Overview of Kerio Connect
Kerio Connect is an email and instant messaging server that features multiple deployment options, Microsoft Outlook integration, web based email access, and mobile device access.
This topic provides a general overview on how Kerio Connect and its primary features are set up. Kerio Connect is also available as a hosted service. Refer to the Kerio website for details.
The following aspects are covered in this overview:
- Kerio Connect is available as a 64-bit Debian virtual appliance for VMware, or as a software application for current versions of Microsoft Windows, Mac OS X, and Linux.
- The product features and functionality are nearly identical across all versions.
- You can download Kerio Connect from the Kerio website. For instructions on Kerio Connect installation, see Installing Kerio Connect.
- Make sure your hardware and operating system meet the system requirements.
- After installation, the software automatically checks for updates. The web administration notifies you when an update is ready. For more information refer to Upgrading to the latest version.
- As an example scenario, for residing Kerio Connect on a dedicated server inside a local network. You need to:
- Prepare a server on the local network.
- Download and install Kerio Connect for the appropriate operating system.
- Perform the installation.
- After installation, the administrator performs the initial configuration from a web browser using the name or IP addressAn identifier assigned to devices connected to a TCP/IP network. of the Kerio Connect server.
- The initial configuration defines the email domain name, an account for administration, the directory that stores all email data, and the software license. For more information refer to Performing initial configuration in Kerio Connect.
- As an example scenario, when you want Kerio Connect license to support Antivirus and Exchange ActiveSyncA protocol that synchronizes data with computers and mobile devices.. You should:
- Obtain a Kerio Connect license with both extensions.
- During the initial configuration, register the license. For more information refer to Registering Kerio Connect.
- Public folders allow multiple users to share the same content, including calendars, contacts, tasks, notes, and email.
- By default, users have read-only access to public folders.
- If you need to allow some users to modify public folders, you can designate any user as a public folders administrator in Accounts > Users. For more information refer to Public folders in Kerio Connect.
- You can access and manage public folders from Microsoft Outlook, Apple Contacts and Calendar, and the Kerio Connect Client.
- Domains in Kerio Connect allow incoming email to route to local mailboxes. They also apply a variety of user policies and settings such as:
- Password complexity
- Mailbox retention
- Email footers
- Authentication to directory services
- You can manage domains in Kerio Connect administration in Configuration > Domains. See Domains in Kerio Connect and Creating domains in Kerio Connect for details.
- Kerio Connect can manage users and groups in Active Directory or Open Directory. A
- dministrators implementing a directory service do not need to separately manage users in Kerio Connect.
- Kerio Connect authenticates users to a directory server via KerberosAn authentication protocol for client/server applications. and publishes user contact information to the public contacts folder, also known as the global address list (GAL).
- As an example scenario, for users to authenticate against a local domain controllerA server that runs the authentication process in Microsoft Active Directory.. You should:
- Install the Kerio Active Directory Extension on the domain controller.
- Join the Kerio Connect server operating system to the local domain.
- Configure Kerio Connect to map users from the directory server.
- User accounts in Kerio Connect allow people to login to access their mailbox. Administrators can manage various user rights and settings such as:
- Public or Archive folders administration
- Access policies for email services
- Mailbox quotas
- Email addresses (i.e., aliases)
- Contact information and photo
- You can manage users in Accounts > Users. For more information refer to Creating user accounts in Kerio Connect.
- Aliases are custom email addresses that deliver email to one or more mailboxes. They can also route email to an external address or to a designated public folder. You can configure aliases per domain in Accounts > Aliases. For more information refer to Creating aliases in Kerio Connect.
- As an example scenario, for Kerio Connect to sort specific incoming email to designated public folders. You should:
- Create the public email folders.
- Create aliases and deliver them to the corresponding public folder.
- Users can access public folders in Kerio Connect Client and other email applications.
- Resources are calendars that represent shared items in an organization, such as a conference room or a projector.
- People can reserve resources by inviting them to an event.
- Administrators configure resources per domain in Accounts > Resources. For more information refer to Configuring resources in Kerio Connect.
- As an example scenario, for users to schedule meeting rooms. You should:
- Add the meeting room resources.
- Users can view the availability of each resource when scheduling events.
