Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Forcing unencrypted SMTP Traffic for receiving mail (Untangle server and KMS)
  •  
briansthename

Messages: 22
Karma: 0
Send a private message to this user
Hello Kerio fans,
I have recently implemented a dedicated untangle server into my network, if your are unfamiliar with untangle server lets go with the simple spam filter. Right now untangle server is only capable of scanning unencrypted traffic to KMS..... My setup is as follows

>>> Modem >>>>> Untangle Server >>>>> KMS

Is there a way to force KMS to only accept unsecured or unencrypted traffic so the untangle server can scan all incoming mail?
Right now it is only scanning some email ( the email that coming in as unencrypted & on port 25 only)
My goal is to have all mail come into port 25 unencrypted & all scanned by untangle

Input is appreciated.
  •  
freakinvibe

Messages: 1554
Karma: 63
Send a private message to this user
If untangle has its own SMTP service then this service must indicate that it doesn't handle TLS so senders won't send encrypted.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
briansthename

Messages: 22
Karma: 0
Send a private message to this user
Untangle scans the smtp traffic only & it does not do anything else. It scans it silently is was i'm saying. Kerio needs to tell the other mail server that it doesn;t support Encrypted traffic, so then untangle can scan it.

Is there a way to change the KMS settings?.
  •  
freakinvibe

Messages: 1554
Karma: 63
Send a private message to this user
There is only a way to prevent KMS from sending encrypted but not receiving AFAIK (someone from Kerio might correct me).

Are you sure Untangle just scans the mail? I have read that they can insert the Spam tag in the subject of the message so they must re-write the mail. Their quarantaine option must also be capable to block mails and release mails: that needs its own SMTP service.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
briansthename

Messages: 22
Karma: 0
Send a private message to this user
I know untangle does put the spam tag on POP and IMAP received mail, but scans and holds smtp spam, so is there a way for kms to say hey, i only support non encrypted traffic on port 25.....
  •  
marook

Messages: 520

Karma: 3
Send a private message to this user
Ahh,

Have you disabled the Secure SMTP service???????????
Confused

Regards,

Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
  •  
briansthename

Messages: 22
Karma: 0
Send a private message to this user
Yeah, that was the first thing I did.
  •  
freakinvibe

Messages: 1554
Karma: 63
Send a private message to this user
Quote:
Have you disabled the Secure SMTP service?

This doesn't help as Secure SMTP doesn't run on port 25. But all the external mail servers send on 25. The encryption happens on port 25 with the use of the ESMTP command STARTTLS (everything before that command is unencrypted).

If the untagle box sits between the Internet and KMS, I don't see how it could put the spam tag on POP and IMAP received mail. Also I can't see how it would block mail if it just acts as a gateway with an inspection filter.

Can you describe what you have done? Have you actually tested this? If so, did you get any error message from the untangle box? If you haven't tested, do you have any untagle documentation that exactly describes the tech requirements.

I can't imagine an anti-spam solution that needs to weaken your security by not accepting TLS. All other anti-spam solutions I know don't have that problem.

And again, there is no switch in KMS to disable TLS (you can disable it for outgoing mail, but not for incoming).


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
briansthename

Messages: 22
Karma: 0
Send a private message to this user
Here is the software,
Http://www.untangle.com

Here is the post, Others say TLS is not supported....yet
http://forums.untangle.com/spam-blocker/12232-some-mail-filt ered-some-not.html

Does this give you any ideas?

All I'm doing is trying to cut down on the spam load on my server.
  •  
freakinvibe

Messages: 1554
Karma: 63
Send a private message to this user
Well, ok. But via the graphic interface there is no way to disable STARTTLS encryption. Maybe something you have to manually change in the .cfg file. Maybe someone from Kerio can help, have you opened a support ticket?

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
briansthename

Messages: 22
Karma: 0
Send a private message to this user
No, I haven't opened one yet. I was hoping I could get help here first. But if it comes to that I will. I'm kind of iffy about trying to disable encryption though, do you know of any other spam gateways that could reduce KMS's load?
  •  
marook

Messages: 520

Karma: 3
Send a private message to this user
You do have RBL enabled, right?

It takes 95% of all the mail before even doing a lot of processing, as it's DNS based.

Regards,

Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
  •  
briansthename

Messages: 22
Karma: 0
Send a private message to this user
Yes I do have that enabled. Could you list the servers you use. I only have I think 3 active on there.
  •  
freakinvibe

Messages: 1554
Karma: 63
Send a private message to this user
There are of course SMTP relay based anti-spam solutions you can put in front of KMS (e.g. the Astaro firewall contains quite a good Anti-Spam solution).

But first you should analyse if you could enhance Kerio's anti-spam config. Are you using RBL, Spam Repellent, Bayes etc. on KMS? If so, what config do you have?

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
briansthename

Messages: 22
Karma: 0
Send a private message to this user
I'll go over the config.
I know off the top of my head I have the tag score at 4.3 and block at 9.9. What do you use for the Dns blacklists
Previous Topic: KOC calendar
Next Topic: Active Sync
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 21:29:46 CET 2017

Total time taken to generate the page: 0.00516 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.