Overview
In Kerio Connect, you can create your own anti-spam rules to filter email headers or email bodies. You can create as many rules as you like.
Kerio Connect processes the rules in the order they are listed. If the spam filter marks a message as non-spam or rejects it, Kerio Connect stops processing the remaining rules.
Important: To decrease the load on your server, place the From and To header rules at the top. If Kerio Connect rejects messages using these rules, no other antispam or antivirus tests are performed on these messages.
Solution
Creating custom rules for spam control
- In the Kerio Connect administration interface, go to Configuration > Content Filter > Spam Filter > Custom Rules.
Note: the search bar only uses Description column data.
The outlook query does not return any results. - Click Add.
- In the Add Rule dialog, enter a description for the rule.
- Choose Mail header or Mail body filter. For Mail header select the Type.
- Available headers for custom spam rules are: From, To, CC, Subject, Sender, X-Envelope-To, Received.
- Other headers, like X-Spam-Level or X-Spam-Status are not supported.
- Note: the type "contains binary hex string" is used for blocking specific hex strings that may be used to inject malicious code.
- Available headers for custom spam rules are: From, To, CC, Subject, Sender, X-Envelope-To, Received.
- Enter the string you want to filter under Contains. You can use:
- Any text.
- * to represent any number of characters.
- ? to represent a single character.
- Regular expressions (mail body only).
For example, if you want to block all messages that contain the wordcialis
:- Choose Mail body and enter the regular expression:
/\bcialis\b/i
- Choose Treat the message as spam and reject it.
- Choose Mail body and enter the regular expression:
- For any message that matches the rule, you can:
- Treat the message as non-spam.
- Treat the message as spam and reject it.
- Add spam score to the message.
- Click OK.
Defining actions for custom rules
If your custom rule rejects a message, Kerio Connect can:
- Send a bounce message to the sender: Not recommended because spammers usually fake addresses, so your bounce message will be undeliverable.
- Forward the message to a quarantine address: Recommended so that important messages are not falsely identified as spam.
You can choose these global options in Configuration > Content Filter > Spam Filter > Custom rules under the list of your custom rules.
Testing
From now on, in the example above Kerio Connect rejects all messages that include cialis
as a single word. Send a test message matching the pattern.
The message rules UI will show the usage time equal to 1 minute.
Spam logs will report the rejection due to the custom rule.
Message rejected by spam body custom rule: "/\bcialis\b/i" test matched; From:
vladyslav@external_domain.com, To: vlad@kerio_domain.com, Sender IP: x.x.x.x,
Message size: 3303
Note: custom message rules are stored in mailserver.cfg -> HeaderFilter list. They can be modified manually if needed, but the recommended way of modification is through Webadmin UI.