Kerio MailServer :: Advanced Options

» Main page
- » Support
  - » Documentation
    - » Kerio MailServer 6

Advanced Options

In the Configuration Advanced Options section you can set several advanced parameters for the mailserver.

Miscellaneous

Figure 26. Miscellaneous tab

Do reverse DNS lookup...: Convert IP addresses of remote clients and servers connecting to Kerio MailServer to DNS names (using reverse DNS requests). This makes logs more comprehensible but it can also decrease the performance of Kerio MailServer. We recommend using this option only when you really need the information.
Show program name and version...: Disable this option if you do not wish to reveal the version and name of the mailserver application for this domain.
Hide local IP in Received headers: Kerio MailServer will hide the local IP address (included in IP address group defined in Configuration Antispam protection) in the Received header. Each SMTP server that the message passes through inserts an entry into this field, specifying where the message came from, where it is going and who received it. This implies that the first record in the Received header contains the sender's email and IP addresses. If the SMTP server is placed on a private network behind a firewall, the client's private IP address is inserted. This means that outgoing email messages can carry information about a private network that would normally be hidden from the Internet. This information could make it easier for a potential hacker to attack such networks. Only switch this option on if Kerio MailServer is installed on a private network behind a firewall (even if it runs on the same machine as the firewall). There is a connection to anti-spam here so that the mailserver recognizes local IP addresses. In anti-spam protection, a group of local IP addresses is usually used to define addresses from which mail can be sent to any domain (see chapter Antispam Protection of the SMTP Server). Note: If anti-spam protection is disabled or no local IP address group is defined, this option will have no effect.
Insert X-Envelope-To header...: Defines if the X-Envelope-To entry will be inserted into the header of messages delivered locally. X-Envelope-To is the original recipient address based on the SMTP envelope.

Security Policy

Kerio MailServer allows setting of security policies, i.e. the minimum required security level. These settings can be established in the Configuration Advanced Options section.

Figure 27. Security Policy tab

The field at the top of the page allows you to choose from one of these policies:

No restrictions: Self explanatory.
Require secure authentication: Kerio MailServer will require secure authentication for each user (using one of the methods described below).
Require encrypted connection: The client will only be able to connect using an encrypted connection (the communication cannot be tapped).

Exceptions to these rules include the following:

Allow insecure authentication from...: Secure authentication will not be required from a specified IP address group.
Allow unencrypted connections from...: Encrypted connection will not be required from a specified IP address group. In the Account lockout section the following parameters can be defined: Lockout user account...; You can specify a number of failed logins from one IP address that will be allowed.
Locked account becomes unlocked...: This information defines when the account will be unlocked automatically.
Unlock all accounts now: Use this button to unlock all locked accounts.

Store Directory

TheStore Directory tab contains settings of directories for message storing (user and public folders) and backup. Information about private and public folders, logs, messages that are to be sent and files that are just being checked by antivirus are saved into the Store Directory.

Path to the store directory: Define the absolute path to the store directory (according to the operating system on which Kerio MailServer is running).
Path to the backup directory: Define the absolute path to the backup directory (according to the operating system on which Kerio MailServer is running). Click on the Edit backup link to switch to Kerio Administration Console, section Backup (the Backup tab for more information about the backup cycle, see chapter Email backup).
Path to the archive directory: Define the absolute path to the archive directory (according to the operating system on which Kerio MailServer is running). Click on the Edit archiving link to switch to Kerio Administration Console, section Archiving (the Archiving tab see chapter Email backup).
Watchdog Soft Limit: If the value specified is reached, Kerio MailServer will automatically warn users about this fact.
Watchdog Hard Limit: If this limit is reached, Kerio MailServer will be stopped automatically and an error is reported.

Figure 28. Store Directory tab

Warning 1:It is recommended to change the backup and archive directory and set a path to the removable backup disc, if available.

Warning 2:Do not set the hard limit for 0, otherwise an error message or warning will be displayed when a new mail is delivered.