- The email address of each resource appears in a public contact folder called resources.
- Mailing lists in Kerio Connect route a single address to multiple recipients. General usage and capabilities of mailing lists include:
- Subscription - People can send an email to a specially formatted address to opt in (subscribe) or opt out (unsubscribe) from the list.
- Posting - Approved people can send an email (post) to the list. Administrators can define additional settings that change the reply address or append a notice to posts.
- Moderation - Privileged people (moderators) can approve subscription and posting requests.
- Administrators configure mailing lists per domain in Accounts > Mailing Lists. For more information refer to Creating aliases in Kerio Connect.
- As an example scenario, for users to send group emails to a specific address belonging to a moderated mailing list. The administrator creates a list with the following posting policy:
- Only members and moderators can post to the list.
- Kerio Connect replaces the sender’s address with the list address so that replies go to the list.
- Kerio Connect prepends [marketing-team] to the subject so that people can identify posts.
- Kerio Connect includes many security features to protect against:
- Unauthorized access
- Harmful attachments
- Identity spoofing
- Tampering of content
- Protecting against misconduct
Users may intentionally or unwittingly misuse the mail system by sending large or bulk email. This behavior can result in slow, delayed, or no processing of email. Administrators can avoid mail abuse by enabling restrictions for the SMTPSimple Mail Transport Protocol - An internet standard used for email transmission across IP networks. server in Configuration > SMTP Server. For more information refer to Configuring the SMTP server.
- Protecting against unauthorized access
In many environments, a firewall protects the Kerio Connect server by enabling external access to a restricted set of services. In the example scenario, there is a firewall with a static IP address that routes secure protocols to Kerio Connect. For more information refer to Securing Kerio Connect.
As an externally facing server, Kerio Connect is open to password guessing attacks. To reduce the possibility of an attacker compromising an account, the administrator can enable the following features:
- Password complexity to enforce strong passwords.
- Login guessing protection to identify password guessing attempts and temporarily block the offending host.
- Protecting against harmful attachments
If properly licensed, Kerio Connect can identify and remove viruses from all incoming and outgoing messages. In the example scenario, Kerio Connect scans messages for viruses.
- The anti-virus engine checks for updates hourly.
- Kerio Connect discards virus attachments.
- Kerio Connect appends a warning to the user if it cannot scan an attachment.
- Protecting against identity spoofing
To improve the reliability and authenticity of your email, Kerio Connect can sign messages using DomainKeys Identified Mail (DKIMDomainKeys Identified Mail - An authentication method that signs outgoing messages from Kerio Connect with a special signature for identification.). The administrator enables DKIM in the properties of a domain, and adds a DNSDomain Name System - Enables the translation of hostnames to IP addresses and provides other domain related information. record with the public key. For more information refer to Authenticating messages with DKIM.
Users can validate their identity using email certificates as part of Secure MIME in Kerio Connect Client. For more information refer to Digitally signing messages in Kerio Connect Client.
Kerio Connect can require authentication for any message sent from a local mailbox. This prevents spammers from spoofing addresses of trusted local recipients. For more information refer to Configuring anti-spoofing in Kerio Connect.
- Protecting against email tampering
Users can protect their data by securely connecting to their mailbox. Kerio Connect creates a self-signed certificate to enable access to secure communication without any prior configuration. To improve security and user experience, the administrator can install a signed SSL certificateSSL certificates are used to authenticate an identity on a server. in Configuration>SSLSecure Sockets Layer - A protocol that ensures integral and secure communication between networks. Certificates. For more information refer to Configuring SSL certificates in Kerio Connect.
For additional security, users can encrypt messages using Secure MIME (S/MIMESecure/Multipurpose Internet Mail Extensions - Email protocol based on SMTP used to digitally sign and encrypt messages.) in Kerio Connect Client. For more information refer to Encrypting messages in Kerio Connect Client.
- As an example scenario, for Kerio Connect to secure connections with a signed SSL certificate. You need to:
- Generate a new certificate request. A Certificate Authority (CA) validates and signs the certificate request.
- Import the signed SSL certificate.
- Once imported, users can securely connect to the server (e.g.,
- Unsolicited email (spam) is annoying and distracting to everyone. Kerio Connect provides several features to identify and block spam senders and spam content.
