Kerio Connect

Welcome to our Kerio Connect feedback forum. Do you have an idea? Do you recognize a good idea when you see one? We want to hear from you!

How can we improve Kerio Connect?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add support for Letsencrypt

    Please add full support for letsencrypt certificates

    https://letsencrypt.org/

    326 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  12 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. block emails with attechement files (i.e *.doc) with specified name of this file (ie "invoice")

    it would be great if we could set a filter for all doc oder xl* attachments where the name of the file exists the text "invoice"

    not only !all! *.doc files !!! - this is currently OK

    55 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. block mail before accepting (during smtp communication)

    It would be brilliant if analysing the mail is completed before telling the sending server if the mail is accepted or rejected. With this mechanism the responsibility for at the moment lost important! data is transfered back to the sending server.

    At the moment in many countries blocking must be disabled due to legal issues, because the responsibility with blocked mails (with kerio connect) is on the receiving side. And due to confidentiality it is not possible to use the "quarantine address".

    48 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. 40 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. SSO Authentication (SAML, CAS, Shibboleth,...)

    Possibility to use SSO to authenticate users.
    The standard is SAML but education institutions need rather CAS or Shibboleth.

    38 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Improve security

    There are several ways the security can be approved.
    First of all the 5 minutes block time on password guessing should be configurable. A lot of zombies just keep on trying. When locked out for 5 minutes they just continue after 6 minutes.
    -
    Even worse: Kerio Connect doesn't have any protection against e-mail harvesting. Just see the attached log file. Those attacks are pretty easy to recognize and action should be taken.

    36 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. add parameters for "Login guessing protection"

    I I have lot's of smtp and pop login attacks of robots on my server.

    I would like to automatically blacklist IP who do this attack but I can't.

    The robot do that (for exemple) :
    He try to log in with a list of random users name just one time :
    admin@mydomain.fr...failed
    root@mydomain.fr...failed
    webmaster@mydomain.fr...failed
    and do this for arround 50 users.
    After, it starts again from the beginning
    admin@mydomain.fr...failed
    root@mydomain.fr...failed
    webmaster@mydomain.fr...failed

    The IP of robot is the same but because the time between 2 attempts is long, the "Login guessing protection" security doesn't…

    25 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. DANE TLS

    Postfix 2.11 now support DANE TLS
    look into adding it.

    18 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. approval of device connection

    Ability to approve the devices that can access the mail,

    Only company devices(known) should be able to connect to the mailserver. Exchange has this ability check link http://exchangeserverpro.com/preventing-new-activesync-device-types-from-connecting-to-exchange-server-2010/

    18 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. When a spam attack is detected and Kerio Control is also used then create automatically a deny rule for that IP address

    When a spam attack is detected and Kerio Control is also used then create automatically a deny rule for that IP address

    14 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. manual scan of database with integrated antivirus

    manual scan of database with integrated antivirus

    AFAIK not possible right now.
    if I import 100 users with imap migration tool, and server is not online, nor there is updated AV databases, there is big possibility to have a lot of malware in emails already.

    how we can scan that data after server is put in production state?
    some command from CLI perhaps.

    10 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Logging of all events where the user sets the sharing and delegation.

    Logging of all events where the user sets the sharing and delegation.

    9 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add a filter attached files for common types of archives

    Scan inside .ZIP, .RAR, .TAR, BZ2, .7ZIP files for .EXE, .CMD, .SCR and other unwanted file types

    8 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. BATV (Bounce Address Tag Validation) Check

    Not sure if this is already implemented in kerio but sounds like a good idea.

    BATV is a mechanism wherein an outgoing Email server adds a tag to the Envelope From address of all outgoing Emails. For example, if an Email address goes out with From address as <info@allaboutspam.com>, the Envelope From is changed to <prvs=SBDGAUJ=info@allaboutspam.com>, where 'SBDGAUJ' is the added tag. This tag is generated using an internal mechanism and is different for each email sent.

    If any bounce is received by the Incoming email servers, they are checked to see if the Bounce address…

    7 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. To prevent when an account becomes compromised, limit the amount of messages that can be sent from a particular email account.

    To prevent when an account becomes compromised, be able limit the amount of messages that can be sent from a particular email account in the same way you can limit the amount of messages from one IP address. When accounts become compromised the hackers use multiple IP addresses to send from the same account. Limiting the amount of email being sent on the account side could prevent a particular account from bringing down and entire server.

    7 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow disabling DSNs (receipts that the message has arrived at the mailserver)

    It should really be possible to disable the automatic receipt messages from the mail server (this has nothing to do with read-receipts), because spammers can easily exploit that to verify mailboxes. Therefore posting in Security.

    7 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Attachment filter

    Attachment filter:

    Today there is more then 19.000 different kinds of file extensions in use in the world. I would be nice for security to have a white-list instead of a blacklist attachment filter. The attacker allways decide witch kind of extension to use ore misuse in the attacks.

    So if i only want to allow .DOCX then the 18.999 is by default denied.
    This wil olso help to ensure the the AV scanning engine really can do a nicer scanning job and improve security a lot.

    6 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Read source IP from X-forwarded-for http header

    If you have kerio webmail behind some http proxy like apache,
    then in logs are all incoming ip just the apache server IP.
    After proxy the original ip address is in X-Forwarded-for http header, but this is not implemented in kerio connect http server.

    6 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add ability to make few password policies in local user’s database.

    Add ability to make few password policies in local user’s database.

    6 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Scan inside .RAR files for .EXE and other unwanted file types

    In order to fight the everyday increasing threats, will be useful to scan inside .rar files for unwanted file types.

    6 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base