Kerio Mail Server Spam Filtering

Kerio Mail Server has several configuration options to protect against spam email. For maximum protection, you should investigate and set all appropriate items.

Under the Security Options tab for the SMTP server are several limits and controls you can set. These are:

• Maximum number of messages per hour from one IP address.
  
  While this certainly can cut down on spam, be careful here. A on-going conversation about a support issue or any other complex subject might bounce back and forth quite quickly and could easily exceed 60 messages per hour. Setting this is not going to prevent legitimate email; it just temporarily delays it. A legitimate server will try again later; a spammer probably won't.
  
  
• Maximum number of concurrent SMTP connections from one IP address.
  
  Again, this can block some spam, but keep in mind that legitimate email can and will make multiple connections for efficiency. Don't set this too low if, for example, your users have a lot of correspondence with AOL users or similar big servers.
  
  
• Block if sender's mail domain was not found in DNS.
  
  That's checked by default and ordinarily would be left that way. Why would you want to accept mail from someone without a DNS name? The only possible justification would be if you had other mailservers within your network, but even then you'd be smarter to put them in DNS and block anyone else without a DNS lookup.
  
  
• Maximum number of recipients in a message.
  
  This can be an effective block against spam, but it can also be a problem if you belong to mailing lists that (stupidly) list all recipients in the "To:" line. If that's not an issue, leave it checked and set the limit to the number of users in your mail domain.
  
  
• Maximum number of failed commands in SMTP session.
  
  By default, this is checked and set to three. The most likely source of failed commands is someone exploring your server for weaknesses - an ordinary SMTP conversation shouldn't have many failed command. It might check for ability to do encrypted sessions, but it shouldn't do much more. Leave this checked.
  
  
• Limit incoming SMTP message size.
  
  This is a good one to set, but you do have to think about your legitimate needs for larger messages.
  
  

Blacklists

Real time blacklist filtering is not enabled by default, but you should turn this on. The reason people hesitate to do this is because of false positives, but you can easily white-list those addresses, see Kerio Mailserver Blacklists. A number of free blacklists are pre-configured for you, but you can add others, including of course paid lists. Using these blacklists can immediately cut out a lot of unwanted mail.

Attachment Filters

Attachment filtering is also disabled by default because every company has different needs. If you are a programming house, you may need to accept .exe files, but other businesses usually wouldn't. If enabled, messages are still delivered (assuming the message gets by other content rules), but inappropriate attachments are stripped. You can optionally warn the sender that the attachment was stripped, and you can also forward the original, with attachment to an administrative address.

Spam filter

"SpamEliminator" is what Kerio calls their combination of Spamassassin and Bayesian filtering. As explained at How does Bayesian Self Learning Work in Kerio MailServer?, Kerio "self trains". Mail users can also help Kerio learn about spam by either using the "Spam/Not Spam" buttons in their mail client or simply by dragging spam messages to the Junkmail folder in Imap clients that don't support those buttons.

You can also define your own custom rules at the server, and some clients (Webmail, for example) can define their own server side rules. Remember that rules defined in Webmail are processed regardless of whether you are using Webmail to read your mail. There is, for example, a default rule that moves messages marked "** SPAM **" to Junkmail. No wildcards in custom rules, unfortunately.

Caller ID and SPF

Kerio supports both of these, though at this time they aren't used enough by other servers to be of much value. There's no reason not to turn them on; they could catch something. Don't block though - increase the spam store.

See also Kerio Spam Control: Caller-ID and SPF

Spam Repellent

This is a simple method to really annoy spammers. When a server connects to your server, it is supposed to politely wait for the SMTP greeting - your server saying it is ready to talk. This setting deliberately delays that greeting for up to 30 seconds. If the other server attempts to start talking before then, it is just disconnected. Spammer's software usually doesn't want to waste that much time waiting around, but even if it does, you at least have cut down on how much work they can get done in a day. If every server did this, spammers would be significantly hampered (assuming they were willing to wait).

Spam is an on-going problem. Spammers can and do buy servers like Kerio and use them to test their messages against. Kerio does constantly improve their spam filtering methods to help counter that.

More Kerio Articles.

Click here to add your comments




Tue May 20 05:21:46 2008: Subject:   anonymous


Great article - thank you.



Tue Sep 23 19:51:35 2008: Subject:   anonymous



In version 6.5.2 there is a sectioned "max number of unknown recipients (directory harvest attack protection)".....what would you recommend for this checkbox?

Thanks....great article.



Tue Sep 23 20:12:44 2008: Subject: Directory Harvest   TonyLawrence


I can't make a recommendation because it depends on your correspondents. Are you likely to get important email addressed to 100 recipients? If so, you need it set higher than that.

If you aren't on open mailing lists, it certainly shouldn't be higher than the total number of possible recipients in your domain and for most companies, considerably lower.



Tue Sep 30 17:18:36 2008: Subject:   anonymous


thanks for this.. very useful to have it broken down simply.

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar

Buy Take Control of Easy Backups in Leopard

Buy Take Control of Fonts in Leopard

Buy Take Control of Screen Sharing in Leopard

Buy Take Control of Permissions in Leopard

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.