| Major increases in spam in recent months [message #107268] |
Tue, 15 October 2013 20:56  |
jhtinc
Messages: 62
Registered: July 2006
Location: Boston, MA
|
|
|
|
In the last month or so, spam loads are way up on my own server and at pretty much all the sites I support. I've added Barracuda blacklists to many of the servers in the hopes of stemming the tide, but it looks like there is spam flowing above and beyond the ability of blacklists to keep up.
The major thing it seems to my view is that the spam tech in Kerio isn't keeping up as fast as I see some of the other systems keeping up. I'd like this to be a focus area as best as possible in the next release of Connect (or even the next available minor release) - SpamAssassin itself just is getting easier and easier to defeat, it seems. Maybe it's time to plug in a new antispam engine.
|
|
|
|
|
|
| Re: Major increases in spam in recent months [message #107279 is a reply to message #107275] |
Wed, 16 October 2013 13:02  |
jhtinc
Messages: 62
Registered: July 2006
Location: Boston, MA
|
|
|
|
Yeah - I have pretty tight controls on most servers I run (tag at 3 typically, block at 5 or less, and add at least 3 points for each blacklist hit). I think part of it is that SpamAssassin seems to be pretty much a dead project, and there really haven't been updates over the last few years to deal with the newer spam techniques.
Until recently, between what SpamAssassin could still do and the other scoring methods, greylisting, and blacklist lookups, it was holding up - but the spammers have taken the lead in the arms race. My volumes of blocked mail are up as well.
Looking at my spam logs, though, nothing is really being scored effectively any more. All the spam catching is happening through the blacklists (usually either Spamhaus, Spamcop, or Barracuda).
|
|
|
|
| Re: Major increases in spam in recent months [message #107282 is a reply to message #107268] |
Wed, 16 October 2013 16:23 |
McIrish
Messages: 254
Registered: October 2011
|
|
|
|
|
I'm in agreement. Im getting a ton of complaints about the increase in spam we are seeing. I'm sure some of it is self-induced by poor web habits, but I feel I should be able to control it better. I think we are going to look at further screening on the firewall level next. It's an added cost, but I have to do something to get a handle on spam.
|
|
|
|
| Re: Major increases in spam in recent months [message #107287 is a reply to message #107282] |
Wed, 16 October 2013 20:00 |
Lyle M
Messages: 59
Registered: August 2004
Location: Frederick, MD
|
|
|
|
Allow me to add a 'me too.'
I'm sure I could configure things a little better. Even so, I find my efforts to stem the tide are less effective than in prior years.
We're seriously considering using a 3rd party service.
I've also considered subscribing to the Invaluement lists:
http://dnsbl.invaluement.com/ivmsip/
Whenever I do a blacklist lookup on fresh items in my spam folder, the IP is often already on their lists.
I also wouldn't mind seeing a weighted spam scoring system. If an incoming server has multiple blacklist hits, I like to have an option to curve the score higher than just the cumulative score assigned to each blacklist.
Cheers.
|
|
|
|
| Re: Major increases in spam in recent months [message #107290 is a reply to message #107282] |
Wed, 16 October 2013 22:39 |
Machete
Messages: 187
Registered: February 2012
Location: United States
|
|
|
|
McIrish wrote on Wed, 16 October 2013 10:23I'm in agreement. Im getting a ton of complaints about the increase in spam we are seeing. I'm sure some of it is self-induced by poor web habits, but I feel I should be able to control it better. I think we are going to look at further screening on the firewall level next. It's an added cost, but I have to do something to get a handle on spam.
Ditto!
I mentioned something about 2 months ago here: http://forums.kerio.com/m/105252/ and MarkK you will see gave me some great suggestions. I still have not implemented and still have a huge spam problem. Just thought I'd share his input for my scenario.
|
|
|
|
| Re: Major increases in spam in recent months [message #107294 is a reply to message #107268] |
Thu, 17 October 2013 01:26 |
MarkK
Messages: 342
Registered: April 2007
|
|
|
|
I still suggest spending sometime reading the spam headers and making rules for what you are receiving. (Thanks Machete for the mention in the previous reply.) It does take some time, and it can be frustrating, but it can yield much better catch results.
