Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Chapter 16 Antispam control of the SMTP serverKerio MailServer uses two SMTP connection errors to recognize spam servers. These errors occurwhile establishing SMTP connection. The server that initializes the SMTP communicationshould according to the corresponding RFC wait for the reply for at least 5 minutes. Applicationsthat send spam automatically do not wait for that long since they need to send emailmessages as fast as possible to send as many spam messages as they can. It would hold theseapplications too much to keep waiting the whole period. Therefore, spammer servers behavein one of the following two predictable ways if Kerio MailServer does not answer to the SMTPgreeting for a certain period (i.e. delay is set for answers). In one case, the spammer servergives up the connection to Kerio MailServer and tries elsewhere. In the other case, it startsto send email to Kerio MailServer immediately, without receiving the SMTP greeting (in sucha case, Kerio MailServer interrupts the connection immediately).Benefits of the SMTP delay are as follows:1. Reception of spam by Kerio MailServer is eliminated by 60 — 70 per cent. This alsodecreases the load on the server since spam testing is very demanding.2. The method has no so called false positives as there is no influence to the email which isdelivered legitimately. SettingsSMTP delay settingsYou can set either the SMTP greeting delay in the Spam repellent tab of Kerio MailServer (Configuration→ Content filtering → Spam filter):Figure 16.10Spam repellentDelay SMTP greeting byUse this option to set the SMTP delay. The optimal delay value is between 25 and 30seconds. Shorter delay might not be enough (the spam sending applications use 10-20sec), longer time would impede the communication.188
16.7 Recommended configuration of antispam testsDo not apply delay for connections from...Spam repellent settings apply to all incoming SMTP communication events, i.e. also tomessages from local network, backup servers, etc. It is therefore recommended to add alltrustful IP addresses and networks to this IP address group, so that the communicationis not blocked, if the messages are apparently non-spam.Report the spam attack to security logCheck this option to record all recognized spam attacks to the Security log (for moreinformation, see chapter 22.4).If many emails go through Kerio MailServer, there are usually also many spam attackattempts, which can cause security log overflow. In such case, disable this setting.Note: The settings in this tab apply only to the unsecured SMTP communication. The spamdistributing programs do not use the secured SMTP protocol for communication.16.7 Recommended configuration of antispam testsThis section is helpful for anyone who is not sure about proper configuration of antispamfilters. The example describes optimal settings of scores for individual types of antispamtests. Notice that almost never the message blocking is not preferred to increasing of spamscore:Spam Rating tabThe essential setting is configuration of the Spam Rating tab (for details, see section 16.1). Itis recommended to leave most of the settings as predefined by default:1. Make sure that the Enable Spam Filter Rating option is enabled. If the option is inactive,enable it.This option makes the filter consider and apply results of individual evaluations (spamscores).2. Make sure that the Enable rating of messages sent from trustworthy relay agents defined inSMTP relay options option is inactive (unless you wish to check even messages sent fromtrustworthy addresses).3. Follow these instructions to set resolution of the spam filter scale:• Tag score — set the value to 5 points.• Block score — set this value to 9.9 points. This will ensure that only “hundred-percent”spam messages are discarded by the server since users are not even notified that suchmessages would have been blocked (unless at least one of the Send bounce message tothe sender or Forward the message to quarantine address options are enabled).Note: If you do not wish to block any messages no matter what the score is, set thevalue to 10.0 points. This disables blocking of messages and keeps active only thefeature of marking as spam.189
- Page 137 and 138: 15.1 Mail Delivery over the Interne
- Page 139 and 140: 15.1 Mail Delivery over the Interne
- Page 141 and 142: 15.2 SMTP serverinterface originall
- Page 143 and 144: 15.2 SMTP serverAuthentication by I
