Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » KMS in Bridgehead setup
  •  
rlozano

Messages: 1
Karma: 0
Send a private message to this user
Our organization is in the process of testing Kerio Mail, to become our major Mail Server.

We have successfully setup a brdigehead (1 Kerio Mail server in the DMZ, and 1 Kerio Mail server in the secured network). the mails, being received by the KMS in the DMZ is automatically relayed to the KMS inside the secured network. clients receive/send their e-mails via the internal KMS. Both KMS is installed in RHEL 4.

Is there a way that our users can access their e-mail via Web, if i point them to the KMS in the DMZ? and then the DMZ KMS will bridge the way to the KMS in the secured network?

or, how can our users access their mails and calendars using Web, in this kind of configuration, in a secured manner?

we are quite new to KMS, and would appreciate any help or suggestion regarding this matter.
  •  
gregwhite886

Messages: 6
Karma: 0
Send a private message to this user
Did you get a working resolution to this question? Am looking for the exact same thing.
  •  
Nico Mohr

Messages: 14
Karma: 0
Send a private message to this user
This is a quite interesting scenario. Any solutions found yet?

We have KMS in DMZ and huge exchange traffic to LAN. DMZ Gateway seems to be the bottleneck here but KMS account needs to be accessible from WAN too.

  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
Can I ask what are the advantages to this scenario? Is it more secure than just having a mailserver with SSL with the appropriate ports forwarded from the router?

-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
dsegel

Messages: 27
Karma: 0
Send a private message to this user
The primary problem with having your mail server exposed to the internet is that if it is hacked (via either web or smtp server exploits) then the hacker potentially has access to all of your mail files, and if the server is connected to an internal network then they have access to that as well and can use it as a basis for further attacks.

I have a linux box running Apache acting as a proxy to our internal Kerio mail server - it does both virus/spam filtering and acts as a web proxy. This linux box is in a DMZ with extremely tight rules governing traffic that can flow from it through the firewall. If the linux box is broken into the hacker is still outside our firewall, and doesn't have access to any user mail files.
  •  
freakinvibe

Messages: 1554
Karma: 62
Send a private message to this user
I would not use a KMS server as Internet Front End Server. It is much too powerful for that. On the public network I would use an SMTP gateway or a firewall with that functionality (e.g. Astaro). So my setup would look like this:

Internet ==> Firewall with SMTP gateway ==> KMS ==> Private LAN

For Web Mail, you would need to setup NAT on the firewall.

This is just my own humble opinion.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: Mcafee Not Updating
Next Topic: Secure iMap
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 14:21:24 CET 2017

Total time taken to generate the page: 0.00470 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.