A full-fledged mail server with contacts, calendar, tasks, chat, protection against spam and viruses. Installs on any OS. GFI Web and Email Security">Web and Email Security 0

Description of Kerio Connect

What is Kerio Connect

BYOD - bring your own device

Do your employees bring their own devices into the workplace? Kerio Connect adds convenience to corporate communications and supports iOS and Android mobile phones out of the box

Support for any platform

Kerio Connect is more than just reliable email and flexible settings!

Kerio Connect Client, available for Windows and Mac and as a web app, allows employees to see colleagues who are online, write messages in real time, organize meetings and send emails securely.

Safe and secure email

Your mail is protected from hacking and attacks using SSL/TLS, S/MIME encryption, anti-spam filters, antiviruses and several layers of checks. Automatic backup with the possibility of partial restoration from backup copy allow you to quickly restore data even in the event of a critical failure.

Unrivaled simplicity

Kerio Connect is a complete collaboration and messaging solution that's easy to use and affordable. With MyKerio's centralized web interface, you can manage all your Kerio Connect devices from anywhere on the network, even from your tablet.

Lyrical digression. This article is of no use to any gurus and pros, well, they don’t work with kerio. I think it will be useful for beginners in system administration; step-by-step manuals are always in short supply. Well, I also wanted to show how to configure Kerio Mailserver as a full-fledged mail server, working through mx records, using users from Active Directory, connecting Outlook via MAPI, etc., because very often KMS is used as a simple POP3/ SMTP server, when in fact it may well compete with Exchange in small companies.

Task: install a mail server in your organization based on Kerio MailServer (KMS), ensure the receipt and sending of mail in the organization, employee access to mail inside and outside the organization.

What you need before installing the mail server:

1. Availability of a registered domain name of the second (or at least third 🙂) level, in our case this is testcompany.ru.
2. If you work through MX records, you will need access to edit these records. Usually a hoster or name registrar provides such a service.
3. The actual server that meets the requirements: http://www.kerio.com/mailserver/requirements.

Installing Kerio MailServer

So we have an Active Directory domain, let's say testcompany.local, there is a domain controller dc01, there is a separate server for KMS, with installed Windows Server 2003 (or 2008), server name mail. If there is no domain, in principle everything will be similar, only a little simpler, since you will not need to configure a connection to AD.

We start the installation of Kerio MailServer, in the first steps Next, Next, etc. are everywhere. I usually choose English language(because the translation is lame, to be honest) and the installation type is Custom, but this is not necessary.

In the Administrative Account installation step, specify the name account mail server administrator and, since it will be created in the local KMS database, I advise you to give it a name different from the name of the domain administrator, for example kmsadmin. This will allow the domain administrator to have normal, full-fledged mail. If the names match, this will not work.

The next step, (Email Domain) is very important, there we indicate the name of our email domain ( testcompany.ru):

At the Internet Hostname step, we indicate the external name of the mail server (the one that appears in mx records, see below), in our case mail.testcompany.ru(our server will be identified under this name when establishing SMTP sessions). You can then check this using the HELO/EHLO commands, for example.

Next, at the Store Directory installation step, we specify the path to the mail storage; it makes sense to place it on a separate physical disk/array to increase performance. If there are a lot of users and they work intensively with mail, then it is very desirable that this array be on SAS/SCSI disks.

As a result, when we log into the KMS > Configuration > Domains console, we get something similar to this:

That's it, the installation is complete, Kerio MailServer is ready to go. But there is one important point that I must warn you about. In Configuration > SMTP Server > Relay Control tab the selector is selected by default Allow Relay only for and the checkbox is checked Users authenticated through SMTP server for outgoing mail. There is also another point Users from IP address group and there is a great desire to use it and allow relay from your local network. This should not be done, because if you check this box, then the presence or absence of a checkbox in the second item, Users authenticated through SMTP server for outgoing mail, will no longer have any meaning, oddly enough, apparently this is what the KMS developers intended. And after that, any unauthenticated client from your network (including viruses and network worms) will be able to send spam from your network without any problems and your server will very quickly be blacklisted. Therefore, I strongly advise not to check the box in the Users from IP address group item and leave the default settings:

It’s worth mentioning here that if you use clients on your local network that use the SMTP protocol to send mail, you will need to check the “SMTP server requires authentication” checkbox, otherwise they will not be able to send mail.

All settings in other items are quite functional by default and you should change them only if you are aware of what you are doing.

Creating Users

There are three ways to create users in Kerio MailServer:

1. In the local Kerio MailServer database.
2. Connect users from Active Directory (so-called mapping).
3. Import users from Active Directory.

The first method is usually used if you do not have a domain, in which case you have no other options other than using a local (Internal) KMS database.

The second method is logical to use if you have a domain structure.

