V3 Spam Protection Problem
V3 Spam Protection Problem
Hi all,
I have enabled the Spam Protection Filter with the default values but I don't see any entry in the log files and the messages don't show up any header added by the Spam Protection filter. I have moved the System Spam Filter to the top and the botton of the filter list with the same results
What can be wrong in my config?
Thanks
Roberto
I have enabled the Spam Protection Filter with the default values but I don't see any entry in the log files and the messages don't show up any header added by the Spam Protection filter. I have moved the System Spam Filter to the top and the botton of the filter list with the same results
What can be wrong in my config?
Thanks
Roberto
Same problem
I also get an error '13' when i try and add honeypot mail address.
Now i found a text file saying this is corrected in edition 3.02 yet in my mailenable online account, it doesen't say there is any upgrade path to version 3.02 to resolve this error.
There is simply one hotfix.
My spam filters aren't functioning at all and they were seemingly very easy to setup according to the manual.
Now i found a text file saying this is corrected in edition 3.02 yet in my mailenable online account, it doesen't say there is any upgrade path to version 3.02 to resolve this error.
There is simply one hotfix.
My spam filters aren't functioning at all and they were seemingly very easy to setup according to the manual.
-
- Posts: 5858
- Joined: Fri Jan 16, 2004 6:49 am
- Location: Melbourne
The version 3.02 or the latest from the MailEnable web site does fix the problem with the error 13.
If the filter is not firing and your actions within web mail for the LOW, MEDIUM and HIGH are not occuring then the message did not fail the script.
For testing you may like to change all the positive values in the Spam Protection properties to 100 this will ensure that if a message comes through that meets the criteria it does fail. Also make sure you do not test by sending with an account that has authenticated.
If the filter is not firing and your actions within web mail for the LOW, MEDIUM and HIGH are not occuring then the message did not fail the script.
For testing you may like to change all the positive values in the Spam Protection properties to 100 this will ensure that if a message comes through that meets the criteria it does fail. Also make sure you do not test by sending with an account that has authenticated.
Regards,
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.
MailEnable-Ben,
My Spam Protection filtering is not firing either. I did what you said in your last post. I changed all the positives values properties to 100 and negative values to 0.
And is not working since I still get spam.
I have disabled greylisting and DNS reverse and URL lookup in order to let all the spam come through.
As you can see in this header, the SPF test shows softfail.
And if in spam protection I have positive value 100, then it sould fire the filter and take the action I have configured in the spam rules at the users webmail, right?
What could be wrong? Anything I forgot to configure?
Bayesian is off by the way. I dont know if its related. I dont think so.
Filter logs? Nothing... they are blank.
My Spam Protection filtering is not firing either. I did what you said in your last post. I changed all the positives values properties to 100 and negative values to 0.
And is not working since I still get spam.
I have disabled greylisting and DNS reverse and URL lookup in order to let all the spam come through.
As you can see in this header, the SPF test shows softfail.
And if in spam protection I have positive value 100, then it sould fire the filter and take the action I have configured in the spam rules at the users webmail, right?
Code: Select all
Received: from [201.36.254.230] ([201.36.254.230]) by domain.com with MailEnable ESMTP; Wed, 17 Oct 2007 19:42:00 -0600
Received: by 10.181.64.234 with SMTP id QFFDXynlNzFmp;
Wed, 17 Oct 2007 22:42:04 -0300 (GMT)
Received: by 192.168.138.172 with SMTP id imCrBhPlWZeHIM.5077253369155;
Wed, 17 Oct 2007 22:42:02 -0300 (GMT)
Message-ID: <000201c81128$12e1c890$e6fe24c9@particul8bdf14>
From: "crg Ling" <crg.Ling@fjmj.cn>
To: <user@domain.com>
Subject: lankinen
Date: Wed, 17 Oct 2007 22:41:59 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0003_01C8110E.ED949090"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3028
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
Received-SPF: softfail (domain.com: transitioning domain of fjmj.cn does not designate 201.36.254.230 as permitted sender)
client-ip=201.36.254.230;
Return-Path: <crg.Ling@fjmj.cn>
What could be wrong? Anything I forgot to configure?
Bayesian is off by the way. I dont know if its related. I dont think so.
Filter logs? Nothing... they are blank.
