Kerio instant messaging service is based on XMPP, an open technology for real-time communication. The instant messaging (IM) service is running in Kerio Connect automatically. This article covers the steps to properly configure it.
To check if instant messaging is accessible:
- From the administration interface, go to Configuration > Instant Messaging.
- Click the option Check Service Accessibility.
- Make sure to open these ports on the firewall (both directions):
- 5222 - for the IM service.
- 5223 - for secured IM service.
- 5269 - if sending outside of the domain is allowed.
- DNS records must be configured for the domain. For additional information, refer to Configuring DNS for instant messaging.
Securing instant messaging
The recommended option is to secure instant messaging by using TLS (Transport Layer Security):
- Choose a security policy to require an encrypted connection or secure authentication, go to Configuration > Security > Security Policy tab.
- (For Kerio Connect 8.1 and older: Configuration > Advanced Options > Security Policy tab.)
- Use unsecured instant messaging service (port 5222). You can also enable only the secure instant messaging service (port 5223) and use SSL.
Note: Security policy is applied to all services in your Kerio Connect.
Limiting access to instant messaging
In order to restrict access to any users, define User Access Policies to:
- Disable access to IM.
- Restrict access IM to specific addresses.
To display which users are connected to the IM server, go to the Active Connections section in the administration interface.