In the third method, accounts are imported from domain Active Directory and creating users based on them in the local KMS database (as in the first option).

Creating users in the local Kerio MailServer database

To create a user when using a local database, you just need to go to the KMS console in Domain Setting > Users and add a user by clicking on the Add... > Create local user button.

The second method is more complicated; it requires setting up automatic mapping of users from AD.

Mapping users from Active Directory

To configure KMS to work with Active Directory users, you must first install Kerio Active Directory Extensions on the domain controller. If there are several controllers, then it is not necessary to install them on all of them, only on those to which Kerio MailServer will connect (in fact, in KMS you can only specify two at most). After installing them, go to the KMS > Configuration > Domains > Directory Service tab and enter the data we need there:

Hostname— the name of the domain controller (the one on which Kerio Active Directory Extensions were installed).

Username— domain user name for connecting to the AD database (regular user rights are sufficient, but... if you want to add users from the KMS console, you will have to add this account to the Account Operator group at a minimum). I recommend creating a special user for the connection (for example, kms_service) and checking the “Password never expires” and “User cannot change password” checkboxes so that at one point your connection to Active Directory does not fail.

Password— password of this user.

Secondary (backup) directory server— we register the backup domain controller here, if it exists, of course. Don't forget to install Kerio Active Directory Extensions on it too.

Active Directory Domain Name— at this point, check the box and write the name of the local domain, testcompany.local in our case, since our mail domain name is different from the Active Directory domain.

Click the Test Connection button and make sure everything is OK. If not, it means you entered something incorrectly, check everything again.

To check that everything is functioning normally, on the domain controller go to the Active Directory snap-in, select a user (created before installing KMS), right-click on it, select Kerio MailServer Tasks and create a mailbox:

We go back to KMS > Domain Setting > Users and make sure that our newly created user is present in the console.

In general, you should create a user immediately with a mailbox, but if it was not created immediately for some reason, you can create it either from Active Directory using Kerio MailServer Tasks, or if the kms_service account is included in the Account Operators or Domain Admins group in AD, then this can be done directly from the KMS console. KMS > Domain Setting > Users > Add… > Activate Active Directory user. Similarly, you can assign an email address to groups.

Practical advice: immediately create a distribution group that will include all users of the company; it is convenient to use for sending out any announcements to all employees of the company.

Importing users

If for some reason you need to import AD users into the local KMS database, then this is done in this way - go to KMS > Domain Setting > Users > Import button > Import from directore service:

The name of the domain, controller, and user to connect to AD are the same as in the previous paragraph when mapping users from Active Directory. As a result, KMS prompts us to select users to import, select the ones we need and click OK:

That's it, users have been created. As a result, in KMS > Domain Setting > Users you get something like this:

e.popova and kmsadmin - users created in the local KMS database

i.petrov, p.ivanov and v.pupkin - users connected from Active Directory

n.sidorova - user imported from AD

Please note that the properties of users imported from AD are set to Kerberos 5 authentication by default, i.e. When a user logs into their mailbox, they are authenticated using AD. Naturally, you can change the authentication method to another - Internal or Windows NT domain (due to the fact that Windows NT is very outdated, this method is not discussed in this article). This cannot be done for users connected using the second method.

Setting up MX records

What are these records? An MX record is a special record on DNS servers, which for a given domain (testcompany.ru in our case) indicates the mail server to which email intended for addresses in this domain should be sent.

Access to editing these records is located where you actually purchased this name, most likely from the hoster or, say, from a name registrar, for example nic.ru.

Go to the control panel of the testcompany.ru zone. If you already had a company website there, for example, then you will see that there are already A-records there that point to the IP address of this site. We also need to create an A record that will point to our server. Actually, this record will be needed in order to use it in an MX record and so that it points to the web interface of our server.

Therefore, we introduce a new entry:

mail.testcompany.ru type A IP address 88.88.yyy.xxx

where 88.88.yyy.xxx is your external IP address given to you by your ISP. Often you don’t need to enter the entire mail.testcompany.ru, just mail is enough.

@ type MX mail.testcompany.ru. priority 10

@ means the domain testcompany.ru itself. Different name registrars enter these records slightly differently, but the meaning is this: for the testcompany.ru domain we create an mx record pointing to the mail.testcompany.ru A record. That's it, the records are created, after some time (up to two days, usually less) they are replicated to all DNS servers on the Internet and will be available. Therefore, it is advisable to do this point first, even though it comes fourth in my list.

