Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Chapter 6 Services• SMTP on port 25 with STARTTLS — traffic on port 25 is started as unencrypted. Ifboth sides support TLS, TLS is started via STARTTLS. Otherwise, the traffic is heldunencrypted.• SMTP with SSL/TLS on port 465 — the traffic is encrypted right from the start.Warning: If traffic between Kerio MailServer and mail client is running on port 25, a problemmight occur with email sending. Since public WiFi networks often do not supporttraffic on unencrypted protocols, SMTP on port 25 can be blocked. In such case userscannot send email out of the network. However, SMTPS on port 465 is usually allowed.Therefore, it is recommended to keep SMTPS connection enabled so that notebook andApple iPhone users can use this port to connect to the server. It is also necessary thatusers’ email clients (SMTPS encryption and traffic port) are set correctly.POP3POP3 protocol server (Post Office Protocol). This server allows users — clients to retrievemessages from their accounts. It is also often referred to as the incoming mail server.Secure POP3 is a POP3 server whose communication is encrypted by SSL. The encryptionprevents the communication from being tapped.IMAPIMAP protocol server (Internet Message Access Protocol). This server also allows users toaccess their messages. With this protocol, messages stay in folders and can be accessedfrom multiple locations at any given time.Secure IMAP is an IMAP server whose communication is encrypted by SSL.NNTPNNTP protocol (News Network Transfer Protocol) — transfer protocol for newsgroupsover the Internet. The service allows users use messages of the news type and use theprotocol to view public folders.Public folders cannot be viewed via NNTP protocol if its name include a blank space orthe . sign (dot).Secure NNTP is the NNTP server version whose communication is encrypted by SSL.LDAPSimple LDAP server that enables users to access centrally managed contacts. The LDAPserver provides read-only access to the information; you are not allowed to create noredit the existing ones.Secure LDAP is an LDAP server whose communication is encrypted by SSL.If Kerio MailServer is installed on a server which is used as a domain controller (in ActiveDirectory), it is necessary to run LDAP and LDAPS services on a non-standard port or todisable them.HTTPThe HTTP protocol is used for:1TLS is follower of the SSL protocol, it is actually SSL version 3.156
6.1 Service Parameter Settings• accessing user mailboxes via Kerio WebMail,• accessing the user administration via the KMS Web Administration interface (see chapter31),• accessing mail using Microsoft Entourage mail client (see chapter 38),• accessing the Free/Busy server,• automatic upgrades of new versions of the Kerio Outlook Connector and the KerioOutlook Connector (Offline Edition).• for synchronization via Kerio Synchronization Plug-in.• for synchronization via the ActiveSync protocol.• for BlackBerry synchronization via NotifyLink.• for publishing of calendars as iCalSecure HTTP is an encrypted version of this protocol (HTTPS — SSL or TLS encrypted).Upon the first startup of Kerio MailServer, all the services listed above are running on theirdefault (standard) ports.Note: If you know that services will not be used, it is recommended to disable them (forsecurity reasons).If any service provided also by Kerio MailServer is already running on the server, it is necessaryto change traffic port for one of the services. To change a port of a Kerio MailServer’s service,follow the instructions in section 6.1.6.1 Service Parameter SettingsThe service list (see figure 6.1) includes the following information:• Service — includes protocol name and an icon informing whether the service is running orstopped.• Status (running/stopped) — this item shows whether the service is running or stopped.• Startup (Manual/Automatic) — information whether Kerio MailServer is started automaticallyor it must be run manually upon its restart.• IP addresses — this item shows all IP addresses and ports used for traffic by the particularKerio MailServer’s service.• Limit Access — Kerio MailServer allows narrowing access rights to a certain group of IPaddresses which will be allowed to use the particular service (usually, unsecured servicesare accessible from the local network only).The parameters of a selected service can be changed. To do this, use the Edit button. Thebutton opens the Service dialog (see figure 6.2). The dialog consists of the following tabs:FeaturesThis tab allows setting of startup type and of a TCP port for traffic.57
- Page 8 and 9: 36 Support for ActiveSync . . . . .
