Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Huge increase in mail marked as spam
  •  
KG is currently offline KG

Messages: 5
Karma: 1
Send a private message to this user
Hi,

Has anyone else seen a big increase in mail marked as spam by Kerio?

In the last couple of days we've had clients complain about getting lots of legitimate mail marked as spam. Checking the spam logs I can confirm that this is the case. Which is weird because most of our clients are set up in an external spam filter (MaxMail) which catches pretty much all spam before the mail server so normally the Kerio spam logs are pretty sparse. So all the mail Kerio is marking as spam is legit because it's been through MaxMail (and I've confirmed this by eyeballing a few).

Nothing has changed that I'm aware of config-wise. Clients are on differing Kerio versions (from 9.2.1 through to 9.2.5 patch3) but all appear to be similarly affected.
Comparing Kerio spam logs to MaxMail message logs emails that sail through MaxMail with a 0.0 spam score are suddenly being tagged (incorrectly) by Kerio as 8+ And actually a lot of full on 10's.

The only thing I can think that could have changed to cause this (since nothing's changed locally) would be maybe if something's happened with the Bitdefender online engine that Kerio advanced anti-spam uses.

So I just wondered if anyone else is seeing this?

Thanks,
  •  
freakinvibe is currently offline freakinvibe

Messages: 473
Karma: 69
Send a private message to this user
We don't see this (being on KC 9.2.3), but we don't use the Bitdefender protection. We just use Spamassassin and the built-in tools.

Check the header of one of the messages that are falsely flagged as Spam. It should show why you have this hight Spam score, e.g.:

Quote:
X-Spam-Status: Yes, hits=8.9 required=5.0
tests=DNSBL_BL.SPAMCOP.NET: 3.00, DNSBL_DNSBL-1.UCEPROTECT.NET: 3.00, DNSBL_IX.DNSBL.MANITU.NET: 3.00,
BAYES_20: -0.73, BODY_URI_ONLY: 0.673, LOTS_OF_MONEY: 0.001,
TOTAL_SCORE: 8.944,autolearn=spam


Please post such a header here.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
KG is currently offline KG

Messages: 5
Karma: 1
Send a private message to this user
Thank you for the response.

Having looked at quite a few more logs and messages I'm less convinced that Kerio is at fault here and that this sudden increase isn't actually due to MaxMail just letting more junk through than it was previously.

It does look from the header that it's the Kerio Anti-Spam flagging these:

X-Spam-Status: Yes, hits=10.0 required=5.0
tests=KERIO_ANTI_SPAM: 10.000, HTML_MESSAGE: 0.001, TOTAL_SCORE: 10.001,autolearn=disabled
X-Spam-Flag: YES
X-Spam-Level: **********

(this came through MaxMail with a spam score of 0.0)

But I've not yet seen an email flagged as spam by kerio that I can clearly say gives absolutely no cause for any suspicion (despite clients' initial claims of legitimate mail being marked as spam) so I'm just going to monitor this but it actually looks so far like the Kerio anti-spam is just serving nicely as a safety net while MaxMail is slacking.


Previous Topic: AntiVirus Issues
Next Topic: Connect Client Error on Chrome 64
Goto Forum:
  

 ] [ PDF ]

Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Aug 19 10:01:31 CEST 2018

Total time taken to generate the page: 0.98265 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.