Overview
From time to time, the emails can be rejected as phishing or malware spam. The Spam log will show similar output:
Message rejected as malware spam, From: johndoe@external.com, To: username@kerio_domain.com,
Sender IP: 85.215.2.2, Subject: Sommer 3, Message size: 1506
Message rejected as phishing spam, From: bounces.account_confirm+5efd5f65a3e290151a98901c@domain.com,
To: username@kerio_domain.co, Sender IP: 192.168.52.245, Subject: Account Confirmation,
Message size: 6817
This article provides information to be gathered in order to receive such emails properly.
Diagnosis
Kerio Connect uses an Anti-spam feature that is heavily relying on the Bitdefender scanning engine. In some cases (email with an attachment, non-English language, suspicious subject, etc), the Bitdefender engine misqualifies legit emails as malware or phishing spam. Such false-positive emails can be reported to the Bitdefender team to whitelist them in virus-spam databases.
Solution
Depending on the reported message in Spam logs, disable the BlockMalware or BlockPhishing parameter in mailserver.cfg to capture .eml file:
- Stop Kerio Connect.
- Navigate to the Kerio installation folder. Default locations for different Operating Systems (OS)are below:
- Windows:
C:\Program Files\Kerio\MailServer - macOS:
/usr/local/kerio/mailserver - Linux:
/opt/kerio/mailserver
- Windows:
- Open the mailserver.cfg file.
- Go to the table:
<table name="Kerio Anti-spam"> - Set BlockMalware or BlockPhishing variable to 0 (zero). Save the changes.
- Start Kerio Connect.
- Request the mail from the sender again. This time the mail will not be blocked.
- Retrieve the .eml source file from the Webmail.
Send the source .eml file to the Kerio Connect Support for further investigation.
Confirmation
Once Support confirms the email was whitelisted by the Bitdefender team, re-enable BlockMalware or BlockPhishing variables (set them to 1) in mailserver.cfg. The email is no longer detected as Malware or Phishing spam.