Kerio Connect is an email and instant messaging server that features multiple deployment options, Microsoft Outlook integration, web based email access, and mobile device access.
This guide provides general step-by-step instructions for deploying Kerio Connect in a common on premises scenario. Kerio Connect is also available as a hosted service. Refer to the Kerio website for details.
In this example:
Kerio Connect resides on a dedicated server inside a local network.
There is a firewall with a static IP address that routes secure protocols to Kerio Connect.
Kerio Connect hosts a single email domain with retention policies.
The Kerio Connect license supports Antivirus and Exchange ActiveSync.
Users authenticate against a local domain controller.
Kerio Connect secures connections with a signed SSL certificate.
Kerio Connect scans messages for viruses.
Kerio Connect scans messages for spam using Kerio Anti-spam.
Kerio Connect archives all email messages.
Kerio Connect performs nightly backup of all data and configuration.
Users can schedule meeting rooms.
Kerio Connect publishes the contact information of all users to a global address list.
A public folders administrator organizes holidays in a public calendar.
Users send group emails to a specific address belonging to a moderated mailing list.
Kerio Connect sorts specific incoming email to designated public folders.
Users access their mailbox from smartphones, web browsers, and desktop applications.
Users communicate by Jabber and Kerio Connect Client for real-time communication and presence.
As part of the deployment, Kerio Connect migrates data from another IMAP server.
Kerio Connect is available as a 64-bit Debian virtual appliance for VMware, or as a software application for current versions of Microsoft Windows, Mac OS X, and Linux. The product features and functionality are nearly identical across all versions.
You can download Kerio Connect from the Kerio website. For instructions on Kerio Connect installation, see Installing Kerio Connect. Make sure your hardware and operating system meet the system requirements.
After installation, the software automatically checks for updates. The web administration notifies you when an update is ready. See Upgrading Kerio Connect for details.
In the example scenario, Kerio Connect resides on a dedicated server inside a local network.
The administrator performs the following steps:
Prepares a server on the local network.
Downloads and installs Kerio Connect for the appropriate operating system.
Performs the installation.
After installation, the administrator performs the initial configuration from a web browser by going to the name or IP address of the Kerio Connect server. The initial configuration defines the email domain name, an account for administration, the directory that stores all email data, and the software license. See Performing initial configuration in Kerio Connect for details.
In the example scenario, the Kerio Connect license supports Antivirus and Exchange ActiveSync.
The administrator obtains a Kerio Connect license with both extensions.
During the initial configuration, the administrator registers the license. See Registering Kerio Connect for details.
Public folders allow multiple users to share the same content, including calendars, contacts, tasks, notes, and email. By default, users have read-only access to public folders. If you need to allow some users to modify public folders, you can designate any user as a public folders administrator in Accounts → Users. See Public folders in Kerio Connect for more details.
You can access and manage public folders from Microsoft Outlook, Apple Contacts and Calendar, and the Kerio Connect Client.
In the example scenario, a public folders administrator organizes holidays in a public calendar.
Domains in Kerio Connect allow incoming email to route to local mailboxes. They also apply a variety of user policies and settings such as:
Authentication to directory services
You can manage domains in Kerio Connect administration in Configuration → Domains. See Domains in Kerio Connect and Creating domains in Kerio Connect for details.
Kerio Connect can manage users and groups in Active Directory or Open Directory. Administrators implementing a directory service do not need to separately manage users in Kerio Connect. Kerio Connect authenticates users to a directory server via Kerberos and publishes user contact information to the public contacts folder, also known as the global address list (GAL).
In the example scenario, users authenticate against a local domain controller.
The administrator installs the Kerio Active Directory Extension on the domain controller.
The administrator joins the Kerio Connect server operating system to the local domain.
The administrator configures Kerio Connect to map users from the directory server.
Users can see the global address list in their email applications.
See Connecting Kerio Connect to a directory service for details.
User accounts in Kerio Connect allow people to login to access their mailbox. Administrators can manage various user rights and settings such as:
Public or Archive folders administration
Access policies for email services
Email addresses (i.e., aliases)
Contact information and photo
You can manage users in Accounts → Users. See Creating user accounts in Kerio Connect for details.
