Quick start with Kerio Connect
Article Number: 1529 | Last Updated: Thu, Mar 23, 2017 11:01 AM
Kerio Connect is an email and instant messaging server that features multiple deployment options, Microsoft Outlook integration, web based email access, and mobile device access.
This guide provides general step-by-step instructions for deploying Kerio Connect in a common on premises scenario. Kerio Connect is also available as a hosted service. Refer to the Kerio website for details.
In this example:
Selecting a deployment type
Kerio Connect is available as a 64-bit Debian virtual appliance for VMware, or as a software application for current versions of Microsoft Windows, Mac OS X, and Linux. The product features and functionality are nearly identical across all versions.
Installing and upgrading Kerio Connect
You can download Kerio Connect from the Kerio website. For instructions on Kerio Connect installation, see Installing Kerio Connect. Make sure your hardware and operating system meet the system requirements.
After installation, the software automatically checks for updates. The web administration notifies you when an update is ready. See Upgrading Kerio Connect for details.
In the example scenario, Kerio Connect resides on a dedicated server inside a local network.
The administrator performs the following steps:
Accessing Kerio Connect
After installation, the administrator performs the initial configuration from a web browser by going to the name or IP address of the Kerio Connect server. The initial configuration defines the email domain name, an account for administration, the directory that stores all email data, and the software license. See Performing initial configuration in Kerio Connect for details.
In the example scenario, the Kerio Connect license supports Antivirus and Exchange ActiveSync.
Creating and viewing public folders
Public folders allow multiple users to share the same content, including calendars, contacts, tasks, notes, and email. By default, users have read-only access to public folders. If you need to allow some users to modify public folders, you can designate any user as a public folders administrator in Accounts → Users. See Public folders in Kerio Connect for more details.
You can access and manage public folders from Microsoft Outlook, Apple Contacts and Calendar, and the Kerio Connect Client.
In the example scenario, a public folders administrator organizes holidays in a public calendar.
Configuring email domains
Domains in Kerio Connect allow incoming email to route to local mailboxes. They also apply a variety of user policies and settings such as:
Connecting to a directory service
Kerio Connect can manage users and groups in Active Directory or Open Directory. Administrators implementing a directory service do not need to separately manage users in Kerio Connect. Kerio Connect authenticates users to a directory server via Kerberos and publishes user contact information to the public contacts folder, also known as the global address list (GAL).
In the example scenario, users authenticate against a local domain controller.
See Connecting Kerio Connect to a directory service for details.
Creating user accounts and aliases
User accounts in Kerio Connect allow people to login to access their mailbox. Administrators can manage various user rights and settings such as:
You can manage users in Accounts → Users. See Creating user accounts in Kerio Connect for details.
Aliases are custom email addresses that deliver email to one or more mailboxes. They can also route email to an external address or to a designated public folder. You can configure aliases per domain in Accounts → Aliases. See Creating aliases in Kerio Connect for details.
In the example scenario, Kerio Connect sorts specific incoming email to designated public folders.
Resources are calendars that represent shared items in an organization, such as a conference room or a projector. People can reserve resources by inviting them to an event. Administrators configure resources per domain in Accounts → Resources. See Configuring resources in Kerio Connect for details.
In the example scenario, users can schedule meeting rooms.
Creating mailing lists
Mailing lists in Kerio Connect route a single address to multiple recipients. General usage and capabilities of mailing lists include:
Administrators configure mailing lists per domain in Accounts → Mailing Lists. See Creating mailing lists in Kerio Connect for details.
In the example scenario, users send group emails to a specific address belonging to a moderated mailing list. The administrator creates a list with the following posting policy:
Securing Kerio Connect
Kerio Connect includes many security features to protect against:
Protecting against misconduct
Users may intentionally or unwittingly misuse the mail system by sending large or bulk email. This behavior can result in slow, delayed, or no processing of email. Administrators can avoid mail abuse by enabling restrictions for the SMTP server in Configuration → SMTP Server. See Configuring the SMTP server in Kerio Connect for details.
Protecting against unauthorized access
In many environments, a firewall protects the Kerio Connect server by enabling external access to a restricted set of services. In the example scenario, there is a firewall with a static IP address that routes secure protocols to Kerio Connect. See Securing Kerio Connect for details.
