Kerio Connect has an extensive self-learning spam filter. However, there are also a number of settings that can be made. With this article we want to make clear what can be set and why it is set this way in the example.
Kerio Connect uses SpamAssasin when the SpamAssasin tab is checked. Points are given to properties of messages that are spammy and minus points when properties are not spammy. Think of the title of an e-mail: ATTENTION! THIS IS AN IMPORTANT MESSAGE!... but also where it comes from, how often words are repeated and so on.
You can indicate when something is marked as spam and when it is rejected.
In the example below, the Tagscore value is 3.8 points. So if a message has more than 3.8 points, it will be marked as SPAM. If it has more than 6.7 points, it will be rejected. In the header of an e-mail you can see what the score of a message is.
In Kerio, you can maintain your own whitelists and blacklists, but you can also use blacklists that are available on the Internet (Blacklists).
In white lists, it is useful to include your own ip addresses, for example from the office.
Blacklists are useful if you are constantly being attacked from the same range. However, it is pointless to manually list every ip address that has ever tried to do something. That is why there are internet blacklists.
These lists contain addresses from which viruses originate (virbl) or are a collection of other blacklists. Make sure that when you add a blacklist you choose one that mail server administrators can also easily unsubscribe from.
Example: You get blacklisted because you accidentally spammed. You want to take your mail server off the list because the problem has been solved, but then it turns out that you have to pay... Of course, you should not use such lists to check your mail against. Chances are that people leave their server on the list and you will not receive mail from those parties anymore.
In the image below, you will find three good blacklists. In the logs you can always see what a list does. When in doubt, you can of course set a list to give penalties and not to stop a mail immediately.
Suppose you receive spam in which "professional translations" are offered all the time. The spammers always come from different ip-addresses, use different sender addresses and the content varies too. SpamAssasin might not be able to recognise it as spam then.
In that case, create a rule where you have the text "professional translations" recognised in the subject or the text of the mail. The disadvantage, of course, is that if you are looking for translations and your translation agency sends a mail containing that sentence, the mail will be rejected.
It has been a Microsoft project but it has not caught on. If nobody uses it, it doesn't help against spam and then prompting is pointless.
SPF is widely used. In fact, the DNS of the domain name must state which mail servers are allowed to send mail for this domain. How you can set this up for your domain name can be read here. If a mail comes from a server that is not listed in the SPF record of the sending domain name, you will reject the mail when you set it up as follows. It is tempting not to block the message because some senders do not set their SPF correctly. However, this is a problem for the sender who, by the way, is informed about the problem.
Recommendation: Block if SPF is incorrect.
Every mail server will, if a mail is not immediately accepted, try again. When a mail is delivered by a mail server and an e-mail address from which you have never received a mail, you can refuse it the first time. He will offer it again. Assuming that a spammer does not do this, graylisting is a reasonable tool to stop SPAM.
In this case all the servers of Kerio let you know if they have ever successfully received a mail for that email address and the ip address of the sender. When you enable this the following data is sent to the Kerio graylisting servers:
- An MD5 hash containing the email address of the sender and the recipient
- The ip-address of the mailserver that delivers the message.
This data is periodically cleaned and only used by Kerio for graylisting purposes.
The idea is that a spammer will not wait 10 seconds for a server to respond. We have not noticed any difference when this is enabled. This option also affects how fast clients like Outlook can send mail via Kerio's SMTP server on port 25. Recommendation: Leave it off.