We check using nslookup (how to use this command - http://support.microsoft.com/kb/200525/), it should be something like this:

C:\Documents and Settings\Admin>nslookup

Address: 192.168.1.10

> set q=a
> mail.testcompany.ru

Address: 192.168.1.10

Non-authoritative answer:
Name: mail.testcompany.ru
Address: 88.88.yyy.xxx

> set q=mx
> testcompany.ru
Server: dc01.testcompany.local
Address: 192.168.1.10

Non-authoritative answer:
testcompany.ru MX preference = 10, mail exchanger = mail.testcompany.ru

testcompany.ru nameserver = ns2.zzz.ru
testcompany.ru nameserver = ns1.zzz.ru
mail.testcompany.ru internet address = 88.88.yyy.xxx
>

where 192.168.1.10 is the address of the domain controller dc01.

You will also need to create PTR record for your external IP address. It is needed to ensure that emails from your server are not considered spam (many mail servers have PTR checking). PTR records are usually created by a provider that provides you with a static IP address; there is usually no access to editing PTR records. Therefore, we write a letter to the provider with the following content:

Please create a PTR record for the address 88.88.yyy.xxx corresponding to the domain mail.testcompany.ru

You can check whether a record has been created or not, again via nslookup, something like this:

C:\Documents and Settings\Admin>nslookup
Default Server: dc01.testcompany.local
Address: 192.168.1.10

> set q=ptr
> 88.88.yyy.xxx
Server: dc01.testcompany.local
Address: 192.168.1.10

Non-authoritative answer:
xxx.yyy.88.88.in-addr.arpa name = mail.testcompany.ru
>

That's it, everything is fine with the records, now you need to map (or publish) the SMTP and HTTP ports (as well as HTTPS, POP3, IMAP, etc., if you are going to give outside access to these services) on your corporate firewall. And also with mail server you need to open the SMTP port to the outside. For example, in Kerio Winroute Firewall it will look like this:

where 192.168.1.12 is the IP address of the mail server.

To quickly check outside, use telnet:

telnet mail.testcompany.ru 25

which should output:

220 mail.testcompany.ru Kerio MailServer 6.7.3 ESMTP ready

Client setup:

We check the web interface, on some workstation on the local network or on the server itself in the browser line we type the name of our mail server:

http://mail/ (or http://mail.testcompany.ru/ if you are trying outside)

We should get to the KMS web interface login page:

Then everything is standard, enter the username and password of the user with the existing mailbox, log in and are surprised that everything works :) You can also try logging in via HTTPS; by default, KMS itself creates a certificate during installation, so in this case everything should work.

First you need to install it on your workstation Kerio Outlook Connector (with offline caching). You can do this manually, or you can install the MSI package through group policies.

After installing Kerio Outlook Connector, launch Outlook, if there were no accounts, the wizard will start, if there were, you will need to start it manually from the menu Tools > Account Settings > Create...

On the Account Setup page, click Yes, of course, then on the Automatic Account Setup page, check the box “Manually configure server settings or additional server types” (since we don’t have Exchange :) Next, on the Select an email service page, select Other and Kerio Mailserver (KOC Offline Edition):

Server name - mail.testcompany.local

Account name - p.ivanov

Password - the password for this account in AD and check the Save password box.

Click the Detect button, the correct information about the user should be displayed. Next OK, OK, Done and go to Outlook. This completes the initial setup of Outlook, the user can send and receive mail.

To check, send several test letters within the organization and to some external addresses, as well as back :) If everything was done correctly, then the mail should function without problems.

Corrections and additions are accepted.

Kerio Connect is a mail server for small and medium-sized businesses, allowing employees to have access to their mail in any conditions, as well as work with collective tools - mail, calendars, notes and tasks.

Possibilities

• Installation on Windows, Linux, Mac OS X, virtual machines VMware, as well as in the Cloud.
• Access to mail through an email client, mobile phone or a web browser - so your employees will always be connected, wherever they are.
• Support from many mail clients(MS Outlook, MS Entourage, WebMail, Apple mail, the Bat! etc.).
• Supports the most popular smartphone and mobile models operating systems(iOS, Android, Symbian, Windows Phone, Blackberry) - your mail will always be with you.
• Effective anti-spam protection (15 spam filters).
• 2 antivirus protection options:
  • integrated Sophos antivirus;
  • the presence of an open SDK for creating your own plugin for the antivirus solution used - as a result, the ability to use double antivirus filtering. On this moment Using plugins you can connect antiviruses such as ClamAV, NOD32 and DrWEB.
• Integrated mail archiving module.
• Integrated backup module that allows you to configure scheduled backups (full or partial).
• Distributed email domain.
• The built-in instant messaging server not only increases the efficiency of employee interaction, but also allows you to take control of such communication.

Benefits of Kerio Connect

• Low requirements for hardware and multi-platform - an opportunity to save on a new server and server operating system.
• The security of your mail is ensured by the antispam module and optional double anti-virus scanning.
• An excellent alternative to MS Exchange in terms of license costs and maintenance costs. For example, the cost of 4-year ownership of Kerio Connect is 2 times lower than the cost of 4-year ownership of MS Exchange without taking into account maintenance costs.
• Quick installation and configuration - the first email is sent half an hour after installation begins. Receive free updates during the Software Maintenance period.
• Fast and easy migration from other products (MS Exchange and IMAP) using free migration utilities.
• Better integration with iPhone and MAC.
• Simplicity and ease of administration; opportunity remote administration product via a web console (web browser) - no dedicated specialist or administrator presence in the office is needed.
• Russian-speaking technical support.

