Kerio Connect Mail Server Configuration Guide

Kerio offers a 30 day full featured demo you can download from their site. You can install that on Windows, Linux or Mac OS X.

Once you have done the initial setup (domain name and Admin password), you'll do the rest of the configuration using the Web based GUI administration console.

I'm not going to go through the entire configuration here (though I'm happy to do that by phone or even on-site if you are near me), but there are a few areas I want to make sure you are aware of.

Users

Note the "More Actions" link at the bottom of the screen when you have one or more users highlighted. Here you can reindex users mailboxes and recover deleted items (assuming you have enabled that; see below).

If you edit a user, note that additional email addresses are like aliases in that they do not consume user licenses, but there are differences. For one, an alias created in the alias section can deliver to a folder rather than a user - see below.

Additional email addresses can also be selected as the "From" address in Webmail and will appear in the searchable Global Address list (if that option is enabled for this user).

Users can be assigned to Access Policy groups. This allows you to prevent certain users from using Webmail or other specific services.

Quotas and limits can also be set per user, which allows you to override domain limits set elsewhere.

User settings in Kerio Connect Mailserver

Groups

A group address does not consume a license, and allows delivery to multiple users in your domain. While this is obviously useful, in some circumstances using an using an alias that delivers to a public folder can be a better choice.

Aliases

As mentioned above, these consume no licenses and can deliver to a user or a folder. They can also use wildcards: * and ?.

There is a small security advantage to aliases and additional email addresses: these cannot be used to authenticate. For example, if your real user name is "johnxyz1234" and you have "john" as an alias or additional email address, people can send email to "john", but they cannot use "john" to access your account - only "johnxyz1234" can be used. This provides some extra protection against password gussing attacks.

Mailing Lists

See Kerio Mail Server Mailing Lists.

Resources

See Kerio Resource Scheduling .

Message Queue

Delivery problems will usually be few, but checking here periodically is a good idea. Alternately, conside this script for delivery problem notification.

Active Connections and Opened Folders

These can help give you an idea of mailserver load and can sometimes assist in tracking compromised accounts.

Services

In Services, you define the services and port numbers for Kerio. Shut off services you aren't using and set their Startup Type to Manual. Here you can also limit services to the local lan if appropriate and set the maximum number of concurrent connections allowed. Choosing a suitable number can keep your server from being loaded down in the event of DOS (Denial of Service) attacks. For example, if you only have forty people in your entire organization, there's no reason to allow 1,000 concurrent HTTPS connections to the server.

In the picture below, I changed the default port for HTTP to 8080 because this server runs a webserver on port 80. Kerio uses HTTP for a limited Web based administration tool (users who have access to that can add and maintain users and change passwords but can't access other Admin functions).

setting services in Kerio Mailserver

Consider disabling or limiting services where appropriate. See Limits tuning for Kerio Connect Mail server.

Deleted Items in Domains

You probably want to enable this option. It makes your life easier when users accidentally delete things they should not have. If this is active, you can just visit the Domain Settings -> Users section and click one button to recover Deleted Items.

Kerio mail deleted item recovery

Kerio mail delered item recovery

SMTP Limits

There are several limit settings in the SMTP Server section that can help prevent DOS attacks and cut back on spam.

setting smtp limits Kerio Mailserver

Content Filter

The spam and anti-virus sections are easy enough, but you'll need to spend some time in the Attachment Filter section. You need to decide exactly what your policies will be for attachments; which to allow, which to block.

Turning on Blacklists can really help with spam, but you do probably not want to "Block" domains that are on blacklists. Rather, have it increase the spam score. If you do it that way, you can still add Custom Rules that will allow mail from a specific person even if they are on a blacklist. I ask my customers to make a "whitelist" rule for my email address so that important messages are sure to get through.

See Kerio Connect Spam Filtering also.

Archiving and Backup

Be sure you understand that Archiving is done before the mail is delivered to the user or sent out, so all messages will be captured (you have options for only capturing inbound, etc.). Backup is a snapshot in time and also includes the very important configuration files.

Backup is designed for complete restores, but if necessary, you can extract specific messages using the command line kmsrecover tool. Contact me directly if you ever need to do that.

See Email archiving for more on that subject.

Advanced Options

Do peek in here. There are more security options that you probably want to set. For example, there's no reason to tell connecting clients your software version, and there is no reason to let anyone know your lan ip scheme. Check those to hide those things.

IP Address Groups

You want to go here first when setting up a new server. As you can see, Kerio has defaulted to using the common private IP address groups for your local lan. You'll need to edit these to reflect your lan setup and remove any subnets that don't apply. If you have VPN's, you probably want to add those subnets here too.

setting ip address definitions in Kerio Mailserver

User Access Policies

These allow you to restrict users to certain services. For example, if you wished to deny the use of Active Sync smartphones, you could assign a policy that denied that.

User access policies

Logs

It's very important to set your log rotation and retention policies. If you don't. your logs will just grow and grow. By right-clicking in the log area, you can get a menu that includes "Log Settings". Choose this to set how many logs to keep and how often you will rotate them.

setting log limits and policies Kerio Mailserver

The Debug log contains a "Messages" option. Selecting this gives you access to a menu where you can enable more extensive debugging. Don't forget to turn off those settings when done!

Other things

Of course there is much more to look at and possibly configure. Much of it will be very obvious if you have worked with other mailservers. Kerio does have extensive manuals on-line at Kerio Knowledgebase and of course you can also call me.

Also see Kerio Mail Server Test Drive



Got something to add? Send me email.





(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Don't miss these features in setting up Kerio Mailserver




Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence



Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





Just because they've sold you an IP based phone system doesn't mean they know anything about IP, does it? (Tony Lawrence)

In fact, my main conclusion after spending ten years of my life working on the TEX project is that software is hard. It’s harder than anything else I’ve ever had to do. (Donald Knuth)








This post tagged: