Hi Guys,

i recently using KAS3 as my antispam on my office server. after installation and configuration i see the kas3 working fine. but lateley i've got problem that NOT DETECT incoming mail getting highier.

I need your help if there is any other setting that can minimized not detect incoming mail. right now the not detect incoming mail about 40%++ the spam is 30%++ its make me headache. the spam geting biger day by day. i already added them to blacklist but its not resolving my problem.

i really need your help to share the best setting on KAS3 antispam to minimized not detect incoming mail.



Regards,
Denny

did you running regular bases update?
what produce output
crontab -u mailflt3 -l
?

below the result after i type crontab -u mailflt3 -l

MAILTO=postmaster
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
HOME=/usr/local/ap-mailfilter3/run
1,12,23,34,45,56 * * * * /usr/local/ap-mailfilter3/bin/uds-rtts.sh -q
*/5 * * * * /usr/local/ap-mailfilter3/control/bin/sfmonitoring -q
* * * * * /usr/local/ap-mailfilter3/control/bin/dologs.sh -q
*/5 * * * * /usr/local/ap-mailfilter3/control/bin/dograph.sh -q
7 */12 * * * /usr/local/ap-mailfilter3/control/bin/logrotate.sh -q
9,29,49 * * * * /usr/local/ap-mailfilter3/bin/sfupdates -q


i so confused, i already try to change the setting but it seem nothing happen. and i just put a few mail domain on the whitelist to prevent rejection if the mail sent to local user.

please show header from mails with not detected spam

below is the maillog including kas3 log :

Aug 8 23:25:27 mail sendmail[18812]: m78FPQIx018812: from=<Green_Cleaning_Products-eugene=my.miyoshi.biz@variableimps.com>, size=3958, class=-30, nrcpts=1, msgid=<AIP7DE52BEC1A0445D684EDC41F29A9F098@variableimps.com>, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=vintacomfl.com [65.75.170.175] (may be forged)
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter add: header: X-SpamTest-Envelope-From: Green_Cleaning_Products-eugene=my.miyoshi.biz@variableimps.com
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter change: header X-SpamTest-Envelope-From: from Green_Cleaning_Products-eugene=my.miyoshi.biz@variableimps.com to Green_Cleaning_Products-eugene=my.miyoshi.biz@variableimps.com
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter add: header: X-SpamTest-Group-ID: 00000000
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter change: header X-SpamTest-Group-ID: from 00000000 to 00000000
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter add: header: X-SpamTest-Info: Profiles 4677 [Aug 8 2008]
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter change: header X-SpamTest-Info: from Profiles 4677 [Aug 8 2008] to Profiles 4677 [Aug 8 2008]
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter add: header: X-SpamTest-Method: none
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter change: header X-SpamTest-Method: from none to none
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter add: header: X-SpamTest-Rate: 0
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter change: header X-SpamTest-Rate: from 0 to 0
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter add: header: X-SpamTest-SPF: pass
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter change: header X-SpamTest-SPF: from pass to pass
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter add: header: X-SpamTest-Status: Not detected
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter change: header X-SpamTest-Status: from Not detected to Not detected
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter add: header: X-SpamTest-Status-Extended: not_detected
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter change: header X-SpamTest-Status-Extended: from not_detected to not_detected
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter add: header: X-SpamTest-Version: SMTP-Filter Version 3.0.0 [0278], KAS30/Release
Aug 8 23:25:28 mail sendmail[18812]: m78FPQIx018812: Milter change: header X-SpamTest-Version: from SMTP-Filter Version 3.0.0 [0278], KAS30/Release to SMTP-Filter Version 3.0.0 [0278], KAS30/Release
Aug 8 23:25:28 mail sendmail[18814]: m78FPQIx018812: to=<eugene@my.miyoshi.biz>, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=88533, dsn=2.0.0, stat=Sent


i've got so many incoming email with no detect like maillog above n i already try to customize the configuration but seem nothing happen to improve spam blocking.

please upgrade to 284 build, it fix some errors in miter integration

Hi,


I already upgrade my kas3 to 284 last night and do the same setting with my other server that have kas3 working properly on blocking spam. but after instalation, this morning i check its getting worse then before. not detect more higher, Below is the monitoring result picture :

Click to view attachment


So anyone here help me share your Setting on your kas3 i stuck with this problem.


Thanks

I can see from the log you attached that the message has already got all the headers that KAS normally adds to the filtered messages (including the header with the date of the anti-spam bases). Perhaps, due to some misconfiguration, your messages are filtered twice in sendmail (this may happen, for example, if you have additional filters and\or multiple sendmail instances in the chain). Therefore, not detected messages may be calculated twice while spam messages - just once before first anti-spam check blocks it.

I see as well that the record for sfupdates in crontab is not correct for .284 - after successfull upgrade to .284 you should have sfupdates running every 3 minutes (instead of 20 min used previously)...

*/3 * * * * /usr/local/ap-mailfilter3/bin/sfupdates -q -M

Note new option -M. This should be a standard record for sfupdates for KAS 3.0.284...

Also verify in /usr/local/ap-mailfilter3/log/{sfupdates.log|updater.log}and that the sfupdates script and keepup2date utility actually executes with no errors and anti-spam bases are up to date.

actualy i remove the old kas3 rpm then install with kas3 284. and then i set the update from the webbase. how to fixed the crontab ? i think my crontab still the same with kas3 278, may i know how to fixed it ?

i will post my kas3 setting please advice me if i do wrong setting. for sendmail configuration is the same with other server, thats why i've got headache with this server. server that kas3 not working to block spam the other working fine.

below is my crontab now aftar change on the update menu to 3 minutes :

[root@mail ~]# crontab -u mailflt3 -l
MAILTO=postmaster
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
HOME=/usr/local/ap-mailfilter3/run
4,15,26,37,48,59 * * * * /usr/local/ap-mailfilter3/bin/uds-rtts.sh -q
*/5 * * * * /usr/local/ap-mailfilter3/control/bin/sfmonitoring -q
* * * * * /usr/local/ap-mailfilter3/control/bin/dologs.sh -q
*/5 * * * * /usr/local/ap-mailfilter3/control/bin/dograph.sh -q
7 */12 * * * /usr/local/ap-mailfilter3/control/bin/logrotate.sh -q
*/3 * * * * /usr/local/ap-mailfilter3/bin/sfupdates -q -M