Spams are getting better at avoiding the filters though. So every once in awhile I have to go through and see if I can tweak scores some more. There are some spams that just don't hit enough rules though.
I find myself looking the Received: headers and creating custom rules that use substrings found in them. For instance, we were getting hit by 'Wells Fargo - here are some documents for you' spams. Though these emails were scoring high on the spam-o-meter, I had a custom rule that was allowing From: wellsfargo.com, but looking in the Received: headers it was obvious that the email was forged. Switching my Allow rule to look at Received: instead of From: has stopped those stupid spams.
|
|
|
|
|
|
| Re: Major increases in spam in recent months [message #107312 is a reply to message #107290] |
Thu, 17 October 2013 16:09 |
 |
sascha.feider
Messages: 12
Registered: March 2013
Location: Leverkusen
|
|
|
|
Machete wrote on Wed, 16 October 2013 22:39
I mentioned something about 2 months ago here: http://forums.kerio.com/m/105252/ and MarkK you will see gave me some great suggestions. I still have not implemented and still have a huge spam problem. Just thought I'd share his input for my scenario.
I've just implemented theses suggestions, adding / modifying some rule according to our business specifics
Also we added some custom rules, scanning for typical spam subjects
we'll see
|
|
|
|
|
|
|
|
| Re: Major increases in spam in recent months [message #108316 is a reply to message #107308] |
Mon, 18 November 2013 15:59 |
gbalbach
Messages: 18
Registered: September 2006
Location: West Chester ,PA
|
|
|
|
HoosierMac wrote on Thu, 17 October 2013 06:55We run a dedicated Spam filter (CanIT from Roaring Penguin) and it's made a world of difference. Plus we lock down our hosted Kerio servers to only accept email from the spam filter, thus cutting out a lot of direct spam.
We gave up on Kerio's built-in spam filter as it kept getting overwhelmed. We have users getting THOUSANDS of spam emails each day and they are down to maybe 1-2 now.
Which Canit system did you go with?
|
|
|
|
|
|
| Re: Major increases in spam in recent months [message #108335 is a reply to message #108316] |
Tue, 19 November 2013 05:40 |
invaluement
Messages: 4
Registered: August 2008
|
|
|
|
POST HEAVILY REVISED ON 5/3/2015 DUE TO NEW INFO:
-------------------------------------------------
HUGE UPDATE FOR INVALUEMENT:
(1) there IS a direct query option for invaluement, as I had mentioned... AND... NEW INFO...
(2) now there isn't a need to add conditional forwarders to use invaluement (for the direct query access method, and if using our latest instructions)
(3) queries to our two IP-based blacklists (ivmSIP and ivmSIP/24) are 100% compatible with Kerio's "use DNSBL's server directly" feature--so that past compatibility issue is fixed
(4) And we published a new web site in late April 2015 that is MUCH easier to understand! Sorry for all the "growing pains" and past confusion!
Rob McEwen
http://dnsbl.invaluement.com/
[Updated on: Mon, 04 May 2015 03:19] Report message to a moderator |
|
|
|
| Re: Major increases in spam in recent months [message #108336 is a reply to message #107312] |
Tue, 19 November 2013 09:54 |
|
sascha.feider
Messages: 12
Registered: March 2013
Location: Leverkusen
|
|
|
|
1 month after reconfiguring our spam filters:
- we're only kerio's builtin features
spam is down to nearly 10 messages per day, for 100 users. that means 1 message per 10 users.
one message ist filtered through several dns request, spam assassin and some custom rules, adding score by subject filters
the subject filters took about one week, by daily adjusting and manually checking already tagged mails
|
|
|
|
Members
Search
Help
Register
Login
Home
