Kerio MailServer settings

Now we will use a practical example to briefly introduce the setting of Kerio MailServer and the application of POP3DOWNLOA D. These are For Windows. Linux fans should stop.
For non-small mail systems, Kerio MailServer is not a good choice. Use EXchange or Sendmail. If you do not want to maintain the email system for less than 100 or 200 people, you can consider Kerio MailServer.
In reality, some users will encounter this situation. The company uses fixed IP Broadband and officially registered domain names to access the Internet and publish mail services, while the Division uses dynamic IP addresses such as ADSL to access the Internet and send and receive mails, in this way, when the Division personnel use the head office mail server to send and receive mails, if the mail capacity is large or large, ADSL is difficult to meet the requirements, and mail blocking often occurs, I have encountered many situations where sending and receiving are difficult or even unable to send and receive data. If EXchange is used to establish a mail server in a branch and use SMTP connector to transfer mail, the requirements are relatively high. If you spend more money, you can pull a leased line between the company office and the branch office. If you want to spend less money, you can apply for a peanut shell and establish a VPN with the company office. The leased line is very expensive and the peanut shell is not very stable (can the dynamic IP address be stable ?), EXchange lacks the POP3DOWLOAD function. It is difficult to solve this problem easily. Now let's start with installing Kerio MailServer to solve this problem. I will briefly explain every function in it, hoping to help you. The following red text indicates the change and key points.
I am using the 6.0 series. Assume that the MAIL server has been installed in the company and the MAIL service is normal. We do not care about the MAIL system used. Assume that the IP address is 222.222.222.222 and the domain name is MAIL. COM. CN, the Division has C and D Two users, in the company mail server has [email] C@MAIL.COM.CN [/email] and [email] D@MAIL.COM.CN [/email] two mailboxes, we will not discuss the mail publishing method of the branch, but what method is your own business.
First install MailServer and set the administrator password. When selecting a domain name, change the default Local value to MAIL. COM. CN until the installation is complete. Start the email service. Click Start> program> Kerio> Administration Console, enter the password set during installation, and enter the mail server management interface.
I. Configuration
1. Services
You can modify the provided services as needed. For POP3 clients, keep SMTP, Secure SMTP, POP3, and Secure POP3. I disabled the NNTP and Secure NNTP services and set them to Manual (Manual. You have made any changes to any menu. When you select another menu, the system will ask you if you want to save the changes. Choose Yes, No or Cancel.
2. Domains
Here is the domain settings. Here we can see that there is already a domain set during installation: MAIL. COM. CN. Select it and click the Edit button to go to the modification interface for this domain.
A, General
Description where you can add comments. After you select Limit outgoing message size to, you can Limit the maximum number of emails sent through this domain. After you enter the value, you can select kb, MB, and GB. After selecting Allow deleted items Reems, you can define how many days the deleted mails in this domain will be stored on the server. When you want to restore the accidentally deleted email, you can access the MailServer mailbox like OWA. You can find and restore the email in the deleted email folder, of course, the precondition is that you have not disabled its HTTP and Secure HTTP Services. We recommend that you use https to log on. You will find that the OWA method is more concise and efficient than OWA, And you can set different user access permissions for each folder, which is very convenient for mail classification and sharing. The disadvantage is that there is a problem with Chinese support, and some are garbled characters. The simplest option is to limit the maximum number of users that the domain can accommodate.
B. Aliases
Set the alias for this domain. If you have applied for a peanut shell, you can add the peanut shell domain name as an alias here, in addition to using the POP3DOWNLOAD method, you can also use the mail forwarding method, in addition, you can send emails directly to the mailbox of your peanut shell domain name. I will not talk about it here.
C. Footers
Set the footer. The content entered in the text box below will be appended to the final body of all emails sent through this domain, such as enterprise declaration. However, if there is a BUG, it cannot be used normally! Please do not use it for the time being. It will not be added, but sometimes cause the mail to be unable to be sent! I wonder if the next version can be corrected .....
D. Forwarding
Resend. This function is very important to me, otherwise branch users cannot send emails to the company users! Check if recipient was not found in this domain, forward the message to another host, and enter 222.222.222.222 (Headquarters IP address) after forward to:. the default port is 25, your email server is not like Transformers. Don't change it. The following two boxes do not need to be checked, unless the mail server of your company regularly switches off the server every day and is not online for a long time (What are you doing as an email server ?), Select the first one, and then add different sending and receiving tasks according to the time when your server switches on or off. The following is if the domain in recipient's address is one of this domain's aliases. if you select forward this message, the sub-account sends emails to each other through the mail server of the company, when don't forward such messages is selected, the sub-account sends emails to each other directly on the local MailServer and does not send the emails to the Headquarters server. Of course, I do not need to increase the boring network traffic, so select the second option (this option is also used by default ).
E. Directory Service
Set the directory service. MailServer can connect to standard directory servers. This field is widely used. Unfortunately, I have no conditions for testing, So I skipped this item. You are welcome to discuss this opportunity.
F. Advanced
It mainly sets some additional settings for identity authentication. If you are not familiar with the verification, do not modify them. This is nothing to introduce.
G. WebMail Logo
Set the image in the upper left corner of the mailbox interface when you access your mailbox through a webpage. It is convenient for those who like to be different. Any image you want to use can be scaled to x 40 no matter how large the image is. I wrote a few words by myself to the effect that alone-rain is a pretty girl ,. Welcome to piracy
3. SMTP Server
A critical setting. I believe everyone knows what SMTP is. It is strange to send emails if it is not good.
A. Relay Control
Here is the relay settings. Allow relay only for: it is the default option. If the first Users from IP address group is selected, you can add a trusted IP range. The IP within the trusted range can use MailServer to relay unconditionally. Second, users authenticated through SMTP for outgoing mail is selected by default, that is, users who have passed SMTP protocol user name and password verification can relay. Compared with Exchange, this is much simpler. In addition to relay, Exchange can also set the submission permission, and you can disable the power submitted by a user, in this way, the specified user cannot send an email to the local email domain (this is especially useful when the private letter is used), but it is not used by ordinary people. Item 3: users previusly authenticated through POP3 from the same IP address is used to replace SMTP authentication with POP3 authentication, after the check box is selected, you can connect to the MailServer relay email within the specified time in the box below after passing POP3 verification. This option has no value in use. Another major item is Open relay, which is well-known. If you want to study spam or spam, You must select it!
B. Security Options
Some common protection options. Max. number of messages per hour from one IP address: specifies the number of mails that can be delivered by the same IP address to the local device per hour, regardless of the relay or submission. Select an appropriate value to avoid receiving a large amount of spam. I chose 500. Max. number of concurrent SMTP connections from one IP address: specifies the number of concurrent SMTP connections that can be established between the same IP address and MailServer. This does not need to be too many. I set it to 200, I think it's already that big. Max. number of unknown recipients: a very useful design !! It is good for preventing spam! In an SMTP session, if the number of valid users that the recipient wants to deliver exceeds the set value, the SMTP session will be closed directly. Many spam mails are sent in a group. Generally, a large number of recipients are sent to an email. This type of spam is not included in the selection! I set 3, right? Block if sender's mail domain was not found in DNS, this is almost the basic setting to prevent spam. After selection, the validity of the sender will be checked, if the email domain declared by the sender does not match the DNS resolution of the source IP address, it will be blocked, so that the fake email address will not be able to send emails. However, if a normal mail is retransmitted by another mail server (for example, some SMTP connectors), it will not be received. However, this is a non-standard case and you do not need to consider it. Max. number of recipients in a message: the maximum number of recipients allowed for a letter. If necessary, you can set it yourself. I have not set it. Max. number of failed commands in SMTP session: specifies the maximum number of error commands allowed during an SMTP session. SMTP sessions sometimes cause errors for some reasons, whether it is spam attempts or network instability. If the number of errors is not limited, many invalid SMTP sessions may waste resources, if the selected incorrect command exceeds the set value, the session will be closed directly. Please set it with caution. A low value may cause connection problems. Maybe you can see some inexplicable connection failures, loss, and other records in the queue because you set a low value here. Limit maximum incoming SMTP message size to: limits the maximum size of a single email sent from the outside world. After selection, a single email sent beyond the specified size will not be received. I don't know the following, so I don't care about it. If you know it, let me talk about it.
