To fight spam more efficiently, Kerio Connect supports greylisting.
Greylisting is an antispam method that complements other antispam methods and mechanisms in Kerio Connect.
How greylisting works
With greylisting enabled, the following happens when Kerio Connect receives a message:
- Kerio Connect contacts the greylisting server and provides information about the message. The greylisting server includes a list of trustworthy IP addresses.
- If the list contains the message sender's IP address, the message passes the greylisting check immediately.
- If the list does not contain the sender's IP address, the greylisting server delays the delivery. Trustworthy mailservers try to redeliver messages later. Spam senders usually do not.
- Once the message is received again, the Kerio Greylisting Service adds the sender's IP address to the whitelist. All future messages from this sender will pass the greylisting check immediately (see step 2).
NOTE
To learn more about greylisting, consult greylisting.org.
What data is sent to Kerio Technologies
If the greylisting is enabled, the Kerio Technologies greylisting server receives the following information:
- One-way hash (MD5) of the sender's envelope email address and recipient's envelope email addresses
- IP address of the host delivering the message
The data is periodically deleted from the greylisting server.
If greylisting is disabled, no data is sent to Kerio Technologies.
NOTE
Kerio Technologies uses the received data solely for the greylisting feature.
To see the data sent by Kerio Greylisting Service, enable Greylisting in the Debug log.
Configuring greylisting
Kerio Greylisting Service in Kerio Connect is hosted by Kerio Technologies.
It is available to:
- Registered trial users
- Licensed users with valid Software Maintenance
Greylisting is disabled by default. To enable it:
- In the administration interface, go to Configuration > Content filter > Spam Filter > Greylisting.
- Select the Check incoming messages by Kerio Greylisting Service option.
NOTE
Make sure your firewall allows outgoing connection on port 8045
.
- (Optional) Create a list of IP addresses to skip in the greylisting check.
- Click Test Connection to check the connection with Kerio Greylisting Service.
NOTE
The connection is established every time Kerio Connect server is restarted.
- Click Apply.
Troubleshooting
If the connection between your Kerio Connect server and Kerio Greylisting Service fails, make sure your firewall allows outgoing connections on port 8045
.
Users may experience a delay in delivery. This happens when the message with the particular parameters is received, as described in section What data is sent to Kerio Technologies. The greylisting server delays the delivery. This problem is solved once another message is received.
Messages can also be delivered in a different order than they were sent, due to the greylisting server. This problem is solved once another message with the same parameters is received.
If you want to see what data are sent to Kerio Technologies, enable Greylisting in the Debug log.
If Kerio Connect cannot contact the greylisting server, all incoming messages are delivered immediately. Kerio Connect will try to contact the greylisting server again.
If you acquire a new license or renew your license, it may take several minutes before the Kerio Greylisting Service recognizes it. You may get warning messages in the meantime. Message delivery is not affected.