A.P. Lawrence

Information and Resources for Unix and Linux Systems
Bloggers and the self-employed

Home
Kerio
Sections
- MacOSX
- Linux
- Blogging
- Self-Employment
- Support
Contents
- Most Popular
- Browse All Topics
- Newest Articles
- Random Page
- Surveys
Tests
- Linux
- Mac OS X
- SCO Unix
- Perl
Resources
- Site Forum
- Write for this site
- Find a Consultant
- Contact Info
- RSS Feeds
- Store
- Advertise Here
- Disclaimer
Help
- About
- Rates
- Copyrights
- Contact
- Support

(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Kerio Reseller
Printer Friendly Version

Kerio Mail Server Spam Filtering

Kerio Mail Server has several configuration options to protect against spam email. For maximum protection, you should investigate and set all appropriate items.

Under the Security Options tab for the SMTP server are several limits and controls you can set. These are:

Hate these ads?

Maximum number of messages per hour from one IP address.

While this certainly can cut down on spam, be careful here. A on-going conversation about a support issue or any other complex subject might bounce back and forth quite quickly and could easily exceed 60 messages per hour. Setting this is not going to prevent legitimate email; it just temporarily delays it. A legitimate server will try again later; a spammer probably won't.
Maximum number of concurrent SMTP connections from one IP address.

Again, this can block some spam, but keep in mind that legitimate email can and will make multiple connections for efficiency. Don't set this too low if, for example, your users have a lot of correspondence with AOL users or similar big servers.
Block if sender's mail domain was not found in DNS.

That's checked by default and ordinarily would be left that way. Why would you want to accept mail from someone without a DNS name? The only possible justification would be if you had other mailservers within your network, but even then you'd be smarter to put them in DNS and block anyone else without a DNS lookup.
Maximum number of recipients in a message.

This can be an effective block against spam, but it can also be a problem if you belong to mailing lists that (stupidly) list all recipients in the "To:" line. If that's not an issue, leave it checked and set the limit to the number of users in your mail domain.
Maximum number of failed commands in SMTP session.

By default, this is checked and set to three. The most likely source of failed commands is someone exploring your server for weaknesses - an ordinary SMTP conversation shouldn't have many failed command. It might check for ability to do encrypted sessions, but it shouldn't do much more. Leave this checked.
Limit incoming SMTP message size.

This is a good one to set, but you do have to think about your legitimate needs for larger messages.

Blacklists

Real time blacklist filtering is not enabled by default, but you should turn this on. The reason people hesitate to do this is because of false positives, but you can easily white-list those addresses, see Kerio Mailserver Blacklists. A number of free blacklists are pre-configured for you, but you can add others, including of course paid lists. Using these blacklists can immediately cut out a lot of unwanted mail.

Attachment Filters

Attachment filtering is also disabled by default because every company has different needs. If you are a programming house, you may need to accept .exe files, but other businesses usually wouldn't. If enabled, messages are still delivered (assuming the message gets by other content rules), but inappropriate attachments are stripped. You can optionally warn the sender that the attachment was stripped, and you can also forward the original, with attachment to an administrative address.

Spam filter

"SpamEliminator" is what Kerio calls their combination of Spamassassin and Bayesian filtering. As explained at How does Bayesian Self Learning Work in Kerio MailServer?, Kerio "self trains". Mail users can also help Kerio learn about spam by either using the "Spam/Not Spam" buttons in their mail client or simply by dragging spam messages to the Junkmail folder in Imap clients that don't support those buttons.

You can also define your own custom rules at the server, and some clients (Webmail, for example) can define their own server side rules. Remember that rules defined in Webmail are processed regardless of whether you are using Webmail to read your mail. There is, for example, a default rule that moves messages marked "** SPAM **" to Junkmail. No wildcards in custom rules, unfortunately.

Caller ID and SPF

Kerio supports both of these, though at this time they aren't used enough by other servers to be of much value.

Spam Repellent

This is a simple method to really annoy spammers. When a server connects to your server, it is supposed to politely wait for the SMTP greeting - your server saying it is ready to talk. This setting deliberately delays that greeting for up to 30 seconds. If the other server attempts to start talking before then, it is just disconnected. Spammer's software usually doesn't want to waste that much time waiting around, but even if it does, you at least have cut down on how much work they can get done in a day. If every server did this, spammers would be significantly hampered (assuming they were willing to wait).

Spam is an on-going problem. Spammers can and do buy servers like Kerio and use them to test their messages against. Kerio does constantly improve their spam filtering methods to help counter that.

More Kerio Articles.

Technorati tags: Mail Spam

Comments /Kerio/kerio_mailserver_spam_filtering.html

Tue May 20 05:21:46 2008: Subject: anonymous

Great article - thank you.

Tue Sep 23 19:51:35 2008: Subject: anonymous

In version 6.5.2 there is a sectioned "max number of unknown recipients (directory harvest attack protection)".....what would you recommend for this checkbox?

Thanks....great article.

Tue Sep 23 20:12:44 2008: Subject: Directory Harvest TonyLawrence

I can't make a recommendation because it depends on your correspondents. Are you likely to get important email addressed to 100 recipients? If so, you need it set higher than that.

If you aren't on open mailing lists, it certainly shouldn't be higher than the total number of possible recipients in your domain and for most companies, considerably lower.

Tue Sep 30 17:18:36 2008: Subject: anonymous

thanks for this.. very useful to have it broken down simply.

Add your comments

Why no "Digg this!" etc.?

Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)

Printer Friendly Version

Views for this page
Today	This Week	This Month	This Year	Overall
6	86	169	2,433	6,289

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

Printer Friendly Version

More:

- Mail

- Kerio

- Kerio Pricing

Unix/Linux Consultants

Your ad here - $24.00 yearly!

UBB Computer Services Support for Openserver, Unixware and Linux. Windows integration with Unix/Linux servers. Hardware, Backup and Networking issues. Located near Sacramento CA, we provide onsite support throughout Northern CA and Nationwide via remote access. We are a SCO Authorized Partner and a Microlite BackupEdge Certified Reseller.

http://www.breakthru.com.au SCO (Openserver and Unixware), Unix, Solaris and Linux Consulting services including: Secure Networking Solutions; Linux based Firewalls; Backup Solutions; Secure Home to Office Network Setup; Phone, Remote and On-Site Support available - Satisfaction Guaranteed!

http://echo3.net/ Unix/Linux Custom Applications, Web Hosting, C/C++ Programming Courses

Coming Attractions

My Favorites