Spam Weights
Question asked by Kevin Mahoney - June 9, 2016 at 11:44 AM
Answered
I just upgraded to SmarterMail 15 and spent the past couple hours copying Bruce Barne's suggested settings. Kudos to him! I never would have figured this out otherwise. Questions...
 
1) Spam weights. I'm trying to fine tune the SPAM LOW weight. See the below lines from a sample header. I see where the SpamWeight = 10. But I don't know what each filter weighed in at. Is there an option to add each filter's weight that added up to 10..?
 
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, DK_Pass, DKIM_Pass
X-SmarterMail-TotalSpamWeight: 10
X-Antivirus: avast! (VPS 160608-1, 06/08/2016), Inbound message
X-Antivirus-Status: Clean
 
2) Page 13 of his PDF. Re: BARRACUDA RBL. This is onlychecked if you are NOT checking the ENABLE FOR INCOMING SMTP BLOCKING box in your antispam settings. If ENABLE FOR INCOMING SMTP BLOCKING is checked, any messages which turns up as a POSITIVE query on this list will be blocked and not accepted.
 
If I read correctly, if I enable BARRACUDA RBL the I should not use SMTP Blocking. However, in his manual, he's showing screenshots where he has both the BARRACUDA RBL and SMTP Blocking enabled. Can someone lend some insight?
 
3) Is there a way to reject any domain names that do not have *.com, *.net, *.org, etc. in them? Reviewing the logs we're getting a lot of crap from *.top, *.faith, and I'm sure the list will go on. We don't need emails from anyone using those extensions.
 
Thanks!
 

4 Replies

Reply to Thread
1
Rod Lasky Replied
Employee Post
Hi Kevin.  
1.  Currently you cannot see the individual scores from a particular RBL check.
2.  Bruce would need to advise on this one.
3.  Go to Security >> Advanced Settings >> SMTP Blocking.  Here you can add to block an email address at the SMTP level.  In your example, you would want to create entries for *.top and *.faith
 
I hope this helps.
Rod Lasky
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Kevin Mahoney Replied
 
One of our customers who's been emailing us for quite a while just emailed us after I changed over to SM 15 and new spam settings. It was a normal email discussing a sample product. Spam weight came in at 15 and was flagged as SPAM MEDIUM. How do I figure out what actually caused the flagging? Is my only recourse to add her to trusted senders? Is this what we should expect from herein getting emails from gmail accounts? I could raise the weights, but that will let more spam through I'm guessing. Any insight as to how gmail accounts should be handled?
(name and domain changed for anonymity)
 
Thanks!

