Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Large Amount of SPAM
  •  
geabaldyvx

Messages: 39
Karma: 0
Send a private message to this user
I have noticed a HUGE influx this past weekend of SPAM coming in in German.. It is passing through the system with ease... any ideas?
  •  
dbott

Messages: 47
Karma: 1
Send a private message to this user
Check to see what the X-SPAM-STATUS FLAG is in the e-mail header:

X-Spam-Status: No, hits=2.9 required=5.0
tests=BAYES_60: 1.789,CLICK_BELOW: 0,SARE_MSGID_EMPTY: 1.106

If HITS=0, then the spammers may be circumventing the filter using some devious tricks. If HITS=3 or more, then compare the HITS to a valid e-mail and adjust the spam level accordingly.

Could you also provide the following information:

1. What version of KMS are you using?
2. What limit do your have your SPAM filter set to (the default is 5.0)?
3. Are you using the BLACKLISTS options under the SMTP section of the Kerio console?
4. Copy & paste the headers from one of the spam messages. Be sure to leave all of the info intact (IP addresses & domains) as some spammers are using additional tricks to spoof the mailserver's IP address (they did it to me & I wrote a custom rule to block it).

Thanks,
Dave
  •  
keneisman

Messages: 15
Karma: 0
Send a private message to this user
We're getting it, too. It's initially passing through the bayesian filter because the filter doesn't recognize the words. Classify the SPAM and the filter learns fairly quickly to stop it. In our case, we were able to trace the IP address of the sender to another business located in our town. They are trying to track down the individual culprit.

HTH
Ken
  •  
geabaldyvx

Messages: 39
Karma: 0
Send a private message to this user
Actually boys.. it looks like Sober.P is the cause of it...

at least for us... now wether we are infected or just on the recieveing end I don't know yet...
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
I've found that most of the spam can be blocked with a more aggressive "Directory Harvast Attack" filter. This is especially effective with a large organization that has normal turnover.

Make sure that your mail exchange is not on the trusted server lists.

This lowered the average user's sober.q spam from 15/hr to less than 1/hr.

Good luck!

-Lyle M.
Previous Topic: migrating from 0.6 to 0.10
Next Topic: KMS 6.0.10 on RHEL v3
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 00:25:19 CET 2017

Total time taken to generate the page: 0.00396 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.