Home » GFI User Forums » Kerio Connect » The new Kerio anti-spam system generating many false positives (what is the best practice in this situation?)
| The new Kerio anti-spam system generating many false positives [message #130073] |
Tue, 31 May 2016 12:31  |
lodewijk
Messages: 50
Registered: August 2005
Location: Amsterdam
|
|
|
|
Let me start by saying we are very happy with the new Bit defender anti spam system Kerio recently launched, we use it on about 10 Kerio Connect servers now and it's working very well!
except for one server 
many good emails get tagged as spam, and im not sure what the best course of action is when this happens...
(for now I lowered the Kerio Anti-spam configuration setting; contribution to spam rating to "Moderate" (down from Normal)
Here are some of the headers of the good emails being moved to the spam folder;
X-Spam-Flag: YES
X-Spam-Status: Yes, hits=6.9 required=5.0 tests=KERIO_ANTI_SPAM: 6.667, HTML_FONT_LOW_CONTRAST: 0.227, HTML_MESSAGE: 0.001, T_REMOTE_IMAGE: 0.01, TOTAL_SCORE: 6.905,autolearn=disabled
References: <CO2PR0501MB88830226D49238A1B58A5AA884A0@CO2PR0501MB888.namprd05.prod.outlook.com> <C91923E4-8A26-4DE9-8B43-E86FB191B27F@studiodoen.nl> <CO2PR0501MB888D40F3B78D002B932B606884E0@CO2PR0501MB888.namprd05.prod.outlook.com> <16B34ED5-3B43-44EA-9F48-BECAB3C623B5@studiodoen.nl> <SN2PR0501MB896A30E335FFB30CDDABD9D88400@SN2PR0501MB896.namprd05.prod.outlook.com> <CB94C57F-5282-4D46-8903-DDD3C3F5B67A@studiodoen.nl> <SN2PR0501MB8965983C4B7DC12A58791C288400@SN2PR0501MB896.namprd05.prod.outlook.com> <2AB3865B-441A-4690-8280-25DA73B147E2@studiodoen.nl> <CO2PR0501MB8880025BA313C74C2F6B40D88420@CO2PR0501MB888.namprd05.prod.outlook.com> <83C71E1B-ECF5-41C6-9A80-62B9455FDAAF@studiodoen.nl> <CO2PR0501MB8886DB08DE72A7D1B43D5D188420@CO2PR0501MB888.namprd05.prod.outlook.com> <SN1PR05MB2301CCF038A7CA2EBF30193293420<_at_>SN1PR05MB2301.namprd05.prod.outlook.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_971498E4-3839-4ADD-90E9-897A2CF40CA1"
X-Kerio-Anti-Spam: Build: [Engines: 2.15.7.1024, Stamp: 3], Multi: [Enabled, t: (0.000034,0.041069)], BW: [Enabled, t: (0.000007)], RTDA: [Enabled, t: (0.073482), Hit: Yes, Details: v2.4.0; Id: 2m1gj0t.1ajmnok4n.23m2p; ip(1)], total: 843(700)
X-Spam-Status: Yes, hits=7.1 required=5.0 tests=KERIO_ANTI_SPAM: 6.000, HTML_IMAGE_ONLY_16: 1.188, HTML_MESSAGE: 0.001, TOTAL_SCORE: 7.189,autolearn=disabled
X-Spam-Flag: YES
X-Kerio-Anti-Spam: Build: [Engines: 2.15.7.1024, Stamp: 3], Multi: [Enabled, t: (0.000008,0.003011)], BW: [Enabled, t: (0.000008)], RTDA: [Enabled, t: (0.099949), Hit: Yes, Details: v2.4.0; Id: 2m1gj30.1ajjro70g.bfcjm;
X-Spam-Flag: YES
X-Spam-Status: Yes, hits=6.6 required=5.0 tests=KERIO_ANTI_SPAM: 6.667, HTML_MESSAGE: 0.001, TOTAL_SCORE: 6.668,autolearn=disabled
References: <D759CA8AD397FC41AAD931C08C6AD9DD29186651<_at_>C2F-MX-01.C2F.local>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4A26E41A-6AB2-4A75-887B-F5ABB62AFCD2"
X-Kerio-Anti-Spam: Build: [Engines: 2.15.7.1024, Stamp: 3], Multi: [Enabled, t: (0.000009,0.006148)], BW: [Enabled, t: (0.000007)], RTDA: [Enabled, t: (0.098512), Hit: Yes, Details: v2.4.0; Id: 2m1gj1c.1aj6jo3m9.gc5e2; ip(1)], total: 843(700) |
|
|
|
|
|
| Re: The new Kerio anti-spam system generating many false positives [message #130075 is a reply to message #130074] |
Tue, 31 May 2016 13:25  |
lodewijk
Messages: 50
Registered: August 2005
Location: Amsterdam
|
|
|
|
here is a full header (i did x out a few details of the client)
and I guess being an "internal" black list there is no delisting option at Bitdefender right?
