V3 Spam Protection Problem

[rbueno]

Hi all,

I have enabled the Spam Protection Filter with the default values but I don't see any entry in the log files and the messages don't show up any header added by the Spam Protection filter. I have moved the System Spam Filter to the top and the botton of the filter list with the same results
What can be wrong in my config?

Thanks
Roberto

[GarethSyb]

I also get an error '13' when i try and add honeypot mail address.

Now i found a text file saying this is corrected in edition 3.02 yet in my mailenable online account, it doesen't say there is any upgrade path to version 3.02 to resolve this error.

There is simply one hotfix.

My spam filters aren't functioning at all and they were seemingly very easy to setup according to the manual.

[MailEnable-Ben]

The version 3.02 or the latest from the MailEnable web site does fix the problem with the error 13.

If the filter is not firing and your actions within web mail for the LOW, MEDIUM and HIGH are not occuring then the message did not fail the script.

For testing you may like to change all the positive values in the Spam Protection properties to 100 this will ensure that if a message comes through that meets the criteria it does fail. Also make sure you do not test by sending with an account that has authenticated.

[isaak]

MailEnable-Ben,

My Spam Protection filtering is not firing either. I did what you said in your last post. I changed all the positives values properties to 100 and negative values to 0.

And is not working since I still get spam.
I have disabled greylisting and DNS reverse and URL lookup in order to let all the spam come through.

As you can see in this header, the SPF test shows softfail.
And if in spam protection I have positive value 100, then it sould fire the filter and take the action I have configured in the spam rules at the users webmail, right?

Code: Select all

Received: from [201.36.254.230] ([201.36.254.230]) by domain.com with MailEnable ESMTP; Wed, 17 Oct 2007 19:42:00 -0600
Received: by 10.181.64.234 with SMTP id QFFDXynlNzFmp;
	Wed, 17 Oct 2007 22:42:04 -0300 (GMT)
Received: by 192.168.138.172 with SMTP id imCrBhPlWZeHIM.5077253369155;
	Wed, 17 Oct 2007 22:42:02 -0300 (GMT)
Message-ID: <000201c81128$12e1c890$e6fe24c9@particul8bdf14>
From: "crg Ling" <crg.Ling@fjmj.cn>
To: <user@domain.com>
Subject: lankinen
Date: Wed, 17 Oct 2007 22:41:59 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0003_01C8110E.ED949090"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3028
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
Received-SPF: softfail (domain.com: transitioning domain of fjmj.cn does not designate 201.36.254.230 as permitted sender)
	client-ip=201.36.254.230;
Return-Path: <crg.Ling@fjmj.cn>

What could be wrong? Anything I forgot to configure?
Bayesian is off by the way. I dont know if its related. I dont think so.

Filter logs? Nothing... they are blank.

[MailEnable-Ben]

It looks like the only thing that would fail in this header is;

Received-SPF: softfail

If the softfail value is set to 100 then it should fail with a value and get a header line added, unless the sender has authenticated.

If you can confirm that this is set to 100 points as you have outlined and your normal global filters are working then please submit a support request via the MailEnable web site. Submit this one as a classification of defect so you are not charged. By the way also make sure you are running the latest version.

[isaak]

Ben,


I could have confirmed you that the softfail value was set to 100, but I couldnt confirm you that normal global filters were working since I didnt have any configured. So I configured one and restart all MailEnable Services.

Then it started to work. Global filters and Spam Protection Filter.
Now emails are being marked with the rank header.

So far I configured all the values to default and will be making some test to see if everything is fine.

I will keep you posted with any relevant issues, if I find any.


Thank you.

[isaak]

Ok, now all the values are back to default.

I disabled the global filter I created before.

And now Spam Protection is not triggering again....


Do I have to setup a global filter to fire Spam Protection?
If so, what would be the criteria and action?


Is quite confusing...

[isaak]

This is what the filter.tab is showing:

Code: Select all

FLT9B37DD04FD2F4E44A06F445193960000	1	CRT9B37DD04FD2F4E44A06F445193960000		FilterName (AntiVirus)	
FLTF1AF9DDED8404764A95F4810578FEDD	0	CRTF1AF9DDED8404764A95F4810578FEDD		FilterName (Junk)	
{SPAM_FILTER}	1	{SPAM_FILTER}		[System Spam Filter]	

Where FilterName (Junk), when enabled, mark as spam the emails that come with header line: Received-SPF: softfail


(by the way, AntiVrus Filter is removing viruses from some messages but is not loggin any information. Even on the System Tray it shows that it scans the messages and when it detects one, AntiVirus makes it job but doesnt report to filter logs any execution nor to the system tray utility)

Using ClamWin and F-Prot Antiviruses.
Running Enterprise 3.02

[isaak]

Ok, after a few hours the filter is firing.