Changes in the paths are effective only after restarting the MailServer Engine. If you don't change these settings immediately after the Kerio MailServer installation, you will need to first stop the Engine and then move files from the old location to the new one and then start the service again.

Master Authentication

Kerio MailServer allows for a Master Password, that can be used to access any account by IMAP and POP3 protocols, as well as migration from other servers. This password can be used for cooperation of Kerio MailServer and special applications (e.g. migration from Exchange server to Kerio MailServer) that are supposed to access many accounts. This implies that in these applications, a password will not be required for access to individual accounts you only need to use the Master Password. This special account can only be used by the Kerio VoiceMail product. If this feature is enabled, it is recommended that only a specified address group have the ability to use this feature. Note that this password is always encrypted when sent over the network.

Warning 1: The Master Password cannot be used in Kerio WebMail.

Warning 2: Since Kerio MailServer 6.0.5, the Master Password is stored in the new SHA format. For this reason, the original password will not work after server configuration is transferred to an older version and it must be changed.

Master authentication settings can be defined inConfigurations Advanced Options.

Figure 29. Master Authentication tab

Enable master authentication...: This option enables/disables Kerio MailServer master authentication. We recommend keeping this option disabled unless it is needed (e.g. by the Kerio VoiceMail application).
Allow master authentication only from IP address group: Select an IP address group where master authentication will be exclusively allowed. The group must be first defined in Configurations Definitions IP address groups (see chapter IP Address Groups). For security reasons it is not possible to allow Master authentication from any IP address. You can simply add a new IP group using the Add button.
Master Password: Define a password that will be used for access to all accounts. As few persons as possible should know this password otherwise unauthorized users might misuse it and access any private accounts within the server!
Confirm password: The password confirmation is required to eliminate typos.

HTTP Proxy

If Kerio MailServer runs on a host behind a firewall, it can be connected to the Internet via a proxy server. This feature can be useful for example for upgrade downloads or/and for searching for new versions of Kerio MailServer or antivirus application.

Figure 30. HTTP Proxy tab

Use HTTP proxy for ...: Insert HTTP proxy address and port on which the service is running.
Proxy server requires authentication: Username and password must be specified if the proxy server requires authentication.
User name: Insert your user name to connect to the particular proxy server.
Password: Correct password must be specified for a successful connection.

Update checker

This tab enables users to perform administration of Kerio MailServer version updates.

Figure 31. Update Checker tab

Check for new versions of...: Check this option to enable the automatic updates of Kerio MailServer.
Last update check performed ...: Time since the last update check. The system checks for new versions of the product every 24 hours. Click the Check now button to check for the new version. When the new version is found, the user can download it. If no new version is available, the user is notified.
Check also for beta versions: This option checks for new beta versions of Kerio MailServer. Note:If you want to participate in beta version testing, enable the Check also beta versions option. If the Kerio MailServer is used in production, the beta versions are not recommended do not enable this option.

Kerio Outlook Connector is updated automatically. In the Current version available for clients box, the current version number available will be displayed.

New versions of Kerio Outlook Connector are stored in the /store/temp directory, where Kerio MailServer is installed.

Warning:In order to perform an automatic upgrade of Kerio Outlook Connector, the HTTP service must be running.

Kerio WebMail logo

In each Kerio WebMail page header, the logo of Kerio Technologies is displayed. This logo can be replaced by your own logo or any other image. The image parameters are as follows:

Figure 32. Webmail Logo tab

Format: GIF
Size: 200x40 pixels

Click Select to browse to the logo file.

Click Default to restore the default state. The logo of Kerio Technologies will be displayed in the page headers.

Documentation for Kerio MailServer

Advanced Options

Miscellaneous

Security Policy

Store Directory

Master Authentication

HTTP Proxy

Update checker

Kerio WebMail logo

Additional Links

Search

Support

Documentation

Authorization

Subscribe

Secondary Information

Login:
Password:
	Remember me on this computer