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Return-Path: <JaneDoe@gmail.com>
Received: from mail-qk0-f175.google.com (mail-qk0-f175.google.com [209.85.220.175]) by mail.ourdomain.com with SMTP;
   Thu, 9 Jun 2016 14:08:02 -0700
Received: by mail-qk0-f175.google.com with SMTP id i187so27777425qkd.3;
        Thu, 09 Jun 2016 14:06:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=jPaus5mCJQQZGgVpolyew5Ycj7RGNzXW5DX1sZGPX2U=;
        b=JyZpzvKep2OPfcREMRkUDEX81K36dvvQzTw7aI5sSlKj93FFpEbiIBJitO39sL2j6c
         jxH2q4kUk9Wuk0b5fq06G84oDZU3ijMneJIcx3tBhIqW/FJzLMh4i/G5y6PK+3tSyBsO
         ZRtDl53ivrTm0TtTzsNjxNcNhG2dzTGN/dcGZEUeexBORHJXimN4W1gTvAzzzWJWsBSN
         d4cdWGWnSCvVJOV9CTUVolZNlBqjfnqhTjIb3k4CYKUx985h+yQ23EA+8+EIly7DRtXC
         8GyCQDmrpfJIoALJTM45Z8zuxYBzSO4GXYC2wM/wX3CL2+v9YFxWSlRaXOMTNW7xfd9q
         oJlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=jPaus5mCJQQZGgVpolyew5Ycj7RGNzXW5DX1sZGPX2U=;
        b=XsET5GI01AeUudb0g4OtFJ+K+kQr1cB1Dd6nA7G5wtObrGHjpWMEm4icYgEuBRjL3O
         awvDTCTUeOfooubTVDnpkW/AUvHnw8l92dt2VGiZUbs1ztfGN/w/vXudLZeaayVrKxOL
         bWQW6iMw8EwdrnlA0td1jOG1Wn35HxhDEY1cji02CWdWsopu/qnZLel0hgwrfLLWcnIB
         Z6CK+g1DTgQK4suEk7wPPVPTZvTAfEpNsrB8CYZCS3eX14gBd1wLdWeNdlWKdNhCx7Iw
         qLuANYDXWpX1uH1y0ocopIhsxOyyasaVgc3YvJ+kgJn5mkHvxsc0RV1syc4vRgkxbdEk
         Q5Ug==
X-Gm-Message-State: ALyK8tKjwPMgiRCl5XFZXDqp75fIMoJ+4WZYKNpRiqMIlGHkaNPKUfncAv6XX1mNe52wCw==
X-Received: by 10.55.204.157 with SMTP id n29mr12133578qkl.202.1465506367903;
        Thu, 09 Jun 2016 14:06:07 -0700 (PDT)
Return-Path: <JaneDoe@gmail.com>
Received: from [192.168.1.3] (ool-43516192.dyn.optonline.net. [67.81.97.146])
        by smtp.gmail.com with ESMTPSA id 39sm2210816qgg.8.2016.06.09.14.06.07
        (version=TLSv1/SSLv3 cipher=OTHER);
        Thu, 09 Jun 2016 14:06:07 -0700 (PDT)
Content-Type: text/plain;
 charset=us-ascii
Mime-Version: 1.0 (1.0)
Subject: SPAM MEDIUM Re: Sample
From: Erika Steinberg <JaneDoe@gmail.com>
X-Mailer: iPhone Mail (13F69)
In-Reply-To: <001201d1c250$8b9f2510$a2dd6f30$@com>
Date: Thu, 9 Jun 2016 17:06:07 -0400
Cc: sales@ourdomain.com, sales2@ourdomain.com
Content-Transfer-Encoding: quoted-printable
Message-Id: <B611DACF-B00F-4C3B-BB89-ED32325CE76D@gmail.com>
References: <04EF556B-6475-4326-8CE6-431AEA8E94DD@gmail.com> <020e01d1c007$4bb237d0$e316a770$@com> <732DB621-422A-4EB7-8177-D33AA7D0AA4B@gmail.com> <000001d1c184$34de1af0$9e9a50d0$@com> <D11342E4-FD64-436F-8B67-13ACA3947E30@gmail.com> <000701d1c19b$aa620fe0$ff262fa0$@com> <DFA2915A-67D0-406E-A8F8-3BDA6CA58016@gmail.com> <001201d1c250$8b9f2510$a2dd6f30$@com>
To: sales3@ourdomain.com
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, DK_None, DKIM_Pass, SORBS 06 - RECENT
X-SmarterMail-TotalSpamWeight: 15
X-Antivirus: avast! (VPS 160609-0, 06/09/2016), Inbound message
X-Antivirus-Status: Clean

 

1
Bruce Barnes Replied
Marked As Answer
Sorry for the delay in responding, Kevin. With regard to the BARRACUDA RBL, I always enter the individual wieghts and responses, and do detailed logging.
 
This helps me track any issues with the RBL, especially false positives. As i recall, from another thread I am / was active in, BARRACUDA is, in some cases, extremely unreliable, sometimes depending on DNS servers, which are limited tp no more than 200K queries per day, and sometimes by other issues.
 
As I get ready to update the antispam settings for SmarterMail 15.1, and, when released 16.X, this will be further vetted, and the results made available. For the time being, make certain you are using PRIVATE DNS servers, and set your logs to detailed.
 
They should be able to get you a lot of good information.
 
Please contact me off list if you require additional assistance.
 
- Bruce Barnes
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
1
Kevin Mahoney Replied
Thank you for your attention! Much appreciated.

Reply to Thread