Auto statt 139,- nur 42,50
Message-ID: <7a6b4091452763f16f684690447bc992<_at_>vincentsroofing.com >
Return-Path: difinattyo<_at_>yandex.com
Date: Mon, 24 Oct 2016 08:47:59 +0200
From: "Katrin Klein" <difinattyo<_at_>yandex.com>
Reply-To: difinattyo<_at_>yandex.com
MIME-Version: 1.0
X-Mailer-LID: 43
X-Mailer-RecptId: 25362093
X-Mailer-SID: 1954
X-Mailer-Sent-By: 1
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Transfer-Encoding: 8bit

Auto Sitzheizung 2 Stufen jetzt auch mit Massagefunktion. Ihrer Gesundheit
zuliebe!
Auto fahren wie in einem Luxus Rolls Royce zu 700.000 Euro
Statt 139,- nur 42,50 Euro www.warmsitzer.com
Weitere Sonderangebote online!
  •  
Pavel Dobry (Kerio)

Messages: 5144
Karma: 241
Send a private message to this user
Badr wrote on Tue, 25 October 2016 10:18
We have the same problem since the upgrade to kerio connect 9.
I've checked the anti-spam setting and adjust them many times but we keep getting spams.


It looks like neither Kerio Anti-Spam not Bayes is used in this case. And probably more public DNS blacklists should help there too.
Please review configuration of your antispam filter. You can find a lot of useful information in Kerio KnowledgeBase, eg.
http://kb.kerio.com/product/kerio-connect/server-configurati on/antispam/optimizing-spam-protection-in-kerio-connect-265. html

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Badr

Messages: 5
Karma: 0
Send a private message to this user
I've included screenshots of kerio spam filter configuration, and you can see that we user anti-spam, Bayes and public DNS blacklist.

  •  
Pavel Dobry (Kerio)

Messages: 5144
Karma: 241
Send a private message to this user
This is kind of strange as that IP address is on some IP blacklists (at this moment - http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a31.22 0.43.46&run=toolpage).
Anyway Kerio Anti-spam result is missing in email header which is suspicious. I would recommend enabling Spam filter debug messages in a debug log and get more details about what's happening when some message passes through the filter without being stopped.

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
freakinvibe

Messages: 1467
Karma: 54
Send a private message to this user
With version 9, Kerio has added the Bitdefender Anti-Spam, which does not seem to help:

Quote:
tests=KERIO_ANTI_SPAM: -0.000


Bitdefender is kind of a blackbox, you don't know why they label a message as Spam or not, there is nothing you can tune there.

But with the rest of the Anti-Spam config, you can do quite a lot:

First, switch on Spam repellent, this helps quite a lot.

Then, add more blacklists. While Spamhaus is very good, you definitely need additional blacklists. We use:

Spamhaus ZEN (should already be there)
Spamcop
WPBL
Barracuda Central
Protected Sky
Uceprotect
Truncate

You can also switch on SPF checking.

Our threshold is on 5.0. You should not have to lower it that much, 2.9 is definitely too low.

We have switched Bitdefender off. That gives us the advantage that we can use Bayes (and it is cheaper as well as Bitdefender costs a fee.)

If you need our detailed settings, send me a DM.

[Updated on: Tue, 25 October 2016 11:56]


Dexion AG - The Blackberry Specialists in Switzerland
http://www.dexionag.ch
  •  
Badr

Messages: 5
Karma: 0
Send a private message to this user
Pavel Dobry (Kerio) wrote on Tue, 25 October 2016 11:06

Anyway Kerio Anti-spam result is missing in email header which is suspicious. I would recommend enabling Spam filter debug messages in a debug log and get more details about what's happening when some message passes through the filter without being stopped.


I got this error in de debug.log:


{kerioantispam} Kerio Anti-spam failed to get license information with result 0xc0000010 (BDANTISPAM_ERROR_CLOUD_NO_RESPONSE). Initialization failed.
{spam} Quarantine scanning /opt/kerio/mailserver/store/queue/1f/580f21cb-0000cf00.eml - verdict: Checking failed: Initialization of Kerio Anti-spam failed

How can I resolve this?
  •  
freakinvibe

Messages: 1467
Karma: 54
Send a private message to this user
The new Bitdefender Anti-Spam needs an extra license which you have to pay.

You can try without that and use the traditional Anti-Spam (as it was with KC 8 ). Just un-tick:

Enable Kerio Anti-spam advance filter

With that, you can use the traditional Bayes filtering again.

Of course, you can also buy the additional license and see if it works for you.

[Updated on: Tue, 25 October 2016 13:41]


Dexion AG - The Blackberry Specialists in Switzerland
http://www.dexionag.ch
  •  
Badr

Messages: 5
Karma: 0
Send a private message to this user
I've purchased a license for Bitdefender, otherwise I wouldn't be able to turn it on.
  •  
freakinvibe

Messages: 1467
Karma: 54
Send a private message to this user
OK, I guess then you have to open a support ticket.

Quote:
{kerioantispam} Kerio Anti-spam failed to get license information with result 0xc0000010


It is very clear that something is wrong with licensing here.

Dexion AG - The Blackberry Specialists in Switzerland
http://www.dexionag.ch
  •  
Pavel Dobry (Kerio)

Messages: 5144
Karma: 241
Send a private message to this user
It is more likely there is a problem with HTTPS connections to Amazon cloud datacenters. Make sure that communication is not blocked by eg. firewall. Try to open https://nimbus.bitdefender.net to make sure connection works.

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Badr

Messages: 5
Karma: 0
Send a private message to this user
I got :
Bad Request
  •  
bareare

Messages: 27
Karma: 0
Send a private message to this user
Both SPF and spam reppellent is activated in my case, so it doesn't help.

Spamcop Block Do not ask directly
Spamhaus SBL-XBL Block Do not ask directly
SORBS DNSBL Block Do not ask directly
SORBS RHSBl Block Do not ask directly
WPBL Increase score Do not ask directly
Previous Topic: EWS - FindAppointments Issue
Next Topic: Full Text Index Archive Folders - going on a week?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Dec 08 08:47:51 CET 2016

Total time taken to generate the page: 0.01371 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.