13.6  Spam repellent

Kerio MailServer is able to check the delay of reply to SMTP greeting.

Kerio MailServer requests communication according to RFC which defines SMTP traffic. Most of the spam distributing applications do not follow RFC. Thus, Kerio MailServer is able to distinguish them from legitimate SMTP servers.

Kerio MailServer uses two SMTP connection errors to recognize spam servers. These violations occur while establishing SMTP connection. The server that initializes the SMTP communication should according to the corresponding RFC wait for the reply for at least 5 minutes. Applications that send spam automatically do not wait for that long since they need to send email messages as fast as possible to send as many spam messages as they can. It would hold these applications too much to keep waiting the whole period. Therefore, spammer servers behave in one of the following two predictable ways if Kerio MailServer does not answer to the SMTP greeting for a certain period (i.e. delay is set for answers). In one case, the spammer server gives up the connection to Kerio MailServer and tries elsewhere. In the other case, it starts to send email to Kerio MailServer immediately, without receiving the SMTP greeting (in such a case, Kerio MailServer interrupts the connection immediately).

Benefits of the SMTP delay are as follows:

  1. Reception of spam by Kerio MailServer is eliminated by 60 — 70 per cent. This also decreases the load on the server since spam testing is very demanding.

  2. The method has no so called false positives as there is no influence to the email which is delivered legitimately. Settings

SMTP delay settings

You can set either the SMTP greeting delay in the Spam repellent tab of Kerio MailServer (Configuration → Content filtering → Spam filter):

Spam repellent

Figure 13.9. Spam repellent


Delay SMTP greeting by

Use this option to set the SMTP delay. The optimal delay value is between 25 and 30 seconds. Shorter delay might not be enough (the spam sending applications use 10-20 sec), longer time would impede the communication.

Do not apply delay for connections from...

Spam repellent settings apply to all incoming SMTP communication events, i.e. also to messages from local network, backup servers, etc. It is therefore recommended to add all trustful IP addresses and networks to this IP address group, so that the communication is not blocked, if the messages are apparently non-spam.

Report the spam attack to security log

Check this option to record all recognized spam attacks to the Security log (for more information, see chapter 25.4  Security).

If many emails go through Kerio MailServer, there are usually also many spam attack attempts, which can cause security log overflow. In such case, disable this setting.

Note: The settings in this tab apply only to the unsecured SMTP communication. The spam distributing programs do not use the secured SMTP protocol for communication.