13.1  Spam Rating tab

The Spam Rating tab enables/disables spam rating and defines criteria for spam to be blocked in case that the method of spam score raised by multiple tests is used:

Spam Rating tab

Figure 13.1. Spam Rating tab


Enable Spam Filter Rating

Individual spam tests may rate each incoming message by a value. The higher the result number is, the more probably the message is a spam. The spam rating awarded by antispam tests is called spam score. If a message is tested by multiple tests, spam scores are summed and the result is recorded in X-Spam-Status, a special header of the message.

If the spam rating is off, messages are rated anyway. The results, however, are ignored by the spam filter. However, only such tests where message blocking is set will be applied to tested messages.

Enable rating of messages received from ...

Turns the scanning of messages sent by local (authenticated) users on/off. Groups of trustworthy IP addresses can be defined in Configuration → SMTP Server → Relay Control (for detailed information, refer to chapter 12.2  SMTP server).

This option is not applied to checking of “email policy” records (see section 13.5  Email policy records check) and to “black/white lists” (see section 13.2  Blacklists tab).

Spam rating limits

Once a message is tested by all enabled tests and filters, it is rated by the result spam score. Kerio MailServer then marks the message as spam or delivers it as a legitimate message. The Spam rating limits scale allows set manually the limit where messages are already marked as spam and where the spam score is so high that there is no doubt it is a spam and can be blocked:

  • Tag score

    If the rating reaches or exceeds the value set, the message is marked as spam. Kerio MailServer appends a special X-Spam-Flag header to the message that informs the email client that the message is a spam.

    Use the entry to specify a number from 0.0 to 10.0 (the lower the number is, the more spam messages will be eliminated).

    We recommend you to use the 5.0 value — statistics claim that 91.12 per cent of spam do not pass through this filter or will be marked as spam. Other 0.62 per cent of legitimate messages, however, will also be marked as spam. If you set the score higher (i.e. to 8.0), the probability that correct messages will be blocked is lower (0.04%) and the efficiency of spam filtering is also lower (74.36%).

    Warning

    1. If the value you set will be too low, every message will be considered as a spam.

    2. If efficiency of the spam filter declines, do not lower the tag score or the block score. Better involve multiple tests in the spam filter.

  • Block score

    If the rating reaches or exceeds the value set, the message is discarded.

    If the value is too low, legitimate messages might be discarded along with spam. Therefore, it is recommended to use the Forward the message to quarantine address option when testing and optimizing the spam filter and specify an account where copies of all blocked messages will be delivered and stored. Copy of any message having reached or exceeded the Block score limit will be sent to the specified mailbox. From time to time, simply scan discarded messages to check that there is no legitimate message trapped.

    Maximal block score allowed is 9.9. If the value is set to 10, the blocking is disabled, so that messages are marked as spam but never blocked.

Note: If values for marking and blocking of the message are equal, all messages marked as spam are discarded automatically.

If the message's score is higher than or equal...

The X-Spam-Flag header is appended to the message and the message is delivered to the recipient.

In addition to marking spam messages by the special header, it is possible to prepend message's subject with a text which will inform user or a sieve rule that the message is a spam (such a rule can be created within creation of user accounts in the Kerio Administration Console — for details, see chapter 8.2  Creating a user account).

The **SPAM** string is used as a default text. The string can be modified in the Mark the message as spam section (for details, see below).

TIP

If you use the [%s] referent for the Prepend message's Subject with text entry specification, the score evaluation (represented by asterisks) assigned by the antispam protection system is inserted into this textfield. This implies that users can define one of more custom antispam rules (depending on the number of asterisks) in their mail server or in the Kerio WebMail interface.

Send bounce message to the sender

The server returns the sender a DSN message informing that the email message cannot be delivered.

It is not recommended to use this option since most of spam message use false sender addresses. This implies that the denial message cannot be delivered (the address to which the DNS message is sent might not exist). Messages with the information about their rejection are then kept in the queue where they must be removed manually. Otherwise, the server attempts to deliver them in intervals set in the queue settings (every 30 minutes for five days, by default). Undeliverable messages are discarded.

Forward the message to quarantine address

Enter an address to which blocked messages will be forwarded (regardless of other settings of the antispam filter). Headers of such messages include information on tests having been applied to the message along with score set by individual tests. If a legitimate message blocked by the tests is included in the box, it is possible to use the information to optimize the tests.

For this purposes, it is recommended to create a special email account (e.g. spam@company.com) where copies of spam messages will be delivered and stored.