Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Spam - Custom rules ignored (Custom rules in spam filter are not used)
  •  
MacSuperSonic is currently offline MacSuperSonic

Messages: 45
Karma: 0
Send a private message to this user
Hello everybody,

running latest Kerio connect 9.2.5 update 3 on a Windows Server where the custom spam rules doesn't work Sad

Tested it with an external <_at_>me.com address sending to the internal Kerio account.
Rule is "Header, From, Address: test<_at_>me.com, add spam score 0.3"

But the rule stay "unused"

[img]./fa/4794/0/[/img]

Cleared out all rules an readded one, but also doesn't work.
Any ideas why the custom rules are ignored?

  •  
Bud Durland is currently offline Bud Durland

Messages: 444
Karma: 55
Send a private message to this user
Examine the header of the message, there will be an entry there that shows the status of the spam testing:

X-Spam-Status: No, hits=0.0 required=5.5
	tests=AWL: -1.205, BAYES_50: 1.567, HTML_MESSAGE: 0.5,
	URIBL_BLOCKED: 0.001, CUSTOM_RULE_FROM: ALLOW, 
TOTAL_SCORE: 0.863,autolearn=no


This will provide some insight into why the message wasn't caught as spam.
  •  
MacSuperSonic is currently offline MacSuperSonic

Messages: 45
Karma: 0
Send a private message to this user
This time just a test. I've configured the Required Hit points up, so SPAM is recognised with more points.
But the rule is still "unused" and there is also no "custom_rule_from" field :

X-Kerio-Anti-Spam:  Build: [Engines: 2.15.8.1143, Stamp: 3], Multi: [Enabled, t: (0.000035,0.004993)], BW: [Enabled, t: (0.000030)], RTDA: [Enabled, t: (0.274742), Hit: No, Details: v2.6.22; Id: 15.1i602l3.1c5tf6hjv.ia4om], total: 0(700)
X-Spam-Status: No, hits=0.0 required=5.0
	tests=KERIO_ANTI_SPAM: -0.000, UNPARSEABLE_RELAY: 0.001, TOTAL_SCORE: 0.001,autolearn=disabled
X-Spam-Level: 


An the rule is just "From address".
  •  
freakinvibe is currently offline freakinvibe

Messages: 1613
Karma: 68
Send a private message to this user
Can you check the From field in the email header, if it really contains this address? Also check if you have multiple From headers in the email (can happen if you atach and email to an email).

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Bud Durland is currently offline Bud Durland

Messages: 444
Karma: 55
Send a private message to this user
Is the service/location you are using to send the test e-mail otherwise whitelisted in the spam rules? (including local IP's)
  •  
MacSuperSonic is currently offline MacSuperSonic

Messages: 45
Karma: 0
Send a private message to this user
Bud Durland wrote on Mon, 05 March 2018 14:13
Is the service/location you are using to send the test e-mail otherwise whitelisted in the spam rules? (including local IP's)


Hi, from Field is just one time in the header, and the address is absolutely the same as in the the rule.

Bud Durland wrote on Mon, 05 March 2018 14:13
Is the service/location you are using to send the test e-mail otherwise whitelisted in the spam rules? (including local IP's)


Just in the "Greylisting" tab.

Have examined other mails from real external partner and just struggled around following thing:
In the header, the X-Spam-Status is listed two times in the same mail:

X-Kerio-Anti-Spam:  Build: [Engines: 2.15.8.1143, Stamp: 3], Multi: [Enabled, t: (0.000043,0.012545)], BW: [Enabled, t: (0.000033)], RTDA: [Enabled, t: (0.319787), Hit: No, Details: v2.6.22; Id: 15.1i604jv.1c5tf82bv.jjbn7], total: 0(700)
X-Spam-Status: No, hits=0.4 required=5.0
	tests=KERIO_ANTI_SPAM: -0.000, MSGID_FROM_MTA_HEADER: 0.401, UNPARSEABLE_RELAY: 0.001,
	TOTAL_SCORE: 0.402,autolearn=disabled
X-Spam-Level: 


and

X-Kerio-Anti-Spam: Build: [Engines: 2.15.8.1143, Stamp: 3], Multi: [Enabled, t: (0.000005,0.002169)], BW: [Enabled, t: (0.000005)], RTDA: [Enabled, t: (0.078784), Hit: No, Details: v2.6.22; Id: 15.1i6063a.1c5tf2629.jcsok], total: 0(700)
X-Spam-Status: No, hits=0.0 required=3.4
	tests=KERIO_ANTI_SPAM: -0.000, AWL: -0.000, BAYES_00: -1.665,
	MISSING_MID: 0.497, URIBL_BLOCKED: 0.001, CUSTOM_RULE_FROM: ALLOW,
	TOTAL_SCORE: -1.167,autolearn=no
X-Spam-Level: 


An in the second entry there is the "CUSTOM_RULE_FROM: ALLOW" Shocked

But in the second appearance there is an required score from 3.4. Nowhere in the UI i can find that score. Actually is set to "5.0" like shown in the first appearance, but there I'm missing the "Custom_Rule_From" is missing Sad

Why does the X-Spam appears doubled in the mail header? An the rule is still "unused" for that specific address Mad
Is it just an error in showing the "last used" field and in the background the spam filter working just fine. Will have further testing tomorrow when more mails will be arriving.
  •  
MacSuperSonic is currently offline MacSuperSonic