-
- Posts: 5858
- Joined: Fri Jan 16, 2004 6:49 am
- Location: Melbourne
It looks like the only thing that would fail in this header is;
Received-SPF: softfail
If the softfail value is set to 100 then it should fail with a value and get a header line added, unless the sender has authenticated.
If you can confirm that this is set to 100 points as you have outlined and your normal global filters are working then please submit a support request via the MailEnable web site. Submit this one as a classification of defect so you are not charged. By the way also make sure you are running the latest version.
Received-SPF: softfail
If the softfail value is set to 100 then it should fail with a value and get a header line added, unless the sender has authenticated.
If you can confirm that this is set to 100 points as you have outlined and your normal global filters are working then please submit a support request via the MailEnable web site. Submit this one as a classification of defect so you are not charged. By the way also make sure you are running the latest version.
Regards,
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.
Ben,
I could have confirmed you that the softfail value was set to 100, but I couldnt confirm you that normal global filters were working since I didnt have any configured. So I configured one and restart all MailEnable Services.
Then it started to work. Global filters and Spam Protection Filter.
Now emails are being marked with the rank header.
So far I configured all the values to default and will be making some test to see if everything is fine.
I will keep you posted with any relevant issues, if I find any.
Thank you.
I could have confirmed you that the softfail value was set to 100, but I couldnt confirm you that normal global filters were working since I didnt have any configured. So I configured one and restart all MailEnable Services.
Then it started to work. Global filters and Spam Protection Filter.
Now emails are being marked with the rank header.
So far I configured all the values to default and will be making some test to see if everything is fine.
I will keep you posted with any relevant issues, if I find any.
Thank you.
This is what the filter.tab is showing:
Where FilterName (Junk), when enabled, mark as spam the emails that come with header line: Received-SPF: softfail
(by the way, AntiVrus Filter is removing viruses from some messages but is not loggin any information. Even on the System Tray it shows that it scans the messages and when it detects one, AntiVirus makes it job but doesnt report to filter logs any execution nor to the system tray utility)
Using ClamWin and F-Prot Antiviruses.
Running Enterprise 3.02
Code: Select all
FLT9B37DD04FD2F4E44A06F445193960000 1 CRT9B37DD04FD2F4E44A06F445193960000 FilterName (AntiVirus)
FLTF1AF9DDED8404764A95F4810578FEDD 0 CRTF1AF9DDED8404764A95F4810578FEDD FilterName (Junk)
{SPAM_FILTER} 1 {SPAM_FILTER} [System Spam Filter]
Where FilterName (Junk), when enabled, mark as spam the emails that come with header line: Received-SPF: softfail
(by the way, AntiVrus Filter is removing viruses from some messages but is not loggin any information. Even on the System Tray it shows that it scans the messages and when it detects one, AntiVirus makes it job but doesnt report to filter logs any execution nor to the system tray utility)
Using ClamWin and F-Prot Antiviruses.
Running Enterprise 3.02
Ok, after a few hours the filter is firing.
However, not in every message.
Thats why at the beginning I thought Spam Protection was not working since is not executing with all spam we receive.
Its kind of weird, since the positive value for Softfail spf test is set to 100 and negative to 0.
Most of the spam, if not all, are marked with the header line Received-SPF: softfail.
Then ALL spam with this header line should be taken as 'High Risk' Spam, right?
Is not happening.
How is the scoring processs done? Adding positive values with negative values divided by... etc...?
What happens if I set up to a Spam Protection Filter a 0 value for positive and negative at the same time? Would it mean that it wont make a scoring based on that filter?
After many hours, and after hundreds of spam received, spam protection filter just fired 18 times.
As you can see here, the most used action here is to Add Header Medium (75).
But what made it a Moderate Risk?
It would be nice if in the filter logs is added a column where we can now:
1. Why it was marked as low, medium, or high risk.
2. What spam protection filter was used to make the scoring.
So the main problem is that spam protection is not firing with every email with a spf test resulting in softfail, when i have a positive value as 100. Or should I put that 100 to the negative value?
However, not in every message.
Thats why at the beginning I thought Spam Protection was not working since is not executing with all spam we receive.
Its kind of weird, since the positive value for Softfail spf test is set to 100 and negative to 0.
Most of the spam, if not all, are marked with the header line Received-SPF: softfail.
Then ALL spam with this header line should be taken as 'High Risk' Spam, right?
Is not happening.
How is the scoring processs done? Adding positive values with negative values divided by... etc...?