- Page 145 and 146: 15.2 SMTP serverLimit maximum incom
- Page 147 and 148: 15.3 AliasesMaximum number of deliv
- Page 149 and 150: 15.3 AliasesCharacter typea-zA-ZDes
- Page 151 and 152: 15.4 remote POP3 mailboxesFigure 15
- Page 153 and 154: 15.4 remote POP3 mailboxesthe messa
- Page 155 and 156: 15.4 remote POP3 mailboxesFigure 15
- Page 157 and 158: 15.6 Advanced OptionsDescriptionA c
- Page 159 and 160: 15.6 Advanced Optionsnot have to wo
- Page 161 and 162: 15.6 Advanced OptionsPLAIN authenti
- Page 163 and 164: 15.6 Advanced OptionsWatchdog Hard
- Page 165 and 166: 15.6 Advanced OptionsFigure 15.22HT
- Page 167 and 168: 15.6 Advanced Optionsstartup of the
- Page 169 and 170: 15.6 Advanced OptionsKerio WebMail
- Page 171 and 172: 16.1 Spam Rating tab16.1 Spam Ratin
- Page 173 and 174: 16.2 Blacklists tabtration Console
- Page 175 and 176: 16.2 Blacklists tabInternet databas
- Page 177 and 178: 16.3 Custom RulesSORBSSpam and Open
- Page 179 and 180: 16.3 Custom RulesUse the Add button
- Page 181 and 182: 16.3 Custom RulesTypeType of condit
- Page 183 and 184: 16.4 SpamAssassinFigure 16.7SpamAss
- Page 185 and 186: 16.5 Email policy records checksend
- Page 187: 16.6 Spam repellentFigure 16.9SPFOn
- Page 191 and 192: 16.7 Recommended configuration of a
- Page 193 and 194: 16.8 Monitoring of spam filter’s
- Page 195 and 196: 16.8 Monitoring of spam filter’s
- Page 197 and 198: 17.1 Integrated McAfee Anti-VirusBe
- Page 199 and 200: 17.4 Server responses to detection
- Page 201 and 202: 17.5 Filtering Email Attachments17.
- Page 203 and 204: 17.6 Antivirus control statisticsFi
- Page 205 and 206: 18.1 ArchivingPath to the archive d
- Page 207 and 208: 18.2 Backup of user foldersFigure 1
- Page 209 and 210: 18.2 Backup of user foldersFigure 1
- Page 211 and 212: 18.2 Backup of user folders• Save
- Page 213 and 214: 18.2 Backup of user folders2. The s
- Page 215 and 216: Chapter 19LDAP serverThe built-in L
- Page 217 and 218: 19.2 Configuring Email ClientsFigur
- Page 219 and 220: 19.2 Configuring Email ClientsMaxim
- Page 221 and 222: 20.2 Creating a Mailing List• con
- Page 223 and 224: 20.2 Creating a Mailing ListFigure
- Page 225 and 226: 20.3 Posting rulesFigure 20.4Creati
- Page 227 and 228: 20.4 Moderators and MembersAdd this
- Page 229 and 230: 20.4 Moderators and MembersAdding a
- Page 231 and 232: 20.5 Mailing list archiving2. This
- Page 233 and 234: 20.7 How to use Mailing ListsExampl
- Page 235 and 236: Chapter 21Status InformationKerio M
- Page 237 and 238: 21.2 Message queue processingFrom,
Chapter 16 Antispam control of the SMTP server<strong>Kerio</strong> MailServer uses two SMTP connection errors to recognize spam servers. These errors occurwhile establishing SMTP connection. The server that initializes the SMTP communicationshould according to the corresponding RFC wait for the reply for at least 5 minutes. Applicationsthat send spam automatically do not wait for that long since they need to send emailmessages as fast as possible to send as many spam messages as they can. It would hold theseapplications too much to keep waiting the whole period. Therefore, spammer servers behavein one of the following two predictable ways if <strong>Kerio</strong> MailServer does not answer to the SMTPgreeting for a certain period (i.e. delay is set for answers). In one case, the spammer servergives up the connection to <strong>Kerio</strong> MailServer and tries elsewhere. In the other case, it startsto send email to <strong>Kerio</strong> MailServer immediately, without receiving the SMTP greeting (in sucha case, <strong>Kerio</strong> MailServer interrupts the connection immediately).Benefits of the SMTP delay are as follows:1. Reception of spam by <strong>Kerio</strong> MailServer is eliminated by 60 — 70 per cent. This alsodecreases the load on the server since spam testing is very demanding.2. The method has no so called false positives as there is no influence to the email which isdelivered legitimately. SettingsSMTP delay settingsYou can set either the SMTP greeting delay in the Spam repellent tab of <strong>Kerio</strong> MailServer (Configuration→ Content filtering → Spam filter):Figure 16.10Spam repellentDelay SMTP greeting byUse this option to set the SMTP delay. The optimal delay value is between 25 and 30seconds. Shorter delay might not be enough (the spam sending applications use 10-20sec), longer time would impede the communication.188