Get APLawrence.com by RSSKerio Configuration
2008/05/09
Kerio offers a 30 day full featured demo you can download from http://www.kerio.com/kms_download.html. You can install that on Windows, Linux or Mac OS X.
Once you have done the initial setup (domain name and Admin password), you'll do the rest of the configuration using the GUI administration console. You can install that on any machine - Windows, Linux or Mac OS X again. It's a free download, so install it where ever you like. For example, you might want to be able to administer this server from home. As long as your router lets port 44337 through to your Kerio Mailserver, you could do that.
I'm not going to go through the entire configuration here (though I'm happy to do that by phone or even on-site if you are near me), but there are a few areas I want to make sure you are aware of.
IP Address Groups
You want to go here first. As you can see, Kerio has defaulted to using the common private IP address groups for your local lan. You'll need to edit these to reflect your lan setup and remove any subnets that don't apply. If you have VPN's, you probably want to add those subnets here too.
Services
In Services, you define the services and port numbers for Kerio. Shut off services you aren't using and set their Startup Type to Manual. Here you can also limit services to the local lan if appropriate and set the maximum number of concurrent connections allowed. Choosing a suitable number can keep your server from being loaded down in the event of DOS (Denial of Service) attacks. For example, if you only have forty people in your entire organization, there's no reason to allow 1,000 concurrent HTTPS connections to the server.
In the picture below, I changed the default port for HTTP to 8080 because this server runs a webserver on port 80. Kerio uses HTTP for a limited Web based administration tool (users who have access to that can add and maintain users and change passwords but can't access other Admin functions).
Deleted Items in Domains
You probably want to enable this option. It makes your life easier when users accidentally delete things they should not have. If this is active, you can just visit the Domain Settings -> Users section and click one button to recover Deleted Items.
SMTP Limits
There are several limit settings in the SMTP Server section that can help prevent DOS attacks and cut back on spam.
Content Filter
The spam and anti-virus sections are easy enough, but you'll need to spend some time in the Attachment Filter section. You need to decide exactly what your policies will be for attachments; which to allow, which to block.
Turning on Blacklists can really help with spam, but you do probably not want to "Block" domains that are on blacklists. Rather, have it increase the spam score. If you do it that way, you can still add Custom Rules that will allow mail from a specific person even if they are on a blacklist. I ask my customers to make a "whitelist" rule for my email address so that important messages are sure to get through.
Archiving and Backup
Be sure you understand that Archiving is done before the mail is delivered to the user or sent out, so all messages will be captured (you have options for only capturing inbound, etc.). Backup is a snapshot in time and also includes the very important configuration files.
Backup is designed for complete restores, but if necessary, you can unzip the files and extract specific messages. Contact me directly if you ever need to do that.
;
Advanced Options
Do peek in here. There are more security options that you probably want to set. For example, there's no reason to tell connecting clients your software version, and there is no reason to let anyone know your lan ip scheme. Check those to hide those things.
Logs
It's very important to set your log rotation and retention policies. If you don't. your logs will just grow and grow, By right-clicking in the log area, you can get a menu that includes "Log Settings". Choose this to set how many logs to keep and how often you will rotate them.
Other things
Of course there is much more to look at and possibly configure. Much of it will be very obvious if you have worked with other mailservers. Kerio does have extensive manuals on-line at http://www.kerio.com/supp_kms_manual.html and of course you can also call me.
Also see Kerio Resource Scheduling
;
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.
We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.
I sell and support
Kerio Mail server
Click here to add your comments
Don't miss responses! Subscribe to Comments by RSS or by Email
Click here to add your comments
If you want a picture to show with your comment, go get a Gravatar