I got tired of setting up mail in my office, so I decided to write this article. All office mail was previously received by the provider, then distributed via the Kerio Mail Server mail server via local network clients.

For many years everything worked fine, recently the provider's technical support decided to save their resources and transferred all mail to Yandex.Mail. Moreover, they did not even inform about the changes: not by an official letter and there was no phone call. After that, the "rake" in the work of the office began, incoming and outgoing mail ceased to work, respectively. However, we quickly managed to set up the work of incoming mail on Kerio Mail Server, but I had to suffer with outgoing mail.

Incoming mail in the office via Kerio Mail Server with Yandex.Mail

In the Kerio Mail Server settings: Menu Configuration - POP3 Download edit the line on the right. Clicking the "Edit" button will open the "POP3 Account" window.

1. In the "POP3 Server:" field, enter pop.yandex.ru.
2. In the "POP3 username:" field, enter the old postal address of your office, the same E-mail that we use on Yandex mail.
3. Your ISP saves the password, so you can enter the old password. If you want to change it, you first need to do it in the Yandex.Mail settings (link Settings, path Mail > Settings > Security).

Incoming mail must be accepted on computers on the local network. Settings account on the local computer remain the same in the program that previously received mail.

Outgoing mail in the office via Kerio Mail Server on Yandex.Mail

We configure outgoing mail in Kerio MailServer by analogy with incoming mail. In Kerio Mail Server: Menu Configuration - SMTP Server edit in the window on the right, "SMTP Delivery" tab. Check the box "Use SMTP relay server". Most likely, you have the checkbox set.

1. In the field "Relay server name:" smtp.yandex.ru
2. In the "Relay server port:" field, specify the port number 25
3. In the "User:" field, enter the old postal address of your office and the password below.

If the SSL protocol is used, check the box below, the port will change to 465. The Yandex general settings say: In case you cannot use a secure connection, you can connect to the SMTP server on ports 25 or 587.

4. And now the important point: in the mail program, in the account settings on the local computer, we change the "E-mail" field on the E-mail of the mailbox that you have located on Yandex.Mail. The same E-mail was entered in Kerio MailServer, in the "POP3 username:" field and in the "User" field in the SMTP settings. Leave the rest of the settings in the mail program on the local computer the same.

You can leave your comments below:

A complete mail server with contacts, calendar, tasks, chat, spam and virus protection. Installed on any OS. GFI Web and Email">Web and email protection 0

Description of Kerio Connect

What is Kerio Connect

BYOD - bring your own device

Do your employees bring their devices to the workplace? Kerio Connect adds convenience to corporate communication and supports mobile phones based on iOS and Android out of the box

Support for any platform

Kerio Connect is not only reliable mail and flexible settings!

Available for Windows and Mac and as a web application, Kerio Connect Client enables employees to see online colleagues, write real-time messages, set up meetings and send emails securely.

Safe and secure email

Your mail is protected from hacking and attacks with SSL/TLS, S/MIME encryption, anti-spam filters, antivirus and multiple layers of checks. Automatic backup with the ability to partially restore from backup allow you to quickly restore data even in the event of a critical failure.

Unparalleled Simplicity

Kerio Connect is a complete collaboration and messaging solution that's easy to use and affordable. With the centralized MyKerio web interface, you can manage all your Kerio Connect devices from anywhere on the network, even from a tablet.

Lyrical digression. Any gurus and pros do not need this article, well, they don’t work with kerio. I think it will come in handy for beginners in system administration, there are always not enough step-by-step manuals. Well, I also wanted to show how to set up Kerio Mailserver as a full-fledged mail server, working through mx records, using users from Active Directory, connecting Outlook via MAPI, etc., because very often KMS is used as a simple POP3 / SMTP server, when in fact it can compete with Exchange in small companies.

A task: install a mail server based on Kerio MailServer (KMS), to ensure the receipt and sending of mail in the organization, the access of employees to mail inside and outside the organization.

What you need before installing the mail server:

1. The presence of a registered domain name of the second (well, or at least third 🙂) level, in our case, this testcompany.com.
2. In the case of working through MX records, you will need access to edit these records. Usually the hoster or name registrar provides this service.
3. The actual server that meets the requirements: http://www.kerio.com/mailserver/requirements .

Installing Kerio MailServer

So we have an Active Directory domain, let's say testcompany.local, there is a domain controller dc01, there is a separate server for KMS, with installed Windows Server 2003 (or 2008), server name mail. If there is no domain, in principle everything will be similar, only a little simpler, since you will not need to configure a connection to AD.

