Overview

Spam filters are available for Kerio Connect through the Kerio Anti-spam extension. This uses the Bitdefender online scanning service and provides an advanced level of spam filtering on incoming messages.

In Kerio Connect 9.0.3-9.1.1, Kerio Anti-spam replaces the SpamAssassin's SURBL and Bayes filters. Users do not need to use the Spam and Not Spam buttons in Kerio Connect Client and Microsoft Outlook with Kerio Outlook Connector, so Kerio Connect hides those buttons.

In Kerio Connect 9.2 and newer, you can use Kerio Anti-spam together with SpamAssassin.

Kerio Anti-spam is available as an add-on. Without Kerio Anti-spam, you can still use the standard anti-spam features in Kerio Connect.

How Kerio Anti-spam works

When Kerio Anti-spam is enabled, the following happens when Kerio Connect receives a message:

1. Kerio Connect sends encrypted data to the Bitdefender online scanning service. 

   Note: If the computer with Kerio Connect is behind a firewall, you must allow unrestricted access to: *.nimbus.bitdefender.net, port 443 (HTTPS)
http://bda-update.kerio.com, port 80 (HTTP)

   If Kerio Connect uses a proxy server, Kerio Anti-spam communicates with Bitdefender via the proxy server.

2. Bitdefender scans the data and sends the result to Kerio Connect. The score can be:

   • 0 (zero) for non-spam

   • 1-9 for different levels of spam

3. Kerio Connect calculates the spam score using a special algorithm and adds the score to the overall spam rating.

4. If Bitdefender recognizes malware or a phishing message, Kerio Connect automatically blocks the message regardless of other Kerio Connect settings, such as whitelists or custom rules. Kerio Connect discards the message or forwards it to a quarantine address depending on your settings.
   

   Note: You can disable this function in the configuration file (mailserver.cfg). Look for <variable name="BlockMalware"> and <variable name="BlockPhishing"> in the Kerio Anti-spam table and set the values to 0 (zero).

Types of Data that Kerio Connect sends to Bitdefender

Kerio Connect does not send any information that could be used to identify a specific person, such as the content of the original e-mail body, attached images, or attached files.

Bitdefender online scanning service receives the following information via HTTPS:

• The sender and the sender's IP address of the original message from the email SMTP (Simple Mail Transfer Protocol) envelope.
• The e-mail message fingerprint, a set of cryptographic hashes on different parts of the e-mail headers and body. The hashes are irreversible. Kerio Connect does not send the original email body.
• URLs, e-mail addresses, and telephone numbers contained in the body of the scanned e-mail message.
• MD5 hashes of:
  • The FROM address, FROM domain and REPLY-TO address
  • Certain types of attachments, for example, Microsoft Office documents, PDFs, executable files
• The hashes of images embedded in the messages. The actual images are not transmitted.

Calculating the Kerio Anti-spam score

Note: Changed in Kerio Connect 9.2

Kerio Connect calculates the Kerio Anti-spam score using a special algorithm and adds the score to the overall spam rating.

The algorithm works as follows:

If Bitdefender score is 1-9 (spam)

Kerio Anti-spam score = X*Y/9

• X is the score Kerio Connect receives from Bitdefender.
• Y is the Kerio Anti-spam setting. If SpamAssassin is disabled, you can set the Kerio Anti-spam settings to 2-18. If SpamAssassin is enabled, you can set the Kerio Anti-spam settings to 1-9.

Note: In Kerio Connect 9.0.3-9.1.1, you can set Kerio Anti-spam setting to moderate (6), normal (10), and high (14).

If Bitdefender score is 0 (non-spam)

Kerio Anti-spam score = 0

Note: In Kerio Connect 9.0.3 and 9.0.4, the algorithm is:

Kerio Anti-spam score = -1*Y, where Y is the Kerio Anti-spam setting (moderate = 1, normal = 2, and high = 3).

Refer to the article Configuring Kerio Anti-Spam for more details on setting up this feature.