What would be the best way to "white-list" these is kerio? add the sending IP's to the IP white-list list?
Or make a custom rule and add the sending domain to not mark as spam?
X-Spam-Level: ******
X-Original-Subject: Re: Feedbackbestand PowerDeals
In-Reply-To: <D759CA8AD397FC41AAD931C08C6AD9DD29186651<_at_>C2F-MX-01.C2F.local>
Return-Path: <cees<_at_>xxx.xx>
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Message-Id: <D459F8BA-14CD-4FEE-9C58-D64528D4CF41<_at_>xxx.xx>
X-Mailer: Apple Mail (2.3112)
X-Footer: c3R1ZGlvZG9lbi5ubA==
X-Spam-Flag: YES
X-Spam-Status: Yes, hits=6.6 required=5.0 tests=KERIO_ANTI_SPAM: 6.667, HTML_MESSAGE: 0.001, TOTAL_SCORE: 6.668,autolearn=disabled
References: <D759CA8AD397FC41AAD931C08C6AD9DD29186651<_at_>C2F-MX-01.C2F.local>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4A26E41A-6AB2-4A75-887B-F5ABB62AFCD2"
X-Kerio-Anti-Spam: Build: [Engines: 2.15.7.1024, Stamp: 3], Multi: [Enabled, t: (0.000009,0.006148)], BW: [Enabled, t: (0.000007)], RTDA: [Enabled, t: (0.098512), Hit: Yes, Details: v2.4.0; Id: 2m1gj1c.1aj6jo3m9.gc5e2; ip(1)], total: 843(700)
Received: from [192.168.3.78] ([87.213.53.42]) (authenticated user cees<_at_>xxx.xx) by mail.xxx.xx (Kerio Connect 9.0.4) with ESMTPSA (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256 bits)); Fri, 27 May 2016 13:25:00 +0200
**SPAM** Re: Feedbackbestand PowerDeals |
|
|
|
|
|
| Re: The new Kerio anti-spam system generating many false positives [message #130396 is a reply to message #130073] |
Wed, 15 June 2016 23:23 |
EdRoxter
Messages: 59
Registered: January 2009
Location: Germany
|
|
|
|
I'm running BitDefender Anti-Spam for Unices on a setup together with Postfix, and I'm having the same issue.
The RTDA test is the BitDefender Cloud Scanner (something along the lines of "Real Time Data Analysis"), and whenever I turn it on, nearly all legitimate mails get flagged as spam by this filter. As soon as I turn it off, no false positives anymore, but quite a bunch of false negatives.
Range of false positives with cloud scanning enabled was from Cron e-mails from different servers to legitimate business mails and test mails sent from another server - even when I sent a test mail via GMX, one of Germany's biggest e-mail providers, it would get flagged as spam by BitDefender (but, as mentioned, only with cloud scanning enabled).
This is not good. On the other hand, without the cloud scanning, BitDefender is more or less equally as useful as SpamAssassin in terms of false negatives.
If I get any answer from BitDefender, I'll post it here!
|
|
|
|
| Re: The new Kerio anti-spam system generating many false positives [message #130716 is a reply to message #130396] |
Wed, 06 July 2016 12:36 |
EdRoxter
Messages: 59
Registered: January 2009
Location: Germany
|
|
|
|
I contacted them about several e-mails under
http://www.bitdefender.com/support/contact-us.html?last_page =BusinessCategory
(Product: Kerio Antispam for Mail Servers)
I attached some of the mails including headers for examination. Their response was quick and helpful, and they adjusted their Cloud Rating systems according to the "Ham" mail I submitted.
I also lowered the filter's aggressivity, which may be equal to the "Contribution to spam rating: moderate" setting in Kerio Connect. And they appear have to made some general adjustments to their spam rating service recently.
So overall, everything works way better for me than it did a few weeks ago - no false positives anymore, and hundreds and thousands of correct positives. Can you confirm that for now?
|
|
|
|
|
|
Goto Forum:
Current Time: Sat Jun 10 03:18:34 CEST 2023
Total time taken to generate the page: 0.02265 seconds
|
Members
Search
Help
Register
Login
Home
