OpenNTF.org - The Open Source Community for Collaboration Solutions

kspam 2.0 for linux 32Bit - All,Open

By Torsten Link 9 years ago 1 reply

kspam 2.0 release - All,Open

By Dominique Gruhn 9 years ago 1 reply

Linux Intel 64-bit for Domino 9? - All,Open

By LJ Wilson 1 decade ago 1 reply

Clustered servers not refreshing Config - All,Open

By Derrick Oliver 1 decade ago 1 reply

goodlist.txt and spamlist.txt and "bload" task??? - All,Open

By Valmore Blanco Barbosa 1 decade ago 1 reply

Source Code ? - All,Open

By Ulrich Krause 1 decade ago 2 replies

Error when starting kSpam - All,Open

By Valmore Blanco Barbosa 1 decade ago 5 replies

kSpam on W2008 64bit Domino 8.5 - All,Open

By Benjamin Encuentra 1 decade ago 19 replies

No Description - All,Open

By Wagner C Ferreira 1 decade ago

No Description - All,Open

By Wagner C Ferreira 1 decade ago

Accuracy Not Good - All,Open

By John Q Parker 2 decades ago 4 replies

Anyone Running kSpam on Domino 8.5 Linux? - All,Open

By John Q Parker 2 decades ago 4 replies

mail from / from reason - All,Open

By thomas kuhn 2 decades ago 1 reply

many [?SPAM?] tags - All,Open

By Paolo Regonesi 2 decades ago 1 reply

Lots of Spam tagged as good - All,Open

By John Q Parker 2 decades ago 3 replies

Mailgood.nsf Agent creates Whitelist Allow-rules - All,Open

By henny kohler 2 decades ago

kSpam on Linux with Lotus Domino 8 - All,Open

By Riccardo Rocca 2 decades ago 1 reply

bload.txt - All,Open

By Orlando Puig 2 decades ago 1 reply

Mailspam.nsf Webform for end-users - All,Open

By henny kohler 2 decades ago 2 replies

Wierd Deny List results - All,Open

By Curt I Holmer 2 decades ago 2 replies

some messages are not filtered
By Vincenzo Di Benedetto 2 decades ago

Today I received a message with the word "xanax" in the body. Xanax should be filtered by REGEX rule but in this case hasn't been filtered. Another strange behaviour is that the email in question doesn't have KS_BL_PROB and KS_BL_TOKENS fields. It seems like it has been not processed by KSPAM.

Any suggestion??

Is there a KS_IID field?
By LJ Wilson 2 decades ago

My understanding is the rules act on a message first, and if any of them fire then the bayesian piece never operates on it, thus you wouldn't see the KS_BL_PROB or KS_BL_TOKENS fields in the document in that situation, only the KS_IID (and maybe the reason field, if you have that enabled)

Could you post the reg exp you are using for xanax? It almost sounds like the rules touched the message in some way first.

KS_IID is present
By Vincenzo Di Benedetto 2 decades ago

KS_IID is present.

the REGEXP rule for xanax is:

REGEX#:(?i)xW{0,2}[aâãäàáå@]W{0,2}nW{0,2}[aâãäàáå@]W{0,2}x

it catch the word "XANAX" even if written as XaNaX, xanax, Xãnax and so on.

I also tried to copy just the word "Xanax," to a new message and send trough the internet and has been correctly blocked, but if I try to send a message with the same body, it goes straight!

This is the body of the message:

"All meds at your fingertips! Order online, convenient & secure. Soma, Cialis, Xanax, Phentermine, Valium & many more. See here http://www.over983tabs.biz/c14/ Exclusion from offers http://www.over983tabs.biz/unsubscribe.ddd suite#126 4-1150 North Terminal Ave. Nanaimo, BC V9S 5L6, Canada lsieniwagging criterion application broke repression subtlety cotoneaster senegal cognitive apocryphal dreyfuss son dahl nouakchott cession hanover toward nitrite blanket"
got it!
By Vincenzo Di Benedetto 2 decades ago

probably I found by myself!.

I have the following higher priority rule:

REGEX#:(?i)unsubscribe

that looks for the word "unsubscribe" to the body, but does nothing. This is a rule I had to disable, but I prefered just to remove the action instead of remove it.

Now I completely deleted, let's see what happend after the next refresh.