Aliases are custom email addresses that deliver email to one or more mailboxes. They can also route email to an external address or to a designated public folder. You can configure aliases per domain in Accounts → Aliases. See Creating aliases in Kerio Connect for details.
In the example scenario, Kerio Connect sorts specific incoming email to designated public folders.
The public folders administrator creates the public email folders.
The administrator creates aliases and delivers them to the corresponding public folder.
Users access public folders in Kerio Connect Client and other email applications.
Resources are calendars that represent shared items in an organization, such as a conference room or a projector. People can reserve resources by inviting them to an event. Administrators configure resources per domain in Accounts → Resources. See Configuring resources in Kerio Connect for details.
In the example scenario, users can schedule meeting rooms.
The administrator adds the meeting room resources.
Users can view the availability of each resource when scheduling events.
The email address of each resource appears in a public contact folder called resources.
Mailing lists in Kerio Connect route a single address to multiple recipients. General usage and capabilities of mailing lists include:
Subscription - People can send an email to a specially formatted address to opt in (subscribe) or opt out (unsubscribe) from the list.
Posting - Approved people can send an email (post) to the list. Administrators can define additional settings that change the reply address or append a notice to posts.
Moderation - Privileged people (moderators) can approve subscription and posting requests.
Administrators configure mailing lists per domain in Accounts → Mailing Lists. See Creating mailing lists in Kerio Connect for details.
In the example scenario, users send group emails to a specific address belonging to a moderated mailing list. The administrator creates a list with the following posting policy:
Only members and moderators can post to the list.
Kerio Connect replaces the sender’s address with the list address so that replies go to the list.
Kerio Connect prepends [marketing-team] to the subject so that people can identify posts.
Kerio Connect includes many security features to protect against:
Tampering of content
Users may intentionally or unwittingly misuse the mail system by sending large or bulk email. This behavior can result in slow, delayed, or no processing of email. Administrators can avoid mail abuse by enabling restrictions for the SMTP server in Configuration → SMTP Server. See Configuring the SMTP server in Kerio Connect for details.
In many environments, a firewall protects the Kerio Connect server by enabling external access to a restricted set of services. In the example scenario, there is a firewall with a static IP address that routes secure protocols to Kerio Connect. See Securing Kerio Connect for details.
As an externally facing server, Kerio Connect is open to password guessing attacks. To reduce the possibility of an attacker compromising an account, the administrator can enable the following features:
Password complexity to enforce strong passwords.
Login guessing protection to identify password guessing attempts and temporarily block the offending host.
See Password policy in Kerio Connect for details.
If properly licensed, Kerio Connect can identify and remove viruses from all incoming and outgoing messages. In the example scenario, Kerio Connect scans messages for viruses.
The anti-virus engine checks for updates hourly.
Kerio Connect discards virus attachments.
Kerio Connect appends a warning to the user if it cannot scan an attachment.
See Antivirus control in Kerio Connect for details.
To improve the reliability and authenticity of your email, Kerio Connect can sign messages using DomainKeys Identified Mail (DKIM). The administrator enables DKIM in the properties of a domain, and adds a DNS record with the public key. See Authenticating messages with DKIM for details.
Users can validate their identity using email certificates as part of Secure MIME in Kerio Connect Client. See Digitally signing messages in Kerio Connect Client for details.
Kerio Connect can require authentication for any message sent from a local mailbox. This prevents spammers from spoofing addresses of trusted local recipients. See Configuring anti-spoofing in Kerio Connect for details.
Users can protect their data by securely connecting to their mailbox. Kerio Connect creates a self-signed certificate to enable access to secure communication without any prior configuration. To improve security and user experience, the administrator can install a signed SSL certificate in Configuration→SSL Certificates. See Configuring SSL certificates in Kerio Connect for details.
For additional security, users can encrypt messages using Secure MIME (S/MIME) in Kerio Connect Client. See Encrypting messages in Kerio Connect Client for details.
In the example scenario, Kerio Connect secures connections with a signed SSL certificate.
The administrator generates a new certificate request.
A Certificate Authority (CA) validates and signs the certificate request.
The administrator imports the signed SSL certificate.
