When receiving emails on a Kerio Connect domain, the emails are sometimes rejected as phishing or malware spam. The Spam log shows a similar output:
Message rejected as malware/phishing spam, From: email@example.com, To: username@kerio_domain.com,
Sender IP: 22.214.171.124, Subject: Sommer 3, Message size: 1506
While the example above refers to Malware/phishing spam, the process in this article applies for any false positive.
Kerio Connect uses an Anti-spam feature heavily relies on the Bitdefender scanning engine. In some cases (email with an attachment, non-English language, suspicious subject, etc.), the Bitdefender engine categorizes legit emails incorrectly as malware or phishing spam. Such false-positive emails can be reported to the Bitdefender team to whitelist them in their virus-spam databases.
Depending on the reported message in Spam logs, disable the
BlockPhishing parameter in mailserver.cfg to capture .eml file. Below steps require administrator/root access to the Kerio Connect server:
- Stop Kerio Connect.
- Navigate to the Kerio installation folder. Default locations for different Operating Systems (OS)are below:
- Open the mailserver.cfg file.
- Go to the table:
<table name="Kerio Anti-spam">
- Set BlockMalware or BlockPhishing variable to 0 (zero). Save the changes.
- Start Kerio Connect.
- Request the mail from the sender again. This time the mail will not be blocked.
- Retrieve the email headers or .eml source file from the Webmail.
- Send the email headers or the source .eml file to Kerio Connect Support for further investigation in your existing or no tickets are already submitted, a new support ticket.
Once Support confirms the email was whitelisted by the Bitdefender team, re-enable BlockMalware or BlockPhishing variables (set them to 1) in the mailserver.cfg file. The email will no longer be detected as Malware or Phishing spam.