Kerio Connect

Welcome to our Kerio Connect feedback forum. Do you have an idea? Do you recognize a good idea when you see one? We want to hear from you!

How can we improve Kerio Connect?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Custome whitelist IP address should work for Antispam also

    Some times genuine mail also consider / filtering in Antispam. so we can whitelist that IP through the same function.

    1 vote
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. support CER format certificate

    please add cer support because it takes 2 hours from me to convert my certificate from CER format to CRT and PEM format

    1 vote
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. guessing passwords - BIG PROBLEM

    1. For SMTP login should be a option to disabled. Today, the active sysnc protocol is still used…

    2. Active sync devices should only be added with administrator only

    3. The Kerio web client should use two factor authentication

    Security log example:

    27/Nov/2018 05:34:35] Failed SMTP login from 88.208.208.52 with SASL method PLAIN.

    [27/Nov/2018 08:12:59] HTTP/ActiveSync: Authentication failed for user user@isotra.cz. Attempt from IP address 88.208.208.52 External authentication service rejected authentication due to invalid password or authentication restriction.

    3 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Implement inbound DMARC and DKIM checking

    The Global,Cyber Alliance is currently running major campaigns to get organisations to enable DMARC on their outbound mail, and Kerio Connect with its ability to have DKIM signed email is contributing to.

    Equally important is the requirement for inbound email servers to participate in the DMARC program.

    all inbound email into O365, Outlook, Gmail and Yahoo Mail is checked against DMARC records and then either passed, quarantined or rejected based on the SPF and DKIM status of the incoming email.

    Kerio Connect needs to have the capability to check a DMARC record upon receipt of an email, then examine SPF…

    33 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. hide integrate with device link from webmail login page

    I would not like users to see the "integrate with device" or "integration with windows" link on the webmail login. We recommend webmail for some outside contractors for whom we don't want their Outlook configured for direct connections, etc. I realize one could on their own download and install the outlook connector, but do we need to present it to them? Likewise for people who go to webmail from their personal ipad - I don't want them to use the Integrate with Device option or know it exists. Sure people could go hack the settings on their own and figure…

    6 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Block IP of Robotic password guessing or brute-force attack

    Block IP of Robotic password guessing or brute-force attack

    7 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. 52 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add support for Letsencrypt

    Please add full support for letsencrypt certificates

    https://letsencrypt.org/

    495 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    28 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

    GFI official position is to use purchased certificates for use with Kerio Connect and not use free Let’s Encrypt certificates, however for those wanting free Let’s Encrypt option it is possible.

  9. Certificate based User Authentication

    As asked by Alexaner in this post:
    http://forums.kerio.com/t/30778//

    Are there any plans for enabling certificate based User Authentication to ActiveSync or EWS Services or even webmail with Microsoft AD based PKI Infrastructure?

    I see a big benefit especially for mobile users, as they would not need to enter a windows AD password (which might be rather complex) on their mobile devices. Especially recognizing the growing number of MDM installations....

    9 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow ActiveSync connections only to special mobil devices

    Our problem is, that a user could log in with his account on many devices. Our company rules is that the employers should only have access from they company mobile devices to Active Sync.

    the solution would be, that new mobile devices had to be allowed by a administrator befor they could be synconiseised.

    15 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Reviewed  ·  1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Scan inside .RAR files for .EXE and other unwanted file types

    In order to fight the everyday increasing threats, will be useful to scan inside .rar files for unwanted file types.

    12 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Ability to Restrict the Browser and Version Browser Used for Accessing Email

    Our clients scan our networks to find out if there are any security vulnerabilities detected on our network. The results show our Email server supports outdated browsers. Currently this brings down our security scorecard/grade.

    If you are able to implement this so we can setup which browsers and the version can be used to access our email, this helps us keep our users accountable to stay on the latest web browsers/security updates. In addition, we try to minimize security risks on our network.

    1 vote
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. When

    When Users must be authenticated to send mail is enabled you override this by listing ip adresses who can send unauthenticated. like a backup email script running on a server or a scanner who sends pdf to mail...
    But when you have multiple sites who connect to the mailserver you must set the wan ip in that list. So you now disabled the security for all clients in the entire site. Could you add a option so you can disable the security by sender mail adress like you can do it by IP?

    3 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow an account to be locked for sending exesive email

    It would be nice if you could have accounts locked if they send more messages than allowed by the administrator. For instance a user could be limited to 100 messages in 1 hour. If they exceed that their account is locked and a email is sent the the administrator so they can investigate the situation. This would help prevent compromised computers from sending tons of spam through the mail server.

    1 vote
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Anti Name-Spamming Feature

    A new Anti-Spam feature would be nice: Incoming (external!) eMails should be checked against names of the users on the kerio server (not addresses!).

    Our company get's some spam from completely external servers & unknown eMail addresses. Only the sender names are faked ones from our own employees - existing names from Kerio Connect. So the idea would be to check the received names against the names within Kerio. Additionally a whitelist would be great to allow name & address combinations from real existing second email addresses of members.

    3 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Multilevel/Advanced attachment filtering

    Kerio Connect 8.5.0 is now able to remove potentially malicious files from ZIP attachments.

    It would be good to enhance this feature to allow:

    1. Multilevel (recursive) searching for malicious files inside ZIP/RAR archives. Example: a ZIP file contains another ZIP file and that ZIP file contains a virus (exe file). So there are 2 possibilities that You may consider:
    a. Reject archives containing archives (i.e. RAR file in ZIP file)
    b. Do a recursive search to a specific depth (either hard coded or defined by administrator) in archives and reject if a file with prohibited extension is found

    I…

    4 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. filter attachments for the presence of macro's

    A lot of virusses spread via macro's in Word-files (or Excel). Most clients however work with word-files as attachments on daily bases. They rarely send/recieve legit mails with macro's inside however. It would be nice to be able to block all word (or excel) files containing macro's.

    I don't know if that should be an attachment-filter option or an antivirus option.

    9 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Limit access to accounts

    - For security reason you would not allow to login as admin from anywhere and should have a limit access for admin account or any users.
    - Support redirect all http protocol to https protocol, example redirect http://mail.secondarydomain to https://primarydomain and https://mail.secodarydomain:4040 to https://primarydomain:4040

    1 vote
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Block internal SPAMMER

    Have the ability to track who is sending email. You need an option to enable a limit on how many emails are sent by a specific user, not by IP as it is today.

    3 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. GDPR compliance

    GDPR compliance:
    1. Encrypt user email data - privace by design
    2. DLP - data leak protection
    2a predefined personal data filters and possibilty for custom filters

    17 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Kerio Connect

Feedback and Knowledge Base