We start the installation of Kerio MailServer, at the first steps everywhere Next, Next, etc. I usually choose English (because the translation is lame, to be honest) and type Custom installations, but this is optional.

In the Administrative Account installation step, specify the name of the mail server administrator account and, since it will be created in local database KMS, I advise you to give it a name other than the name of the domain administrator, for example kmsadmin. This will allow the domain administrator to have normal full-fledged mail. If the names match, this will not work.

The next step, (Email Domain) is very important, there we specify the name of our mail domain ( testcompany.com):

At the Internet Hostname step, specify the external name of the mail server (the one that appears in the mx records, see below), in our case mail.testcompany.ru(under this name our server will be identified when establishing SMTP sessions). You can then check this using the HELO / EHLO commands for example.

Next, at the Store Directory installation step, we specify the path to the mail storage, it makes sense to place it on a separate physical disk/array to increase performance. If there are many users and they work intensively with mail, then it is highly desirable that this array be on SAS / SCSI disks.

As a result, when entering the KMS console > Configuration > Domains, we get something similar to this:

Everything, the installation is finished, Kerio MailServer is ready to go. But there is one important point that I must warn you about. In the Configuration > SMTP Server > Relay Control tab, the default selector is selected Allow relay only for and checkbox is set Users authenticated through SMTP server for outgoing mail. There is also an item Users from IP address group and there is a great desire to use it and allow relaying from your local network. You should not do this, because if you check this box, then the presence or absence of a checkbox in the second item, Users authenticated through SMTP server for outgoing mail, will no longer matter, oddly enough, apparently this is how the KMS developers intended. And after that, any unauthenticated client from your network (including viruses and network worms) will be able to send spam from your network without any problems, and your server will be blacklisted very quickly. Therefore, I strongly advise you not to check the checkbox in the Users from IP address group item and leave the default settings:

It is worth mentioning here that if you use clients on the local network that use the SMTP protocol to send mail, they will need to check the box “SMTP server requires authentication”, otherwise they will not be able to send mail.

All settings in other items are by default quite functional and it is worth changing them, only being aware of what you are doing.

Creating Users

There are three ways to create users in Kerio MailServer:

1. In the local Kerio MailServer database.
2. Connect users from Active Directory (so-called mapping).
3. Import users from Active Directory.

The first method is usually used if you do not have a domain, in which case you have no other options but to use a local (Internal) KMS database.

The second method is logical to use if you have a domain structure.

With the third method, accounts are imported from the Active Directory domain and users are created based on them in the local KMS database (as in the first option).

Creating users in the local Kerio MailServer database

To create a user when using a local database, you just need to go to the KMS console in Domain Setting > Users and add a user by clicking on the Add ... > Create local user button.

The second method is more complicated, for it you need to configure automatic mapping of users from AD.

Mapping users from Active Directory

To configure KMS to work with Active Directory users, you must first install Kerio Active Directory Extensions on the domain controller. If there are several controllers, then it is not necessary to install them on all, only on those to which Kerio MailServer will connect (actually, in KMS it is possible to specify only two maximum). After installing them, go to the KMS > Configuration > Domains > Directory Service tab and enter the data we need there:

hostname- the name of the domain controller (just the one on which Kerio Active Directory Extensions was installed).

username- domain username for connecting to the AD database (normal user rights are enough, but ... if you want to add users from the KMS console, you will have to add this account to the Account Operator group at least). I recommend creating a special user to connect to (for example, kms_service) and check the “Password never expires” and “User cannot change password” checkboxes so that at one fine moment your connection to Active Directory does not fall off.

Password- the password of this user.

Secondary (backup) directory server- we register a backup domain controller here, if there is one, of course. Don't forget to install Kerio Active Directory Extensions on it too.

Active Directory Domain Name- in this paragraph, put a daw and write the name of the local domain, testcompany.local in our case, because the name of our mail domain is different from the Active Directory domain.

Click the Test Connection button and make sure everything is OK. If not, then something was entered incorrectly, check everything again.

To check that everything is functioning properly, on the domain controller, go to the Active Directory snap-in, select some user (created before installing KMS), right-click on it, select Kerio MailServer Tasks and create a mailbox:

We go back to KMS > Domain Setting > Users and make sure that our newly created user is present in the console.

In general, you should create a user immediately with a mailbox, if it was not created immediately for some reason, you can create it either from Active Directory using Kerio MailServer Tasks, or if the kms_service account is included in the Account Operators or Domain Admins group in AD, then this can be done directly from the KMS console. KMS > Domain Setting > Users > Add… > Activate Active Directory user. Similarly, you can assign an email address to groups.

