Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Whitelist Problem (Entries in the Whitelist are Removed as SPAM)
  •  
BobH

Messages: 117
Karma: 0
Send a private message to this user
We use a cloud based ERP system that we can send emails from with our domain email addresses so they appear to be coming direct from us but are being sent by a 3rd party server.

The cloud ERP people supplied me with the IP addresses of their mail servers and I entered them into our whitelist in Kerio Connect so they would bypass the SPAM filtering. However, I am getting complaints from users who are trying to send emails from the cloud ERP to other internal employees but they don't get through because Kerio is rejecting them as SPAM.

Help. Am I doing something wrong or is this a known issue?

I've included a PDF showing the cloud ERP mailserver entries in the whitelist (Plex Mailserver entries) and a line from the Kerio Connect Spam Log showing a rejection from one of the Plex Mailserver entries in the whitelist.

We are running Kerio Connect v9.2.0.

  •  
Radek Sip (Kerio)

Messages: 1302
Karma: 48
Send a private message to this user
- 2 points is very low for rating, I think it's a main reason. There is no problem for Bayes to reach it.
- is the IP address group used in all anti-spam checks, like Caller-ID, SPF, greylisting, spam repellent?
- post here the headers of message

Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
BobH

Messages: 117
Karma: 0
Send a private message to this user
Currently the IP Address Group "Whitelist" is specified for Customer Whitelist, SPF, Greylisting and Spam Repellent.

For SPAM rating limits, I have the Tag score set to 0.2 and the Block score set to 2. Prior to your post, I was not forwarding blocked email to any email account so I didn't have a sample email header to send you.

I have now checked the box to "Forward the message to the quarantine address: spam@wiscoind.com. However, blocked emails are not showing up in that account. I use the same account for rejected attachments and those do show up in the spam<_at_>wiscoind.com inbox.

The score 2.0 is a low score but after tweaking this setting over a long period I have found that for us I've only had to create a handful of Custom Rules to allow certain blocked email addresses.

Regardless of the score, shouldn't the whitelist bypass any spam action?
  •  
jimsky7

Messages: 24
Karma: 1
Send a private message to this user
I had a similar rejection - certain users within our server could not send to certain other users within our server (though it was cross-domain). They were being rejected as spam even though we had whitelists set up. I was using the "Kerio anti-spam" (bitdefender). With the inclusion of SpamAssassin on 9.2, however, I was able to turn off Kerio anti-spam (bitdefender) and turn on the SpamAssassin and now they are able to send to each other. We have only been testing this for 24 hours now, but it's much better for us.

I think it's a long shot that this is also affecting you, but you might consider it.
  •  
freakinvibe

Messages: 1467
Karma: 54
Send a private message to this user
You must also have the white list enabled under

Blacklists > Custom Whitelist of IP addresses

Dexion AG - The Blackberry Specialists in Switzerland
http://www.dexionag.ch
  •  
BobH

Messages: 117
Karma: 0
Send a private message to this user
We don't currently have a license for Kerio Anti-Spam. We only have Spam Assassin and it's enabled.

I think the issue for us is that the whitelist isn't working the way you would expect it to.
  •  
BobH

Messages: 117
Karma: 0
Send a private message to this user
freakinvibe wrote on Tue, 22 November 2016 06:15
You must also have the white list enabled under

Blacklists > Custom Whitelist of IP addresses


I have our whitelist enabled under Blacklists, SPF, Greylisting and Spam Repellent.

As mentioned, we have the Apache SpamAssasin Bayesian Filter enabled. However, there is no option to select a whitelist for SpamAssasin. It's unclear whether it's just understood that selecting a whitelist under Blacklists will apply to SpamAssasin or if you cannot bypass it. Maybe you can only enable or disable it. The same question would apply to the Kerio Anti-spam Bitdefender.

Can someone at Kerio clarify whether whitelists apply to SpamAssasin or Bitdefender?
  •  
freakinvibe

Messages: 1467
Karma: 54
Send a private message to this user
You don't need a Kerio Anti-Spam license (which is in the end a Bitdefender add-on). You are perfectly fine with the Spamassassin. The white list should work without license.

