Kerio Anti-spam filter

NOTE

Changed in Kerio Connect 9.2.0!

The Kerio Anti-spam extension uses the Bitdefender online scanning service and provides an advanced level of spam filtering on incoming messages.

In Kerio Connect 9.0.3-9.1.1, Kerio Anti-spam replaces the SpamAssassin's SURBL and Bayes filters. Users don't need to use the Spam and Not spam buttons in Kerio Connect Client and Microsoft Outlook with Kerio Outlook Connector, so Kerio Connect hides those buttons.

In Kerio Connect 9.2 and newer, you can use Kerio Anti-spam together with SpamAssassin.

Kerio Anti-spam is available as an add-on. Without Kerio Anti-spam, you can still use the standard antispam features in Kerio Connect.

How Kerio Anti-spam works

When Kerio Anti-spam is enabled, the following happens when Kerio Connect receives a message:

  1. Kerio Connect sends encrypted data to the Bitdefender online scanning service. See the What data is sent to Bitdefender section below for information about the data Kerio Connect sends.

NOTE

If the computer with Kerio Connect is behind a firewall, you must allow unrestricted access to:

*.nimbus.bitdefender.net, port 443 (HTTPS)

http://bda-update.kerio.com, port 80 (HTTP)

If Kerio Connect uses a proxy server, Kerio Anti-spam communicates with Bitdefender via the proxy server.

  1. Bitdefender scans the data and sends the result to Kerio Connect. The score can be:
  • 0 (zero) for non-spam
  • 1-9 for different levels of spam
  1. Kerio Connect calculates the spam score using a special algorithm, and adds the score to the overall spam rating (see Calculating the Kerio Anti-spam score below).
  2. If Bitdefender recognizes malware or a phishing message, Kerio Connect automatically blocks the message regardless of other Kerio Connect settings, such as whitelists or custom rules. Kerio Connect discards the message or forwards it to a quarantine address depending on your settings. See Setting the spam score section in the Configuring spam control in Kerio Connect article.

NOTE

You can disable this function in the configuration file (mailserver.cfg). Look for <variable name="BlockMalware"> and <variable name="BlockPhishing"> in the Kerio Anti-spam table and set the values to 0 (zero).

What data is sent to Bitdefender

Kerio Connect doesn't send any information that could be used to identify a specific person, such as content of the original e-mail body, attached images, or attached files.

Bitdefender online scanning service receives the following information via HTTPS:

  • The sender and the sender's IP address of the original message from the email SMTP envelope.
  • The e-mail message fingerprint, a set of cryptographic hashes on different parts of the e-mail headers and body. The hashes are irreversible. Kerio Connect doesn't send the original email body.
  • URLs, e-mail addresses and telephone numbers contained in the body of the scanned e-mail message
  • MD5 hashes of:
  • The FROM address, FROM domain and REPLY-TO address
  • Certain types of attachments, for example, Microsoft Office documents, PDFs, executable files
  • The hashes of images embedded in the messages. The actual images are not transmitted.

Calculating the Kerio Anti-spam score

NOTE

Changed in Kerio Connect 9.2!

Kerio Connect calculates the Kerio Anti-spam score using a special algorithm and adds the score to the overall spam rating.

The algorithm works as follows:

Bitdefender score is 1-9 (spam)

Kerio Anti-spam score = X*Y/9

  • X is the score Kerio Connect receives from Bitdefender.
  • Y is the Kerio Anti-spam setting. If SpamAssassin is disabled, you can set the Kerio Anti-spam settings to 2-18. If SpamAssassin is enabled, you can set the Kerio Anti-spam settings to 1-9.

NOTE

In Kerio Connect 9.0.3-9.1.1, you can set Kerio Anti-spam setting to moderate (6), normal (10), and high (14).

Bitdefender score is 0 (non-spam)

Kerio Anti-spam score = 0

NOTE

In Kerio Connect 9.0.3 and 9.0.4, the algorithm is:

Kerio Anti-spam score = -1*Y, where Y is the Kerio Anti-spam setting (moderate = 1, normal = 2, and high = 3).

Configuring Kerio Anti-spam

  1. In the administration interface, go to Configuration > Content Filter > Spam Filter.
  2. Switch to the Kerio Anti-spam tab.
  3. Select Enable Kerio Anti-spam advanced filter.
  4. Set the Contribution to spam rating. The value of the setting affects only spam messages:
  • If SpamAssassin is disabled, you can set the Kerio Anti-spam settings to 2-18.
  • If SpamAssassin is enabled, you can set the Kerio Anti-spam settings to 1-9.

NOTE

In Kerio Connect 9.1.0 and 9.1.1, you can set this value to moderate = 6, normal = 10, high = 14.

In Kerio Connect 9.0.3 and 9.0.4, this value also affects non-spam messages: moderate = 1, normal = 2, high = 3.

Also see the Calculating the Kerio Anti-spam score section above for information about the score.

  1. (Optional) To allow Bitdefender to save the encrypted data from Kerio Connect, select the Allow signatures and metadata to be utilized for enhancing the online scanning service.

NOTE

In Kerio Connect 9.0.3-9.1.1, select Allow use of spam and Allow use of non-spam options.

Bitdefender saves only the encrypted data, not the entire messages. See the What data is sent to Bitdefender section above.

NOTE

If you're using Kerio Connect Multi-Server, enable Kerio Anti-spam on the Front-end server.

Kerio Connect on Debian 6

If you install Kerio Connect on the Debian 6 operating system, you must perform the following before initializing Kerio Anti-spam:

wget --no-check-certificate https://www.thawte.com/roots/thawte_Primary_Root_CA-G3_SHA256.pem cp thawte_Primary_Root_CA-G3_SHA256.pem /etc/ssl/certs cd /etc/ssl/certs/ ln -s thawte_Primary_Root_CA-G3_SHA256.pem ba89ed3b.0

Troubleshooting

If you are upgrading from a previous version, restart Kerio Connect after you enable Kerio Anti-spam.

If any problem with Kerio Anti-spam occurs, consult the Debug log:

  1. Right-click in the Debug log area, and click Messages.
  2. Select the Kerio Anti-spam ProcessingSpamAssassin Processing, and Spam filter options.

NOTE

After debugging, clear those options. Otherwise, the logging may slow down server performance.

  • 5 Users Found This Useful
Was this answer helpful?

Related Articles

Configuring spam control in Kerio Connect

Antispam methods and tests in Kerio Connect To detect and eliminate spam, Kerio Connect uses...

Configuring greylisting

To fight spam more efficiently, Kerio Connect supports greylisting. Greylisting is an...

Blocking messages from certain servers

Automatically blocking or allowing messages from certain servers In Kerio Connect you can...

Creating custom rules for spam control in Kerio Connect

In Kerio Connect, you can create your own antispam rules. The rules filter email headers or email...

Configuring Caller ID and SPF in Kerio Connect

Caller ID and SPF (Sender Policy Framework) allow you to filter out messages with fake sender...