As an externally facing server, Kerio Connect is open to password guessing attacks. To reduce the possibility of an attacker compromising an account, the administrator can enable the following features:
See Password policy in Kerio Connect for details.
Protecting against harmful attachments
If properly licensed, Kerio Connect can identify and remove viruses from all incoming and outgoing messages. In the example scenario, Kerio Connect scans messages for viruses.
See Antivirus control in Kerio Connect for details.
Protecting against identity spoofing
To improve the reliability and authenticity of your email, Kerio Connect can sign messages using DomainKeys Identified Mail (DKIM). The administrator enables DKIM in the properties of a domain, and adds a DNS record with the public key. See Authenticating messages with DKIM for details.
Users can validate their identity using email certificates as part of Secure MIME in Kerio Connect Client. See Digitally signing messages in Kerio Connect Client for details.
Kerio Connect can require authentication for any message sent from a local mailbox. This prevents spammers from spoofing addresses of trusted local recipients. See Configuring anti-spoofing in Kerio Connect for details.
Protecting against email tampering
Users can protect their data by securely connecting to their mailbox. Kerio Connect creates a self-signed certificate to enable access to secure communication without any prior configuration. To improve security and user experience, the administrator can install a signed SSL certificate in Configuration→SSL Certificates. See Configuring SSL certificates in Kerio Connect for details.
For additional security, users can encrypt messages using Secure MIME (S/MIME) in Kerio Connect Client. See Encrypting messages in Kerio Connect Client for details.
In the example scenario, Kerio Connect secures connections with a signed SSL certificate.
Configuring spam control
Unsolicited email (spam) is annoying and distracting to everyone. Kerio Connect provides several features to identify and block spam senders and spam content. The default configuration enables SpamAssassin for content based spam filtering, and Kerio Anti-spam as an optionally licensed feature. . Administrators can enable additional controls to reject blacklisted IP addresses or untrusted senders in Configuration → Content Filter → Spam Filter. See Configuring spam control in Kerio Connect for details.
In the example scenario, Kerio Connect scans messages for spam using Kerio Anti-spam.
Backups allow the administrator to save a copy of the entire server configuration and user data. In case of a hardware failure or server upgrade, the administrator can restore the mail system from a backup. The administrator can enable backup in Configuration → Archiving and Backup → Backup. The administrator can recover data by executing a command line utility. See Configuring backup in Kerio Connect and Data recovery in Kerio Connect for details.
In the example scenario, Kerio Connect performs nightly backup of all data and configuration.
Accessing email from a mobile device
Kerio Connect supports mailbox synchronization with a variety of mobile platforms. This enables people to wirelessly manage their email, tasks, schedules, and contacts at any time and anywhere.
In the example scenario, users access their mailbox from mobile devices using Exchange ActiveSync.
Accessing email from a web browser
Kerio Connect supports mailbox access from a variety of web browsers. This enables people to manage their mailbox without any software other than a web browser. Users can login to their account from any computer and their settings and preferences remain the same. See Kerio Connect Client for details.
In the example scenario, users access their mailbox from a web browser by going to the address of their Kerio Connect server and logging in with their account. See Accessing Kerio Connect for details.
Accessing email from the desktop
Kerio Connect supports mailbox access from a variety of desktop applications. This enables people to manage their mailbox using Kerio Connect Client, Microsoft Outlook, or the built-in applications available in the Mac operating system. To simplify the account setup, users can launch the Kerio Connect Account Assistant.
In the example scenario, users access their mailbox from Kerio Connect Client for Windows and Mac, Microsoft Outlook, and Mac applications.
Configuring instant messaging
Kerio Connect supports the Extensible Messaging and Presence Protocol (XMPP) for use with Jabber based messaging applications. These applications work in combination with Kerio Connect Client chat. Users can choose either method to engage in real-time communication and to obtain the online status of other users on the system.
In the example scenario, users communicate by instant messaging and Kerio Connect Client chat..
Kerio Connect supports user and data migration from Microsoft Exchange or other IMAP services. This minimizes the interruption to users when migrating from a different email platform to Kerio Connect. See Kerio Exchange Migration Tool and Kerio IMAP Migration Tool for details.
In the example scenario, Kerio Connect migrates data from another IMAP server. The administrator performs the following steps: