Quick start with Kerio Connect
Kerio Connect is an email and instant messaging server that features multiple deployment options, Microsoft Outlook integration, web based email access, and mobile device access.
This guide provides general step-by-step instructions for deploying Kerio Connect in a common on premises scenario. Kerio Connect is also available as a hosted service. Refer to the Kerio website for details.
In this example:
- Kerio Connect resides on a dedicated server inside a local network.
- There is a firewall with a static IP address that routes secure protocols to Kerio Connect.
- Kerio Connect hosts a single email domain with retention policies.
- The Kerio Connect license supports Antivirus and Exchange ActiveSync.
- Users authenticate against a local domain controller.
- Kerio Connect secures connections with a signed SSL certificate.
- Kerio Connect scans messages for viruses.
- Kerio Connect scans messages for spam using Kerio Anti-spam.
- Kerio Connect archives all email messages.
- Kerio Connect performs nightly backup of all data and configuration.
- Users can schedule meeting rooms.
- Kerio Connect publishes the contact information of all users to a global address list.
- A public folders administrator organizes holidays in a public calendar.
- Users send group emails to a specific address belonging to a moderated mailing list.
- Kerio Connect sorts specific incoming email to designated public folders.
- Users access their mailbox from smartphones, web browsers, and desktop applications.
- Users communicate by Jabber and Kerio Connect Client for real-time communication and presence.
- As part of the deployment, Kerio Connect migrates data from another IMAP server.
Selecting a deployment type
Kerio Connect is available as a 64-bit Debian virtual appliance for VMware, or as a software application for current versions of Microsoft Windows, Mac OS X, and Linux. The product features and functionality are nearly identical across all versions.
Installing and upgrading Kerio Connect
You can download Kerio Connect from the Kerio website. For instructions on Kerio Connect installation, see Installing Kerio Connect. Make sure your hardware and operating system meet the system requirements.
After installation, the software automatically checks for updates. The web administration notifies you when an update is ready. For more information refer to Upgrade.
In the example scenario, Kerio Connect resides on a dedicated server inside a local network.
The administrator performs the following steps:
- Prepares a server on the local network.
- Downloads and installs Kerio Connect for the appropriate operating system.
- Performs the installation.
Accessing Kerio Connect
After installation, the administrator performs the initial configuration from a web browser by going to the name or IP address of the Kerio Connect server. The initial configuration defines the email domain name, an account for administration, the directory that stores all email data, and the software license. For more information refer to Performing initial configuration in Kerio Connect.
In the example scenario, the Kerio Connect license supports Antivirus and Exchange ActiveSync.
- The administrator obtains a Kerio Connect license with both extensions.
- During the initial configuration, the administrator registers the license. For more information refer to Registering Kerio Connect.
Creating and viewing public folders
Public folders allow multiple users to share the same content, including calendars, contacts, tasks, notes, and email. By default, users have read-only access to public folders. If you need to allow some users to modify public folders, you can designate any user as a public folders administrator in Accounts > Users. For more information refer to Public folders in Kerio Connect.
You can access and manage public folders from Microsoft Outlook, Apple Contacts and Calendar, and the Kerio Connect Client.
In the example scenario, a public folders administrator organizes holidays in a public calendar.
Configuring email domains
Domains in Kerio Connect allow incoming email to route to local mailboxes. They also apply a variety of user policies and settings such as:
- Password complexity
- Mailbox retention
- Email footers
- Authentication to directory services
Connecting to a directory service
Kerio Connect can manage users and groups in Active Directory or Open Directory. Administrators implementing a directory service do not need to separately manage users in Kerio Connect. Kerio Connect authenticates users to a directory server via Kerberos and publishes user contact information to the public contacts folder, also known as the global address list (GAL).
In the example scenario, users authenticate against a local domain controller.
- The administrator installs the Kerio Active Directory Extension on the domain controller.
- The administrator joins the Kerio Connect server operating system to the local domain.
- The administrator configures Kerio Connect to map users from the directory server.
- Users can see the global address list in their email applications.
Creating user accounts and aliases
User accounts in Kerio Connect allow people to login to access their mailbox. Administrators can manage various user rights and settings such as:
- Public or Archive folders administration
- Access policies for email services
- Mailbox quotas
- Email addresses (i.e., aliases)
- Contact information and photo
You can manage users in Accounts > Users. For more information refer to Creating user accounts in Kerio Connect.
Aliases are custom email addresses that deliver email to one or more mailboxes. They can also route email to an external address or to a designated public folder. You can configure aliases per domain in Accounts > Aliases. For more information refer to Creating aliases in Kerio Connect.
In the example scenario, Kerio Connect sorts specific incoming email to designated public folders.
- The public folders administrator creates the public email folders.
- The administrator creates aliases and delivers them to the corresponding public folder.
- Users access public folders in Kerio Connect Client and other email applications.
Resources are calendars that represent shared items in an organization, such as a conference room or a projector. People can reserve resources by inviting them to an event. Administrators configure resources per domain in Accounts > Resources. For more information refer to Configuring resources in Kerio Connect.
In the example scenario, users can schedule meeting rooms.
- The administrator adds the meeting room resources.
- Users can view the availability of each resource when scheduling events.
- The email address of each resource appears in a public contact folder called resources.
Creating mailing lists
Mailing lists in Kerio Connect route a single address to multiple recipients. General usage and capabilities of mailing lists include:
- Subscription - People can send an email to a specially formatted address to opt in (subscribe) or opt out (unsubscribe) from the list.
- Posting - Approved people can send an email (post) to the list. Administrators can define additional settings that change the reply address or append a notice to posts.
- Moderation - Privileged people (moderators) can approve subscription and posting requests.
Administrators configure mailing lists per domain in Accounts > Mailing Lists. For more information refer to Creating aliases in Kerio Connect.
In the example scenario, users send group emails to a specific address belonging to a moderated mailing list. The administrator creates a list with the following posting policy:
- Only members and moderators can post to the list.
- Kerio Connect replaces the sender’s address with the list address so that replies go to the list.
- Kerio Connect prepends [marketing-team] to the subject so that people can identify posts.
Securing Kerio Connect
Kerio Connect includes many security features to protect against:
- Unauthorized access
- Harmful attachments
- Identity spoofing
- Tampering of content
Protecting against misconduct
Users may intentionally or unwittingly misuse the mail system by sending large or bulk email. This behavior can result in slow, delayed, or no processing of email. Administrators can avoid mail abuse by enabling restrictions for the SMTP server in Configuration > SMTP Server. For more information refer to Configuring the SMTP server.
Protecting against unauthorized access
In many environments, a firewall protects the Kerio Connect server by enabling external access to a restricted set of services. In the example scenario, there is a firewall with a static IP address that routes secure protocols to Kerio Connect. For more information refer to Securing Kerio Connect.
As an externally facing server, Kerio Connect is open to password guessing attacks. To reduce the possibility of an attacker compromising an account, the administrator can enable the following features:
- Password complexity to enforce strong passwords.
- Login guessing protection to identify password guessing attempts and temporarily block the offending host.
Protecting against harmful attachments
If properly licensed, Kerio Connect can identify and remove viruses from all incoming and outgoing messages. In the example scenario, Kerio Connect scans messages for viruses.
- The anti-virus engine checks for updates hourly.
- Kerio Connect discards virus attachments.
- Kerio Connect appends a warning to the user if it cannot scan an attachment.
Protecting against identity spoofing
To improve the reliability and authenticity of your email, Kerio Connect can sign messages using DomainKeys Identified Mail (DKIM). The administrator enables DKIM in the properties of a domain, and adds a DNS record with the public key. For more information refer to Authenticating messages with DKIM.
Users can validate their identity using email certificates as part of Secure MIME in Kerio Connect Client. For more information refer to Digitally signing messages in Kerio Connect Client.
Kerio Connect can require authentication for any message sent from a local mailbox. This prevents spammers from spoofing addresses of trusted local recipients. For more information refer to Configuring anti-spoofing in Kerio Connect.
Protecting against email tampering
Users can protect their data by securely connecting to their mailbox. Kerio Connect creates a self-signed certificate to enable access to secure communication without any prior configuration. To improve security and user experience, the administrator can install a signed SSL certificate in Configuration>SSL Certificates. For more information refer to Configuring SSL certificates in Kerio Connect.
For additional security, users can encrypt messages using Secure MIME (S/MIME) in Kerio Connect Client. For more information refer to Encrypting messages in Kerio Connect Client.
