How can we improve Kerio Connect?

User based SMTP limits

Allow SMTP limits based on user. Doing so by IP address is not practical if many users are behind a single IP. Doing it by user login would be a quick way to stop an open relay situation if a specific account has been compromised.

65 votes
Vote
Sign in Sign in with GFI
Signed in as (Sign out)
You have left! (?) (thinking…)
Sam Bergin shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

6 comments

Sign in Sign in with GFI
Signed in as (Sign out)
Submitting...
  • Justin Lee commented  ·   ·  Flag as inappropriate

    We just had DoS due to password compromise, and 37,000/hr for several hours. This stopped mail for everyone, blacklisted, and we had several hundred unhappy users. Workaround to get KMS working was to stop Kerio, rename the queue folder, and restart. We parsed the queue folder after hours, and re-added non-SPAM messages to the queue.

  • Ortwin Glück commented  ·   ·  Flag as inappropriate

    Definitely! Account compromise happen all the time as users tend to give away their credentials to random Android and web apps... And no sane user needs to send thousands of emails per hour.

  • Todd commented  ·   ·  Flag as inappropriate

    I strongly agree. We just had a user password compromised and multiple IP's were being used to send mail from one account. The current option of messages per hour from one IP address is useless against this attack.

    Now we have to spend time getting delisted when you can easily program this in to Kerio v9.2+.

    This should be implemented right away. Thanks for listening....

  • Joakim commented  ·   ·  Flag as inappropriate

    Yes, please go ahead and make this happen. One customer just got hacked a couple of days ago (using the same password on a site that got hacked). We had >500 hosts relaying (before we detected it) so the built-in feature of limiting per IP is quite useless in theese kinds of scenarios

  • Francesco Barcella commented  ·   ·  Flag as inappropriate

    This is a fondamental feature. Almost all mail servers provide something similar, very useful to limit compromised account to spam through your mail server, with the risk of going into blacklist.

Feedback and Knowledge Base