Kerio Connect

Welcome to our Kerio Connect feedback forum. Do you have an idea? Do you recognize a good idea when you see one? We want to hear from you!

How can we improve Kerio Connect?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Anti Name-Spamming Feature

    A new Anti-Spam feature would be nice: Incoming (external!) eMails should be checked against names of the users on the kerio server (not addresses!).

    Our company get's some spam from completely external servers & unknown eMail addresses. Only the sender names are faked ones from our own employees - existing names from Kerio Connect. So the idea would be to check the received names against the names within Kerio. Additionally a whitelist would be great to allow name & address combinations from real existing second email addresses of members.

    3 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Multilevel/Advanced attachment filtering

    Kerio Connect 8.5.0 is now able to remove potentially malicious files from ZIP attachments.

    It would be good to enhance this feature to allow:

    1. Multilevel (recursive) searching for malicious files inside ZIP/RAR archives. Example: a ZIP file contains another ZIP file and that ZIP file contains a virus (exe file). So there are 2 possibilities that You may consider:
    a. Reject archives containing archives (i.e. RAR file in ZIP file)
    b. Do a recursive search to a specific depth (either hard coded or defined by administrator) in archives and reject if a file with prohibited extension is found

    I…

    4 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. filter attachments for the presence of macro's

    A lot of virusses spread via macro's in Word-files (or Excel). Most clients however work with word-files as attachments on daily bases. They rarely send/recieve legit mails with macro's inside however. It would be nice to be able to block all word (or excel) files containing macro's.

    I don't know if that should be an attachment-filter option or an antivirus option.

    9 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Limit access to accounts

    - For security reason you would not allow to login as admin from anywhere and should have a limit access for admin account or any users.
    - Support redirect all http protocol to https protocol, example redirect http://mail.secondarydomain to https://primarydomain and https://mail.secodarydomain:4040 to https://primarydomain:4040

    1 vote
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Block internal SPAMMER

    Have the ability to track who is sending email. You need an option to enable a limit on how many emails are sent by a specific user, not by IP as it is today.

    3 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. GDPR compliance

    GDPR compliance:
    1. Encrypt user email data - privace by design
    2. DLP - data leak protection
    2a predefined personal data filters and possibilty for custom filters

    17 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. BATV (Bounce Address Tag Validation) Check

    Not sure if this is already implemented in kerio but sounds like a good idea.

    BATV is a mechanism wherein an outgoing Email server adds a tag to the Envelope From address of all outgoing Emails. For example, if an Email address goes out with From address as <info@allaboutspam.com>, the Envelope From is changed to <prvs=SBDGAUJ=info@allaboutspam.com>, where 'SBDGAUJ' is the added tag. This tag is generated using an internal mechanism and is different for each email sent.

    If any bounce is received by the Incoming email servers, they are checked to see if the Bounce address…

    10 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. DNSSEC

    As you will well know spam - unsolicited emails - are a big problem for everyone who uses email. Related to spam are fake emails where the sender details are faked.

    Kerio Connect supports some features to help in both cases such as a spam filter, black lists, and support for SPF - Sender Policy Framework. Kerio Connect also has some support for DKIM - Domain Keys.

    However Kerio Connect does not support DNSSEC. Whilst SPF and DKIM help in ensuring emails for a domain are only sent from a mail server authorised to send for that domain they do…

    4 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow to personnalize the message that the sender receives when the attachment is refused by the rule defined in the server

    It would be nice to have the possibility to modify the rejected message with the logo of our company, our own explanation text, the raison why we block the mail, the list of the extensions blocked, the alternatives to send the file in an other maner...

    4 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. smtp relay security to allow only certain domains

    On the smtp relay-control there could be a domain list, which domains can relay mail. This would force the "from" field of the mail to come out of this list of domains. I could add mycompany.com and my2ndcompany.com to this list so users cannot use a different from-adres. This would add security if someones username/password got stolen without them knowing and authenticated smtp-relay is allowed.

    2 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Antivirus -> If a wirus is detected in a message -> Forward the original message to the ORIGINAL DESTINATION

    Dear Kerio, it is highly impolite, arogant and egoistic, to think, that an IT system "knows better" when doing something, especially when interferring with users data. So while sometimes it may be a neccesary option, to decline the clients their data in an email message when containing virus, but there are definitely cases, when such messages should be marked clearly, but the attachment(s) should be left in place and the messages shall be delivered. Such a decission is definitely NOT up to you, but rather up to the administrator of such a system in cooperation of the owner/investor of the…

    3 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow incoming mails from particular servers only per domain

    To provide extra security for customers we need to restrict IP ranges from which mail is accepted per domain. This isn't a problem for a whole server and can be achieved easily by a firewall or gateway but we need this at a domain level.
    Office 365 has this feature already. So please consider...

    6 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Antivirus push update

    Push antivirus updates instead of periodic updates.

    6 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Security issue - add http headers for web server

    Some Critical headers are missing on web server side: Cache-Control, X-Content-Type-Options and Content-Security-Policy.

    3 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Prevent overloading with max. Message size restriction for draft folder

    Background: These days some users trying to send/save big email attachments from their smartphone/SSD devices to the KC server. To avoid overloading we limited the outgoing message size.

    We would like to go one step further to prevent performance issues both on server and client side. Although we teached them to use local file solution instead, some users still selecting multiple images on their smartphone. Unfortunately these 50MB> mails are saved to the server. Thus, please add a CPU restriction / message size restriction. Messages should immediately bounced once a Message exceeds the Outbox, Draft and Sent Items Folder size.

    3 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. SMTP BLACK LIST

    You have a function to Whitelist IP addresses trying to SMTP authenticate on the mail server. Why don't you have a Black list for known offenders. Adding the IP to the firewall is not the solution. Many firewall appliances only all a limited number of Rules or Policys. And creating a rule or policy for each ip that is an offender can easily use the rules allotted. Also since this is a MAIL server it is best to troubleshoot attacks at the server.

    1 vote
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. More granularity in anti-hammering settings

    Right now there is no ability to set any parameters to the anti-hammering (password guessing) security features. For example, it would be great if we could specify different lengths of time for the block of IP addresses that are suspected of password guessing attacks. Right now, the ban only lasts a few minutes, but we would like the option to set that to a longer duration.

    It would also be good if we could have the option to permanently block whole IP address blocks of addresses, or at least permanently block repeat offenders.

    1 vote
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Disable login on SMTP port while the port is open for MX record

    We use SMTP on port 25 only for MX record and have constant login attempts on this port. It would be safer if we could disable client logins on this port.

    3 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. To prevent when an account becomes compromised, limit the amount of messages that can be sent from a particular email account.

    To prevent when an account becomes compromised, be able limit the amount of messages that can be sent from a particular email account in the same way you can limit the amount of messages from one IP address. When accounts become compromised the hackers use multiple IP addresses to send from the same account. Limiting the amount of email being sent on the account side could prevent a particular account from bringing down and entire server.

    7 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. block emails with attechement files (i.e *.doc) with specified name of this file (ie "invoice")

    it would be great if we could set a filter for all doc oder xl* attachments where the name of the file exists the text "invoice"

    not only !all! *.doc files !!! - this is currently OK

    58 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Kerio Connect

Feedback and Knowledge Base