Kerio® offers a 30 day full featured demo you can download from
http://www.kerio.com/kms_download.html. You can install that on Windows, Linux or Mac OS X.
Once you have done the initial setup (domain name and Admin password),
you'll do the rest of the configuration using the Web based GUI administration console.
I'm not going to go through the entire configuration here (though
I'm happy to do that by phone or even on-site if you are near me), but
there are a few areas I want to make sure you are aware of.
Note the "More Actions" link at the bottom of the screen when you have one or more users highlighted. Here you can reindex users mailboxes and recover deleted items (assuming you have enabled that; see below).
If you edit a user, note that additional email addresses are like aliases in that they do not consume user licenses, but there are differences. For one, an alias created in the alias section can deliver to a folder rather than a user - see below.
Additional email addresses can also be selected as the "From" address in Webmail and will appear in the searchable Global Address list (if that option is enabled for this user).
Users can be assigned to Access Policy groups. This allows you to prevent certain users from using Webmail or other specific services.
Quotas and limits can also be set per user, which allows you to override domain limits set elsewhere.
A group address does not consume a license, and allows delivery to multiple users in your domain. While this is obviously useful, in some circumstances using an using an alias that delivers to a public folder can be a better choice.
As mentioned above, these consume no licenses and can deliver to a user or a folder. They can also use wildcards: * and ?.
There is a small security advantage to aliases and additional email addresses: these cannot be used to authenticate. For example, if your real user name is "johnxyz1234" and you have "john" as an alias or additional email address, people can send email to "john", but they cannot use "john" to access your account - only "johnxyz1234" can be used. This provides some extra protection against password gussing attacks.
See Kerio Mail Server Mailing Lists.
See Kerio Resource Scheduling .
Delivery problems will usually be few, but checking here periodically is a good idea. Alternately, conside this script for delivery problem notification.
Active Connections and Opened Folders
These can help give you an idea of mailserver load and can sometimes assist in tracking compromised accounts.
In Services, you define the services and port numbers for Kerio. Shut
off services you aren't using and set their Startup Type to Manual.
Here you can also limit services to the local lan if appropriate and
set the maximum number of concurrent connections allowed. Choosing
a suitable number can keep your server from being loaded down in
the event of DOS (Denial of Service) attacks. For example, if you
only have forty people in your entire organization, there's no reason
to allow 1,000 concurrent HTTPS connections to the server.
In the picture below, I changed the default port for HTTP to 8080
because this server runs a webserver on port 80. Kerio uses HTTP for
a limited Web based administration tool (users who have access to that
can add and maintain users and change passwords but can't access other
Consider disabling or limiting services where appropriate. See Limits tuning for Kerio Connect Mail server.
Deleted Items in Domains
You probably want to enable this option. It makes your life easier
when users accidentally delete things they should not have. If this is active, you can just visit the Domain Settings -> Users section and click
one button to recover Deleted Items.
There are several limit settings in the SMTP Server section that can
help prevent DOS attacks and cut back on spam.
The spam and anti-virus sections are easy enough, but you'll need to
spend some time in the Attachment Filter section. You need to decide
exactly what your policies will be for attachments; which to allow, which
Turning on Blacklists can really help with spam, but you do probably
not want to "Block" domains that are on blacklists. Rather, have
it increase the spam score. If you do it that way, you can still
add Custom Rules that will allow mail from a specific person even
if they are on a blacklist. I ask my customers to make a
"whitelist" rule for my email address so that important messages
are sure to get through.
See Kerio Connect Spam Filtering also.
Archiving and Backup
Be sure you understand that Archiving is done before the mail is delivered
to the user or sent out, so all messages will be captured (you have options
for only capturing inbound, etc.). Backup is a snapshot in time and also
includes the very important configuration files.
Backup is designed for complete restores, but if necessary, you can
extract specific messages using the command line kmsrecover tool. Contact me directly
if you ever need to do that.
See Email archiving for more on that subject.
Do peek in here. There are more security options that you probably want
to set. For example, there's no reason to tell connecting clients your
software version, and there is no reason to let anyone know your lan
ip scheme. Check those to hide those things.
IP Address Groups
You want to go here first when setting up a new server. As you can see, Kerio has defaulted to
using the common private IP address groups for your local lan. You'll
need to edit these to reflect your lan setup and remove any subnets
that don't apply. If you have VPN's, you probably want to add
those subnets here too.
User Access Policies
These allow you to restrict users to certain services. For example, if you wished to deny the use of Active Sync smartphones, you could assign a policy that denied that.
It's very important to set your log rotation and retention policies.
If you don't. your logs will just grow and grow. By right-clicking in
the log area, you can get a menu that includes "Log Settings". Choose
this to set how many logs to keep and how often you will rotate them.
The Debug log contains a "Messages" option. Selecting this gives you access to a menu where you can enable more extensive debugging. Don't forget to turn off those settings when done!
Of course there is much more to look at and possibly configure. Much
of it will be very obvious if you have worked with other mailservers. Kerio
does have extensive manuals on-line at http://www.kerio.com/supp_kms_manual.html and of course you can
also call me.
Also see Kerio Mail Server Test Drive
If this page was useful to you, please help others find it:
Kerio®, and related trademarks, names and logos are the property of Kerio Technologies, Inc. and are registered and/or used in the U.S. and other countries. Used under license from Kerio Technologies, Inc.
More Articles by Anthony Lawrence
- Find me on Google+
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site:
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Publishing your articles here
Jump to Comments
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.
We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.