Practical advice, immediately create a distribution group, which will include all users of the company, it is convenient to use it to send any announcements to all company employees.

Import Users

If for some reason you need to import AD users into the local KMS database, then this is how you do it - go to KMS > Domain Setting > Users > Import button > Import from directore service:

The name of the domain, controller, user for connecting to AD is the same as in the previous paragraph when mapping users from Active Directory. As a result, KMS prompts us to select users for import, select the necessary ones and click OK:

Everything, users are created. As a result, in KMS > Domain Setting > Users you get something like this:

e.popova and kmsadmin are users created in the local KMS database

i.petrov, p.ivanov and v.pupkin are users connected from Active Directory

n.sidorova - user imported from AD

Please note that in the properties of users imported from AD, authentication via Kerberos 5 is set by default, i.e. c the user is authenticated using AD when he logs into his mailbox. Naturally, you can change the authentication method to another - Internal or Windows NT domain (due to the fact that Windows NT is very outdated, this method is not considered in this article). For users connected in the second way, this cannot be done.

Setting up mx records

What are these records? An MX record is a special record on DNS servers that, for a given domain (testcompany.ru in our case), specifies the mail server to which you want to send email destined for addresses in this domain.

Access to editing these entries is located where you actually acquired this name, most likely from the hoster or, say, from a name registrar, for example, nic.ru.

We go to the control panel of the testcompany.ru zone. If you already had a company website there, for example, then you will see that there are already A-records there that point to the IP address of this site. We also need to create an A-record that will point to our server. Actually, this record will be needed in order to use it in the MX record and so that it points to the web interface of our server.

Therefore, we introduce a new entry:

mail.testcompany.ru type A IP address 88.88.yyy.xxx

where 88.88.yyy.xxx is your external IP address given to you by your ISP. Often you do not need to enter mail.testcompany.ru completely, just mail is enough.

@ type MX mail.testcompany.ru. priority 10

@ means the testcompany.ru domain itself. For different name registrars, these records are entered a little differently, but the meaning is this, for the testcompany.ru domain, we create an mx-record pointing to the mail.testcompany.ru A-record. That's it, the records are created, after some time (up to two days, usually less), they are replicated to all DNS servers on the Internet and will be available. Therefore, it is advisable to do this item in the first place, even though it is my fourth in a row.

We check with nslookup (how to use this command - http://support.microsoft.com/kb/200525/), it should be something like this:

C:\Documents and Settings\Admin>nslookup

Address: 192.168.1.10

> set q=a
> mail.testcompany.com

Address: 192.168.1.10

Non-authoritative answer:
Name: mail.testcompany.ru
Address: 88.88.yyy.xxx

> set q=mx
> testcompany.ru
Server: dc01.testcompany.local
Address: 192.168.1.10

Non-authoritative answer:
testcompany.ru MX preference = 10, mail exchanger = mail.testcompany.ru

testcompany.ru nameserver = ns2.zzz.ru
testcompany.ru nameserver = ns1.zzz.ru
mail.testcompany.ru internet address = 88.88.yyy.xxx
>

where 192.168.1.10 is the address of the domain controller dc01.

You will also need to create PTR record for your external IP address. It is needed so that messages from your server are not considered spam (many mail servers have a PTR check). PTR records are usually created by an ISP that provides you with a static IP address, there is usually no access to edit PTR records. Therefore, we write a letter to the provider with the following content:

Please create a PTR record for the address 88.88.yyy.xxx corresponding to the mail.testcompany.ru domain

You can check whether a record has been created or not, again, through nslookup, something like this:

C:\Documents and Settings\Admin>nslookup
Default Server: dc01.testcompany.local
Address: 192.168.1.10

>set q=ptr
> 88.88.yyy.xxx
Server: dc01.testcompany.local
Address: 192.168.1.10

Non-authoritative answer:
xxx.yyy.88.88.in-addr.arpa name = mail.testcompany.ru
>

Everything, everything is fine with the records, now you need to map (or publish) the SMTP and HTTP ports (as well as HTTPS, POP3, IMAP, etc., if you are going to give access to these services from the outside) on your corporate firewall. And also from the mail server you need to open the SMTP port to the outside. For example, in Kerio Winroute Firewall it will look like this:

where 192.168.1.12 is the IP address of the mail server.

