Kerio Connect

Welcome to our Kerio Connect feedback forum. Do you have an idea? Do you recognize a good idea when you see one? We want to hear from you!

How can we improve Kerio Connect?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add support for Letsencrypt

    Please add full support for letsencrypt certificates

    https://letsencrypt.org/

    486 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    28 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    GFI official position is to use purchased certificates for use with Kerio Connect and not use free Let’s Encrypt certificates, however for those wanting free Let’s Encrypt option it is possible.

  2. block emails with attechement files (i.e *.doc) with specified name of this file (ie "invoice")

    it would be great if we could set a filter for all doc oder xl* attachments where the name of the file exists the text "invoice"

    not only !all! *.doc files !!! - this is currently OK

    58 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. SSO Authentication (SAML, CAS, Shibboleth,...)

    Possibility to use SSO to authenticate users.
    The standard is SAML but education institutions need rather CAS or Shibboleth.

    50 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. block mail before accepting (during smtp communication)

    It would be brilliant if analysing the mail is completed before telling the sending server if the mail is accepted or rejected. With this mechanism the responsibility for at the moment lost important! data is transfered back to the sending server.

    At the moment in many countries blocking must be disabled due to legal issues, because the responsibility with blocked mails (with kerio connect) is on the receiving side. And due to confidentiality it is not possible to use the "quarantine address".

    49 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. 46 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Improve security

    There are several ways the security can be approved.
    First of all the 5 minutes block time on password guessing should be configurable. A lot of zombies just keep on trying. When locked out for 5 minutes they just continue after 6 minutes.
    -
    Even worse: Kerio Connect doesn't have any protection against e-mail harvesting. Just see the attached log file. Those attacks are pretty easy to recognize and action should be taken.

    42 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. DANE TLS

    Postfix 2.11 now support DANE TLS
    look into adding it.

    30 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. add parameters for "Login guessing protection"

    I I have lot's of smtp and pop login attacks of robots on my server.

    I would like to automatically blacklist IP who do this attack but I can't.

    The robot do that (for exemple) :
    He try to log in with a list of random users name just one time :
    admin@mydomain.fr...failed
    root@mydomain.fr...failed
    webmaster@mydomain.fr...failed
    and do this for arround 50 users.
    After, it starts again from the beginning
    admin@mydomain.fr...failed
    root@mydomain.fr...failed
    webmaster@mydomain.fr...failed

    The IP of robot is the same but because the time between 2 attempts is long, the "Login guessing protection" security doesn't…

    29 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. approval of device connection

    Ability to approve the devices that can access the mail,

    Only company devices(known) should be able to connect to the mailserver. Exchange has this ability check link http://exchangeserverpro.com/preventing-new-activesync-device-types-from-connecting-to-exchange-server-2010/

    25 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Implement inbound DMARC and DKIM checking

    The Global,Cyber Alliance is currently running major campaigns to get organisations to enable DMARC on their outbound mail, and Kerio Connect with its ability to have DKIM signed email is contributing to.

    Equally important is the requirement for inbound email servers to participate in the DMARC program.

    all inbound email into O365, Outlook, Gmail and Yahoo Mail is checked against DMARC records and then either passed, quarantined or rejected based on the SPF and DKIM status of the incoming email.

    Kerio Connect needs to have the capability to check a DMARC record upon receipt of an email, then examine SPF…

    24 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. When a spam attack is detected and Kerio Control is also used then create automatically a deny rule for that IP address

    When a spam attack is detected and Kerio Control is also used then create automatically a deny rule for that IP address

    18 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. GDPR compliance

    GDPR compliance:
    1. Encrypt user email data - privace by design
    2. DLP - data leak protection
    2a predefined personal data filters and possibilty for custom filters

    17 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Read source IP from X-forwarded-for http header

    If you have kerio webmail behind some http proxy like apache,
    then in logs are all incoming ip just the apache server IP.
    After proxy the original ip address is in X-Forwarded-for http header, but this is not implemented in kerio connect http server.

    16 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow ActiveSync connections only to special mobil devices

    Our problem is, that a user could log in with his account on many devices. Our company rules is that the employers should only have access from they company mobile devices to Active Sync.

    the solution would be, that new mobile devices had to be allowed by a administrator befor they could be synconiseised.

    12 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Reviewed  ·  1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add a filter attached files for common types of archives

    Scan inside .ZIP, .RAR, .TAR, BZ2, .7ZIP files for .EXE, .CMD, .SCR and other unwanted file types

    11 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. manual scan of database with integrated antivirus

    manual scan of database with integrated antivirus

    AFAIK not possible right now.
    if I import 100 users with imap migration tool, and server is not online, nor there is updated AV databases, there is big possibility to have a lot of malware in emails already.

    how we can scan that data after server is put in production state?
    some command from CLI perhaps.

    10 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Certificate based User Authentication

    As asked by Alexaner in this post:
    http://forums.kerio.com/t/30778//

    Are there any plans for enabling certificate based User Authentication to ActiveSync or EWS Services or even webmail with Microsoft AD based PKI Infrastructure?

    I see a big benefit especially for mobile users, as they would not need to enter a windows AD password (which might be rather complex) on their mobile devices. Especially recognizing the growing number of MDM installations....

    9 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. filter attachments for the presence of macro's

    A lot of virusses spread via macro's in Word-files (or Excel). Most clients however work with word-files as attachments on daily bases. They rarely send/recieve legit mails with macro's inside however. It would be nice to be able to block all word (or excel) files containing macro's.

    I don't know if that should be an attachment-filter option or an antivirus option.

    9 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Scan inside .RAR files for .EXE and other unwanted file types

    In order to fight the everyday increasing threats, will be useful to scan inside .rar files for unwanted file types.

    9 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Logging of all events where the user sets the sharing and delegation.

    Logging of all events where the user sets the sharing and delegation.

    9 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Kerio Connect

Feedback and Knowledge Base