Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » **SPAM** comming through if relayed.
  •  
iorx

Messages: 9

Karma: 0
Send a private message to this user
SPAM coming through if relayed.

Kerio MS 6.0.6, Windows 2000 Server

Hi!

I’ve blocked some domain names "/Configuration/Spam Filter". Examples: subscribe.ru, rambler.ru with the function "From Address contains Substring".

I can see in the Security-log that the messages are rejected. But, the server delivering the messages deliver them to my secondary mail-relay server (at my ISP provider, MX[2]). From there they are gladly accepted and pass the filter without getting caught. Why?

Here are some snippets from the logs.

Nicely rejected:
[25/Jan/2005 00:17:33] Message from <news<_at_>rambler.ru> to <info<_at_>neomo.se> rejected by spam custom rules: Header From contains substring .ru.
[25/Jan/2005 01:16:18] Message from <new1<_at_>rambler.ru> to <info<_at_>neomo.se> rejected by spam custom rules: Header From contains substring .ru.

And then accepted:
[25/Jan/2005 00:17:31] SMTP: From: <news<_at_>rambler.ru>, To: <info<_at_>neomo.se>, Size: 63968, Sender-Host: relay.wineasy.se, SSL: yes
[25/Jan/2005 01:16:17] SMTP: From: <new1<_at_>rambler.ru>, To: <info<_at_>neomo.se>, Size: 4254, Sender-Host: relay.wineasy.se, SSL: yes

And here is my DNS configuration for the MX-records:
neomo.se MX preference = 1, mail exchanger = neomo.se
neomo.se MX preference = 2, mail exchanger = relay.wineasy.se

neomo.se nameserver = ns.wineasy.se
neomo.se nameserver = ns.neomo.se

----

Is it the SSL connection that prevents the from-substring-block-filter to see the From-address?

Can it be fixed? How do I prevent these mails from being accepted?

/micce
  •  
peterj

Messages: 852
Karma: 1
Send a private message to this user

Could be the fact it is rx'ed using SSL..

Have you got a custom rule that allows any mail from your secondary mx???

Also you could try setting the rejected spam to bounce rather than reject..? just a thought

Also have you got the seconday mx ip in your trusted hosts group if so it may be set not to check for spam..?
  •  
iorx

Messages: 9

Karma: 0
Send a private message to this user
Hello!

1) No, mx[2] is treated like any other sending SMTP.
2) Generate even more traffic? The sender address of SPAM is often not a valid e-mail adress. So, I think bouncing it would only result in getting a NDR back. The "If message was rejected by ‘Deny’ custom rule" is set to "Silently discard messages"
3) No trusted IP for SMTP.

Does anyone know if SMTP-SSL make KMS not to see the from address?
  •  
iorx

Messages: 9

Karma: 0
Send a private message to this user
Previous Topic: Mail rules PROBLEM
Next Topic: Security problem and Memory leak
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 04:07:47 CET 2017

Total time taken to generate the page: 0.00426 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.