C. SMTP Delivery
SMTP delivery method. This item is very important to me! The default value is Deliver directly using dns mx records. MailServer directly connects to the recipient's mail server to Deliver mail based on the recipient's MX record, which is the mail sending method of the common mail server, but I cannot default it like this! I am trying to solve the problem of sending and receiving mails by the Division! So I chose to Use relay SMTP Server to send emails through Relay. Then, in the following Relay server hostname: Enter 222.222.222.222 (Headquarters IP address), relay server port: The default value is 25, normally, do not change it. Continue, check Relay server requires authentication, in user: And password: enter a valid account password on the mail server of the company office (the email domain that you can send in the future is directly related to the permission settings of this user on the mail server of the company office, for example, if the EXchange server restricts the transmission of this user to the Internet or other domains, then the users of the Division cannot be sent to these domains), and then, importantly, the Authentication: changed from the default POP3 before SMTP to smtp auth Command !! Important !! Otherwise, you will not be able to send emails unless the mail server of the Head Office also supports POP3 replacement for SMTP for authentication! The last Use SSL if supported by remote SMTP server is recommended, so that if the mail server of the company supports SSL encryption, mail relay uses encryption (most of them support, if not supported, the data is automatically converted to the unencrypted mode ).
D. Queue Options
Queue options. There is nothing to say, you can choose according to the network situation. We recommend that you change Delivery retry interval to a slightly smaller value for the transfer interval, which is defined as 10 minutes. Send Warning to sender if the message is not delivered after, I selected 2 hours.
4. Content Filter
Content filtering. I may skip this part because of the time relationship. We will discuss it again when we are free.
A. Spam Filter
Spam filtering. Do not want to introduce more. Because I actually send and receive emails through the mail server of the company, filtering is done in the company. If you want to work with a peanut shell as a normal mail server, we recommend that you change the default Mark the message as spam in the Acton processing method to Silently discard the message, the tag is used by default. After the tag is changed, it is deleted directly. This is also the case for one of the following items. The Threshold value of Threshold score is equivalent to the EXchange SCL. The default value is 5. If there are more spam emails, lower the Threshold accordingly. You are advised not to change the other items unless you want to send or receive emails!
B. Antivirus
Virus protection. You can choose a built-in or plug-in Anti-Virus engine here. There is nothing to say. The general anti-virus effect is that the mail server of the company has a genuine SCANMAIL installed, so I am not very concerned about this function. Generally, you only need to select Discard the message under If a virus is found in a message, and select Reject the message as if it was virus at the bottom. If a virus exists in the email, the email will be deleted directly, and no virus body will be sent to the user's mailbox. emails that cannot be detected (most of which are incorrect or encrypted) will be rejected.
C. Attachment Filter
Filter attachments. After the Enable attachment filter is selected, if the extension of the attachment is included in the extension selected below, the attachment will be deleted (other attachments will not be affected ). This function is good. You can use wildcards such? , [], *, And other special extension checks! It is especially considerate to support the combination of multiple extensions! In this way, all the viruses disguised as common files such as doc, xls, and jpg are hidden !! Great! Strong!
5. Backup
Backup. This is not much to say. See the previous post. I just got lazy.
6. Internet Connection
Connection settings and priority settings, which are always online without dialing by default. But now we should not use a kitten to dial people, right? If you are using ADSL, you only need to set Automatic disconnection dialing. It is also best to combine it with ISA and so on. I don't need this function, so I am too lazy.
7. Scheduling
Set the schedule. We must set this function because POP3 Download will not run automatically by default! You have two options. One is to manually click the Download button (if you are not tired), and the other is timed. Of course, we need to automatically receive it at regular intervals! Let's add a new scheduled task.
Click Add to bring up a new window. Description (comment) is left blank. In the following Time condition, it is set according to Every 5 minutes. We recommend that you do not set it too small. It should take at least 2 minutes. Select Download messages from POP3 Mailboxes in the Action below, click OK, and then Apply. In this way, MailServer executes POP3 Download every five minutes.
8. POP3 Download
An important step. This means that the mail of the specified user on the mail server of the company is received. I use users C and D to describe it, but now I have not introduced how to create a User. For details about how to create a User, refer to the User section at the end of the post, if you have two users, C and D, if you don't want to, please come back and read them later. Now let's continue here.
