Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Spam Score Too Low
  •  
Theodor

Messages: 1
Karma: 0
Send a private message to this user
Hi,

since the last Kerio Mailserver update, I get too much spam like the following one which were filtered in the past:
Return-Path: <spam<_at_>adress.com>
X-Envelope-To: user<_at_>localhost
X-Spam-Status: No, hits=3.5 required=4.0
	tests=ALL_TRUSTED: -2.867,BAYES_99: 4.07,DATE_IN_PAST_24_48: 0.133,
	SARE_RECV_IP_218080: 1.666,TJ_EMPTY_SUBJECT: 0.5
X-Spam-Level: ***
Return-Path: <spam<_at_>adress.com>
Delivery-Date: Sat, 17 Dec 2005 20:24:51 +0100
Received: from [218.81.184.92] (helo=epatra.com)
	by mx.kundenserver.de (node=mxeu2) with ESMTP (Nemesis),
	id 0MKpdM-1En12l31O1-0000ep for user<_at_>extdomain.com; Sat, 17 Dec 2005 20:24:51 +0100
Message-ID: <0060A0F1.9BBD345<_at_>epatra.com>
Date: Fri, 16 Dec 2005 06:01:07 +0200
From: "Marika" <spam<_at_>adress.com>
User-Agent: QUALCOMM Windows Eudora Version 5.1
X-Accept-Language: en-us
MIME-Version: 1.0
To: "Ju" <user<_at_>extdomain.com>
Subject: FW: Honestly, it is time you had a greatgift
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
Envelope-To: user<_at_>extdomain.com

The problem is that this email would easily match the spam score without the "ALL_TRUSTED". I don't know where this comes from. Can anybody help me?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user

Test ALL_TRUSTED is a part of integrated SpamAssassin engine and adds a negative score for e-mails that were sent within the server itsself - there are no Received: headers in e-mail headers. Therefore, the spam filter thinks that such e-mail was not received from another SMTP server but directly from the client.

The only solution is to set score for this filter to zero in configuration file spamassassin/rules/50_scores.cf

score ALL_TRUSTED 0.0 0.0 0.0 0.0


Please note, this file may be overwritten on KMS upgrade.
  •  
Gidigan

Messages: 14
Karma: 0
Send a private message to this user
Hello!

After updating to KMS 6.1.2 a lot more spam is passing through the spam filter like before. Did you change anything essentialy?

Regards,

Oliver Gidigan
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Had the same problem.

I edited 20_compensate.cf (put a "#" in front of the three "ALL_TRUSTED" lines) and that worked.

But I think Pavel's solution is more elegant.

Regards, Pascal

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
bperkins

Messages: 359
Karma: 0
Send a private message to this user
If you edit these files, do you have to restart KMS?
  •  
Kerio_jthomas

Messages: 511
Karma: 1
Send a private message to this user
Brian:

I believe you have to restart KMS.

Cheers,
Joshua

Joshua Thomas
Technical Support Manager
2350 Mission College Blvd, Suite 400
Santa Clara, CA 95054
Phone: (408) 496-4500
Fax: (408) 496-6902
http://www.kerio.com/support.html

  •  
tpalmer

Messages: 61
Karma: 0
Send a private message to this user
Small note - rather than making changes to any of the regular .cf files, make your changes in local.cf (in the rules dir). Avoids your changes getting stomped on when upgrading.

So, instead of commenting out ALL_TRUSTED in 20_compensate.cf , put into local.cf:
score ALL_TRUSTED 0.000 0.000 0.000 0.000

At least thats how it works w/ SA in general. I'll be testing for sure how this works in KMS 6.1.2 tonight.

But - the original question wasn't answered. The sample email actually does have Received headers, so why does it get an ALL_TRUSTED score?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
tpalmer wrote on Mon, 09 January 2006 20:49

But - the original question wasn't answered. The sample email actually does have Received headers, so why does it get an ALL_TRUSTED score?


There is only one Received header in the email. This header was generated by receiving server thus there is no header from sending SMTP server. The email looks like sent from SMTP client (trusted agent) instead of SMTP server.
  •  
tpalmer

Messages: 61
Karma: 0
Send a private message to this user
Yup, got it.

And there's no reliable way to tell if an smtp client is legit or not I suspect (POP3 clients won't come from localhost, forwarding servers won't either, although IMAP/KOC and HTTP do). Too bad, since malware is so often sent direct from compromised end nodes.

Previous Topic: Spam blacklist checking of all relays in mail headers
Next Topic: POP3 Server Connection Broken
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 20:56:35 CET 2017

Total time taken to generate the page: 0.00678 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.