Additional modules

Sophos Antivirus

Sophos Antivirus is an additional module that can be purchased with a new Kerio Control license, or later.

Protecting all email passing through Kerio Connect:

• Checking incoming, outgoing and forwarded email messages, as well as their attachments.
• Viruses found in attachments are deleted, and an information note about this action is added to the message.
• Ability to filter attachments.

Active Sync

Active Sync is an optional module that can be purchased with a new license or later. Microsoft Exchange ActiveSync® is a server-side technology that allows Kerio Connect to directly synchronize your mailbox with mobile devices that support Exchange ActiveSync

Software Maintenance (SWM)

A valid subscription (Software Maintenance, SWM) provides the user with the following benefits:

• the possibility of free transition to new versions during the validity period of SWM;
• operation of those modules for which it is necessary constant update databases (Sophos, Gray Listing, Active Sync).

The user will receive technical support only subject to a valid SWM.

The initial purchase already includes SWM for 1 year (valid from the moment the server license is activated). When you initially purchase Kerio Control, you can purchase an additional 1-year extension for a total of 2 years of active subscription.

SWM extension

If the user does not renew SWM, then Kerio Control continues to work and perform basic functions. However, the signature databases for Sophos antivirus and Gray Listing spam filter will stop updating, and after 60 days these functions will stop working altogether. Also, the user will not be able to update the product to new versions, synchronize mobile devices via the Active Sync protocol and receive technical support.

The total number of subscription renewal licenses must be equal to the total number of product licenses. That is, SWM renewal is purchased for both the server license and additional user licenses.

The start date of the SWM renewal is counted from the end of the previous subscription, i.e. if after the end of the SWM the next subscription was issued only after 2 months, the user will have to pay for these 2 months.

Licensing

In Kerio Connect, the required number of licenses is calculated based on the number of physical mailboxes required. Nicknames and mailing lists are not taken into account.

When purchasing a new product, you must purchase a server license, which includes 5 users. If more than 5 users will use Kerio Control, then purchase additional packages licenses for 5 users.

A fully functional 30-day trial version of Kerio Connect is available at the company office

Kerio® and related services are trademarks of Kerio Technologies Inc.

I was tired of setting up email in my office, so I decided to write this article. All office mail was previously received by the provider, and then distributed to clients via the Kerio Mail Server mail server over the local network.

For many years everything worked fine, but recently the provider’s technical support decided to save their resources and transferred all mail to Yandex.Mail. Moreover, they did not even inform about the changes: not an official letter and there was no phone call. After that, the office began to go haywire; incoming and outgoing mail stopped working. However, we quickly managed to set up incoming mail on Kerio Mail Server, but I had to suffer with outgoing mail.

Incoming mail in the office via Kerio Mail Server with Yandex.Mail

In the Kerio Mail Server settings: Menu Configuration - POP3 Download, edit the line on the right. Clicking the "Edit" button will open the "POP3 Account" window.

1. In the “POP3 Server:” field, enter pop.yandex.ru.
2. In the “POP3 username:” field, enter the old postal address of your office, the same E-mail that we use in Yandex mail.
3. Your provider saves the password, so you can specify Old Password. If you want to change it, you must first do this in the Yandex.Mail settings (link Settings, path Mail > Settings > Security).

Incoming mail must be received on computers on the local network. Account settings on local computer remain the same in the program that previously accepted mail.

Outgoing mail in the office via Kerio Mail Server on Yandex.Mail

We configure outgoing mail in Kerio MailServer in the same way as incoming mail. In Kerio Mail Server: Menu Configuration - SMTP Server, edit in the window on the right, tab "SMTP Delivery". Check the box "Use SMTP relay server". Most likely, your checkbox was still there.

1. In the "Relay server name:" field smtp.yandex.ru
2. In the "Relay server port:" field, indicate the port number 25
3. In the “User:” field, enter the old postal address of your office and below the password.

If you use the SSL protocol, check the box below, the port will change to 465. In the general Yandex settings it says: In case you cannot use a secure connection, you can connect to the SMTP server on ports 25 or 587.

4. And now an important point: in mail program, in the account settings on the local computer we change field " Email" on Postal email mailbox that you have located on Yandex.Mail. The same E-mail was entered into Kerio MailServer, in the “POP3 Username:” field and in the “User” field in the SMTP settings. We leave the rest of the settings in the mail program on the local computer the same.

You can leave your comments below: