Kerio Connect

Welcome to our Kerio Connect feedback forum. Do you have an idea? Do you recognize a good idea when you see one? We want to hear from you!

How can we improve Kerio Connect?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. DNSSEC

    As you will well know spam - unsolicited emails - are a big problem for everyone who uses email. Related to spam are fake emails where the sender details are faked.

    Kerio Connect supports some features to help in both cases such as a spam filter, black lists, and support for SPF - Sender Policy Framework. Kerio Connect also has some support for DKIM - Domain Keys.

    However Kerio Connect does not support DNSSEC. Whilst SPF and DKIM help in ensuring emails for a domain are only sent from a mail server authorised to send for that domain they do…

    4 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow to personnalize the message that the sender receives when the attachment is refused by the rule defined in the server

    It would be nice to have the possibility to modify the rejected message with the logo of our company, our own explanation text, the raison why we block the mail, the list of the extensions blocked, the alternatives to send the file in an other maner...

    4 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. smtp relay security to allow only certain domains

    On the smtp relay-control there could be a domain list, which domains can relay mail. This would force the "from" field of the mail to come out of this list of domains. I could add mycompany.com and my2ndcompany.com to this list so users cannot use a different from-adres. This would add security if someones username/password got stolen without them knowing and authenticated smtp-relay is allowed.

    2 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Antivirus -> If a wirus is detected in a message -> Forward the original message to the ORIGINAL DESTINATION

    Dear Kerio, it is highly impolite, arogant and egoistic, to think, that an IT system "knows better" when doing something, especially when interferring with users data. So while sometimes it may be a neccesary option, to decline the clients their data in an email message when containing virus, but there are definitely cases, when such messages should be marked clearly, but the attachment(s) should be left in place and the messages shall be delivered. Such a decission is definitely NOT up to you, but rather up to the administrator of such a system in cooperation of the owner/investor of the…

    3 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow incoming mails from particular servers only per domain

    To provide extra security for customers we need to restrict IP ranges from which mail is accepted per domain. This isn't a problem for a whole server and can be achieved easily by a firewall or gateway but we need this at a domain level.
    Office 365 has this feature already. So please consider...

    6 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Antivirus push update

    Push antivirus updates instead of periodic updates.

    6 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Security issue - add http headers for web server

    Some Critical headers are missing on web server side: Cache-Control, X-Content-Type-Options and Content-Security-Policy.

    3 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Prevent overloading with max. Message size restriction for draft folder

    Background: These days some users trying to send/save big email attachments from their smartphone/SSD devices to the KC server. To avoid overloading we limited the outgoing message size.

    We would like to go one step further to prevent performance issues both on server and client side. Although we teached them to use local file solution instead, some users still selecting multiple images on their smartphone. Unfortunately these 50MB> mails are saved to the server. Thus, please add a CPU restriction / message size restriction. Messages should immediately bounced once a Message exceeds the Outbox, Draft and Sent Items Folder size.

    3 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. SMTP BLACK LIST

    You have a function to Whitelist IP addresses trying to SMTP authenticate on the mail server. Why don't you have a Black list for known offenders. Adding the IP to the firewall is not the solution. Many firewall appliances only all a limited number of Rules or Policys. And creating a rule or policy for each ip that is an offender can easily use the rules allotted. Also since this is a MAIL server it is best to troubleshoot attacks at the server.

    1 vote
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. More granularity in anti-hammering settings

    Right now there is no ability to set any parameters to the anti-hammering (password guessing) security features. For example, it would be great if we could specify different lengths of time for the block of IP addresses that are suspected of password guessing attacks. Right now, the ban only lasts a few minutes, but we would like the option to set that to a longer duration.

    It would also be good if we could have the option to permanently block whole IP address blocks of addresses, or at least permanently block repeat offenders.

    1 vote
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Disable login on SMTP port while the port is open for MX record

    We use SMTP on port 25 only for MX record and have constant login attempts on this port. It would be safer if we could disable client logins on this port.

    3 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. To prevent when an account becomes compromised, limit the amount of messages that can be sent from a particular email account.

    To prevent when an account becomes compromised, be able limit the amount of messages that can be sent from a particular email account in the same way you can limit the amount of messages from one IP address. When accounts become compromised the hackers use multiple IP addresses to send from the same account. Limiting the amount of email being sent on the account side could prevent a particular account from bringing down and entire server.

    7 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. block emails with attechement files (i.e *.doc) with specified name of this file (ie "invoice")

    it would be great if we could set a filter for all doc oder xl* attachments where the name of the file exists the text "invoice"

    not only !all! *.doc files !!! - this is currently OK

    58 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Security - Login guessing protection

    -i like to see a list for blocked accounts and like to unblock each account. E.g. two or three accounts are blocked, so i like to unblock only one of them.

    -The button "unblock all accounts now" is important too, please don't remove it.

    1 vote
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow us to install frontend ssl certificate through webadmin on multi-server

    On a Connect multi-server setup, we can install the ssl certificate for the puppet master just fine, but to install the ssl certificate on a frontend proxy server, we need to manually go into via ssh and replace the certificate. This is not very user friendly and not very intuitive. I believe this is an overlooked feature of the multi-server setup. Thank you.

    3 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Attachment filter: Provide the "Discard zip archive containing files with dangerous extensions" option by extension and not globally.

    Generally we want to filter zipped and not zippend attachements. But for some extensions we need a method to let them through to not break our business processes (e.g. we need to allow zipped .xlsm and .docm files) and block everything else.

    6 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support RHSBL

    We make extensive use of the Spam Filter's Blacklists by increasing spam scores by 0.1 for each occurence on a DIFFERENT list (it reduces the number of false positives - the more lists an IP is on, the more likely it receives a higher spam score, adding more weight to some lists than others) and we ALSO use it with whitelists (by assigning a NEGATIVE score - which works like a charm.

    However these are IP based lists. It would be helpful if RHSBL are also supported -- and even better if Kerio Connect could figure out by itself what…

    1 vote
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. approval of device connection

    Ability to approve the devices that can access the mail,

    Only company devices(known) should be able to connect to the mailserver. Exchange has this ability check link http://exchangeserverpro.com/preventing-new-activesync-device-types-from-connecting-to-exchange-server-2010/

    25 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Encrypt storage

    Currently, all messages are displayed as * .eml and available without restrictions. Encrypting storage administrator password solve this issue

    4 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow disabling DSNs (receipts that the message has arrived at the mailserver)

    It should really be possible to disable the automatic receipt messages from the mail server (this has nothing to do with read-receipts), because spammers can easily exploit that to verify mailboxes. Therefore posting in Security.

    7 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Kerio Connect

Feedback and Knowledge Base