Documentation for Kerio MailServer

Domains

Kerio MailServer can serve several independent mail domains. Each domain can contain any number of aliases (i.e. equivalent domains). Equivalent domains are domains where all user accounts are equal and messages are physically stored in one mailbox.

This concept will be better illustrated by the following example:

The mailserver serves two domains belonging to two different companies. The first company uses the domains ourcompany.com and ourproduct.com, whereas the second company only uses the domain anothercompany.com. It is obvious that the addresses info@ourcompany.com and info@ourproduct.com, for example, are equivalent (delivery to the same addressee), whereas mail for info@anothercompany.com is to be delivered to a different mailbox. This implies that while the domain ourproduct.com can be defined as an alias of ourcompany.com, the domain othercompany.com must be independent of the other two.

In this case user accounts are defined in each domain separately. Therefore, domains must be defined before any user accounts are created. In Kerio MailServer one domain is always set as primary. Primary domain can be substituted for any other domain created in Kerio MailServer. Usually, the primary domain is the first one created. Once a domain has been set as primary, it cannot be changed (unless you delete all domains). Users log into the primary domain with their usernames only, whereas they have to log into all other domains using their full email addresses. This is again best shown on an example:

The domain ourcompany.com has been set as the primary domain. The domain anothercompany.com also exists. A user is defined in both domains with the name user. The user will log into the domain ourcompany.com with the name user, whereas for the second domain the user will have to use user@anothercompany.com as a username.

Note:Users in the primary domain can also authenticate to the server using their complete email address.

Definition of Domains

Domains are defined in the Configuration Domains section.

In the Internet hostname field, enter the Internet name of the computer where Kerio MailServer is installed (typically, this would be the name of the computer with the appended primary domain name this way the server name is automatically generated by the configuration wizard). Server names are used for server identification during SMTP traffic.

Click Advanced to set location of public folders:

• Unique for each domain each domain contains its own public folders. This configuration does not allow any user for accessing a folder of another domain.

• Global for all domains users of all domains share the same public folders.

Use the Set as primary button to change domain type (the same may be performed using the context menu). Any domain ordered as the first one is always primary [Local (primary)]. Other domains can be set either as Local (primary) or as Local.

Note:Any new domain you add can be set as Local (primary), even when another domain already has this status. By taking this step, however, the new domain becomes primary and the former primary domain becomes local only.

Create a new domain by clicking on the Add button.

Basic domain parameters the General bookmark:

Domain

The name of the new domain

Description

A notation about the domain created (for the administrator only).

Equal domains the Aliases bookmark

In this dialog, domains equal to the current domain (aliases) can be defined. Email addresses within these domains are identical (email is delivered to the same user accounts). The purpose of this option is to allow users to be part of multiple domains.

Warning:If this is not only a local alias (fictional domain), appropriate DNS records must be defined for individual domains. Simple domain definition as of another domain's alias will not create the domain in the Internet.

Footers

Use this tab to add a footer to each message sent from this domain (footer will be added to each message where the address of the sender includes the domain).

Forwarding

Using the Forwarding tab parameters you can forward messages to another SMTP server automatically.

If the recipient was not found...

Messages will be forwarded to another SMTP server if a recipient is not found in the domain. Messages are forwarded only if the recipient's address is not an address of any user, group or alias included in this domain. If there is no user, group or alias defined in this domain, all messages will be forwarded (this function is equal to the Forward feature in versions former to Kerio MailServer 5.5).

Forward to server

DNS name or IP address of SMTP server to which all email messages for this domain will be forwarded.

Port

SMTP server port. The Default button sets the standard 25 port.

The forward host is Offline...

Under normal circumstances, Kerio MailServer sends email for the Forward domain to the specified SMTP server immediately. If the server has a dial-up connection to the Internet, then this may cause very often dialing and hanging up of the line (and high costs for the connection). Enabling this option will allow email for the Forward domains to be queued and delivered at scheduled times only (see chapter Scheduling).

Queue until triggered by ETRN

Kerio MailServer does not send email for this domain to the specified SMTP server until it receives an ETRN command from that server. This way Kerio MailServer can be used as a secondary server for a domain whose primary SMTP server is not permanently connected to the Internet.

If the domain...

Here you can define whether messages that contain one of domain's aliases in the recipient's address will be forwarded or not. This option disables loops in case that the particular recipient cannot be found at any server operating with this domain.

Directory Service

Kerio MailServer can also work with accounts or groups that are managed through an LDAP database (currently, Microsoft Active Directory and Apple OpenDirectory database a database for Apple Macintosh are supported). LDAP provides the benefit of keeping all user accounts in one location. This minimizes the administration requirements and probability of error generation.

Example: A company uses a Windows 2000 domain with Active Directory as well as Kerio MailServer. There is a new employee that needs a new account. Here is how to create it:

1. Create a new user account in Active Directory.

2. Import the user into Kerio MailServer (or create an account with an identical name and select authentication by Kerberos).

If LDAP database is used, only the step 1 would be followed.

To enable Kerio MailServer to cooperate fully with Active Directory (to enable the database to store all data about user accounts see chapter User Accounts), install Kerio Active Directory Extensions. For details see the chapter Kerio Active Directory Extensions.

Note:Kerio MailServer allows internally managed user accounts (stored in LDAP database) to be added within the same email domain as Active Directory users. This can be helpful when creating an administrator account that will be available even when the directory server cannot be accessed.

In LDAP database dialog, LDAP parameters can be defined.

Active Directory

Map user accounts and groups...

Use this option to enable cooperation with the LDAP database (if this option is inactive, only local accounts can be created in the domain).

Type

Type of LDAP database that will be used by this domain (Active Directory).

Hostname

DNS name or IP address of the server where the LDAP database is running

Username

Name of the user that has read rights for the LDAP database in the following form: xxxxx@company.com.

Password

Password of the user that have read rights for the LDAP database.

Active Directory Domain Name

If the domain name differs from the name defined in Active Directory, match this option and insert a corresponding name into the Active Directory Domain Name textfield.

Apple Open Directory

Map user accounts and groups...

Use this option to activate cooperation with the LDAP database (if this option is inactive, only local accounts can be created in the domain).

Type

Type of LDAP database that will be used by this domain (Apple Open Directory).

Hostname

DNS name or IP address of the server where the LDAP database is running

Username

Name of the user that has read rights for the LDAP database). To connect to the Apple OpenDirectory database insert an appropriate username in the following form: uid=xxx,cn=xxx,dc=xxx uid username that you use to connect to the system. cn name of the users container (typically the users file). dc names of the domain and of all its subdomains (i.e. mail.company.com dc=mail,dc=company,dc=com)

Password

Password of the user that have read rights for the LDAP database.

LDAP search suffix

If the Apple OpenDirectory option is selected in the Directory service type entry, insert a suffix in the following form: dc=subdomain,dc=domain.

Note:Cooperation with the LDAP database that has been described above has nothing to do with the built-in LDAP server. The built-in LDAP server is used to access contact lists (for details refer to the chapter LDAP server).

User Authentication

In the Authentication tab you can set parameters for user authentication in the created domain:

Linux PAM

In the Kerio Administration Console, this option is available only in installations for Linux. PAM (Pluggable Authentication Modules) are authentication modules that are able to authenticate the user from a specific domain (e.g. company.com) against the Linux server on which Kerio MailServer is running. Use this option to specify the name of the PAM service (configuration file) used for authentication of users in this domain. We recommend to use the keriomail PAM service configuration file that ships with Kerio MailServer installation. Details about PAM service configuration can be found in the documentation to your Linux distribution.

Kerberos 5

Name of the Kerberos 5 realm (domain) where the users will be authenticated. If Windows 2000 or Windows 2003 domain (Active Directory) is used for authentication, the name of the domain must be specified (e.g. company.com). Note:If user accounts are saved in Microsoft Active Directory (see LDAP Database Use), Active Directory name must be used for specification of this entry. If you use the LDAP database tab for Active Directory definition, this entry will be specified automatically.

Windows NT domain

The NT domain in which all users will be authenticated. The computer on which Kerio MailServer is installed must be added to this domain.

Bind this domain to specific IP address

Here you can enter IP address of the Kerio MailServer host's interface. Then, whenever a client uses this interface to connect to Kerio MailServer, they can log in using only their usernames without domain specification. Example: Kerio MailServer host uses two interfaces. 192.168.1.10 is deployed to the network of the company called Company and 192.168.2.10 is deployed to the network of AnotherCompany. A new user account called smith is added to the anothercompany.com domain (this domain is not primary). The anothercompany.com is bound to the IP address 192.168.2.10. Users of this domain will not need to specify their domain name while connecting to Kerio MailServer. Note:On the other hand, primary domain users have to specify their complete email addresses to connect to this interface.

Note:When creating a user account you can choose how the given user will be authenticated (see chapter User Accounts). Different users can be authenticated using different methods in a single email domain.

Deleting of domains

You can delete the domain using the Delete button. A domain cannot be deleted if:

• user accounts have been already defined within the domain. All accounts must be deleted first (see chapter User Accounts).

• it is the primary domain. However, you can create another domain and define it as primary. Then, the former domain can be deleted.