Messages: 45
Karma: 0
Send a private message to this user
Hello together,

keeps still the same: The SPAM filter isn't working correctly.
Set up a SPAM rule with "If 'To:' 'contain address' 'test<_at_>test.de'.
Now received multiple mails to that address, but the filter is still unused. Also the mail header doesn't show any activities from that rule:

X-Kerio-Anti-Spam: Build: [Engines: 2.15.8.1143, Stamp: 3], Multi: [Enabled,
	t: (0.000021,0.004741)], BW: [Enabled, t: (0.000034)], RTDA: [Enabled, t:
	(0.250744), Hit: Yes, Details: v2.6.22; Id: 15.1i602kl.1c7ev6l3o.3u2tb;
	ip(3284043530:842;)], total: 842(700)
X-Spam-Status: No, hits=2.6 required=5.0
	tests=KERIO_ANTI_SPAM: 2.667, TVD_SPACE_RATIO: 0.001, UNPARSEABLE_RELAY:
	0.001,
	TOTAL_SCORE: 2.669,autolearn=disabled
X-Spam-Level: **


Is there a point where I can reset the custom rules completely? Like removing a specific file in the Kerio folder an restart the server?

Thanks a lot.
  •  
stepak@ribbon.cz is currently offline stepak@ribbon.cz

Messages: 10
Karma: 0
Send a private message to this user
I have the same problems.
  •  
MacSuperSonic is currently offline MacSuperSonic

Messages: 45
Karma: 0
Send a private message to this user
The only folder I found on an windows server is:

C:\Program Files (x86)\Kerio\MailServer\plugins\spamserver\spamassassin\rules

But the files inside the folder are all last change on 2017/09/27, so not updated when saving the custom rules.

Anyone with an idea where the custom rules are stored in?
  •  
MacSuperSonic is currently offline MacSuperSonic

Messages: 45
Karma: 0
Send a private message to this user
Once again: Looking in the config log following line showing after updating the custom rules:

Update CustomRule list {{enabled="True", header="From", description="Testrule", content="test<_at_>test.de", type="2", action="1", score="20", lastUsed="0", id="keriodb://customrule/123456-abc-234s-1234c-1234567890", kind="0.0.0.0"},{enabled="True",....nexrule}


(ID is replaced by custom digits)

Any ideas?
  •  
freakinvibe is currently offline freakinvibe

Messages: 1613
Karma: 68
Send a private message to this user
The Spam rules that search the body would appear in the spamassissin folder in the file

10_kerio_admin.cf

The Spam rules that search the header are not there. They are in the file

mailserver.cfg

under the header of

<list name="HeaderFilter">

As your rule is a header rule, you have to look in mailserver.cfg.


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
MacSuperSonic is currently offline MacSuperSonic

Messages: 45
Karma: 0
Send a private message to this user
freakinvibe wrote on Wed, 07 March 2018 09:11

<list name="HeaderFilter">

As your rule is a header rule, you have to look in mailserver.cfg.



Thanks a lot!

Can somebody with an working spam filter have a look at the .cfg file. That's the Content of one filter rule.

  <listitem>
    <variable name="Header">To</variable>
    <variable name="Type">2</variable>
    <variable name="Content">test<_at_>test.de</variable>
    <variable name="Action">1</variable>
    <variable name="Score">0</variable>
    <variable name="ScoreNegative">0</variable>
    <variable name="Order">1</variable>
    <variable name="Description">TEST</variable>
    <variable name="Enabled">1</variable>
    <variable name="LastHitTimeStamp">0</variable>
    <variable name="Guid">654321-abc-234s-1234c-1234567890</variable>
    <variable name="Kind">0</variable>
  </listitem>


Still all rules are unused.
  •  
SSSamS is currently offline SSSamS

Messages: 10
Karma: 3
Send a private message to this user
I am far from an expert, but why are you using "<_at_>" in the filter? In reading through this forum post, I assumed you were putting that just to prevent links from showing up. But your cfg looks like you are literally using "<_at_>"? Try using the symbol: @

All of our filters use the symbol and work properly.
  •  
freakinvibe is currently offline freakinvibe

Messages: 1613
Karma: 68
Send a private message to this user
The AT sign is replaced by the forum software with <_at_> to prevent email address harvesting by spam bots. So I believe that MacSuperSonic has the real AT sign in his mailserver.cfg file.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
MacSuperSonic is currently offline MacSuperSonic

Messages: 45
Karma: 0
Send a private message to this user
freakinvibe wrote on Wed, 07 March 2018 16:24
The AT sign is replaced by the forum software with <_at_> to prevent email address harvesting by spam bots. So I believe that MacSuperSonic has the real AT sign in his mailserver.cfg file.


It's right. In the .cfg file there is the "at"-sign.
The forum software is replacing it with "<at>".

What's also strange: In the activity manager within Windows "Spamserver.exe" is running twice on the system. Same thing on an working configuration?

Previous Topic: Public folder - Contact
Next Topic: eM Client with Shared Folders
Goto Forum:
  

 ] [ PDF ]

Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Jun 22 07:35:58 CEST 2018

Total time taken to generate the page: 0.94280 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.