What happens if I set up to a Spam Protection Filter a 0 value for positive and negative at the same time? Would it mean that it wont make a scoring based on that filter?
After many hours, and after hundreds of spam received, spam protection filter just fired 18 times.
Code: Select all
10/18/07 00:36:46 Start - - - - - - - -
10/18/07 00:36:46 ME-I0073: MEW2KDNS Initialized to use DNS Servers (10.0.0.100)
10/18/07 01:11:17 Executed 9FA465E5390B4628A9B9A843E6026BA4.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:rbdthvlquklbuf@msn.com] 58.252.83.49 Medium (75)
10/18/07 01:11:18 Executed 96C5E3BF087E4ABAB961C78098296772.MAI SF [System Spam Filter] ADD_HEADER [SMTP:rbdthvlquklbuf@msn.com] 58.252.83.49 Medium (75)
10/18/07 01:14:04 Executed 1689E8C3196F4C7888C96D9D3D18381F.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:flaviahigs@yahoo.com.br] 201.27.156.42 Medium (75) 5OOO receitas culinarias, vegetarianas e dietas_gcvgaskcgsv
10/18/07 01:14:14 Executed EEF039D261FE4C3B95FD405A749F71EB.MAI SF [System Spam Filter] ADD_HEADER [SMTP:flaviahigs@yahoo.com.br] 201.27.156.42 Medium (75)
10/18/07 02:46:20 Executed 2133DD62EB374633BAEDB07814976412.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:jrapacz@inforelay.com] 80.250.228.176 Medium (75) Don't miss your chance and get a bigger penis
10/18/07 03:54:54 Executed 680DFEE8144C44CA83BEB59865E0F887.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:getstarted@onemerge.com] 67.104.112.190 Medium (75) Get started on learning a new language today
10/18/07 04:02:37 Executed 111341117EE6479E8EECD0A92B327BD3.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:jbe-bounces@subscriptions.jobsite.co.uk] 194.193.238.21 Medium (75) Trainee Air Traffic Controllers - 44k to 49k
10/18/07 04:26:43 Executed 85C44910DABE4B26955362A05D66C37F.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:mryqur@odn.ne.jp] 58.248.75.195 Medium (75)
10/18/07 04:26:52 Executed 1E0D0F084A9A4379B870DFE05F75862B.MAI SF [System Spam Filter] ADD_HEADER [SMTP:mryqur@odn.ne.jp] 58.248.75.195 Medium (75)
10/18/07 05:11:47 Executed 336F7EFAD8104BD0AD715888A0C7C285.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:oficina_map@cantv.net] 58.68.120.4 Medium (75) October 71% OFF
10/18/07 05:11:56 Executed A21877D4375C4744AB23E291ED2E1C1F.MAI SF [System Spam Filter] ADD_HEADER [SMTP:oficina_map@cantv.net] 58.68.120.4 Medium (75)
10/18/07 07:50:09 Executed B0F1D0C594F548F1960BDD59E84ACBBE.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:Erik.Griffin@donyowell.com] 88.204.198.198 High (115) To all MERRILL LYNCH BUSINESS CENTER customers
10/18/07 08:00:32 Executed C47357336E164D0DBC9F42B8B0044812.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:jradwich@isurusmrc.com] 89.163.13.141 Medium (75) Don't wait! Make your penis bigger!
10/18/07 08:09:59 Executed 7CB2EACB423A42C79617A41DB3A565E9.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:jraleigh@bitcorp.net] 62.85.122.122 Medium (75) This offer will make your s'e_xual dreams come true
10/18/07 08:10:11 Executed D481E8E8E7BD4273B9E8D934E97B01C0.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:jraleigh@bitcorp.net] 62.85.122.122 Medium (75) Don't wait! Make your penis bigger!
10/18/07 08:10:23 Executed F4664E7EDD9A404BB6ADCDF8FA26926B.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:jraleigh@bitcorp.net] 62.85.122.122 Medium (75) A real man should have a real penis. Here it is!
10/18/07 08:10:36 Executed D92808BD07CB4D0E9BF4D685B71144BE.MAI SF [System Spam Filter] ADD_HEADER [SMTP:jraleigh@bitcorp.net] 62.85.122.122 Medium (75)
10/18/07 08:10:48 Executed 707D987FBA7C4851B626D5FC7CB7F4F1.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:jraleigh@bitcorp.net] 62.85.122.122 Medium (75) Bigger penis won't be on TV but in your shorts!