Users securely connect to the server (e.g., HTTPS://mail.binebrewing.com).
Unsolicited email (spam) is annoying and distracting to everyone. Kerio Connect provides several features to identify and block spam senders and spam content. The default configuration enables SpamAssassin for content based spam filtering, and Kerio Anti-spam as an optionally licensed feature. . Administrators can enable additional controls to reject blacklisted IP addresses or untrusted senders in Configuration → Content Filter → Spam Filter. See Configuring spam control in Kerio Connect for details.
In the example scenario, Kerio Connect scans messages for spam using Kerio Anti-spam.
The administrator enables Kerio Anti-spam service powered by Bitdefender
The contribution by Kerio Anti-spam to the spam rating is Normal
The administrator allows the usage of signatures and metadata to enhance the online scanning service
Backups allow the administrator to save a copy of the entire server configuration and user data. In case of a hardware failure or server upgrade, the administrator can restore the mail system from a backup. The administrator can enable backup in Configuration → Archiving and Backup → Backup. The administrator can recover data by executing a command line utility. See Configuring backup in Kerio Connect and Data recovery in Kerio Connect for details.
In the example scenario, Kerio Connect performs nightly backup of all data and configuration.
The administrator enables backup and specifies a target directory.
The administrator assigns the default backup schedule.
The administrator assigns an email address to receive notifications regarding the backup process.
Kerio Connect supports mailbox synchronization with a variety of mobile platforms. This enables people to wirelessly manage their email, tasks, schedules, and contacts at any time and anywhere.
In the example scenario, users access their mailbox from mobile devices using Exchange ActiveSync.
Users add an Exchange ActiveSync account on their device. See Mobile Devices for details.
Users choose folders to synchronize. See Synchronizing folders with mobile devices for details.
The administrator manages mobile devices. See Managing user mobile devices for details.
Kerio Connect supports mailbox access from a variety of web browsers. This enables people to manage their mailbox without any software other than a web browser. Users can login to their account from any computer and their settings and preferences remain the same. See Kerio Connect Client for details.
In the example scenario, users access their mailbox from a web browser by going to the address of their Kerio Connect server and logging in with their account. See Accessing Kerio Connect for details.
Kerio Connect supports mailbox access from a variety of desktop applications. This enables people to manage their mailbox using Kerio Connect Client, Microsoft Outlook, or the built-in applications available in the Mac operating system. To simplify the account setup, users can launch the Kerio Connect Account Assistant.
In the example scenario, users access their mailbox from Kerio Connect Client for Windows and Mac, Microsoft Outlook, and Mac applications.
Users login to Kerio Connect Client and go to the integration page.
Windows and Mac users download and install Kerio Connect Client desktop application.
Microsoft Outlook for Windows users configure ActiveSync accounts, or install Kerio Outlook Connector.
Kerio Connect supports the Extensible Messaging and Presence Protocol (XMPP) for use with Jabber based messaging applications. These applications work in combination with Kerio Connect Client chat. Users can choose either method to engage in real-time communication and to obtain the online status of other users on the system.
In the example scenario, users communicate by instant messaging and Kerio Connect Client chat..
Windows users install and configure an XMPP account in the Pidgin application.
Mac OS users configure Apple Messages by launching the Kerio Connect Account Assistant. See Configuring clients for instant messaging for details.
Windows and Mac users send chat messages using Kerio Connect Client.
The administrator configures DNS records for instant messaging to support automatic account configuration.
Kerio Connect supports user and data migration from Microsoft Exchange or other IMAP services. This minimizes the interruption to users when migrating from a different email platform to Kerio Connect. See Kerio Exchange Migration Tool and Kerio IMAP Migration Tool for details.
In the example scenario, Kerio Connect migrates data from another IMAP server. The administrator performs the following steps:
Downloads and installs the Kerio IMAP migration tool
Runs the migration tool
Imports a comma separated file with all users and passwords
Confirms the data migration
Article Number: 1529
Posted: Thu, Nov 21, 2013 2:38 PM
Last Updated: Thu, Mar 23, 2017 11:01 AM
Posted: Vendula Lucakova
Online URL: http://kb.kerio.com/product/kerio-connect/quick-start-with-kerio-connect-1529.html