Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Spam Assassin not working so well
  •  
chubby

Messages: 9
Karma: 0
Send a private message to this user
Is it me, or have the last couple releases gone backwards with regards to spam detection?

I first noticed it with 6.1.2, and it seems to have taken another step backwards with 6.1.3.

Some of my clients who use Kerio have also noticed it. Perhaps I'm missing some configuration somewhere.

I wanted to get everone elses opinion before creating a ticket.

Thanks
  •  
Kerio_jthomas

Messages: 511
Karma: 1
Send a private message to this user
I guess I may as well comment.

There is a bug in the Bayesian learning part of the SpamAssassin engine. We are still working to reproduce and understand the root cause of it. It appears spam are sometimes not 'learned' by the engine.

I'm confident we'll have it fixed soon.

Joshua Thomas
Technical Support Manager
2350 Mission College Blvd, Suite 400
Santa Clara, CA 95054
Phone: (408) 496-4500
Fax: (408) 496-6902
http://www.kerio.com/support.html

  •  
chubby

Messages: 9
Karma: 0
Send a private message to this user
Thank you for the post. We'll wait for a fix.
  •  
easiconseil

Messages: 144
Karma: 0
Send a private message to this user
Kerio_jthomas wrote on Mon, 27 March 2006 18:22

I guess I may as well comment.

There is a bug in the Bayesian learning part of the SpamAssassin engine. We are still working to reproduce and understand the root cause of it. It appears spam are sometimes not 'learned' by the engine.

I'm confident we'll have it fixed soon.



Do you have a date for the fix ?

--
MaT
Courriel : mat<_at_>pnymail.com
--------------------------------
  •  
mbiit

Messages: 1
Karma: 0
Send a private message to this user
Any updates on this?
  •  
rrich

Messages: 9
Karma: 0
Send a private message to this user
I've noticed a marked decrease in SPAM identification as well...i was assuming folks were using better avoidance techniques, but most of the stuff that looks very SPAMmy still gets fairly low scores...for example, this message body:

---start----
V A L I h U M

C I A L d I S

X A N A w X

A M d B I E N

V I A w G R A

http://www.flanderapustos.com
---end----

Had this X-Spam-Status:

No, hits=1.9 required=4.5 tests=BAYES_00: -1.665,HTML_80_90: 0.036,HTML_MESSAGE: 0.001

I've dropped many of the parameters i can find, but if i go too much lower i start grabbing a higher percentage of ham....
  •  
sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
SPAM learning is becoming a real PITA! Users are complaining and are beginning to stop using the mark as spam functions, compounding the problem.

How about patch 2?!
  •  
rrich

Messages: 9
Karma: 0
Send a private message to this user
Another one from this morning.

Note the spam score is 0!


--visible message--

A m b t e n
M e r t d i a
V t a g r a $ 3 , 3 l
X & n a x
S o m &
C / a l i s $ 3 , 7 5
V a l t u m $ l , 2 1

http://www.opesahetylon.com
--end visible messge--


--message source--
Return-Path: <eceubartm<_at_>eoi.es>
X-Envelope-To: info<_at_>gsti.net
X-Spam-Status: No, hits=0.0 required=4.5 tests=BAYES_00: -1.665,HTML_70_80: 0.039,HTML_MESSAGE: 0.001
X-Spam-Level:

Received: from eoi.es ([193.249.231.244])
by miller.gsti.net
for info<_at_>gsti.net;
Wed, 19 Apr 2006 09:10:46 -0400
Message-ID: <000001c663b2$9a304120$4a35a8c0<_at_>rvq51>
Reply-To: "Ece Bartmess" <eceubartm<_at_>eoi.es>
From: "Ece Bartmess" <eceubartm<_at_>eoi.es>
To: info<_at_>gsti.net
Subject: Re: about AmMBtEN
Date: Wed, 19 Apr 2006 09:10:16 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0001_01C66391.131EA120"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

This is a multi-part message in MIME format.

