Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Chapter 16 Antispam control of the SMTP server4. Make sure that the Send bounce message to the sender option is disabled.Since spammers generally use invalid sender addresses in their headers, we will keep thisoption disabled. It would be impossible to deliver responses to such messages and theywould be kept in the queue of outgoing email.5. Finally, enable the Forward the message to quarantine address option and enter an emailaddress where all messages with the score higher than 10 points will be forwarded.The option is helpful especially when setting and fine-tuning the antispam system. Ifthere are legitimate messages with their score too high, it will be discovered during anopportune check of the mailbox where spam copies are delivered and stored. Later, thisoption can be disabled and the mailbox removed.Blacklists tabOnce the general configuration is completed, it is necessary to set individual testing methods.The first test can be set on the Blacklist tab (for details, see section 16.2). The followingparameters are to be set here:1. Custom whitelist of IP addresses — this option enables definition of servers to be excludedfrom the antispam control. For this example, we will make out a business partner whoseSMTP server has been included in online spammer databases by mistake. Since we needto communicate with this partner by email, it is necessary to include the address of theirSMTP server in the whitelist — at least for the time until the address is left out of thedatabases:• In Custom whitelist of IP addresses, create a new IP group called Whitelist. To findout how IP groups are created, see section 12.1.• Add the IP address of the corresponding SMTP server included in a spammer databaseto the new IP group and save these settings. Messages sent from this SMTP server willnot be checked by any antispam control.Warning: Make sure that is no spammer SMTP server is included in the whitelist.2. Custom blacklist of spammer IP addresses — the settings are similar as for whitelists, withreversed reasons and results. Create an IP group where you involve all spammer SMTPservers you know. This option is helpful especially for cases where antispam tests are notable to recognize these servers.At this moment, define actions that will apply to messages sent from SMTP servers includedin the custom blacklist:• Two options are available on the Blacklists tab. Such messages may be blocked or theirspam score may be increased. In this example, the second option was selected and 3points will be added to the spam score. Three points are enough to learn whether the190
16.7 Recommended configuration of antispam testsmessage really is a spam since the message is evaluated by multiple tests and otherpoints would be added to the score.3. Internet blacklists — check all databases available. Use the Edit button to open individualdatabases and set spam score to 2 points (see figure 16.4).Recommendation: Do not set message blocking for Internet blacklists, especially for thefree ones. These databases may be updated quite rarely or slowly and the informationinvolved might be unreliable. The lists might include non-spammer servers. Therefore,use these databases better to add spam score to suspicious messages.Custom RulesAnother test for incoming email is a set of custom rules (for details, see section 16.3). Customrules can be created as needed:1. Define corresponding rules for SMTP servers. If possible, set addition of only two or threepoints for all spam rules. Since there are multiple rules defined, each test adds a score ifthe message is considered a spam.2. If there is a rule which blocks spam messages, set an address where copies of blockedmessages will be sent (see figure 16.11). The best way to do it is to create a special usermailbox (for detailed information on creating of user accounts, refer to chapter 13).Figure 16.11Forward the message to quarantine addressSpamAssassinIt is not necessary to apply any special settings to the SpamAssassin filter. Any definitions ofthe filter may be done on the SpamAssassin tab (for details, see section 16.4).The only setting that needs to be changed on the tab is enabling of the Check every incomingmessage in Spam URI Realtime Blocklist (SURBL) database option.Caller ID tabTo read more on the Caller ID technology, see chapter 16.5. If you decide to use this technology,it is strongly recommended to set the tab as follows:1. Open the Caller ID tab under Configuration → Content Filtering → Spam Filter).2. Enable the Check Caller ID of every incoming message option.191
- Page 139 and 140: 15.1 Mail Delivery over the Interne
- Page 141 and 142: 15.2 SMTP serverinterface originall
- Page 143 and 144: 15.2 SMTP serverAuthentication by I
- Page 145 and 146: 15.2 SMTP serverLimit maximum incom
- Page 147 and 148: 15.3 AliasesMaximum number of deliv
- Page 149 and 150: 15.3 AliasesCharacter typea-zA-ZDes
- Page 151 and 152: 15.4 remote POP3 mailboxesFigure 15
- Page 153 and 154: 15.4 remote POP3 mailboxesthe messa
- Page 155 and 156: 15.4 remote POP3 mailboxesFigure 15
- Page 157 and 158: 15.6 Advanced OptionsDescriptionA c
- Page 159 and 160: 15.6 Advanced Optionsnot have to wo
- Page 161 and 162: 15.6 Advanced OptionsPLAIN authenti
- Page 163 and 164: 15.6 Advanced OptionsWatchdog Hard
- Page 165 and 166: 15.6 Advanced OptionsFigure 15.22HT
- Page 167 and 168: 15.6 Advanced Optionsstartup of the
- Page 169 and 170: 15.6 Advanced OptionsKerio WebMail
- Page 171 and 172: 16.1 Spam Rating tab16.1 Spam Ratin
- Page 173 and 174: 16.2 Blacklists tabtration Console
- Page 175 and 176: 16.2 Blacklists tabInternet databas
- Page 177 and 178: 16.3 Custom RulesSORBSSpam and Open
- Page 179 and 180: 16.3 Custom RulesUse the Add button
- Page 181 and 182: 16.3 Custom RulesTypeType of condit
- Page 183 and 184: 16.4 SpamAssassinFigure 16.7SpamAss
- Page 185 and 186: 16.5 Email policy records checksend
- Page 187 and 188: 16.6 Spam repellentFigure 16.9SPFOn
- Page 189: 16.7 Recommended configuration of a
- Page 193 and 194: 16.8 Monitoring of spam filter’s
- Page 195 and 196: 16.8 Monitoring of spam filter’s
- Page 197 and 198: 17.1 Integrated McAfee Anti-VirusBe
- Page 199 and 200: 17.4 Server responses to detection
- Page 201 and 202: 17.5 Filtering Email Attachments17.
