Jump to content

Blocking non spam reason "sender has spammy reputation"


Recommended Posts

Hi,

 

Two weeks ago I updated Mail security for Exchange from  4.3 from 4.5 and since then quite a few legit senders gets rejected with the reason "sender has spammy reputation (100%)" and gets 100 score.

 

These two weeks it's been pretty quiet with mail:s during Christmas but almost 1 out of 10 legit mails gets rejected with this reason. Before I upgraded maybe 1 out of 500 legit mails got rejected with this reason.

 

I dont really know how I can change the settings so this reason not blocking these non-spam mails?

 

I've checked the real spam that gets rejected by this reason, which are very many, and all of them have also been on DNSBL. So if its possible to not use the "sender has spammy reputation" reason the spam anyway gets rejected as they appear on DNSBL.

 

Any tips?

Edited by triamed
Link to post
Share on other sites

Open eset, click on setup, click on "enter entire advanced setup tree", scroll down to "Antispam protection", then "antispam engine" and click setup in the right hand pane. There you will find a whole bunch of options to tweak your email filtering. I had the same problem and fixed alot of them by entering the email addresses (you can enter wildcards too) affected in the allowed senders. 

Link to post
Share on other sites

Check the IP addresses and domain names listed in the Received headers via hxxp://www50.mailshell.com/live_feed/livefeed_lookup.php and hxxp://multirbl.valli.org.

 

I looked up five domains and ips that got rejected (but are not spam) and all of them had "does not have a spammy reputation on LiveFeed."

 

On the DNSBL lookup there was 4 that was blacklisted on 1 out of 242 and one domain that was blacklisted on 10 out of 242.

 

Open eset, click on setup, click on "enter entire advanced setup tree", scroll down to "Antispam protection", then "antispam engine" and click setup in the right hand pane. There you will find a whole bunch of options to tweak your email filtering. I had the same problem and fixed alot of them by entering the email addresses (you can enter wildcards too) affected in the allowed senders. 

 

I've played with these settings and they worked well with 4.3. I think they still do but some non-spam gets rejected by the spammy reputation reason.

 

We have over 4000 customers who contact us from different domains, but yes, I've started to whitelist the most frequent atleast hehe :)

Link to post
Share on other sites
I can't whitelist @gmail.com for understandable reasons but many of these gets quarantined with the reason "sender has spammy reputation".

I've checked the ip on mailshell LiveFeed lookup and it says that it does not have spammy reputation. Why are they then quarantined?

 

However there is a warning on Mailshells site saying "mail-la0-f53.google.com' domain has a moderate spam rate".

Link to post
Share on other sites
  • 3 weeks later...
  • 11 months later...

Please send me an example of a non-spam email that was quarantined with the reason "sender has spammy reputation".

 Any solution to this issue? I am seeing a lot of legitimate emails being rejected only based on "Sender has spammy reputation 100%". Could this be a config issue? IS there a way to make this reputation not a disqualifying thing? i.e. it adds X points to the score but does not disqualify an email only based on reputation.

 

Samples as requested:

Sender has spammy reputation (100%)

IP address: 192.114.66.139

HELO domain: fss5.bezeqint.net

 

Sender has spammy reputation (100%)

IP address: 109.226.25.38

HELO domain: ns-ilhost1.ns-systems.com

 

Sender has spammy reputation (100%)

IP address: 209.85.213.50

HELO domain: mail-yh0-f50.google.com

Link to post
Share on other sites

Oh I saw your thread yesterday but I forgot to answer...

 

Nope I didn't find any solution. Oh well, my solution was change antispam protection to another vendor. I do really like Eset but this problem was so annoying so I didn't see any other solution than to change. So since one year ago i'm running another antispam but i'm still using eset as Antivirus on all clients and servers.

Link to post
Share on other sites

triamed, Thanks for the update. It's a shame that ESET do not provide any solution to this. I am pulling all strings here (forum and I have an open ticket with ESET on this). I hope one of the ways will resolve the issue. If it does I will update this thread with info

Link to post
Share on other sites
  • 2 weeks later...

triamed, ESET pulled logs from my machine and it (probably) turns out it was a custom RBL I added (barracuda RBL) that was causing all the problems. once it was removed things got normal and sender has spammy reputation (100%) does not appear as much (for almost two weeks now it has run without any FP's and with very few that got only 100% on spammy reputation)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...