As you can see here, the most used action here is to Add Header Medium (75).
But what made it a Moderate Risk?
It would be nice if in the filter logs is added a column where we can now:
1. Why it was marked as low, medium, or high risk.
2. What spam protection filter was used to make the scoring.
So the main problem is that spam protection is not firing with every email with a spf test resulting in softfail, when i have a positive value as 100. Or should I put that 100 to the negative value?
-
- Posts: 5858
- Joined: Fri Jan 16, 2004 6:49 am
- Location: Melbourne
Hi, we have created a new way for you to test better. Please see the following article and see if this helps you better understand what is happening;
http://www.mailenable.com/kb/Content/Ar ... D=me020493
If the filter has no header line it means that it does not match any level of spam. This is not likely to change as the performance of adding a header outside of a successful spam level would be an issue.
http://www.mailenable.com/kb/Content/Ar ... D=me020493
If the filter has no header line it means that it does not match any level of spam. This is not likely to change as the performance of adding a header outside of a successful spam level would be an issue.
Regards,
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.
-
- Posts: 69
- Joined: Wed Jun 27, 2007 8:47 pm
Can this be used with V2.4? The footer of ME020493 says it's for "All Versions" but I can not find the file {SPAM_FILTER}.MES in the Templates directory. So I am thinking that you can not.MailEnable-Ben wrote:Hi, we have created a new way for you to test better. Please see the following article and see if this helps you better understand what is happening;
http://www.mailenable.com/kb/Content/Ar ... D=me020493
If the filter has no header line it means that it does not match any level of spam. This is not likely to change as the performance of adding a header outside of a successful spam level would be an issue.
-
- Posts: 5858
- Joined: Fri Jan 16, 2004 6:49 am
- Location: Melbourne
Hi, No this feature is only available on the Version 3 product and all minor version there of.
Regards,
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.
Hi ,
I'm using ME Enterprise v3.04 and the spam filter doesn't work either.. can anyone help?
Also, I've noticed that the Junk email Folder is not created for the users. However, if i establish an IMAP connection to the account, the Junk email Folder is created.
-----------------------------------
I'm using ME Enterprise v3.04 and the spam filter doesn't work either.. can anyone help?
Also, I've noticed that the Junk email Folder is not created for the users. However, if i establish an IMAP connection to the account, the Junk email Folder is created.
-----------------------------------
Code: Select all
ADD_HEADER [SMTP:jra19@humboldt.edu] 213.234.25.1 No (-15),AS:-15,PT:-5,RB:-5,BY:-20,VI:-0,BM:-0,SU:-0,IS:-5,FE:20 Fill your nights of love with a true masculine force!
11/13/07 14:58:05 Executed 4C928DB4B1AF420BA0EC1C28D2D069B3.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:J.Chan@elsevier.com] 207.126.144.128 No (-40),AS:-15,PT:-5,RB:-5,BY:-20,VI:-0,BM:-0,SU:-0,IS:-5,FE:-5 RE: The usage report of MDC & MNC for Macau Doha
11/13/07 14:58:07 Executed ECF9CC6BCB674F71BACC27C6B766C724.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:jra19@humboldt.edu] 213.234.25.1 No (-15),AS:-15,PT:-5,RB:-5,BY:-20,VI:-0,BM:-0,SU:-0,IS:-5,FE:20 Give your willy a chance to serve you better!
11/13/07 14:58:08 Executed 4D3BF79660754EF1946999CC5F5C69A0.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:jra19@humboldt.edu] 213.234.25.1 No (-15),AS:-15,PT:-5,RB:-5,BY:-20,VI:-0,BM:-0,SU:-0,IS:-5,FE:20 Make her feel your real masculine power!
-
- Posts: 5858
- Joined: Fri Jan 16, 2004 6:49 am
- Location: Melbourne
If you are using POP then the Junk E-Mail folder is not created on the client. A POP service does not create folders it cannot as it is only a retrieval service."Also, I've noticed that the Junk email Folder is not created for the users"
For POP users you can either turn on the Management Service Junk E-Mail folder report option and then get your users to login to web mail to retrieve false positives or delete spam.
Or you can set up a filter that moves any mail from the Junk E-Mail folder to the inbox.
Or of course you can change the action all together to Prefix the subject rather than deliver to junk.
Regards,
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.
Product Services
MailEnable Pty Ltd
To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.