Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: AA email anti-spam - problem with blacklist rules  (Read 340 times)

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 6269
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
AA email anti-spam - problem with blacklist rules
« on: August 14, 2018, 01:50:11 AM »

My anti-spam blacklist blocking rules do not seem to be working. I have a load of per-from-address blacklist rules set up for Mrs Weaver, yet she is suddenly getting a lot of spam. This is not good at all, I was expecting all of the matching stuff to be blocked at the server. A load of stuff is being spam-marked though and put into the junk folder, but we are still paying to download it all.

I asked support about this. It's as if the blacklist rules have just failed or I have done something wrong, yet I have not changed anything apart from the odd recent addition to the list. I checked that I have not stupidly set a match expression choosing 'allow', so as to whitelist something when I wanted to blacklist it with 'block'.

Specific example:

* example from = -any-@e.vineyardvines.com eg should block email@e.vineyardvines.com

* example subject = "Welcome to Dating" and "Adult Dating" - rule is : "Block: subject: %Dating%" so intended to block anything with the word "Dating" in the subject line. Upper/lower case given in the rule does happen to match the actual case in the spam, but I would prefer to achieve a case-insensitive match. I tried multiple case variants as I had no idea how it works. I have not seen evidence of a failure due to (unwanted) possible case sensitive matching causing an unwanted match-failure.

Does anyone know what might be going on? Have I done something wrong or is there a bug?

Is it possible there is a bug due to the large number of rules?
Logged

chenks

  • Reg Member
  • ***
  • Posts: 456
Re: AA email anti-spam - problem with blacklist rules
« Reply #1 on: August 14, 2018, 07:47:56 AM »

what did AA support say?
Logged

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 6269
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
Re: AA email anti-spam - problem with blacklist rules
« Reply #2 on: August 14, 2018, 08:09:22 AM »

They haven't got back to me yet.
Logged

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 1100
Re: AA email anti-spam - problem with blacklist rules
« Reply #3 on: August 14, 2018, 08:50:07 AM »

Have you looked in the headers to see if there are other email addresses such as Reply-to which don't match your rules? I'm not sure of the precedence that AA's system uses when looking to see which headers are present and then checked.
Logged
Line rental: Pulse8, Broadband: AAISP Home::1 FTTC 80/20, Mobile: id Mobile

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 6269
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
Re: AA email anti-spam - problem with blacklist rules
« Reply #4 on: August 14, 2018, 08:52:29 AM »

Sorry jelv? I am being a bit slow - explain the reply-to bit? Are you thinking they used a different header type?
Logged

chenks

  • Reg Member
  • ***
  • Posts: 456
Re: AA email anti-spam - problem with blacklist rules
« Reply #5 on: August 14, 2018, 08:54:04 AM »

the "display" email address, ie the one you see when the mail gets delivered can be different to the "reply-to" address, ie the one that appears when click reply.
spam emails often don't come from the address that is displayed to you.
Logged

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 1100
Re: AA email anti-spam - problem with blacklist rules
« Reply #6 on: August 14, 2018, 09:09:52 AM »

Could you post all the lines in the headers of one of the messages which contain email addresses (other than your own) please.
Logged
Line rental: Pulse8, Broadband: AAISP Home::1 FTTC 80/20, Mobile: id Mobile

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 6269
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
Re: AA email anti-spam - problem with blacklist rules
« Reply #7 on: August 14, 2018, 09:24:51 AM »

My hands are not good enough just now, I have sent a couple to AA support, with full headers. They pointed out that they were being marked as bl: for blacklisted but I thought that that would block them in the server and so I would not have to download them. It is marking them but not binning them.

I was thinking this is a change in behaviour but perhaps I am being mad. Will post some when my pain subsides a bit.

I am starting to wonder if this is all a red herring caused by my using AA's roundcube webmail browser-based web app in Safari. Perhaps it somehow shows you everything always, including the blacklisted stuff so you can check what is going on. Maybe a normal email client does not get all the blacklisted stuff and it really does in that case stay on the server, which achieves my aim.

The thing is, blocking it at the server is excellent, but actually it would be better, as an option to completely delete all the crap on the server so it does not eat up space, and consume some of your storage allowance. Having debug options is what we need: options to delete or not delete and to block stuff or put it in the junk folder with it being marked as spam, so you can inspect it and check that nothing good is getting mid-classified.

