Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » How does "Spam Filter" -> "Blacklists" work?
  •  
Pashka11

Messages: 6
Karma: 0
Send a private message to this user
Hello,

Our website example.com uses webhoster's mail server to gather emails. In the office we have Kerio Connect installed, which downloads emails from example.com and sorts them for different users. And then machines in the office connect to the local Kerio server instead of example.com.

We have turned on spam filter in Kerio, but it seems it doesn't help.
For example, we have added a few popular DNSBL servers, but still get much spam and it seems Kerio doesn't check downloaded emails on those DNSBL servers. Or maybe Kerio just checks the latest mail server in the queue (which is our example.com hoster's mail server) and doesn't check previous IP addresses in the queue?

Here is an example:

...
Received: from mysql.ribkasoft.com ([111.67.199.88]:35935)
by gator105.hostgator.com with esmtp (Exim 4.77)
(envelope-from <wokszana.tulefa<_at_>mail.ru>)
id 1TGfCV-0008J0-4J
for info<_at_>example.com; Tue, 25 Sep 2012 19:10:04 -0500
...

This email gets spam rating = 0.2, though IP 111.67.199.88 is listed in 2 of the DNSBL servers we are using (each should add 3 to spam rating).

So I have the following questions:

1) Am I missing/don't understand something?
2) What would you recommend for better spam protection in our situation?

Thank you for any help.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
This is a classic.

Yes, DNSBL checks are only done against the IP address connecting directly to you. Just pray the webhoster's mail server doesn't end up in a blacklist ...

You can configure SpamAssassin to do DNSBL checks on only the second-to-last IP, by setting trusted_networks and skip_rbl_checks=0 in SA's config. You will also need to select which DNSBLs you want to use. It's slightly complicated to get right, but everything's explained in the official SA wiki. Doing this means you can skip DNSBL checks on Kerio Connect.

Doing this can also be a little dangerous, since you'll never know exactly what comes before your webhoster's mail server IP in the receive path. If the webhoster sets up a mail gateway on their own, all bets are off. This scenario is problematic also because anything you rejects are reported to the webhoster's mail server, and when that happens, the webhoster have no other choice than to bounce it back to the original sender and maybe create backscatter.

As far as I know, SpamAssassin on KC accepts most (all?) of the standard SA configuration, but a KC upgrade will wipe the config out. Take a backup of the config files if you change anything you need to stick.

In my opinion, it would be better to just receive mail directly to Kerio Connect, i.e. change your MX records to your own server. If you can, that is.
  •  
Pashka11

Messages: 6
Karma: 0
Send a private message to this user
TorW, thank you very much for your answer!

I will try to look into SA settings more closely.
Previous Topic: What secure login method works with Apple Mail?
Next Topic: Calendar / Invitation issues
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 09:08:17 CEST 2017

Total time taken to generate the page: 0.00399 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.