When the Kerio Connect server is receiving a large number of emails, it might be an indication of traffic coming from blacklisted IP addresses or domain senders. As a result, user mailboxes become occupied with dozens of Spam messages. Thus, the Kerio Connect public IP address may become blacklisted by SORBS, WPBL, SpamCop, or SpamHaus.
This article provides the steps to resolve this blocking of spam emails using Kerio Connect's different built-in methods like Blacklists and Whitelists.
IP Black/White Lists
This method uses the IP address groups to block automatically, increase the spam score, or allow all messages originating from the IP on the list. This is configured under Spam Filter > Blacklists.
The predefined Internet Blacklists include SpamCop, SpamHaus, SORBS, and WPBL.
New custom blacklists can be added or the existing one can be modified. Also, it's possible to assign Block or Increase score by actions for specific blacklists.
Once the suspicious IP address is detected, Kerio Connect generates an entry in Security logs.
[01/Jun/2020 11:11:39] IP address 126.96.36.199 found in DNS blacklist SpamHaus
SBL-XBL, mail from <email@example.com> to <firstname.lastname@example.org> rejected [01/Jun/2020 11:18:42] IP address 188.8.131.52 found in DNS blacklist SORBS
DNSBL, mail from <username@external_domain.com> to <username@connect_domain.com> rejected
To double-check the valid status of Spam IP address detection, many of blacklist providers are offering online services to achieve that:
If the detection is incorrect, it's advisable to contact the Blacklist authority to confirm the possible false-positive alert.
IP Address Groups help easily define who has access to, for example, remote administration, services, and are used in additional settings in Kerio Connect like Blacklist/Whitelist.
- Securing Kerio Connect
- Antivirus and Content Filters
- Sender Policy Framework Filter
- Anti-Spam Advanced Filter
- Securing the SMTP Server