Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Chapter 2Installation2.1 System requirementsThe minimum hardware configuration recommended for Kerio MailServer (basic license for 20users):• CPU 1 GHz• 512 MB RAM• 50 MB free disk space (for the installation)• 40 GB free disk space for user mailboxes and backups• For maximum protection of the installed product (particularly its configuration files), it isrecommended to use the NTFS file system.Recommended hardware configuration of the computer where Kerio MailServer will be running:For 20 — 100 active users• CPU 2 GHz• 1 GB RAM• 160 GB free disk space for user mailboxes and backupsFor 100 and more active users• CPU 2.8 GHz Dual Core• 2 GB RAM• 200 GB and more free disk space for user mailboxes and backupsNotes:1. An active user is a user that uses the Kerio MailServer services multiple times a day (e.g.mail services, calendar, tasks, etc.).2. These recommendations apply only in case the computer is used only as a mailserver(Kerio MailServer, antivirus, anti-spam).3. Kerio MailServer is supported on 32-bit operating systems.16
2.2 Conflicting software2.2 Conflicting softwareKerio MailServer runs on the application layer and there are not any known low-level conflictswith other software, operating system components or device drivers (except the antivirus thatis used to open files). If a received email message includes an infected attachment, the mailserver stores it into a temporary file on the disk. Antivirus might damage the disk or thesystem. To prevent your computer from such failure, configure your antivirus to not scan thefolder (or the disk) where Kerio MailServer data is kept (refer to chapter 17).A possible conflict is a port clash (if all services are running in Kerio MailServer, these TCPports are used: 25, 80, 110, 119, 143, 443, 465, 563, 993 and 995). It is therefore not recommendedthat users run other mail, LDAP or web server software on the same computer. If thisis necessary, the system administrator must ascertain that there will be no port clashes. Forexample, if Kerio MailServer is running on a computer together with a web server, we recommendchanging the HTTP service port or disabling the service and only enabling its securedversion — Secure HTTP. Another alternative is to reserve one or more IP addresses for portsat which Kerio MailServer services are listening. For detailed information on services and portsettings, see chapter 6.If Kerio MailServer is run on a firewall or on a secured local network behind a firewall, thefirewall will affect the mail server’s behavior to a certain extent (e.g. accessibility of some orall services). When configuring the firewall take into consideration which services should beaccessible from the Internet or the local network and enable communication on appropriateports (see above or chapters 6 and 26.3 for more detail).2.3 Firewall configurationKerio MailServer is usually installed in a local network behind a firewall. In addition to themailserver’s configuration, it is also necessary to perform corresponding additional settingsof the firewall.If the MailServer is to be accessible from the Internet, certain ports have to be opened (mapped)in the firewall. Each mapped port might introduce security problems. Therefore, map portsonly for those services which you want to make available from the Internet.If server is supposed to deliver email directly by DNS MX records, it is necessary to map port25 (standard port for SMTP service). This setting is required for cases where an MX record forthe particular domain is addressed to the server. Any SMTP server on the Internet can connectto your SMTP server to send email to one of its domains.Now, it is necessary to map ports that will be used for connections out of the local network.Since the security risk is higher here, it is recommended to map only SSL/TLS-secured services.Settings are shown in table 2.1.17
- Page 1: Administrator’s GuideKerio Techno
- Page 8 and 9: 36 Support for ActiveSync . . . . .
- Page 10: Chapter 1 IntroductionPersonal and
- Page 13 and 14: 1.2 Quick ChecklistBlackBerry suppo
- Page 15: 1.2 Quick Checklist11. If email for
- Page 19 and 20: 2.4 InstallationBy default, Kerio M
- Page 21 and 22: 2.4 InstallationSelect a folder whe
- Page 23 and 24: 2.4 InstallationFigure 2.5Custom in
- Page 25 and 26: 2.4 InstallationKerio MailServer En
- Page 27 and 28: 2.4 InstallationThe product support
- Page 29 and 30: 2.4 Installation(Kerio Administrati
- Page 31 and 32: 2.5 Configuration WizardNote: The c
- Page 33 and 34: 2.5 Configuration WizardFigure 2.16
- Page 35 and 36: 2.6 Upgrade and UninstallationWhen
- Page 37 and 38: Chapter 3Product Registration and L
- Page 39 and 40: 3.2 Registration with the administr
- Page 41 and 42: 3.2 Registration with the administr
- Page 43 and 44: 3.3 License information and import
- Page 45 and 46: 3.4 Licensing policyOnce number of
- Page 47 and 48: 4.1 Kerio MailServer MonitorFigure
- Page 49 and 50: 4.2 Standalone processes of the ser
- Page 51 and 52: 5.2 Administration WindowThe same d
- Page 53 and 54: 5.2 Administration WindowStatus bar
- Page 55 and 56: Chapter 6ServicesIn Configuration
- Page 57 and 58: 6.1 Service Parameter Settings• a
- Page 59 and 60: 6.1 Service Parameter SettingsFigur
- Page 61 and 62: 6.3 TroubleshootingFigure 6.5The De
- Page 63 and 64: Chapter 7DomainsKerio MailServer ca
- Page 65 and 66: 7.2 GeneralFigure 7.2Domain setting
2.2 Conflicting software2.2 Conflicting software<strong>Kerio</strong> MailServer runs on the application layer and there are not any known low-level conflictswith other software, operating system components or device drivers (except the antivirus thatis used to open files). If a received email message includes an infected attachment, the mailserver stores it into a temporary file on the disk. Antivirus might damage the disk or thesystem. To prevent your computer from such failure, configure your antivirus to not scan thefolder (or the disk) where <strong>Kerio</strong> MailServer data is kept (refer to chapter 17).A possible conflict is a port clash (if all services are running in <strong>Kerio</strong> MailServer, these TCPports are used: 25, 80, 110, 119, 143, 443, 465, 563, 993 and 995). It is therefore not recommendedthat users run other mail, LDAP or web server software on the same computer. If thisis necessary, the system administrator must ascertain that there will be no port clashes. Forexample, if <strong>Kerio</strong> MailServer is running on a computer together with a web server, we recommendchanging the HTTP service port or disabling the service and only enabling its securedversion — Secure HTTP. Another alternative is to reserve one or more IP addresses for portsat which <strong>Kerio</strong> MailServer services are listening. For detailed information on services and portsettings, see chapter 6.If <strong>Kerio</strong> MailServer is run on a firewall or on a secured local network behind a firewall, thefirewall will affect the mail server’s behavior to a certain extent (e.g. accessibility of some orall services). When configuring the firewall take into consideration which services should beaccessible from the Internet or the local network and enable communication on appropriateports (see above or chapters 6 and 26.3 for more detail).2.3 Firewall configuration<strong>Kerio</strong> MailServer is usually installed in a local network behind a firewall. In addition to themailserver’s configuration, it is also necessary to perform corresponding additional settingsof the firewall.If the MailServer is to be accessible from the Internet, certain ports have to be opened (mapped)in the firewall. Each mapped port might introduce security problems. Therefore, map portsonly for those services which you want to make available from the Internet.If server is supposed to deliver email directly by DNS MX records, it is necessary to map port25 (standard port for SMTP service). This setting is required for cases where an MX record forthe particular domain is addressed to the server. Any SMTP server on the Internet can connectto your SMTP server to send email to one of its domains.Now, it is necessary to map ports that will be used for connections out of the local network.Since the security risk is higher here, it is recommended to map only SSL/TLS-secured services.Settings are shown in table 2.1.17