Spam filters

[billmez]

Enterprise addition:
What exactly does the setting Bypass SPAM Filtering When Allowed Relaying Access do? Will unchecking this prevent spam checking on outgoing SMTP connections for authenticated users, but still check incoming connections?

I would like to be able to disable RBL checking for authenticated users sending to speed up connects and performance.

Thanks

[sillyme]

This has been my experience.

With the bypass spam filter when allowed relay checked, the users outgoing mail will not be passed through the baysian filter but all incoming mail will be checked. Unchecked all mail goes through the filter.

If you are using content filtering you can place a rule that if the user exist locally to not filter for content. That way if the message is from local to local it will not be checked for content.

The white list may bypass the filter so you could place the *@domain into it. I have not tested that but it makes sense to me that it should. I am currently having trouble with the white list still passing through the baysian filter and they are working on it. (see my other post)

Just in case a relay allowed user does get taken over by a spammer watch how often you outgoing mail log resets (creates a new one) or adjust the group defaults for outgoing mail to a reasonable amout so that when the user complains you know something is up. I just had a situation where a domain admin had created a info@ account with no password, a spammer in china 'discovered' it and had a field day one night. I caught it simply because I saw that an unusual number of outgoing log files had been created.

Good luck

[billmez]

Thanks for the reply. I am only running RBLs and would like a way to exclude outgoing mail from checking. I don't think whitelisting is going to do it. Can someone from CC correct me if I'm wrong.

Thanks

[Code Crafters]

First of all, I can confirm that the Bypass SPAM Filtering When Allowed Relaying Access option skips all SPAM filters for relay authenticated users. That means they have either logged in via SMTP authentication, POP3 pre-authentication or are listed as an SMTP relaying safe IP (all on the relaying tab of SMTP settings). This allows you to let any local or externally sent mails from authenticated local users bypass SPAM filtering since they shouldn't be spammers. Of course, with WebMail auto-signups you can get spammers signing up for your mail service and using it to send SPAM as a legitimate user. To help prevent against this, use group sending limits and any other security measures you see fit. Also, check logs for excessive or abusive activity from any users. In Ability Mail Server 3 due out next year, we are adding several admin tools to view, filter and print excerpts of these logs in a more usable fashion as well as increasing the statistics that are logged.

As for white listing users using a *@domain SMTP Sender and with content filtering allowing any users that exist locally, the SMTP sender and recipients can easily be forged so be warned about trusing this as a safe sender identification method.

[Jack]

Why do I get false positives for local users that are authenticated even though I have this option checked and the user has logged on.

[Code Crafters]

There is a bug in the current version (2.60) whereby SPAM white listing doesn't skip Bayesian filtering. This has now been fixed and will be available when version 2.61 is released. However, users with relaying access exemption for SPAM filtering shouldn't be subjected to any SPAM filters.

[Jack]

There is a bug in the current version (2.60) whereby SPAM white listing doesn't skip Bayesian filtering. This has now been fixed and will be available when version 2.61 is released. However, users with relaying access exemption for SPAM filtering shouldn't be subjected to any SPAM filters.

This is still happening none the less. I have local users authenticating using pop3 before smtp and their mail is being caught by the beyesian filter and marked as spam.

What is the solution to this problem for me?

[Jack]

OK, I have tracked this down and can garauntee that local, authenticated users are being subjected to the bayesian filter even though they are supposedly exempt according to the SPAM Filtering tab in the SPAM Filtering options area. I have the "Bypass SPAM Filtering When Allowed Relaying Access" option checked and it's not bypassing.

I can tell you which rule is catching it and why. I don't know if this is a bug or not but it's not working the way I would expect it.

So, unless there is something I'm missing please help me fix this.

[sillyme]

Are the authenticated users mail being checked going out or coming in? I noticed on my server that the users outgoing mail was by-passingthe filters. but if the destination was a local account it still went throught the filter rules as they are a different set of rules. I 'fixed it' by placing the local domain in the white list and creating a content filter rule that says if sender is local, clear the spam flag and stop filtering.

Hope this helps

Bob

[Jack]

This would be authenticated users and mail going to outside domains.

Any suggestions on a way around this would be fantastic.

Having the bypass actually work would be better.

[rob]

The option to bypass the filters should of course work but if you suspect there is a bug then please contact me at rob@code-crafters.com and send your remote admin log details. I will then attempt to test this and also examine your configuration.

[Jack]

The problem is that certain mail is caught by the content filter I have set to catch certain choice words. On some messages with attachments these words may appear thus triggering the content filter. What I need is a way to bypass this. I don't know if this is a bug or not, but I think it should be an option to bypass locally authenticated users somehow.

[rob]

Ahh I see, the content filter is not white listable at present but we are planning something to remedy this. We plan to add a new custom event to the white list which would enable you to bypass content filtering if required. Basically, if a mail is white listed, you can add a custom event, then in content filtering you will be able to read this custom event and skip the extra SPAM filtering. The update is still underdevelopement but we are hoping to have it released early next month.

[Jack]

This would be good. I have had to turn off the offending content filter for now.