------=_NextPart_000_0001_01C66391.131EA120
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

=20
A m b t e n=20
M e r t d i a=20
V t a g r a $ 3 , 3 l
X & n a x=20
S o m &=20
C / a l i s $ 3 , 7 5
V a l t u m $ l , 2 1
=20
http://www.opesahetylon.com

------=_NextPart_000_0001_01C66391.131EA120
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>&nbsp;</DIV>

<DIV> A m b t e n </DIV>
<DIV> M e r t d i a </DIV>
<DIV><STRONG> V t a g r a &nbsp; $ 3 , 3 l</STRONG></DIV>
<DIV> X & n a x </DIV>
<DIV> S o m & </DIV>
<DIV><STRONG> C / a l i s &nbsp; $ 3 , 7 5</STRONG></DIV>

<DIV><STRONG> V a l t u m &nbsp; $ l , 2 1</STRONG></DIV>
<DIV>&nbsp;</DIV><DIV><A =
href=3D"http://www.opesahetylon.com">http://www.opesahetylon.com</A></DIV=
></BODY></HTML>
------=_NextPart_000_0001_01C66391.131EA120--

--end message source--
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Actually, this would not happen if you are using correct combination of spam methods. For instance, the server address is currently listed on 21 blacklists. You can check it for example here: http://www.mxtoolbox.com/blacklists.aspx

Since DNS blacklists may sometimes produce false-positives, it is recommended to set them to add spam score instead of blocking. So it could be easily overrided by custom spam rules (add negative spam score for particular senders or domains).
  •  
rrich

Messages: 9
Karma: 0
Send a private message to this user
>Actually, this would not happen if you are using correct combination of spam methods.

Isn't it obvious that we are trying to determine what the 'correct combination' for KMS is?

>For instance, the server address is currently listed on 21 blacklists.

21 blacklists managed by four organizations (SORBS, FIVETEN, BLARSBL and NJABLDYNA), three of which i've never heard of and one of which (SORBS) Kerio has recommended we disable due to false positives (advisory at the top of this forum)

I have not added any custom blacklists to my KMS installation as I have been hammered by them in the past. I did, however, increase the score index of the ones that are in there by default...none of which identify this sender as a spammer. Are there any other lists that Kerio recommends we use? FIVETEN is managed out of singapore, and BLARSBL is managed 'by Blars at his whim', and and actually lists our MTA (probably because we're on a business cable connection)

[Updated on: Wed, 19 April 2006 15:44]

  •  
sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
rrich wrote on Wed, 19 April 2006 09:41

Are there any other lists that Kerio recommends we use? FIVETEN is managed out of singapore, and BLARSBL is managed 'by Blars at his whim', and and actually lists our MTA (probably because we're on a business cable connection)


I'm not kerio, but we have had good results with list.dsbl.org & sbl-xbl.spamhaus.org.
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
We're currently using following DNS blacklists

index.php?t=getfile&id=860&private=0

  • Attachment: blacklist.jpg
    (Size: 25.83KB, Downloaded 1542 times)

Petr Dobry
Product Development Manager | Kerio
  •  
tpalmer

Messages: 61
Karma: 0
Send a private message to this user
I'm glad to see this topic, as I'm having the same feeling about bayes being thick headed, and glad to see the ack of the problem.

As for lists, one of my favorite is cbl.abuseat.org.
  •  
rscurran

Messages: 4
Karma: 0
Send a private message to this user
I'm just adding my comments to strengthen the frustration mentioned in this post. The spam learning is not working well and our users are becoming frustrated. We use blacklists and our users are actively attempting to help the spam learning process. It's most frustrating when the most obvious spam receives a 0.0 score.

I hope something is done quickly so we don't have to implement another product or workaround to solely to address spam.
Kerio_jthomas

Messages: 511
Karma: 1
Send a private message to this user
The Bayesian filter is not well understood. For example, did you realize you need to mark at least 200 messages as spam and 200 as not spam before it starts working?

Here is an article we just published on this topic: http://support.kerio.com/kb/405

Cheers,
Joshua

Joshua Thomas
Technical Support Manager
2350 Mission College Blvd, Suite 400
Santa Clara, CA 95054
Phone: (408) 496-4500
Fax: (408) 496-6902
http://www.kerio.com/support.html

Previous Topic: Kerio Outlook Connector and 2 accounts
Next Topic: Entourage - IMAP accounts having difficulty downloading all messages from Sent Items
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 17 22:00:53 CET 2017

Total time taken to generate the page: 0.00590 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.