Securing the SMTP server

In Kerio Connect, you can configure the SMTPSimple Mail Transport Protocol - An internet standard used for email transmission across IP networks. server to protect Kerio Connect from misuse.

Anyone can connect to an unprotected SMTP server from the Internet and send email messages through Kerio Connect. For example, spammers can use your SMTP server to send out spam messages, and as a result your company could be added to spam blacklists.

NOTE

For detailed information about configuring the SMTP server, read Configuring the SMTP server.

Securing the SMTP server

In Kerio Connect, you can configure several limits for IP addresses to secure your SMTP server:

  1. In the administration interface, go to the Configuration > SMTP Server > the Security Options tab section.
  2. For a single IP addressAn identifier assigned to devices connected to a TCP/IP network. you can set the following IP address based limits:
  • Max. number of messages per hour discards any new message sent from the same IP address after reaching the set limit.
  • Max. number of concurrent SMTP connections gives protection from denial of service, or Denial of Service (DoSDenial of Service - An attack that can overload the server and makes it unavailable to users.), attacks which overload the server.
  • Max. number of unknown recipients protects Kerio Connect from directory harvest attacks, in which an application connects to your server and uses the dictionary to generate possible usernames.
  1. Enable the Do not apply these limits to IP address group option and select a group of trusted IP addresses that are not affected by the above settings.

  1. You can further protect Kerio Connect using several additional:
  • To block senders with fictional email addresses, enable Block if sender's domain was not found in DNSDomain Name System - Enables the translation of hostnames to IP addresses and provides other domain related information.
  • To block incorrectly configured DNS entries, enable Block messages if client's IP address has no reverse DNS entry (PTR)
  • To block spam messages sent to a large number of recipients, enable Max. number of recipients in a message
  • Spammers often send messages using applications that connect to SMTP servers and ignore its error reports. The Max. number of failed commands in a SMTP session option protects against these applications by closing the SMTP connection automatically after the defined number of failed commands.
  • To block messages with large attachments that can overload your server, enable Limit maximum incoming SMTP message size to.

  1. On the SMTP Delivery tab, select the Use SSLSecure Sockets Layer - A protocol that ensures integral and secure communication between networks./TLSTransport Layer Security - A follower of the SSL protocol and ensures secure communication between networks. if supported by remote SMTP server option.
  2. Click Apply.

Troubleshooting

Sometimes a legitimate message is rejected. This may happen, for example, when a sales person sends multiple messages to customers and exceeds the limits set for the SMTP server. Adjust the settings on the Security Options tab to prevent this from happening.