- The default configuration enables SpamAssassin for content based spam filtering, and Kerio Anti-spam as an optionally licensed feature.
- Administrators can enable additional controls to reject blacklisted IP addresses or untrusted senders in Configuration > Content Filter > Spam Filter. For more information refer to Configuring spam control in Kerio Connect.
- As an example scenario, for Kerio Connect to scan messages for spam using Kerio Anti-spam. You need to:
- Enable Kerio Anti-spam service powered by Bitdefender.
- The contribution by Kerio Anti-spam to the spam rating is Normal
- Allow the usage of signatures and metadata to enhance the online scanning service
- Backups allow the administrator to save a copy of the entire server configuration and user data.
- In case of a hardware failure or server upgrade, the administrator can restore the mail system from a backup.
- The administrator can enable backup in Configuration > Archiving and Backup > Backup.
- The administrator can recover data by executing a command line utility. See Configuring backup in Kerio Connect and Data recovery in Kerio Connect for details.
- As an example scenario, for Kerio Connect to perform nightly backup of all data and configuration. You need to:
- Enable backup and specifies a target directory.
- Assign the default backup schedule.
- Assign an email address to receive notifications regarding the backup process.
- Kerio Connect supports mailbox synchronization with a variety of mobile platforms. This enables people to wirelessly manage their email, tasks, schedules, and contacts at any time and anywhere.
- As an example scenario, for users to access their mailbox from mobile devices using Exchange ActiveSync.
- Ask users to add an Exchange ActiveSync account on their device. For more information refer to Mobile Devices.
- Ask users to choose folders to synchronize. For more information refer to Synchronizing folders with mobile devices.
- As an administrator you can manage mobile devices. For more information refer to Managing user mobile devices.
- Kerio Connect supports mailbox access from a variety of web browsers. This enables people to manage their mailbox without any software other than a web browser.
- Users can login to their account from any computer and their settings and preferences remain the same. For more information refer to Kerio Connect Client.
- Users can access their mailbox from a web browser using the address of their Kerio Connect server and logging in with their account. For more information refer to Accessing Kerio Connect.
- Kerio Connect supports mailbox access from a variety of desktop applications. This enables people to manage their mailbox using Kerio Connect Client, Microsoft Outlook, or the built-in applications available in the Mac operating system.
- To simplify the account setup, users can launch the Kerio Connect Account Assistant.
- As an example scenario, for accessing the mailbox from Kerio Connect Client for Windows and Mac, Microsoft Outlook, and Mac applications.
- Log in to Kerio Connect Client and go to the integration page.
- Windows and Mac users can download and install Kerio Connect Client desktop application.
- Microsoft Outlook for Windows users can configure ActiveSync accounts, or install Kerio Outlook Connector.
- Kerio Connect supports the Extensible Messaging and Presence Protocol (XMPPExtensible Messaging and Presence Protocol is a protocol used for real-time communication (chat).) for use with Jabber based messaging applications.
- These applications work in combination with Kerio Connect Client chat.
- Users can choose either method to engage in real-time communication and to obtain the online status of other users on the system.
- As an example scenario, for users to communicate by instant messaging and Kerio Connect Client chat.
- Windows users should install and configure an XMPP account in the Pidgin application.
- Mac OS users should configure Apple Messages by launching the Kerio Connect Account Assistant. For more information refer to Configuring clients for instant messaging.
- Windows and Mac users can use Kerio Connect Client to send chat messages.
- The administrator can configure DNS records for instant messaging to support automatic account configuration.
- Kerio Connect supports user and data migration from Microsoft Exchange or other IMAPInternet Message Access Protocol - One of the two most commonly used Internet standard protocols for e-mail retrieval, the other being POP3. services.
- This minimizes the interruption to users when migrating from a different email platform to Kerio Connect. See Kerio Exchange Migration Tool and Kerio IMAP Migration Tool for details.
- As an example scenario, when you want Kerio Connect to migrate data from another IMAP server. The administrator should perform the following steps:
- Download and install the Kerio IMAP migration tool
- Run the migration tool
- Import a comma separated file with all users and passwords
- Confirm the data migration