The Kerio Anti-Spam extension uses the BitDefender online scanning service and provides an advanced level of spam filtering on incoming messages.
When Kerio Anti-Spam is enabled, the following happens when Kerio Connect receives a message:
- Kerio Connect sends encrypted data to the BitDefender online scanning service.
- BitDefender scans the data and sends the result to Kerio Connect. The score can be:
0(zero) for non-spam
9for different levels of spam.
- Kerio Connect calculates the spam score using a unique algorithm and adds the score to the overall spam rating.
Facts about the Kerio Anti-Spam Advanced filter:
- It is available as an add-on. Without Kerio Anti-Spam Advanced filter, you can still use the standard anti-spam features in Kerio Connect.
- It connects to
*.nimbus.bitdefender.neton port 443 (HHTPS) and
bda-update.kerio.comon port 80 (HTTP) to communicate to BitDefender.
- The default action if BitDefender recognizes malware or a phishing message is to reject the message regardless of the other Kerio Connect settings, such as whitelists or custom rules. Kerio Connect discards the message or forwards it to a quarantine address depending on the settings. This default action can be disabled in the configuration file (
Along with Kerio Anti-spam, Kerio Connect uses a set of other predefined Spam protection features.
The Spam Repellent is a simple but very effective spam filter. It delays the SMTP greeting that prevents the delivery of messages sent from spam servers. Here is an explanation from the Kerio Connect administration interface:
To send large volumes of spam, the automated spam-sending tools cannot afford to spend too much time communicating with the receiving mail server. By introducing delays and flow checks at the beginning of the SMTP communication, many automated tools will give up while legitimate email is not affected.
Here is a sample entry in the security logs when Spam Repellent is on:
SMTP Spam attack detected from 188.8.131.52:52864, client sent data before SMTP greeting.
The log above means that the server has started to send SMTP commands and the data too early, which is indicative of spam as normal mail servers would wait. Spam Repellent also decreased the load on the server because other anti-spam and antivirus tests do not process messages rejected by Spam Repellent.
IP Address Groups can also be excluded from Spam Repellent.
On a default installation, Kerio Connect includes a small list of well-known Internet blacklists. However, none of them are enabled. Enabling these blacklists can significantly reduce spam; however, some legitimate emails may be rejected. It is important to occasionally review the security log to confirm the volume of rejected emails from blacklists and to make sure it is not rejecting legitimate senders.
In case you do encounter legitimate senders who are rejected by the blacklist, the IP address can be extracted from the log and added to a whitelisted IP address group.
NOTE: This feature is only effective when Kerio Connect receives mail directly from the sender's outgoing mail server. In case Kerio Connect receives all mail from a single host, such as an SMTP gateway, it will not be able to identify the IP address of the originating mail server appropriately.
Here is a sample entry in the Security logs when Internet Blacklists feature is enabled:
IP address x.x.x.x found in DNS blacklist SpamHaus SBL-XBL, mail from <email@example.com> to <firstname.lastname@example.org> rejected
Facts about internet blacklists:
- You can either block the message or increase the spam score.
- Kerio Connect does not maintain the database, so if the user found their IP in the blacklist, they should directly contact the service that blocks the IP.
- You can also add other blacklists from the Internet, like paid ones.
Most Anti-Spam filters are based on static rules to determine if a message is spam. This may be effective for the time being, but spammers evolve and what is an effective filter today may not be in the future. This is where the Bayesian SpamAssassin filter is useful, as it is not dependent on static rules.
Dubbed as the most effective anti-spam technology, the Bayesian filter learns from the history of ham (not spam) and spam emails and adjusts its algorithm accordingly. The Bayesian filter is self-learning and self-adapting. Users can also train the Bayesian filter by tagging the emails as Spam or Not Spam or by moving emails between the Inbox and Junk folder.
Facts about the Bayesian filter:
- The Bayes database must learn a lot of emails before it can function effectively. In general, the Bayes database begins to work after it has learned at least 200 spam and 200 hams.
- The Bayes database can be reset by deleting or renaming the Bayes folder (
/spamassassin/bayes) and restarting Kerio Connect.
- Tagging the emails as spam/not spam or moving the emails between the inbox and junk folder will be recorded in the Spam log.
- Securing Kerio Connect
- Antivirus and Content Filters
- Blacklists and Caller ID
- SPF and Greylisting
- Securing the SMTP Server