For a quick check outside, use telnet:

telnet mail.testcompany.ru 25

which should produce:

220 mail.testcompany.ru Kerio MailServer 6.7.3 ESMTP ready

Client Setting:

We check the web interface, on some workstation on the local network or on the server itself, in the browser line, we type the name of our mail server:

http://mail/ (or http://mail.testcompany.ru/ if you're trying outside)

We should get to the login page of the KMS web interface:

Then everything is standard, we enter the user name and password with an existing mailbox, we enter and we are surprised that everything works 🙂 You can also try to log in via HTTPS, by default KMS creates a certificate during installation, so in this case everything should work.

First you need to install on the workstation Kerio Outlook Connector (with offline caching). You can do it manually, you can install the MSI package through group policies.

After installing the Kerio Outlook Connector, launch Outlook, if there were no accounts, then the wizard will start, if there were, you will need to start it manually from the menu Tools > Account Settings > Create ...

On the Account Settings page, click Yes, of course, then on the Automatic account settings page, check the box "Manually configure server settings or additional types of servers" (since we do not have Exchange 🙂). Next, on the Select e-mail service page, select Other and Kerio Mailserver (KOC Offline Edition):

Server name - mail.testcompany.local

Account name - p.ivanov

Password - the password of this account in AD and check the Save password box.

Click the Detect button, the correct information about the user should be displayed. Next, OK, OK, Done and go to Outlook. This completes the initial Outlook setup, the user can send and receive mail.

To check, send a few test letters within the organization and to some external addresses, as well as back 🙂 If everything was done correctly, then the mail should function without problems.

Corrections and additions are accepted.

Known to many. It has proven to be a reliable protection for user computers. Therefore, perhaps, the opinion of many in Russia about Kerio, as about a company working for the end user, has become entrenched. In many ways, this was true for the Russian market, since entry into the Russian market in 2003 by Kerio Technologies Inc. I started with this product. But this opinion is not true in general, since Kerio is working not only on a personal firewall, but also on solutions for small and medium businesses, for example, Kerio MailServer and Kerio WinRoute Firewall 6. Let's get acquainted with the capabilities of Kerio MailServer.

The main competitor for Kerio MailServer is Microsoft - Exchange Server, a heavy and expensive product, moreover, it does not work anywhere except in an operating environment. Windows systems. Kerio MailServer, in contrast, is multi-platform and works almost everywhere: Windows, Linux, Mac, Solaris. The only indirect restriction for users in this regard is that users must use Microsoft Outlook(Windows) or Microsoft Entourage (for Mac OS). Users of other systems (or those who do not like these mail clients) will have to use the Kerio WebMail web interface to receive mail.

However, Kerio WebMail is not much different from regular email clients. It contains all the necessary functions for effective teamwork in the organization, while having a fairly high speed. The version of Kerio WebMail Mini for handheld computers supports Palm OS, Pocket PC and exotic BlackBerry for Russian users. The presence of web interfaces and versions for PDAs allows you to work with your own correspondence on a corporate server anywhere in the world.

In addition to multi-platform and price, Kerio MailServer has another advantage: the presence of built-in antivirus and antispam filters. This is a significant addition, since this functionality is necessary for the normal operation of the mail server. Those who use other mail servers will still have to deal with the problem of viruses and spam. But only for this they will have to install additional software and solve the problem of stable and conflict-free collaboration. Security system

The security system in Kerio MailServer consists of three components: an anti-spam filter, an anti-virus filter, and an attachment filter. All these functions are collected in one "Attachment Filters" section, which makes it as easy as possible for the administrator to adjust the security level for specific conditions of the moment: during virus outbreaks, check for software updates more frequently, for example. The security system can also include the function cryptographic protection traffic using SSL.

Kerio MailServer has two-level and simultaneous anti-virus protection: McAfee anti-virus integrated into the mail server and the ability to connect an additional anti-virus program. The list of additional programs is not very large, but impressive by name. But we must make a reservation that the choice of the second anti-virus program must be made depending on the OS used: not all of these anti-viruses are multiplatform. The use of other anti-virus complexes is possible, but stability and conflict-free operation are not guaranteed when they are used together with the built-in one. It should be noted that the integrated McAfee checks not only incoming and outgoing mail traffic, but also internal mail between server users, which serves as an additional barrier to the spread of viruses over the local network.

Spam protection provides all modern methods of struggle:

• different authorization methods;
• support for blacklists;
• content filtering;
• domain authentication, Microsoft Caller ID verification and SPF authentication support;
• protection through temporary quotas for users and artificial increase in response time when establishing an SMTP connection;
• limiting the number of simultaneous connections;
• SpamEliminator technology based on .