If you enable Spam logging in the Debug log, you should see this for messages coming from IP addresses from the white list:

[22/Nov/2016 14:06:06][3108] {spam} Spam Filter rating disabled for message 583442ad-00000888. Message from <me@mykerioserver.com> to <recipient<_at_>gmail.com> has been sent from trusted host xxx.xxx.xxx.xxx. 


Dexion AG - The Blackberry Specialists in Switzerland
http://www.dexionag.ch
  •  
freakinvibe

Messages: 1467
Karma: 54
Send a private message to this user
From Kerio KB:

http://kb.kerio.com/product/kerio-connect/server-configurati on/antispam/blocking-messages-from-certain-servers-1172.html

Quote:
Allowing messages from trusted servers -- Custom whitelists

Messages from servers included in your whitelist will not be checked by spam filters in Kerio Connect.


Also, the snippet from the logs I showed in the last message will indicate if a trusted host (from your white list) has been used.

So 2 things could be the reason why your white listing fails:


  1. The sending server is not on your white list
  2. The sending server is on your white list, but you have a proxy/firewall in between the Kerio server and the Internet. This proxy could connect to Kerio with local IP address which means that Kerio cannot detect the real IP address of the sending server


Dexion AG - The Blackberry Specialists in Switzerland
http://www.dexionag.ch
  •  
BobH

Messages: 117
Karma: 0
Send a private message to this user
freakinvibe wrote on Tue, 22 November 2016 07:38
You don't need a Kerio Anti-Spam license (which is in the end a Bitdefender add-on). You are perfectly fine with the Spamassassin. The white list should work without license.

If you enable Spam logging in the Debug log, you should see this for messages coming from IP addresses from the white list:

[22/Nov/2016 14:06:06][3108] {spam} Spam Filter rating disabled for message 583442ad-00000888. Message from <me<_at_>mykerioserver.com> to <recipient<_at_>gmail.com> has been sent from trusted host xxx.xxx.xxx.xxx. 



Thanks for the suggestion for using Debug. I had forgotten about the option to selectively configure it.

I have seen examples like you show for "trusted host" but only for things on the local subnet.

Below is an example of an email I sent myself from our cloud ERP system. It exceeded our tag score but not our block score. This particular email was in the Inbox, not the Spam folder so it did bypass the normal Spam rules.


[22/Nov/2016 08:28:02][49140] {spam} Message detected as spam with score: 0.50, threshold 0.20, From: bhartung@wiscoind.com, To: bhartung<_at_>wiscoind.com, Sender IP: 65.161.25.58, Subject: PO No: 004053 for PRODUCTIVE CORP, Message size: 186922
  •  
freakinvibe

Messages: 1467
Karma: 54
Send a private message to this user
Under

SMTP Server > Relay Control

have you switched on

Allow relay for: Users from IP address group "Whitelist"

and under

Spam Filter > Spam Rating

have you un-ticked

Enable rating of messages sent from trustworthy relay agents defined in SMTP relay options

Dexion AG - The Blackberry Specialists in Switzerland
http://www.dexionag.ch
  •  
BobH

Messages: 117
Karma: 0
Send a private message to this user
freakinvibe wrote on Wed, 23 November 2016 03:15
Under

SMTP Server > Relay Control

have you switched on

Allow relay for: Users from IP address group "Whitelist"

and under

Spam Filter > Spam Rating

have you un-ticked

Enable rating of messages sent from trustworthy relay agents defined in SMTP relay options


I did not have the SMTP Relay setting checked.

I will have the users whose emails are currently being blocked try and send some new emails to try the new settings.

When we worked with our cloud ERP vendor, they were more concerned about SFP settings which seemed to work in our preliminary testing. Kerio SFP is set to use the whitelist to bypass the SFP check.
Previous Topic: Problem with "Search"
Next Topic: NEW RELEASE AVAILABLE: Kerio Connect 9.2
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Dec 03 22:48:57 CET 2016

Total time taken to generate the page: 0.01232 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.