When receiving emails on a Kerio Connect domain, the emails are sometimes rejected as phishing or malware spam. The Spam log shows a similar output:
Message rejected as malware/phishing spam, From: firstname.lastname@example.org, To: username@kerio_domain.com,
Sender IP: 18.104.22.168, Subject: Sommer 3, Message size: 1506
This article provides the information to be gathered in order to receive such emails properly.
Kerio Connect uses an Anti-spam feature that is heavily relying on the Bitdefender scanning engine. In some cases (email with an attachment, non-English language, suspicious subject, etc.), the Bitdefender engine misqualifies legit emails as malware or phishing spam. Such false-positive emails can be reported to the Bitdefender team to whitelist them in their virus-spam databases.
Depending on the reported message in Spam logs, disable the
BlockPhishing parameter in mailserver.cfg to capture .eml file. Below steps require administrator/root access to the Kerio Connect server:
- Stop Kerio Connect.
- Navigate to the Kerio installation folder. Default locations for different Operating Systems (OS)are below:
- Open the mailserver.cfg file.
- Go to the table:
<table name="Kerio Anti-spam">
- Set BlockMalware or BlockPhishing variable to 0 (zero). Save the changes.
- Start Kerio Connect.
- Request the mail from the sender again. This time the mail will not be blocked.
- Retrieve the .eml source file from the Webmail.
Send the source .eml file to Kerio Connect Support for further investigation.
Once Support confirms the email was whitelisted by the Bitdefender team, re-enable BlockMalware or BlockPhishing variables (set them to 1) in the mailserver.cfg file. The email is no longer detected as Malware or Phishing spam.