Home » Kerio User Forums » Kerio Connect » Blocking malicious click invoice e-mails

Messages: 8
Karma: 0
Send a private message to this user
Here's a sample for a malicious click e-mail:

From: Pam Rasner [mailto:igalvan<_at_>disariel.mx]
Sent: Monday, December 18, 2017 6:38 PM
To: jearl<_at_>ourdomain.com
Subject: Awaiting for your confirmation

Hello James Earl,

Please find attached copies of invoices as requested which I trust clarifies some of the costs as claimed.


This correspondence and any files transmitted with it are confidential and intended solely for the use of the intended recipient(s) to whom it is addressed.


Pam Rasner


Is it common for the Kerio Spam Filter not to pickup all spam e-mails that have malicious links to malware?

I don't have the full headers are the moment, but they were very short.

[Updated on: Tue, 19 December 2017 22:29]


Messages: 57
Karma: 11
Send a private message to this user
This email looks solid. No suspicious content, no keywords, nothing, but is still unwanted. Kerio doesn't have link processing so I don't see any other solutions for auto blocking than make a custom antispam rule and block:

- the sender domain in header (or whole *.mx domain)
- the part of mallware link url in body

[Updated on: Wed, 20 December 2017 07:35]


Messages: 497
Karma: 72
Send a private message to this user
Kerio Connect has link checking in its SpamAssassin engine.

It checks links in emails against the following domain blacklists

Spamhaus DBL

This is also visible in the email headers with entries like


If you get hold of the headers of such a mail, please post them here.

Dexion AG - The BlackBerry UEM Specialists in Switzerland
Bud Durland

Messages: 482
Karma: 60
Send a private message to this user
We had a few today that I think came from a compromised O365 account. The headers were all legit, using outlook.com, the sender's account etc. The Message was generic "download the invoice here" text. The attachment was a PDF file, and the malicious link was inside the PDF. Got past all our spam/malware filters except the end users, who were all smart enough to be suspicious.

Messages: 497
Karma: 72
Send a private message to this user
Kerio does not check links within PDF files, AFAIK. It only checks links within the email body itself.

In Adobe PDF Reader, you can set if you want to warn users or even block them from opening Internet Links for within a PDF file:

https://helpx.adobe.com/acrobat/using/allow-or-block-links-i nternet.html

Dexion AG - The BlackBerry UEM Specialists in Switzerland
Previous Topic: Exclude menu button
Next Topic: Restricting SMTP for users
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Jan 17 02:21:24 CET 2019

Total time taken to generate the page: 0.76485 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.