Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Chapter 15 Sending and Receiving MailMessage size limitSetting of maximum message size can be used for the following purposes:• to limit size of attachments sent to Kerio WebMail by an HTTP POST request,• to set maximum size of memory allocated in Kerio MailServer to each HTTP POSTrequest.Warning: Maximal value of the limit is 128 MB. It is not possible to enter a greater valuein the Kerio Administration Console.For better understanding of the limit, here is an explanation of how a message writtenin Kerio WebMail is sent to Kerio MailServer. Each new message composed in the webinterface is sent by a browser via HTTP protocol using an HTTP POST request to KerioWebMail. The interface receives the message and processes it so that Kerio MailServercan send it to the addressee by SMTP protocol.Each HTTP POST request contains one message including a message body, all headersand attachments. The limit set by this option narrows size of any HTTP POST requestdirected to Kerio WebMail. This means that any limit set for requests also limits size ofemail messages.Size limit set for HTTP POST requests is applied to any files sent from Kerio WebMailto Kerio MailServer and it is applied to all Kerio MailServer users. The default valuefor maximum size of messages sent from Kerio WebMail is 20 MB. This limit should begenerally satisfactory for these purposes.The minimum value for the limit is 2 MB. If any lower limit is entered in the Maximumsize of messages that can be sent entry, the 2 MB value is set automatically.If a message includes any attachments, they are encrypted by the Base64 method. Thistype of encoding is able to increase the size of transmitted data even by one third (in caseof binary data). This means that, for example, the minimum 2 MB limit might also allowjust 1 — 1,5 MB attachments.It is necessary that a memory allocation value is specified in Kerio MailServer for HTTPPOST requests. The more bulky the request is the more memory must be allocated. Thisimplies that the size of the allocated memory changes according to changes in the sizelimit.Warning: Any time the limit is changed, it is necessary to restart Kerio MailServer sincethe memory allocation is changed as well.Session securitySession security depends on methods and manners how users manage connection toKerio WebMail. Users often simply close their browsers without logging out of KerioWebMail. In such cases, the session is not interrupted and it can be misused more easily(the session is the more risky the longer it takes). For this reason, it is possible to setsession timeout. If the user does not use the session over the timeout, connection to theserver is interrupted automatically when this timeout runs out. By default, the timeout isset for one hour.Maximum time can also be set for sessions in addition to the session’s expiration time.The maximum session time means the time since user’s connection. If users use the168
15.6 Advanced OptionsKerio WebMail interface as the main connection to their mailboxes, set the time to a valuebetween 8 and 10 hours. Too short interval might cause inappropriate closure of a session(while a user is editing a message, for example). This is not desirable.Note: If the user has started composing a message and has not finished it yet and thesession expires, user authentication will be required for reconnection. After successfulre-authentication, the message can be finished and sent.The Force WebMail logout if user’s IP address changes option uses another method to protectthe session. It might happen that a session of one user is hijacked by an attacker(especially if SSL-secured HTTP is not used) to access the server. Connection of an attackerto the session changes the client’s IP address. If the Force WebMail logout if user’sIP address changes option is enabled, Kerio MailServer detects change of the IP addressand terminates the session.Warning:• The “anti-hijack” protection must be disabled if Kerio MailServer users share theiraccounts. The option disallows connection to a single account from multiple hosts (IPaddresses) at a time.• The “anti-hijack” protection also cannot be applied if your ISP changes IP addressesduring the connection (e.g. in case of GPRS or WiFi connections).Select a logo for WebMailAt the top of each page of Kerio WebMail, Kerio Technologies logo is displayed. However,you can use any other logo or image instead (for more information on logo configuration,refer to chapter 11.2). The image parameters are as follows:• Format: GIF• Size: 200x40 pixelsClick Select to browse to the logo file.169
