Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Bug in custom message rules 6.0.x
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
To battle the sober.q trojan I refined our custom message rule set (Spam Filer:Spam Rating) to block all instances of our spam trap e-mail address (foo<_at_> We were "fortunate" that our spam trap address was appearing on quite a few of the incoming junk messages.

Filters were created for each of the headers that could contain the spam trap address (To, From, CC, X-Envelope-To, Sender). I used the substring option so I could specify "foo" instead of "foo<_at_>" to ensure that all of our domain aliases were covered.

Then, with scanning of trusted relay agents enabled (the only trusted agents being our servers on our public T1 segment), I began my testing. From an external mailserver (but part of the same ISP), I sent a message that contained the header "From: foo<_at_>" to my work account. The message never arrived, but the "last used before" column did not indicate the hit. Also, the debug log (spam filter processing) did not indicate the DENY rule was utilized. So, good that the message was blocked, bad that there is no logging to indicate what happened.

I sent the same e-mail from another external mailserver (outside our ISP) and the filter functioned as it should - entry in log, incremented "last used" counter. So, different sending mailservers produce varied results?!?

Our spamtrap address does have a mail account attached to it so senders won't get a "no mailbox" reply. If everything is working properly, there should never be any mail in the spamtrap account. Everything is not working properly. Of the 20 message headers I've checked so far, they all have foo<_at_> in the x-envelope-to header. Although that's one of our custom rules, it is listed as unused and is obviously not blocking mail.

I'll keep pooring over the logs and turn on more options in the debug log. But, if anyone has a clue that could save me the effort, it would certainly be appreciated.
Previous Topic: E-Mail Template Files
Next Topic: 6.0.10 feedback
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 18:32:22 CET 2017

Total time taken to generate the page: 0.00344 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.