In the example scenario, Kerio Connect secures connections with a signed SSL certificate.
- The administrator generates a new certificate request.
- A Certificate Authority (CA) validates and signs the certificate request.
- The administrator imports the signed SSL certificate.
- Users securely connect to the server (e.g.,
Configuring spam control
Unsolicited email (spam) is annoying and distracting to everyone. Kerio Connect provides several features to identify and block spam senders and spam content. The default configuration enables SpamAssassin for content based spam filtering, and Kerio Anti-spam as an optionally licensed feature. . Administrators can enable additional controls to reject blacklisted IP addresses or untrusted senders in Configuration > Content Filter > Spam Filter. For more information refer to Configuring spam control in Kerio Connect.
In the example scenario, Kerio Connect scans messages for spam using Kerio Anti-spam.
- The administrator enables Kerio Anti-spam service powered by Bitdefender
- The contribution by Kerio Anti-spam to the spam rating is Normal
- The administrator allows the usage of signatures and metadata to enhance the online scanning service
Backups allow the administrator to save a copy of the entire server configuration and user data. In case of a hardware failure or server upgrade, the administrator can restore the mail system from a backup. The administrator can enable backup in Configuration > Archiving and Backup > Backup. The administrator can recover data by executing a command line utility. See Configuring backup in Kerio Connect and Data recovery in Kerio Connect for details.
In the example scenario, Kerio Connect performs nightly backup of all data and configuration.
- The administrator enables backup and specifies a target directory.
- The administrator assigns the default backup schedule.
- The administrator assigns an email address to receive notifications regarding the backup process.
Accessing email from a mobile device
Kerio Connect supports mailbox synchronization with a variety of mobile platforms. This enables people to wirelessly manage their email, tasks, schedules, and contacts at any time and anywhere.
In the example scenario, users access their mailbox from mobile devices using Exchange ActiveSync.
- Users add an Exchange ActiveSync account on their device. For more information refer to Mobile Devices.
- Users choose folders to synchronize. For more information refer to Synchronizing folders with mobile devices.
- The administrator manages mobile devices. For more information refer to Managing user mobile devices.
Accessing email from a web browser
Kerio Connect supports mailbox access from a variety of web browsers. This enables people to manage their mailbox without any software other than a web browser. Users can login to their account from any computer and their settings and preferences remain the same. For more information refer to Kerio Connect Client.
In the example scenario, users access their mailbox from a web browser by going to the address of their Kerio Connect server and logging in with their account. For more information refer to Accessing Kerio Connect.
Accessing email from the desktop
Kerio Connect supports mailbox access from a variety of desktop applications. This enables people to manage their mailbox using Kerio Connect Client, Microsoft Outlook, or the built-in applications available in the Mac operating system. To simplify the account setup, users can launch the Kerio Connect Account Assistant.
In the example scenario, users access their mailbox from Kerio Connect Client for Windows and Mac, Microsoft Outlook, and Mac applications.
- Users login to Kerio Connect Client and go to the integration page.
- Windows and Mac users download and install Kerio Connect Client desktop application.
- Microsoft Outlook for Windows users configure ActiveSync accounts, or install Kerio Outlook Connector.
Configuring instant messaging
Kerio Connect supports the Extensible Messaging and Presence Protocol (XMPP) for use with Jabber based messaging applications. These applications work in combination with Kerio Connect Client chat. Users can choose either method to engage in real-time communication and to obtain the online status of other users on the system.
In the example scenario, users communicate by instant messaging and Kerio Connect Client chat..
- Windows users install and configure an XMPP account in the Pidgin application.
- Mac OS users configure Apple Messages by launching the Kerio Connect Account Assistant. For more information refer to Configuring clients for instant messaging.
- Windows and Mac users send chat messages using Kerio Connect Client.
- The administrator configures DNS records for instant messaging to support automatic account configuration.
Kerio Connect supports user and data migration from Microsoft Exchange or other IMAP services. This minimizes the interruption to users when migrating from a different email platform to Kerio Connect. See Kerio Exchange Migration Tool and Kerio IMAP Migration Tool for details.
In the example scenario, Kerio Connect migrates data from another IMAP server. The administrator performs the following steps:
- Downloads and installs the Kerio IMAP migration tool
- Runs the migration tool
- Imports a comma separated file with all users and passwords
- Confirms the data migration