However, not in every message.
Thats why at the beginning I thought Spam Protection was not working since is not executing with all spam we receive.

Its kind of weird, since the positive value for Softfail spf test is set to 100 and negative to 0.
Most of the spam, if not all, are marked with the header line Received-SPF: softfail.

Then ALL spam with this header line should be taken as 'High Risk' Spam, right?
Is not happening.

How is the scoring processs done? Adding positive values with negative values divided by... etc...?
What happens if I set up to a Spam Protection Filter a 0 value for positive and negative at the same time? Would it mean that it wont make a scoring based on that filter?


After many hours, and after hundreds of spam received, spam protection filter just fired 18 times.

Code: Select all

10/18/07 00:36:46	Start	-	-	-	-	-	-	-	-
10/18/07 00:36:46	ME-I0073: MEW2KDNS Initialized to use DNS Servers (10.0.0.100)
10/18/07 01:11:17	Executed	9FA465E5390B4628A9B9A843E6026BA4.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:rbdthvlquklbuf@msn.com]	58.252.83.49	Medium (75)	
10/18/07 01:11:18	Executed	96C5E3BF087E4ABAB961C78098296772.MAI	SF	[System Spam Filter]	ADD_HEADER		[SMTP:rbdthvlquklbuf@msn.com]	58.252.83.49	Medium (75)	
10/18/07 01:14:04	Executed	1689E8C3196F4C7888C96D9D3D18381F.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:flaviahigs@yahoo.com.br]	201.27.156.42	Medium (75)	5OOO receitas culinarias, vegetarianas e dietas_gcvgaskcgsv
10/18/07 01:14:14	Executed	EEF039D261FE4C3B95FD405A749F71EB.MAI	SF	[System Spam Filter]	ADD_HEADER		[SMTP:flaviahigs@yahoo.com.br]	201.27.156.42	Medium (75)	
10/18/07 02:46:20	Executed	2133DD62EB374633BAEDB07814976412.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:jrapacz@inforelay.com]	80.250.228.176	Medium (75)	Don't miss your chance and get a bigger penis
10/18/07 03:54:54	Executed	680DFEE8144C44CA83BEB59865E0F887.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:getstarted@onemerge.com]	67.104.112.190	Medium (75)	Get started on learning a new language today
10/18/07 04:02:37	Executed	111341117EE6479E8EECD0A92B327BD3.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:jbe-bounces@subscriptions.jobsite.co.uk]	194.193.238.21	Medium (75)	Trainee Air Traffic Controllers - 44k to 49k
10/18/07 04:26:43	Executed	85C44910DABE4B26955362A05D66C37F.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:mryqur@odn.ne.jp]	58.248.75.195	Medium (75)	
10/18/07 04:26:52	Executed	1E0D0F084A9A4379B870DFE05F75862B.MAI	SF	[System Spam Filter]	ADD_HEADER		[SMTP:mryqur@odn.ne.jp]	58.248.75.195	Medium (75)	
10/18/07 05:11:47	Executed	336F7EFAD8104BD0AD715888A0C7C285.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:oficina_map@cantv.net]	58.68.120.4	Medium (75)	October 71% OFF
10/18/07 05:11:56	Executed	A21877D4375C4744AB23E291ED2E1C1F.MAI	SF	[System Spam Filter]	ADD_HEADER		[SMTP:oficina_map@cantv.net]	58.68.120.4	Medium (75)	
10/18/07 07:50:09	Executed	B0F1D0C594F548F1960BDD59E84ACBBE.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:Erik.Griffin@donyowell.com]	88.204.198.198	High (115)	To all MERRILL LYNCH BUSINESS CENTER customers
10/18/07 08:00:32	Executed	C47357336E164D0DBC9F42B8B0044812.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:jradwich@isurusmrc.com]	89.163.13.141	Medium (75)	Don't wait! Make your penis bigger!
10/18/07 08:09:59	Executed	7CB2EACB423A42C79617A41DB3A565E9.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:jraleigh@bitcorp.net]	62.85.122.122	Medium (75)	This offer will make your s'e_xual dreams come true
10/18/07 08:10:11	Executed	D481E8E8E7BD4273B9E8D934E97B01C0.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:jraleigh@bitcorp.net]	62.85.122.122	Medium (75)	Don't wait! Make your penis bigger!
10/18/07 08:10:23	Executed	F4664E7EDD9A404BB6ADCDF8FA26926B.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:jraleigh@bitcorp.net]	62.85.122.122	Medium (75)	A real man should have a real penis. Here it is! 
10/18/07 08:10:36	Executed	D92808BD07CB4D0E9BF4D685B71144BE.MAI	SF	[System Spam Filter]	ADD_HEADER		[SMTP:jraleigh@bitcorp.net]	62.85.122.122	Medium (75)	
10/18/07 08:10:48	Executed	707D987FBA7C4851B626D5FC7CB7F4F1.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:jraleigh@bitcorp.net]	62.85.122.122	Medium (75)	Bigger penis won't be on TV but in your shorts!

As you can see here, the most used action here is to Add Header Medium (75).
But what made it a Moderate Risk?
It would be nice if in the filter logs is added a column where we can now:
1. Why it was marked as low, medium, or high risk.
2. What spam protection filter was used to make the scoring.

So the main problem is that spam protection is not firing with every email with a spf test resulting in softfail, when i have a positive value as 100. Or should I put that 100 to the negative value?

[MailEnable-Ben]

Hi, we have created a new way for you to test better. Please see the following article and see if this helps you better understand what is happening;

http://www.mailenable.com/kb/Content/Ar ... D=me020493

If the filter has no header line it means that it does not match any level of spam. This is not likely to change as the performance of adding a header outside of a successful spam level would be an issue.

[isaak]

Thanks! This is surely usefull for us to determine how we are tunning our spam protection filter.


Thanks again!

[dslchiphead]

Hi, we have created a new way for you to test better. Please see the following article and see if this helps you better understand what is happening;

http://www.mailenable.com/kb/Content/Ar ... D=me020493

If the filter has no header line it means that it does not match any level of spam. This is not likely to change as the performance of adding a header outside of a successful spam level would be an issue.

Can this be used with V2.4? The footer of ME020493 says it's for "All Versions" but I can not find the file {SPAM_FILTER}.MES in the Templates directory. So I am thinking that you can not.

[MailEnable-Ben]

Hi, No this feature is only available on the Version 3 product and all minor version there of.

[markng]

Hi ,

I'm using ME Enterprise v3.04 and the spam filter doesn't work either.. can anyone help?

Also, I've noticed that the Junk email Folder is not created for the users. However, if i establish an IMAP connection to the account, the Junk email Folder is created.
-----------------------------------

Code: Select all

ADD_HEADER		[SMTP:jra19@humboldt.edu]	213.234.25.1	No (-15),AS:-15,PT:-5,RB:-5,BY:-20,VI:-0,BM:-0,SU:-0,IS:-5,FE:20	Fill your nights of love with a true masculine force!
11/13/07 14:58:05	Executed	4C928DB4B1AF420BA0EC1C28D2D069B3.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:J.Chan@elsevier.com]	207.126.144.128	No (-40),AS:-15,PT:-5,RB:-5,BY:-20,VI:-0,BM:-0,SU:-0,IS:-5,FE:-5	RE: The usage report of MDC & MNC for Macau Doha
11/13/07 14:58:07	Executed	ECF9CC6BCB674F71BACC27C6B766C724.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:jra19@humboldt.edu]	213.234.25.1	No (-15),AS:-15,PT:-5,RB:-5,BY:-20,VI:-0,BM:-0,SU:-0,IS:-5,FE:20	Give your willy a chance to serve you better!
11/13/07 14:58:08	Executed	4D3BF79660754EF1946999CC5F5C69A0.MAI	SMTP	[System Spam Filter]	ADD_HEADER		[SMTP:jra19@humboldt.edu]	213.234.25.1	No (-15),AS:-15,PT:-5,RB:-5,BY:-20,VI:-0,BM:-0,SU:-0,IS:-5,FE:20	Make her feel your real masculine power!

[MailEnable-Ben]

"Also, I've noticed that the Junk email Folder is not created for the users"

If you are using POP then the Junk E-Mail folder is not created on the client. A POP service does not create folders it cannot as it is only a retrieval service.

For POP users you can either turn on the Management Service Junk E-Mail folder report option and then get your users to login to web mail to retrieve false positives or delete spam.

Or you can set up a filter that moves any mail from the Junk E-Mail folder to the inbox.

Or of course you can change the action all together to Prefix the subject rather than deliver to junk.