Documentation for Kerio MailServer

Antispam Protection of the SMTP Server

Antispam protection of SMTP server protects users from spam. The configuration of antispam protection can be set in Configuration/Spam Filter:

Spam Rating

Use the Spam rating tab to fight spam using SpamEliminator. This filter consists of two main parts. One of them is based on statistical filtering using the message's contents (keywords, etc.). Each incoming message is assigned a numeric score according to the number of characters significant for spam messages. A higher score indicates a higher probability of spam.

The other part of SpamEliminator is a so-called Bayesian filter, which is able to learn to recognize spam messages. This filter compares the individual spam characteristics with actual messages. This method, however, requires user input. Users have to reassign the incorrectly evaluated messages to correct types (spam / non-spam) so that the filter learns to recognize them in the future.

Enable SpamEliminator Rating

SpamEliminator evaluates each incoming message using scale from 0.0 to 10.0 (this number includes various results of SpamEliminator evaluations). The higher the value, the more probable is that the message includes a spam.

Enable scanning of relayed messages...

Turns the scanning of messages sent by local (authenticated) users on/off.

Figure 16. Spam Rating tab

Each row stands for one filtering rule. Using matching fields on the left you can activate or disable individual rules. This way you can switch the rules temporarily on and off without the need to remove them and add them again. You can also use the arrow buttons to move rules within the list (this feature may be very useful for example when two rules negate one another).

Click the Remove and Remove unused buttons to delete rules from the list.

Use the Add button (or Edit) to open a dialog where rules can be defined or modified.

Figure 17. Defining rule

Filtering rules consist of the following items:

Description

Comment on the rule (for use of administrator).

Header

Tested part of email message header. You can choose from various predefined options (From, To, Cc, Subject and Sender) or create a custom one (i.e. X-Envelope-To). Do not use colons while defining entry names.

Type

Type of condition under which the entry will be tested. Available types: Is empty the item is empty Is missing the item is not contained in the message header Contains address the item contains a specific email address Contains address with domain the item contains an email address from this domain. Enter the mail domain, i.e. the second part of the email address right from the @ character, in this field. Contains substring the item contains specific string of characters (a word, a piece of text, a number, etc.). Contains binary data using this condition, the above-mentioned specific characters as well as binary data that may be contained in spam messages can be recognized. Binary data are characters that have a different meaning in each character set (e.g. specific national characters).

Content

Required entry content (according to the selected type).

Treat the message as spam and reject it

If one of the above conditions is met, KMS will reject the message, regardless of the spam score.

Treat the message as non-spam

Messages treated as spam may be accepted as non-spam using this option.

Add score to the message:

Define score value for SpamEliminator (the higher the value, the lower is the possibility that a message passes through the filter). Value that you match with messages meeting this rule will be added to the corresponding SpamEliminator evaluation (negative values protect messages from being considered as spam).

Example 1: Suppose that you want that the server blocks all email sent from someone@undesirable.com. Define a rule where the From entry will be tested. Choose the contains address condition type (particular email address) and specify the Content entry using the email address (someone@undesirable.com). In the Score entry specify a value this should be equal or higher than the value set in the Action tab. You can also use the Treat the message as spam and reject it option.

Example 2: A user has demanded regular messages with current special offers. These messages are sent from the address info@offer.com and they are treated as spam by SpamEliminator. To override this denial, we will create the following custom rule:

• Header use the From selection

• Type select the Contains address option

• Content insert info@offer.com

• Add score to the message set a negative value that will decrease the total score. You can also use the Treat the message as non-spam (overrides the SpamEliminator score) option.

Caller ID

Kerio MailServer allows for checking the email policy logs. This is done using the Caller ID tab (Spam filter Caller ID). Users can check the IP address of the sender's server to see if the server is authorized to send messages for a specific domain.

The Caller ID technology allows for precise identification of message senders. For each participating domain that supports the Caller ID technology, there is a TXT record in their DNS (XML format) that contains a list of IP addresses of servers which are authorized to send mail from a particular domain. When receiving a message, Kerio MailServer compares the sender's IP address with IP addresses in the corresponding sender domain DNS record. This means that the trustworthiness of senders is verified for each message. If the DNS record does not include the IP address from which the message was sent, the Caller ID of the message is invalid and it can be considered as spam.

In case the sender domain has not configured Caller ID records in DNS, the message will be always delivered. Such messages will not be taken into account for the purpose of email policy check.

Figure 18. Caller ID tab

The Caller ID tab enables users to configure basic settings:

Check the Caller ID of every incoming message

This option enables/disables Caller ID.

Only log this to the Security log

All messages of this type will be logged to the Security log. Messages with invalid Caller ID will be delivered to the addressee.

Reject the message

Messages with invalid Caller ID will be rejected (returned to sender).

Add this value to the message's spam score

In this option a value which will be added to the SpamEliminator rating can be set (see the previous chapter).

Apply this policy also to testing Caller ID records

Currently the Caller ID technology has not been widely adopted. For this reason, most domains use it only in a testing mode (headers of XML scripts in DNS records contain the testing item). Therefore, it is recommended to enable this option (otherwise, Caller ID will not function for most domains).

Don't check Caller ID from...

This option can be helpful for example when backup servers are being configured. If a message is sent through a backup server, the From item does not correspond with the server from which the message was sent. This is why messages sent from these addresses should not be checked.

Check my email policy DNS records

Click the link to Kerio Technologies web pages where the email policy DNS record for a domain can be checked.

Note: For detailed instructions on proper configuration of DNS entry settings for Caller ID, see the official Microsoft web pages.

Action

Using this tab you can define what happens with messages once considered as spam (using the SpamEliminator module and/or filtering rules).

Figure 19. Action tab

If message score is higher than...

If the number of a message is higher than the defined score value, the message is considered as a spam. Insert a value from -20.0 to +20.0 (the lower the value, the less messages will pass the filter). The message will be tested according to total count of all rules that it meets (the Spam Rating tab) and to the SpamEliminator evaluation.

We recommend you to use the 5.0 value statistics claim that 91.12 per cent of spam do not pass through this filter. However, the filter also blocks 0.62 per cent of correct mail. If you set the score higher (i.e. to 8.0), more correct messages will be blocked whereas also more spam will pass through.

Warning:If the value you set will be too low, every message will be considered as a spam.

Mark the message as spam

Message will be marked as spam and delivered to the recipient. You can append a text that will indicate that the message is a spam into the Prepend message's Subject with text textfield. TIP: If you use the [%s] referent for the Prepend message's Subject with text entry specification, the score evaluation (represented by asterisks) assigned by the antispam protection system is inserted into this textfield. This implies that users can define their custom antispam rules in their mail server or in the Kerio WebMail interface.

Silently discard the message

Message will be discarded without notification.

Return the message to the sender

Message will be returned to the sender.

Forward the message to email address

Enter an address to which spam will be forwarded (regardless of which action was selected).

If the message was rejected by 'Deny' custom rule...

Silently discard the message

Rejected mail will be discarded silently.

Return the message to the sender

Rejected message will be returned to the sender.

Forward the message to email address

An email address to which rejected mail will be forwarded.

Note:Each message is evaluated first by an antispam system, then by antivirus. This saves CPU time, since the antispam check is considerably less demanding than the antivirus check. If the messages marked as spam are set to be discarded automatically (in the Spam filter section), all spam messages containing viruses will be discarded as well.