Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » DNS blacklist not adding spam score?
  •  
gryphon

Messages: 28
Karma: 0
Send a private message to this user
Hello,

I have noticed that using the option for the DNS blacklist lookups to add to the spam score rather than block completely doesn't actually do anything.

Here is an example:
[18/Dec/2005 08:15:26] IP address 210.213.191.247 found in DNS blacklist SORBS DNSBL, mail from <mailer-daemon<_at_>aol.com> to <my<_at_>address.co.uk>

Notice it doesn't say "rejected" at the end like it would if it wasn't set to add a spam score. I have set SORBS lookups to increase the spam score by 0.4. But here is a paste from the mail header.
X-Spam-Status: No, hits=4.7 required=5.0
	tests=BAYES_50: 1.567,DATE_IN_PAST_96_XX: 0.979,MISSING_MIMEOLE: 0,
	NO_REAL_NAME: 0.336,PRIORITY_NO_NAME: 1.836

You can see it didn't add the 0.4 for the sender being in the SORBS DNSBL, if it had, this would have taken the score over the threshold.

I have seen this happen on several occasions, and I am yet to see it working. Is this working for anyone else? Is it a known bug? Any help will be appreciated.

Many thanks,
Tom
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Are you sure this e-mail corresponds to the log entry?
Score from DNS blacklist tests is added to the total score, however the name of the test is not mentioned in X-Spam=Status description.

According to the e-mail headers, no additonal score has been added to the total score.
  •  
gryphon

Messages: 28
Karma: 0
Send a private message to this user
Yes, this is definately the same email. My server isnt THAT busy, so its not hard to find the correct one. A little more of the header is here as proof:

Return-Path: <mailer-daemon<_at_>aol.com>
X-Envelope-To: my<_at_>address.co.uk
X-Virus-Found: W32/Netsky.d<_at_>MM
X-Spam-Status: No, hits=4.7 required=5.0
	tests=BAYES_50: 1.567,DATE_IN_PAST_96_XX: 0.979,MISSING_MIMEOLE: 0,
	NO_REAL_NAME: 0.336,PRIORITY_NO_NAME: 1.836
X-Spam-Level: ****


And yes, I only have one email from that address (and only one email to that address all morning) So there is no doubt this is the correct email.

A common factor is that the mails found in SORBS (which should add spam score) have also had viruses in them, is there a chance this is affecting the process of adding spam score? Unfortuantly I have never had a mail that should be adding spam level that hasn't had a virus in it, so I cannot prove this..
  •  
gryphon

Messages: 28
Karma: 0
Send a private message to this user
I have another email fitting the same criteria and again, no spam score was added (again, a virus was found)

[20/Dec/2005 09:48:34] IP address 210.213.140.188 found in DNS blacklist SORBS DNSBL, mail from <inan<_at_>solnet.ch> to <my<_at_>address.co.uk>


Return-Path: <inan<_at_>solnet.ch>
X-Envelope-To: my<_at_>address.co.uk
X-Virus-Found: W32/Netsky.d<_at_>MM
X-Spam-Status: No, hits=4.7 required=5.0
	tests=BAYES_50: 1.567,DATE_IN_PAST_96_XX: 0.979,MISSING_MIMEOLE: 0,
	NO_REAL_NAME: 0.336,PRIORITY_NO_NAME: 1.836
X-Spam-Level: ****


Here is the log showing the activation of the SORBS spam score
[17/Dec/2005 18:54:13] Admin - update DnsBlacklists set Score='4' where Domain='dnsbl.sorbs.net'


Could this be a bug? It seems very strange..

Thanks again,
Tom

[Updated on: Tue, 20 December 2005 19:34]

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Try to set blacklist score to 1.0. It seems that score less than 1 point is not added to the total result.
  •  
gryphon

Messages: 28
Karma: 0
Send a private message to this user
I was waiting for an email to come through to confirm this, but it has yet to happen.

But I will thank you anyway, cheers :)
Previous Topic: Feature Request for Group Scheduling
Next Topic: Virus scanner to add spam score? + order of operations
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 10:38:52 CET 2017

Total time taken to generate the page: 0.00459 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.