How can we improve Kerio Connect?

Forced TLS

Provide extra option of sending through TLS only (Forced TLS)

Today, Kerio provides two options for TLS:
1, No TLS
2, Opportunistic TLS: Kerio Connect uses TLS (STARTTLS) for sending/receiving emails whenever it is possible. But it is not mandatory, so the email is delivered over unsecure connection if the TLS fails or cannot be established. Kerio falls back to normal unsecure SMTP if TLS cannot be used.”

In the future, Kerio should provide 3 options for TLS:
1, No TLS
2, Opportunisitic TLS
3, Forced TLS: For each domain, the administrator can define a set of partner-domains for which only TLS-encrypted mail is possible. If Kerio detects unsecure connection for such a partner-domain, it will not send the mail but alert the user. If user send to another domain, the systems works in the opportunistic TLS mode.

84 votes
Sign in Sign in with GFI
Signed in as (Sign out)
You have left! (?) (thinking…)
Josef Leiter shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in Sign in with GFI
Signed in as (Sign out)
  • Jeroen Keerl commented  ·   ·  Flag as inappropriate

    Especially the financial sector is making heavy use of this feature to ensure compliance with PCI-DSS and / or ISO27001. If Kerio wants to compete with other mail server companies, this should be implemented asap. Exchange, Communigate, Sendmail and postfix all support this.

Feedback and Knowledge Base