Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Administration
  3. Articles

Kerio Connect Services

Overview

Kerio Connect services are configured to launch and run in the background. They can be configured to run using the local system account. 

This article provides information about these services and shares troubleshooting tips to handle issues related to them by covering the following topics:

 

Setting Service Parameters

You can set parameters for Kerio Connect services in the Configuration > Services section. By default, all services run on their standard ports.

1.png

Note: For security reasons, enable only the services that need to be used. For more information, refer to this linked article about configuring your firewall.

For every service, you can:

  • Configure the service to run automatically on the Kerio Connect startup, as seen in the screenshot below.

    2.png

  • Add, remove, or edit listening IP addresses and ports.

    3.png

  • Limit access to the service for specific IP addresses.

    4.png

  • Specify the maximum number of concurrent connections. When specifying, consider the number of server users. Additionally, set the value to 0 for an unlimited number of connections.

    5.png

Back to top

 

Port Collisions

If any service available in Kerio Connect is already running on the server, you have two possibilities:

  • Change the traffic port for one of the services; or
  • Reserve a different IP address for each instance of the service on the same port.

    Note: It is not recommended to reserve IP addresses dynamically, for example, via DHCP.

 

Troubleshooting Port Collision

For troubleshooting, run the netstat commands to find out the port occupation, as illustrated below:

Note: The following examples are for LDAP (389) and Secure LDAP (636) services.

  • macOS:
    netstat -anv | egrep -w [.]389.*LISTEN
    netstat -anv | egrep -w [.]636.*LISTEN

    6.PNG

  • Linux:
    netstat -apt | grep ':389'
    netstat -apt | grep ':636'

    7.png

  • Windows:
    netstat -na | find "389"
    netstat -na | find "636"

    8.png

After identifying the necessary PIDs (Process Identifiers):

  • List all the applications using the ps -ax command for macOS, Linux, and services app for Windows; and 
  • Consider disabling/uninstalling the application or changing ports to troubleshoot.

Back to top

 

Service Types

Each service is available in both unsecured and secured versions (encrypted by SSL). The following sections describe individual services:

Service Types

Description

SMTP
The SMTP protocol server sends outgoing email messages, receives incoming messages and messages created via mailing lists in Kerio Connect. You can use two methods for encrypting the SMTP traffic:
  • SMTP on port 25 with STARTTLS if TLS encryption is supported. The traffic on port 25 starts as unencrypted and if both sides support TLS, the TLS encryption starts via STARTTLS.
  • SMTP on port 465 with SSL/TLS. The traffic is encrypted from the start.
Note: Since public Wi-Fi networks often do not support traffic on unencrypted protocols, SMTP on port 25 can be blocked. In such cases, users cannot send an email out of the network. SMTPS (Simple Mail Transfer Protocol Secure) on port 465 is usually allowed.

SMTP Submission 


SMTP Submission is a special type of communication that enables messages sent by an authenticated user to be delivered immediately without antispam control. Allow SMTP Submission if you use a distributed domain.

POP3


POP3 protocol server allows users to retrieve messages from their accounts. It can be used as an alternative to IMAP for access messages.

IMAP
IMAP protocol server allows users to access their messages. With this protocol, messages stay in folders and can be accessed from multiple locations at any time.

NNTP


NNTP is a transfer protocol for discussion groups over the Internet. The service allows users to use messages of the news type and use the protocol to view public folders. Public folders cannot be viewed via NNTP if their name includes a blank space or the . (dot) symbol.

LDAP


LDAP server enables users to access centrally managed contacts. It provides read-only access and users are not allowed to create new contacts nor edit the existing ones.

If Kerio Connect is installed on a server that is used as a domain controller (in Active Directory), run this service on non-standard ports or disable them.

HTTP


The HTTP protocol is used to:

  • Access user mailboxes in Kerio Connect Client;
  • Access the Free/Busy server;
  • Automatically update Kerio Outlook Connector (Offline Edition);
  • Synchronize via ActiveSync or NotifyLink;
  • Publish calendars in iCal format;
  • (HTTPS) Access the Kerio Connect administration; and
  • (HTTPS) Access user mailboxes in Kerio Connect Client (if a secured connection is required).

XMPP


XMPP is used for Instant Messaging feature that allows users to chat with other users in or outside of their domain.

Back to top

 

Restricting Access to Some Services

To restrict access to any service for any users, you can define User Access Policies. You can allow or deny access to individual protocols from specific IP addresses to individual users.

 

Defining Access Policies

  1. Log into your Kerio Connect instance.

  2. In the administration interface, go to Configuration

  3. Go to Definitions > User Access Policies.

  4. Click Add Policy and type a name for the policy.

  5. Click the Add restriction link.

    9.png


  6. Select a protocol and click Allow/Deny/Allow only to set the access. You can add multiple restrictions.

    10.png

  7. Set access for the remaining (unselected) protocols. 

  8. Click Apply.

Note: To remove a restriction or policy, select it and click Remove.

 

Assigning Access Policies to Users

Every new user is assigned the Default policy. Follow these steps to assign a different policy to a user:

  1. Log into your Kerio Connect instance.

  2. In the administration interface, go to Accounts > Users.

  3. Double-click a user and go to the Rights tab.

  4. Select an Access policy from the drop-down list.

  5. Click OK


    11.png

Back to top

 

Troubleshooting

If any problem regarding services occurs, consult the debug log by following these steps:

  1. Right-click the debug log area;
  2. Click Messages; and
  3. Select the appropriate message type (service to be logged) to start troubleshooting. Refer to the following table to learn more about using the correct service depending on your scenario:

    Service Type

    When to Use the Service

    SMTP
    When there are problems in the communication between the SMTP server and a client, use the SMTP Server and SMTP Client options.

    POP3
    When problems arise with the POP3 server, enable the POP3 Server option.

    IMAP
    When there are problems with the IMAP Server, enabling of the IMAP server logging might be helpful.

    NNTP
    When there are problems with the NNTP server, enable the NNTP Server option.

    LDAP
    When problems with the LDAP server arise, enable the LDAP Server option.

    HTTP
    • The HTTP Server option enables logging of HTTP traffic on the server's side.
    • The WebDAV Server Request option enables logging of queries sent from a WebDAV server. Use this option for Microsoft Entourage or Apple Mail if you are experiencing problems with Exchange accounts. 
    • The PHP Engine Messages option helps to solve problems with the Kerio Connect Client interface.

    XMPP
    When there are problems with the IM server, enable the Instant Messaging Server option.

Note: Too many log messages may slow down your server. Once your issue is resolved, disable the logging.

Back to top

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments