When receiving emails on a Kerio Connect domain, the emails are sometimes rejected as phishing or malware spam. The Spam log shows a similar output:
Message rejected as malware/phishing spam, From: email@example.com, To: username@kerio_domain.com,
Sender IP: 126.96.36.199, Subject: Sommer 3, Message size: 1506
While the example above refers to Malware/phishing spam, the process in this article applies for any false positive.
Kerio Connect uses an Anti-spam feature heavily relies on the Bitdefender scanning engine. In some cases (email with an attachment, non-English language, suspicious subject, etc.), the Bitdefender engine categorizes legit emails incorrectly as malware or phishing spam. Such false-positive emails can be reported to the Bitdefender team to whitelist them in their virus-spam databases.
Depending on the reported message in Spam logs, disable the
BlockPhishing parameter in mailserver.cfg to capture .eml file. Below steps require administrator/root access to the Kerio Connect server:
- Stop Kerio Connect.
- Navigate to the Kerio installation folder. Default locations for different Operating Systems (OS)are below:
- Open the mailserver.cfg file.
- Go to the table:
<table name="Kerio Anti-spam">
- Set BlockMalware or BlockPhishing variable to 0 (zero). Save the changes.
- Start Kerio Connect.
- Request the mail from the sender again. This time the mail will not be blocked.
- Retrieve the email headers or .eml source file from the Webmail.
- Stop Kerio Connect again.
- Reverse the changes you made in step 5 to re-set the BlockMalware or BlockPhishing variable back to 1 (one). Save the changes.
- Start Kerio Connect. Your email is protected again, and you've retrieved the email file.
- Send the email headers or the source .eml file to Kerio Connect Support for further investigation in your existing or no tickets are already submitted, a new support ticket.
Once Kerio Connect Support confirms the email was whitelisted by the Bitdefender team, the email will no longer be detected as Malware or Phishing spam.