Subscribe by RSSKerio Configuration
2008/05/09
Kerio offers a 30 day full featured demo you can download from http://www.kerio.com/kms_download.html. You can install that on Windows, Linux or Mac OS X.
Once you have done the initial setup (domain name and Admin password), you'll do the rest of the configuration using the GUI administration console. You can install that on any machine - Windows, Linux or Mac OS X again. It's a free download, so install it where ever you like. For example, you might want to be able to administer this server from home. As long as your router lets port 44337 through to your Kerio Mailserver, you could do that.
I'm not going to go through the entire configuration here (though I'm happy to do that by phone or even on-site if you are near me), but there are a few areas I want to make sure you are aware of.
IP Address Groups
You want to go here first. As you can see, Kerio has defaulted to using the common private IP address groups for your local lan. You'll need to edit these to reflect your lan setup and remove any subnets that don't apply. If you have VPN's, you probably want to add those subnets here too.
Services
In Services, you define the services and port numbers for Kerio. Shut off services you aren't using and set their Startup Type to Manual. Here you can also limit services to the local lan if appropriate and set the maximum number of concurrent connections allowed. Choosing a suitable number can keep your server from being loaded down in the event of DOS (Denial of Service) attacks. For example, if you only have forty people in your entire organization, there's no reason to allow 1,000 concurrent HTTPS connections to the server.
In the picture below, I changed the default port for HTTP to 8080 because this server runs a webserver on port 80. Kerio uses HTTP for a limited Web based administration tool (users who have access to that can add and maintain users and change passwords but can't access other Admin functions).
Deleted Items in Domains
You probably want to enable this option. It makes your life easier when users accidentally delete things they should not have. If this is active, you can just visit the Domain Settings -> Users section and click one button to recover Deleted Items.
SMTP Limits
There are several limit settings in the SMTP Server section that can help prevent DOS attacks and cut back on spam.
Content Filter
The spam and anti-virus sections are easy enough, but you'll need to spend some time in the Attachment Filter section. You need to decide exactly what your policies will be for attachments; which to allow, which to block.
Turning on Blacklists can really help with spam, but you do probably not want to "Block" domains that are on blacklists. Rather, have it increase the spam score. If you do it that way, you can still add Custom Rules that will allow mail from a specific person even if they are on a blacklist. I ask my customers to make a "whitelist" rule for my email address so that important messages are sure to get through.
Archiving and Backup
Be sure you understand that Archiving is done before the mail is delivered to the user or sent out, so all messages will be captured (you have options for only capturing inbound, etc.). Backup is a snapshot in time and also includes the very important configuration files.
Backup is designed for complete restores, but if necessary, you can unzip the files and extract specific messages. Contact me directly if you ever need to do that.
Advanced Options
Do peek in here. There are more security options that you probably want to set. For example, there's no reason to tell connecting clients your software version, and there is no reason to let anyone know your lan ip scheme. Check those to hide those things.
Logs
It's very important to set your log rotation and retention policies. If you don't. your logs will just grow and grow, By right-clicking in the log area, you can get a menu that includes "Log Settings". Choose this to set how many logs to keep and how often you will rotate them.
Other things
Of course there is much more to look at and possibly configure. Much of it will be very obvious if you have worked with other mailservers. Kerio does have extensive manuals on-line at http://www.kerio.com/supp_kms_manual.html and of course you can also call me.
Technorati tags: Kerio Mail Linux Mac+OS+X Microsoft
Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)
| Views for this page | ||||
|---|---|---|---|---|
| Today | This Week | This Month | This Year | Overall |
| 29 | 271 | 394 | 394 | 394 |
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
http://www.vss3.com SCO/Caldera OpenServer, Unixware & Linux. Tarantella & Non-stop Clustering
http://thatitguy.com Business networking servers, Linux and Unix experts. In business since 1997! Windows and Exchange to Samba and Scalix migration experts.
- May 13 17:19
Too nice out - bailing.. - May 13 14:07
So today at the gym I only did rowing, walking and leg lunges. We'll see how my neck is tomorrow.
Related Posts
Add your comments