Kerio Connect

Welcome to our Kerio Connect feedback forum. Do you have an idea? Do you recognize a good idea when you see one? We want to hear from you!

How can we improve Kerio Connect?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable multi-factor authentication (MFA/2FA) on Kerio Connect web interface

    For security it would be good if the Kerio Connect web interface could have multi-factor authentication applied.

    1 vote
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Alerts to the mailbox about events in Kerio Connect.

    Dear developers Kerio Connect.

    Add the ability to notify about events in Kerio Connect.

    For example, [date time] IMAP: Invalid password for user manager@mydomain.com Attempt from IP address ***.***.***.axx Failed IMAP login from control, user manager@mydomain.com.
    [date time] SMTP: Invalid password for user manager@mydomain.com. Attempt from IP address ***.***.***.***. ***.***.***.***
    [date time] Account lockout - user manager@mydomain.com will be blocked for connections from IP address ***.***.***.***. ***.***.***.*** for 5 minutes

    These are very important messages, because a hacker can pick up passwords for the company's mailboxes, and the administrator will not even know about it !!!!!

    Best regards…

    1 vote
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Custome whitelist IP address should work for Antispam also

    Some times genuine mail also consider / filtering in Antispam. so we can whitelist that IP through the same function.

    1 vote
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. support CER format certificate

    please add cer support because it takes 2 hours from me to convert my certificate from CER format to CRT and PEM format

    1 vote
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. guessing passwords - BIG PROBLEM

    1. For SMTP login should be a option to disabled. Today, the active sysnc protocol is still used…

    2. Active sync devices should only be added with administrator only

    3. The Kerio web client should use two factor authentication

    Security log example:

    27/Nov/2018 05:34:35] Failed SMTP login from 88.208.208.52 with SASL method PLAIN.

    [27/Nov/2018 08:12:59] HTTP/ActiveSync: Authentication failed for user user@isotra.cz. Attempt from IP address 88.208.208.52 External authentication service rejected authentication due to invalid password or authentication restriction.

    3 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability to Restrict the Browser and Version Browser Used for Accessing Email

    Our clients scan our networks to find out if there are any security vulnerabilities detected on our network. The results show our Email server supports outdated browsers. Currently this brings down our security scorecard/grade.

    If you are able to implement this so we can setup which browsers and the version can be used to access our email, this helps us keep our users accountable to stay on the latest web browsers/security updates. In addition, we try to minimize security risks on our network.

    1 vote
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. When

    When Users must be authenticated to send mail is enabled you override this by listing ip adresses who can send unauthenticated. like a backup email script running on a server or a scanner who sends pdf to mail...
    But when you have multiple sites who connect to the mailserver you must set the wan ip in that list. So you now disabled the security for all clients in the entire site. Could you add a option so you can disable the security by sender mail adress like you can do it by IP?

    3 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow an account to be locked for sending exesive email

    It would be nice if you could have accounts locked if they send more messages than allowed by the administrator. For instance a user could be limited to 100 messages in 1 hour. If they exceed that their account is locked and a email is sent the the administrator so they can investigate the situation. This would help prevent compromised computers from sending tons of spam through the mail server.

    1 vote
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Anti Name-Spamming Feature

    A new Anti-Spam feature would be nice: Incoming (external!) eMails should be checked against names of the users on the kerio server (not addresses!).

    Our company get's some spam from completely external servers & unknown eMail addresses. Only the sender names are faked ones from our own employees - existing names from Kerio Connect. So the idea would be to check the received names against the names within Kerio. Additionally a whitelist would be great to allow name & address combinations from real existing second email addresses of members.

    3 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Limit access to accounts

    - For security reason you would not allow to login as admin from anywhere and should have a limit access for admin account or any users.
    - Support redirect all http protocol to https protocol, example redirect http://mail.secondarydomain to https://primarydomain and https://mail.secodarydomain:4040 to https://primarydomain:4040

    1 vote
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Block internal SPAMMER

    Have the ability to track who is sending email. You need an option to enable a limit on how many emails are sent by a specific user, not by IP as it is today.

    3 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Implement inbound DMARC and DKIM checking

    The Global,Cyber Alliance is currently running major campaigns to get organisations to enable DMARC on their outbound mail, and Kerio Connect with its ability to have DKIM signed email is contributing to.

    Equally important is the requirement for inbound email servers to participate in the DMARC program.

    all inbound email into O365, Outlook, Gmail and Yahoo Mail is checked against DMARC records and then either passed, quarantined or rejected based on the SPF and DKIM status of the incoming email.

    Kerio Connect needs to have the capability to check a DMARC record upon receipt of an email, then examine SPF…

    33 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. smtp relay security to allow only certain domains

    On the smtp relay-control there could be a domain list, which domains can relay mail. This would force the "from" field of the mail to come out of this list of domains. I could add mycompany.com and my2ndcompany.com to this list so users cannot use a different from-adres. This would add security if someones username/password got stolen without them knowing and authenticated smtp-relay is allowed.

    2 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. DNSSEC

    As you will well know spam - unsolicited emails - are a big problem for everyone who uses email. Related to spam are fake emails where the sender details are faked.

    Kerio Connect supports some features to help in both cases such as a spam filter, black lists, and support for SPF - Sender Policy Framework. Kerio Connect also has some support for DKIM - Domain Keys.

    However Kerio Connect does not support DNSSEC. Whilst SPF and DKIM help in ensuring emails for a domain are only sent from a mail server authorised to send for that domain they do…

    4 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. GDPR compliance

    GDPR compliance:
    1. Encrypt user email data - privace by design
    2. DLP - data leak protection
    2a predefined personal data filters and possibilty for custom filters

    17 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow to personnalize the message that the sender receives when the attachment is refused by the rule defined in the server

    It would be nice to have the possibility to modify the rejected message with the logo of our company, our own explanation text, the raison why we block the mail, the list of the extensions blocked, the alternatives to send the file in an other maner...

    4 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Antivirus -> If a wirus is detected in a message -> Forward the original message to the ORIGINAL DESTINATION

    Dear Kerio, it is highly impolite, arogant and egoistic, to think, that an IT system "knows better" when doing something, especially when interferring with users data. So while sometimes it may be a neccesary option, to decline the clients their data in an email message when containing virus, but there are definitely cases, when such messages should be marked clearly, but the attachment(s) should be left in place and the messages shall be delivered. Such a decission is definitely NOT up to you, but rather up to the administrator of such a system in cooperation of the owner/investor of the…

    3 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. hide integrate with device link from webmail login page

    I would not like users to see the "integrate with device" or "integration with windows" link on the webmail login. We recommend webmail for some outside contractors for whom we don't want their Outlook configured for direct connections, etc. I realize one could on their own download and install the outlook connector, but do we need to present it to them? Likewise for people who go to webmail from their personal ipad - I don't want them to use the Integrate with Device option or know it exists. Sure people could go hack the settings on their own and figure…

    6 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow incoming mails from particular servers only per domain

    To provide extra security for customers we need to restrict IP ranges from which mail is accepted per domain. This isn't a problem for a whole server and can be achieved easily by a firewall or gateway but we need this at a domain level.
    Office 365 has this feature already. So please consider...

    6 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Block IP of Robotic password guessing or brute-force attack

    Block IP of Robotic password guessing or brute-force attack

    7 votes
    Vote
    Sign in Sign in with GFI
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Kerio Connect

Feedback and Knowledge Base