- Page 203 and 204: 17.6 Antivirus control statisticsFi
- Page 205 and 206: 18.1 ArchivingPath to the archive d
- Page 207 and 208: 18.2 Backup of user foldersFigure 1
- Page 209 and 210: 18.2 Backup of user foldersFigure 1
- Page 211 and 212: 18.2 Backup of user folders• Save
- Page 213 and 214: 18.2 Backup of user folders2. The s
- Page 215 and 216: Chapter 19LDAP serverThe built-in L
- Page 217 and 218: 19.2 Configuring Email ClientsFigur
- Page 219 and 220: 19.2 Configuring Email ClientsMaxim
- Page 221 and 222: 20.2 Creating a Mailing List• con
- Page 223 and 224: 20.2 Creating a Mailing ListFigure
- Page 225 and 226: 20.3 Posting rulesFigure 20.4Creati
- Page 227 and 228: 20.4 Moderators and MembersAdd this
- Page 229 and 230: 20.4 Moderators and MembersAdding a
- Page 231 and 232: 20.5 Mailing list archiving2. This
- Page 233 and 234: 20.7 How to use Mailing ListsExampl
- Page 235 and 236: Chapter 21Status InformationKerio M
- Page 237 and 238: 21.2 Message queue processingFrom,
- Page 239 and 240: 21.3 Active ConnectionsActive Conne
Chapter 16 Antispam control of the SMTP server4. Make sure that the Send bounce message to the sender option is disabled.Since spammers generally use invalid sender addresses in their headers, we will keep thisoption disabled. It would be impossible to deliver responses to such messages and theywould be kept in the queue of outgoing email.5. Finally, enable the Forward the message to quarantine address option and enter an emailaddress where all messages with the score higher than 10 points will be forwarded.The option is helpful especially when setting and fine-tuning the antispam system. Ifthere are legitimate messages with their score too high, it will be discovered during anopportune check of the mailbox where spam copies are delivered and stored. Later, thisoption can be disabled and the mailbox removed.Blacklists tabOnce the general configuration is completed, it is necessary to set individual testing methods.The first test can be set on the Blacklist tab (for details, see section 16.2). The followingparameters are to be set here:1. Custom whitelist of IP addresses — this option enables definition of servers to be excludedfrom the antispam control. For this example, we will make out a business partner whoseSMTP server has been included in online spammer databases by mistake. Since we needto communicate with this partner by email, it is necessary to include the address of theirSMTP server in the whitelist — at least for the time until the address is left out of thedatabases:• In Custom whitelist of IP addresses, create a new IP group called Whitelist. To findout how IP groups are created, see section 12.1.• Add the IP address of the corresponding SMTP server included in a spammer databaseto the new IP group and save these settings. Messages sent from this SMTP server willnot be checked by any antispam control.Warning: Make sure that is no spammer SMTP server is included in the whitelist.2. Custom blacklist of spammer IP addresses — the settings are similar as for whitelists, withreversed reasons and results. Create an IP group where you involve all spammer SMTPservers you know. This option is helpful especially for cases where antispam tests are notable to recognize these servers.At this moment, define actions that will apply to messages sent from SMTP servers includedin the custom blacklist:• Two options are available on the Blacklists tab. Such messages may be blocked or theirspam score may be increased. In this example, the second option was selected and 3points will be added to the spam score. Three points are enough to learn whether the190