In Kerio Connect, administrators can configure the SMTP server to protect Kerio Connect from misuse.
Anyone can connect to an unprotected SMTP server from the Internet and send email messages through Kerio Connect. For example, spammers can use the SMTP server to send out spam messages, and as a result, companies could be added to spam blacklists.
In Kerio Connect, administrators can configure several limits for IP addresses to secure your SMTP server. This article covers the steps to properly secure the SMTP Server.
- In the administration interface, go to Configuration > SMTP Server > Security Options tab.
- For a single IP address you can set the IP address based limits:
- Max. number of messages per hour discards any new message sent from the same IP address after reaching the set limit.
- Max. number of concurrent SMTP connections gives protection from denial of service, or Denial of Service (DoS), attacks which overload the server.
- Max. number of unknown recipients protects Kerio Connect from directory harvest attacks, in which an application connects to your server and uses the dictionary to generate possible usernames.
- Enable the Do not apply these limits to IP address group option and choose a group of trusted IP addresses that are not affected by the above settings.
- You can further protect Kerio Connect using several additional options:
- To block senders with fictional email addresses, check Block if sender's domain was not found in DNS
- To block incorrectly configured DNS entries, check Block if client's IP address has no reverse DNS entry (PTR)
- To block spam messages sent to a large number of recipients, check Max. number of recipients in a message
- Spammers often send messages using applications that connect to SMTP servers and ignore its error reports. The Max. number of failed commands in an SMTP session option protects against these applications by closing the SMTP connection automatically after the defined number of failed commands.
- To block messages with large attachments that can overload your server, check Limit maximum incoming SMTP message size to.
- On the SMTP Delivery tab, choose the Use SSL/TLS if supported by remote SMTP server option.
- Click Apply.
Applied changes take immediate effect. Sometimes a legitimate message is rejected. This may happen, for example, when a salesperson sends multiple messages to customers and exceeds the limits set for the SMTP server. Adjusting the settings on the Security Options tab prevents this from happening.