- Page 10: Chapter 1 IntroductionPersonal and
- Page 13 and 14: 1.2 Quick ChecklistBlackBerry suppo
- Page 15 and 16: 1.2 Quick Checklist11. If email for
- Page 17 and 18: 2.2 Conflicting software2.2 Conflic
- Page 19 and 20: 2.4 InstallationBy default, Kerio M
- Page 21 and 22: 2.4 InstallationSelect a folder whe
- Page 23 and 24: 2.4 InstallationFigure 2.5Custom in
- Page 25 and 26: 2.4 InstallationKerio MailServer En
- Page 27 and 28: 2.4 InstallationThe product support
- Page 29 and 30: 2.4 Installation(Kerio Administrati
- Page 31 and 32: 2.5 Configuration WizardNote: The c
- Page 33 and 34: 2.5 Configuration WizardFigure 2.16
- Page 35 and 36: 2.6 Upgrade and UninstallationWhen
- Page 37 and 38: Chapter 3Product Registration and L
- Page 39 and 40: 3.2 Registration with the administr
- Page 41 and 42: 3.2 Registration with the administr
- Page 43 and 44: 3.3 License information and import
- Page 45 and 46: 3.4 Licensing policyOnce number of
- Page 47 and 48: 4.1 Kerio MailServer MonitorFigure
- Page 49 and 50: 4.2 Standalone processes of the ser
- Page 51 and 52: 5.2 Administration WindowThe same d
- Page 53 and 54: 5.2 Administration WindowStatus bar
- Page 55: Chapter 6ServicesIn Configuration
- Page 59 and 60: 6.1 Service Parameter SettingsFigur
- Page 61 and 62: 6.3 TroubleshootingFigure 6.5The De
- Page 63 and 64: Chapter 7DomainsKerio MailServer ca
- Page 65 and 66: 7.2 GeneralFigure 7.2Domain setting
- Page 67 and 68: 7.4 FootersFigure 7.3Domain setting
- Page 69 and 70: 7.5 ForwardingFigure 7.5Domain sett
- Page 71 and 72: 7.6 Setting of Directory ServicesFi
- Page 73 and 74: 7.6 Setting of Directory ServicesFi
- Page 75 and 76: 7.7 Advanced7.7 AdvancedIn the Adva
- Page 77 and 78: 7.8 WebMail Logo3. In the Logging m
- Page 79 and 80: 8.2 Sending High Priority MessagesW
- Page 81 and 82: Chapter 9SchedulingKerio MailServer
- Page 83 and 84: 9.2 Optimal Scheduling9.2 Optimal S
- Page 85 and 86: 10.1 Kerio MailServer CertificateFi
- Page 87 and 88: 10.1 Kerio MailServer Certificate
- Page 89 and 90: 10.2 Install certificates on client
- Page 91 and 92: 10.2 Install certificates on client
- Page 93 and 94: 10.2 Install certificates on client
- Page 95 and 96: 11.3 LanguageIf there is one of the
- Page 97 and 98: 11.3 LanguageFigure 11.1Dictionary
- Page 99 and 100: 12.2 Time IntervalsClick on Add to
- Page 101 and 102: 12.3 Setting Remote AdministrationF
- Page 103 and 104: 10312.3 Setting Remote Administrati
- Page 105 and 106: 13.2 Creating a user accountWarning
Chapter 6 Services• SMTP on port 25 with STARTTLS — traffic on port 25 is started as unencrypted. Ifboth sides support TLS, TLS is started via STARTTLS. Otherwise, the traffic is heldunencrypted.• SMTP with SSL/TLS on port 465 — the traffic is encrypted right from the start.Warning: If traffic between <strong>Kerio</strong> MailServer and mail client is running on port 25, a problemmight occur with email sending. Since public WiFi networks often do not supporttraffic on unencrypted protocols, SMTP on port 25 can be blocked. In such case userscannot send email out of the network. However, SMTPS on port 465 is usually allowed.Therefore, it is recommended to keep SMTPS connection enabled so that notebook andApple iPhone users can use this port to connect to the server. It is also necessary thatusers’ email clients (SMTPS encryption and traffic port) are set correctly.POP3POP3 protocol server (Post Office Protocol). This server allows users — clients to retrievemessages from their accounts. It is also often referred to as the incoming mail server.Secure POP3 is a POP3 server whose communication is encrypted by SSL. The encryptionprevents the communication from being tapped.IMAPIMAP protocol server (Internet Message Access Protocol). This server also allows users toaccess their messages. With this protocol, messages stay in folders and can be accessedfrom multiple locations at any given time.Secure IMAP is an IMAP server whose communication is encrypted by SSL.NNTPNNTP protocol (News Network Transfer Protocol) — transfer protocol for newsgroupsover the Internet. The service allows users use messages of the news type and use theprotocol to view public folders.Public folders cannot be viewed via NNTP protocol if its name include a blank space orthe . sign (dot).Secure NNTP is the NNTP server version whose communication is encrypted by SSL.LDAPSimple LDAP server that enables users to access centrally managed contacts. The LDAPserver provides read-only access to the information; you are not allowed to create noredit the existing ones.Secure LDAP is an LDAP server whose communication is encrypted by SSL.If <strong>Kerio</strong> MailServer is installed on a server which is used as a domain controller (in ActiveDirectory), it is necessary to run LDAP and LDAPS services on a non-standard port or todisable them.HTTPThe HTTP protocol is used for:1TLS is follower of the SSL protocol, it is actually SSL version 3.156