13.2  Blacklists tab

Kerio Connect can also block incoming messages from servers that are considered as spam servers. For this purpose, it uses public databases of these servers located in the Internet or its proprietary database.

To define these parameters go to the Blacklists tab in Configuration → Spam Filter section.

Blacklists tab

Figure 13.2. Blacklists tab

List of trustworthy IP addresses (whitelist)

So called blacklists, i.e. spammer databases, can occasionally include servers which send legitimate mail. This may occur for example when an SMTP server is not secure enough and it is misused for spam sending. Therefore, Kerio Connect includes a list of trustworthy IP addresses (so called whitelist). In this list, IP addresses considered by the mailserver as spammers can be added. In future, these addresses will be considered as trustworthy, even though they may be included in a blacklist used by Kerio Connect. Messages from the servers included in the whitelist are not tested against blacklists and they are let in automatically. Other types of antispam tests, however, will not apply to them.

To create a whitelist, a new IP group must be defined. To define a new IP group, click Edit. This opens a dialog, where a ;custom IP group of SMTP servers (or users) can be created.

All IP ranges reserved for private networks are added to the whitelist automatically:

However, all IP addresses, though included in the whitelist, are verified in the blacklist (Custom blacklist of spammer IP addresses). This may be helpful when it is necessary to block any of these addresses.

Custom blacklist of spammer IP addresses

In this section, it is possible to define a custom group of IP addresses of SMTP servers (or users) known as spammers. Click Edit to edit the selected group or to create a new one.

Any messages sent from any SMTP server included in the blacklist can be blocked or its spam rating value can be increased:

  • Block the message

    The message will be blocked on the SMTP level and the sender will be informed that the message cannot be delivered.

  • Add this value to the spam score:

    Set spam score will be added to the message's score.

    In case of blacklist, the recommended score value is from 1 to 4 points.

Internet databases

Kerio Connect can use various spammer databases (free or paid) available in the Internet. Spammer databases include list of SMTP servers which are known as spam senders. There are multiple online spammer databases available. Some of them are free and some of them must be purchased. Generally, quality of services provided by paid databases is higher and their blacklists of SMTP servers are more reliable.

Online spammer databases work separately and they can be combined.

By default, Kerio Connect contains a few databases which can be downloaded from the Internet for free. It is also possible to define any other databases. This can be done in the Internet Blacklist dialog (see figure 13.4  Database parameters) which can be opened by clicking on the Add button located below the list of databases. The dialog allows setting of the following options:

Internet databases

Figure 13.3. Internet databases

DNS suffix

Enter name of the DNS server used by Kerio Connect.


Optional entry, for reference only.

Block the message

In this mode, connections from servers included in the blacklist will be blocked. Message(s) will be rejected by Kerio Connect. Senders will be informed that their messages cannot be delivered.

Database parameters

Figure 13.4. Database parameters

Add this value to the spam score

The value set here will be added to any message accepted from any server included in the blacklist.

In case of this blacklist, the recommended score value is from 1 to 3 points. The value of the score added depends on level of trustworthiness of a particular database. Generally, paid spammer databases examines more thoroughly SMTP servers to find out whether they really are spam senders or not. Therefore, if you use paid databases, it is possible and even more efficient to set higher scores than in case of free databases. This is, however, only a general knowledge which cannot be applied without exceptions. If you are familiar with a free database and you are sure that it would be efficient, you can set higher scores for them as well.

If you combine multiple spammer databases, set lower spam scores since individual SMTP servers may be included in multiple databases and their scores are summed.

Ask the DNS blacklist server directly

using of this option is recommended in cases where Kerio Connect uses a paid spammer database where the license is associated with a particular IP address. Queries are sent directly to the database, parent DNS servers will not be used for the delivery.

Use this database

This option is enabled by default.


Any time a delivered message is sent from an address which matches a blacklist item, the information is recorded in the Security log (for details, see chapter 24.4  Security).

Therefore, to test reliability of a new blacklist, include it to the list and set the Add spam score to the message option to 0. Email will not be affected and each message matching with the blacklist will be listed in the Security log.

Supported databases


Spam and Open Relay Blocking System (SORBS) creates and maintains set of databases of spammer IP addresses and domain names. By default, Kerio Connect includes two aggregate zones of spammer databases containing all basic partial databases addressing certain types of spammer servers:

  • SORBS-DNSBL — database of spammer IP addresses.

  • SORBS-DNSBL — database of spammer domain names.

For more information on SORBS, refer to http://www.de.sorbs.net/


Kerio Connect supports SpamCop, a database of spammer IP addresses. For more information on SpamCop, refer to http://www.spamcop.net/

SpamHaus SBL-XBL

The SpamHaus SBL-XBL database combines a database of spammer IP addresses with a database of illegal exploits performed by third parties:

  • Spamhaus Block List — SBL is a database of IP addresses of proved spammers. These servers are verified to prove that they really are spammers.

  • Spamhaus Exploit Block List — XBL is a database of IP addresses of illegal exploits performed by third parties, including open proxy servers, worms and viruses carrying harmful executable codes and other types of Trojan horse.

For more information on SpamHAUS SBL-XBL, refer to http://www.spamhaus.org/

Weighted Private Block List

Weighted Private Block List (WPBL) is a database of spammer IP addresses maintained by a committee scanning for and rating spammer servers. The database is available for free. For more information on WPBL, refer to http://www.wpbl.info/