- Page 117 and 118: 13.5 Removing user accountsKerio Ma
- Page 119 and 120: 13.9 Administration of mobile devic
- Page 121 and 122: 13.9 Administration of mobile devic
- Page 123 and 124: 13.10 Import Users• MailAddress
- Page 125 and 126: 13.10 Import UsersFor detailed info
- Page 127 and 128: 13.10 Import UsersFigure 13.24Impor
- Page 129 and 130: 13.12 User Account TemplatesNote: C
- Page 131 and 132: Chapter 14User groupsUser accounts
- Page 133 and 134: 14.1 Creating a User GroupGroup add
- Page 135 and 136: 14.1 Creating a User GroupPublish t
- Page 137 and 138: 15.1 Mail Delivery over the Interne
- Page 139 and 140: 15.1 Mail Delivery over the Interne
- Page 141 and 142: 15.2 SMTP serverinterface originall
- Page 143 and 144: 15.2 SMTP serverAuthentication by I
- Page 145 and 146: 15.2 SMTP serverLimit maximum incom
- Page 147 and 148: 15.3 AliasesMaximum number of deliv
- Page 149 and 150: 15.3 AliasesCharacter typea-zA-ZDes
- Page 151 and 152: 15.4 remote POP3 mailboxesFigure 15
- Page 153 and 154: 15.4 remote POP3 mailboxesthe messa
- Page 155 and 156: 15.4 remote POP3 mailboxesFigure 15
- Page 157 and 158: 15.6 Advanced OptionsDescriptionA c
- Page 159 and 160: 15.6 Advanced Optionsnot have to wo
- Page 161 and 162: 15.6 Advanced OptionsPLAIN authenti
- Page 163 and 164: 15.6 Advanced OptionsWatchdog Hard
- Page 165 and 166: 15.6 Advanced OptionsFigure 15.22HT
- Page 167: 15.6 Advanced Optionsstartup of the
- Page 171 and 172: 16.1 Spam Rating tab16.1 Spam Ratin
- Page 173 and 174: 16.2 Blacklists tabtration Console
- Page 175 and 176: 16.2 Blacklists tabInternet databas
- Page 177 and 178: 16.3 Custom RulesSORBSSpam and Open
- Page 179 and 180: 16.3 Custom RulesUse the Add button
- Page 181 and 182: 16.3 Custom RulesTypeType of condit
- Page 183 and 184: 16.4 SpamAssassinFigure 16.7SpamAss
- Page 185 and 186: 16.5 Email policy records checksend
- Page 187 and 188: 16.6 Spam repellentFigure 16.9SPFOn
- Page 189 and 190: 16.7 Recommended configuration of a
- Page 191 and 192: 16.7 Recommended configuration of a
- Page 193 and 194: 16.8 Monitoring of spam filter’s
- Page 195 and 196: 16.8 Monitoring of spam filter’s
- Page 197 and 198: 17.1 Integrated McAfee Anti-VirusBe
- Page 199 and 200: 17.4 Server responses to detection
- Page 201 and 202: 17.5 Filtering Email Attachments17.
- Page 203 and 204: 17.6 Antivirus control statisticsFi
- Page 205 and 206: 18.1 ArchivingPath to the archive d
- Page 207 and 208: 18.2 Backup of user foldersFigure 1
- Page 209 and 210: 18.2 Backup of user foldersFigure 1
- Page 211 and 212: 18.2 Backup of user folders• Save
- Page 213 and 214: 18.2 Backup of user folders2. The s
- Page 215 and 216: Chapter 19LDAP serverThe built-in L
- Page 217 and 218: 19.2 Configuring Email ClientsFigur
15.6 Advanced Options<strong>Kerio</strong> WebMail interface as the main connection to their mailboxes, set the time to a valuebetween 8 and 10 hours. Too short interval might cause inappropriate closure of a session(while a user is editing a message, for example). This is not desirable.Note: If the user has started composing a message and has not finished it yet and thesession expires, user authentication will be required for reconnection. After successfulre-authentication, the message can be finished and sent.The Force WebMail logout if user’s IP address changes option uses another method to protectthe session. It might happen that a session of one user is hijacked by an attacker(especially if SSL-secured HTTP is not used) to access the server. Connection of an attackerto the session changes the client’s IP address. If the Force WebMail logout if user’sIP address changes option is enabled, <strong>Kerio</strong> MailServer detects change of the IP addressand terminates the session.Warning:• The “anti-hijack” protection must be disabled if <strong>Kerio</strong> MailServer users share theiraccounts. The option disallows connection to a single account from multiple hosts (IPaddresses) at a time.• The “anti-hijack” protection also cannot be applied if your ISP changes IP addressesduring the connection (e.g. in case of GPRS or WiFi connections).Select a logo for WebMailAt the top of each page of <strong>Kerio</strong> WebMail, <strong>Kerio</strong> Technologies logo is displayed. However,you can use any other logo or image instead (for more information on logo configuration,refer to chapter 11.2). The image parameters are as follows:• Format: GIF• Size: 200x40 pixelsClick Select to browse to the logo file.169
Change language