Click Add to bring up a new dialog box. The main settings are in the General (General) option. Advanced (Advanced) is mainly about SSL encryption settings. If you are a master, you can do it yourself. I will not introduce it. In the POP3 Server: box, enter 222.222.222.222 (IP address of the mail Server of the company office), POP3 username: box, enter C (user name), Password: enter the password of user C on the mail server of the company. Sorting and Delivery (Sorting and passing) is already Deliver to address: by default, we click Select... select User C in the new window, click OK to end the selection, and then there is a Drop duplicate messages item below. If you select it, duplicate emails will be automatically deleted, you can ensure that the user will not receive repeated emails. I checked them and you can do it yourself. Click OK to complete user C settings. Similarly, add user D. After adding the user, Apply it.
9. ETRN Download
This may not be used by many people who do not have many email servers. ETRN is used when multiple email servers are restored. For example, if the master email server with MX record 10 breaks down, new emails will be automatically sent to servers with higher MX record, for example, if the value is 20, after the master Mail Server recovers, it needs to use ETRN to communicate with other mail servers. The higher MX mail server will transmit the data during the interruption to the master server, after the transfer is completed, the master server can completely restore the work. I have no money to engage in so many servers, so I will not introduce it further (in fact, I do not know anything ^. ^ ).
10. Remote Administration
Remote Management. We recommend that you cancel the check box. If you really want to use remote management, it is better to use dedicated software such as VNC.
11. SSL Certificates
SSL certificate. There is one in it by default, but it does not pass the authentication, if used, the mail will pop up a warning box. You can apply for and import a new certificate in it, but the imported certificate must be issued by a certificate authority recognized by Kerio MailServer. The specific organization can be found in the mailserver \ sslca subdirectory. We will ignore it and continue the following explanation.
12. Advanced Options
Advanced Settings. There are a lot of things to be aware of, so I will be a little more detailed. Don't bother me.
A. Miscellaneous
Miscellaneous.
Log reverse DNS records for incoming connections. If this parameter is selected, DNS reverse resolution is performed on the incoming connection and the resolution result is placed in the log. You can select to analyze the problem, especially when you want to analyze the source of spam.
Don't show program name and version in network communication for non-authenticated users. if selected, the server program name and version will not be reported to the client before the client passes verification. In a simple example, you can test it using telnet. It is recommended that you select this option to prevent bored people from exploring your email system.
Hide local IP (from address group set in SMTP Server/Relay Control) in hosted ed headers, a useful option. I will briefly introduce this and believe it will be useful to everyone. We know that when an email is relay between networks, the information of each relay will be added to the mail header. If you send the information on the Intranet, then, your intranet IP address will also be added to the mail header, so that others will know your internal IP address! When your IP address is in the trust list, it is sometimes used by others. If you select this option, kerio mailserver will replace any IP address in the trust list with 127.0.0.1, so that others do not know your IP address! However, this operation requires that your IP address be in the trust list.
Insert X-Envelope-To header to locally delivered messages, which is selected by default. This is the option that contains the transfer information in the locally transmitted mail header. If this parameter is not selected, the information will be transmitted in the mail header received by kerio mailserver.
B. Security Policy
Security level. Please check it out! To use kerio mailserver properly, you must check it here. Especially when you want to use it to export the entire Exchange user, including the import password!
Security policy. The default option is No restrictions (unrestricted). You can also use the options Require secure authentication (requiring Security verification) and Require encrypted connection (requiring encrypted transmission ). If you are very concerned about security, you can choose to require encrypted transmission, so that the entire mail transmission process is encrypted using SSL, very secure (OE, OUTLOOK support encrypted transmission ), the only drawback is that SSL has not been verified. Therefore, the first time you receive an email, a warning box appears. Click OK to continue. But I don't think there is anything here. Who cares twice when security is the first?
Enable authentication methods (allowed verification methods). The default value is all types. If you are not familiar with it, do not change it. I am not moving, because I am also a low-handed -.-!
Allow NTLM authentication for users with Kerberos authentication (for Active Directory users) (NTLM authentication is allowed), which is canceled by default. Generally, you do not need to open it. However, if you want to export all the users on an Exchange Server (I just imported all the users on the Exchange mail Server into the Kerio MailServer for backup, so that if Exchange crashes, you can use Kerio to import the Active Directory user (see the description below). Check the box here! Otherwise, you cannot log on to the imported Active Directory! [/