Logged

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 6269
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
Re: AA email anti-spam - problem with blacklist rules
« Reply #8 on: August 14, 2018, 10:15:39 AM »

Steve told me that it marks things as 'blacklisted' but it not supposed to delete them. I don't understand what is supposed to happen about downloading such crap then. It is perhaps up to your mail client? Perhaps mail client x is selective about what it downloads? Confused because thick.
Logged

d2d4j

  • Reg Member
  • ***
  • Posts: 709
Re: AA email anti-spam - problem with blacklist rules
« Reply #9 on: August 14, 2018, 10:16:03 AM »

Hi

It reads like you have not set an action to move detected email to junk folder, so it is been correctly marked as spam but left in inbox

I am sorry if I am wrong but it is hard to follow your posts sometimes

Also, if you are using round cube in a browser, you are not downloading email and your data download would be minimal

Lastly, you should be able to set auto delete upon certain criteria for folders, so you may be able to set reduce folder to x mb when it reaches y mb, or delete say anything 3 months old. You should even be able to run cleanup after logging out as default

This may or may not apply to AA round cube, as it may have been changed for their needs/requirements

As I said, sorry if I am wrong

Many thanks

John
Logged

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 1100
Re: AA email anti-spam - problem with blacklist rules
« Reply #10 on: August 14, 2018, 10:20:09 AM »

Do you have a spam folder?

From the page where you set up the rules:

Quote
You can use override the spam scoring system by using this Allow/Block list. If a message gets a spam score below your Reject Score setting, and it matches one of the rules below, the spam flagging can be overridden. You have the ability to match a message based on the senders email address, the address the message is being delivered to and the subject of the message.

If a message matches an Allow rule, then the message will not be marked with ****SPAM**** in the subject and will not be placed in your spam folder. If it matches a Block rule, then it will be marked as ****SPAM:BL**** and will placed in your spam folder (if you have one).

You don't need to fill in all the options, leaving fields empty means it will match anything. You can also use % as a wildcard.

The most specific rule is used, as per the list below (these will be matched after alias address rewriting).

You can edit an existing entry by clicking on it. Editing an entry allows it to be erased if you wish. Changes can take a couple of minutes to take effect.

Edit: Add screen shot for benefit of non-AA users.
« Last Edit: August 14, 2018, 10:24:40 AM by jelv »
Logged
Line rental: Pulse8, Broadband: AAISP Home::1 FTTC 80/20, Mobile: id Mobile

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 6269
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick
Re: AA email anti-spam - problem with blacklist rules
« Reply #11 on: August 14, 2018, 12:00:51 PM »

@dj2d4j - you are quite correct, my posts are probably fairly garbled because my pain is out of control today even though I am full up to my eyeballs with five different pain drugs

I realise now I should have written some more server-side rules so that some stuff gets deleted. The defaults are good for debugging, safe, sensible, but do not do what I thought they were going to do.

I have used roundcube, my wife uses Apple iOS Mail on her iPad. I am hoping she does not download all the contents of the spam / junk folder, maybe nothing initially or just headers if she looks in it? Don't know.

About the server side rules: are they just a general mail-server-internal thing, controllable by roundcube? But are they independent of roundcube in that they are always running and will make sure that stuff gets processed by my rules even for say Janet who never goes near roundcube - sanity check on my understanding. Basically it is not roundcube itself doing the filter processing ? I take it that the only way to edit or control these rules is to go into roundcube, or is there another kind of control interface, maybe a standard interface? I am not aware of any feature in the Apple mail client app that can drive this filter control interface but perhaps I am wrong.
Logged

d2d4j

  • Reg Member
  • ***
  • Posts: 709
Re: AA email anti-spam - problem with blacklist rules
« Reply #12 on: August 14, 2018, 12:28:49 PM »

Hi weaver

Many thanks and sorry, we do not use AA so have no knowledge of how they set things up

Mail servers always have as a rule

Server wide rules

Domain wide rules

User rules

It depends upon your level of access but as a user, you would not be allowed to access server wide rules, only domain wide or user rules

A simple check would be to see if you change one of your user rules to domain wide (if you have domain wide access, you should be able to choose this).

If only user rule, it will only apply to the user it is setup for

I would think as itís an iPad, it is set to imap, so make sure junk folder is set not to sync, and you will not see the contents unless you go into junk folder

I would also consider you have not changed defaults for imap, so it will be only headers unless you click on email.

Interestingly, you may have a special junk folder called spam or learn spam, so you would put any emails into that folder for the basian to learn. However, you also need to put good email in learn ham or it does not work as it should. We turn this off as it is so unreliable

I would guess AA use a form of spamassassin, for spam filtering, which only marks the email, and the email client/server does the actions

Also, you would be surprised how many mail admins do not update SA, so it gets old on rules. Ours are updated hourly using cron

Many thanks

John
Logged