Kerio offers a 30 day full featured demo you can download from http://www.kerio.com/kms_download.html. You can install that on Windows, Linux or Mac OS X.
Once you have done the initial setup (domain name and Admin password), you'll do the rest of the configuration using the Web based GUI administration console.
I'm not going to go through the entire configuration here (though I'm happy to do that by phone or even on-site if you are near me), but there are a few areas I want to make sure you are aware of.
Note the "More Actions" link at the bottom of the screen when you have one or more users highlighted. Here you can reindex users mailboxes and recover deleted items (assuming you have enabled that; see below).
If you edit a user, note that additional email addresses are like aliases in that they do not consume user licenses, but there are differences. For one, an alias created in the alias section can deliver to a folder rather than a user - see below.
Additional email addresses can also be selected as the "From" address in Webmail and will appear in the searchable Global Address list (if that option is enabled for this user).
Users can be assigned to Access Policy groups. This allows you to prevent certain users from using Webmail or other specific services.
Quotas and limits can also be set per user, which allows you to override domain limits set elsewhere.
A group address does not consume a license, and allows delivery to multiple users in your domain. While this is obviously useful, in some circumstances using an using an alias that delivers to a public folder can be a better choice.
As mentioned above, these consume no licenses and can deliver to a user or a folder. They can also use wildcards: * and ?.
There is a small security advantage to aliases and additional email addresses: these cannot be used to authenticate. For example, if your real user name is "johnxyz1234" and you have "john" as an alias or additional email address, people can send email to "john", but they cannot use "john" to access your account - only "johnxyz1234" can be used. This provides some extra protection against password gussing attacks.
See Kerio Mail Server Mailing Lists.
See Kerio Resource Scheduling .
Delivery problems will usually be few, but checking here periodically is a good idea. Alternately, conside this script for delivery problem notification.
These can help give you an idea of mailserver load and can sometimes assist in tracking compromised accounts.
In Services, you define the services and port numbers for Kerio. Shut off services you aren't using and set their Startup Type to Manual. Here you can also limit services to the local lan if appropriate and set the maximum number of concurrent connections allowed. Choosing a suitable number can keep your server from being loaded down in the event of DOS (Denial of Service) attacks. For example, if you only have forty people in your entire organization, there's no reason to allow 1,000 concurrent HTTPS connections to the server.
In the picture below, I changed the default port for HTTP to 8080 because this server runs a webserver on port 80. Kerio uses HTTP for a limited Web based administration tool (users who have access to that can add and maintain users and change passwords but can't access other Admin functions).
Consider disabling or limiting services where appropriate. See Limits tuning for Kerio Connect Mail server.
(Article continues after the break)
You probably want to enable this option. It makes your life easier when users accidentally delete things they should not have. If this is active, you can just visit the Domain Settings -> Users section and click one button to recover Deleted Items.
There are several limit settings in the SMTP Server section that can help prevent DOS attacks and cut back on spam.
The spam and anti-virus sections are easy enough, but you'll need to spend some time in the Attachment Filter section. You need to decide exactly what your policies will be for attachments; which to allow, which to block.
Turning on Blacklists can really help with spam, but you do probably not want to "Block" domains that are on blacklists. Rather, have it increase the spam score. If you do it that way, you can still add Custom Rules that will allow mail from a specific person even if they are on a blacklist. I ask my customers to make a "whitelist" rule for my email address so that important messages are sure to get through.
See Kerio Connect Spam Filtering also.
Be sure you understand that Archiving is done before the mail is delivered to the user or sent out, so all messages will be captured (you have options for only capturing inbound, etc.). Backup is a snapshot in time and also includes the very important configuration files.
Backup is designed for complete restores, but if necessary, you can extract specific messages using the command line kmsrecover tool. Contact me directly if you ever need to do that.
See Email archiving for more on that subject.
Do peek in here. There are more security options that you probably want to set. For example, there's no reason to tell connecting clients your software version, and there is no reason to let anyone know your lan ip scheme. Check those to hide those things.
You want to go here first when setting up a new server. As you can see, Kerio has defaulted to using the common private IP address groups for your local lan. You'll need to edit these to reflect your lan setup and remove any subnets that don't apply. If you have VPN's, you probably want to add those subnets here too.
These allow you to restrict users to certain services. For example, if you wished to deny the use of Active Sync smartphones, you could assign a policy that denied that.
It's very important to set your log rotation and retention policies. If you don't. your logs will just grow and grow. By right-clicking in the log area, you can get a menu that includes "Log Settings". Choose this to set how many logs to keep and how often you will rotate them.
The Debug log contains a "Messages" option. Selecting this gives you access to a menu where you can enable more extensive debugging. Don't forget to turn off those settings when done!
Of course there is much more to look at and possibly configure. Much of it will be very obvious if you have worked with other mailservers. Kerio does have extensive manuals on-line at http://www.kerio.com/supp_kms_manual.html and of course you can also call me.
Also see Kerio Mail Server Test Drive
Kerio®, and related trademarks, names and logos are the property of Kerio Technologies, Inc. and are registered and/or used in the U.S. and other countries. Used under license from Kerio Technologies, Inc.
We offer competitive pricing and complete, no extra charge support on all Kerio products.
All Kerio products have free 30 day trial versions. We also have the Kerio Control Hardware appliance available as a 30 day demo; contact us for details.
More Articles by Anthony Lawrence - Find me on Google+ 2008-05-09
Click here to add your comments - no registration needed!
Don't miss responses! Subscribe to Comments by RSS or by Email
Click here to add your comments
If you want a picture to show with your comment, go get a Gravatar
Printer Friendly Version
Kerio Connect Mail Server Configuration Guide Copyright September 2012 Tony Lawrence
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Publishing your articles here
Jump to Comments
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
I am a Kerio reseller. Articles here related to Kerio products reflect my honest opinion, but I do have an obvious interest in selling those products also.
Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.
We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.
Printer Friendly Version