Possibility Reserve copy for all incoming and outgoing e-mail, address books, calendars and other collaboration objects increases the reliability and security of working with Kerio MailServer. The administrator is provided with rather flexible tools for quoting the size of the mailbox, the size of attachments to the message and the number of messages in general.

The monster of Microsoft Exchange requires quite a large financial outlay for its own maintenance. But even he, having powerful functionality, requires in some cases the use third-party utilities like MAPILab products, which also require money. With Kerio MailServer, you can opt out of Microsoft Exchange without losing either your mail database or ease of use. One product can replace a whole set of software.

In addition, the use of Kerio MailServer does not require server versions of operating systems, which also reduces the cost of operation. For migration from Microsoft Exchange, the Kerio Exchange Migration utility has been created, which allows you to perform migration in automatic mode.Administration

Kerio MailServer is quite handy for a system administrator. It has two interfaces for administration (with the possibility of remote administration), a setup wizard for basic functions. The administrator can transfer to any user a part of the rights to set up his own, user account through the web console. For the version of the mail server for Windows and Mac, there is a utility for monitoring the operation of the program, which displays all the parameters of the system and allows you to manually stop or restore the operation of Kerio MailServer.

An integrated mail database is suitable for organizations with up to 250 users. To support more users, you will need to use Microsoft Active Directory or Apple Open Directory. Summary

Kerio MailServer from Kerio is a convenient and inexpensive alternative to Microsoft Exchange. Main advantages: multiplatform and multifunctionality, ease of administration. The program is almost ideal for small and medium enterprises with no more than 250 corporate mail users.

The use of e-mail has become commonplace in many activities, including in business. In order to create an efficient and secure structure for the exchange of service information, it would be rational to buy a personal corporate server for storing and forwarding mail - Kerio Connect Server. The Kerio trademark specializes in creating functional, but at the same time, simple and intuitive communication systems for the average user.

Kerio Connect Server is a modern example of a mail server application that can be customized to meet the needs of a particular organization. Unlike publicly available user-grade programs, this provides significant opportunities for deep and flexible administration. The developers made sure that their product meets the high requirements of consumers for modern information solutions, is distinguished by reliability, stability and productivity.

Kerio Connect is not just a client-server mail system that provides the user with access to a personal mailbox and stores valuable service information on a dedicated server. Kerio Connect is a self-contained structure that allows you to log in to your corporate mail from anywhere in the world without worrying about the safety of your data.

The system administrator can independently specify the level of access for each user group to the mail service, address book, calendars, task lists and service folders.

Scope of Kerio Connect Server

The developer company has been specializing in creating enterprise-class software for more than fifteen years, while focusing on consumers from the segment of small and medium businesses.

In this market share, for a long time the monopoly belonged to the package solution, which was quite demanding on hardware. The administration of such mail systems was a difficult technical task for qualified specialists.

The Kerio Connect Server package has become a profitable compromise solution, providing the user with wide functionality for creating a mail server, while having a flexible configuration system and an intuitive interface for working.

The development of virtualization technology has become the main direction of modern developments by Kerio, software Connect Server current version 6 with a flexible configuration system is ideal for integration into the functionality of virtual machines.

Such server systems represent a leased segment of the resources of a separate physical equipment. The client is allocated computing power and space on memory drives for autonomous use. Virtualization technology is an opportunity for relatively little money to create an information space for the needs of the company with the possibility of independent and deep administration. postal service Kerio Connect fits perfectly into this rational economy concept.

This brand of software is low maintenance, saves resources, has a simple and easy deployment system, and supports many modern mobile platforms.

Kerio Connect corporate mail functionality

This software product is distinguished by its versatility and a wide range of possibilities for solving a variety of communication and service tasks. It can be conditionally divided into several modules:

• Kerio Connect Mail is a convenient mechanism for official e-mail correspondence with a modern search system and effective filters for sorting messages, reliable spam protection, a notification mechanism and many other functional innovations and settings that make it easier to work with addresses and attached files;
• The calendar allows you to quickly create a structure of corporate events and reminders with the ability to provide access to information to any number of employees, partners or clients, as well as create a mechanism for personal mailing for a specific date and time;
• The contacts module allows you to quickly and conveniently create new address positions, combine them into groups, edit lists and provide access to them to other users.

Benefits of using Kerio Connect mail server

One of the significant advantages of software from this developer is its multiplatform nature. Kerio Connect Server works well in combination with any application for the three main operating systems: Windows, Linux and Mac, and also supports the ability to transfer from one operating system to another. In addition, the system provides functionality for implementing remote access to corporate mail service with mobile devices or through the web interface.