Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Dynamic IP and only some users of the domain on Kerio, how to send to the other users?
  •  
p0ddie

Messages: 242
Karma: -3
Send a private message to this user
Hi,

Ever so often I have the situation in a new Kerio install: we have the domain example.com with about 100 users. These are hosted by some mail provider as pop3 mailboxes.

A branch office of example.com users - say 20 or so - now want a local Kerio server.

The problem normally is that if you send a mail to usernotonkerio<_at_>example.com from within a Kerio account, that mail bounces. That's why we have the "relay to other server" field in the Kerio smtp settings.

Unfortunately, youncan't enter smtp authentication infos into this field.

Inhave solved this in the past by having the provider of the external server for example.com to whitelist the ip of my Kerio for relay without auth. Works like a charm, I even have some of my customers relay through my own Kerio.

In this case however, the example.com customer is on a dynamic ip, so I am out of luck.

Things crossing my mind:

Make an .internal domain on Kerio, use pop3 download of the example.com on these mailboxes, have them send with a different reply-to. Sucks for external calendar events.

Somehow use another smtp server in a virtual machine that relays the mails sent by Kerio and supports smtp authentication...


What is your idea?best practices, anyone?
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
How will they be sending out mail at the branch office? Relaying through you?
If not, they would need a static IP anyway.
  •  
p0ddie

Messages: 242
Karma: -3
Send a private message to this user
Hi,

the normal setup is to send through a smtp relay server set up in the smtp settings. Here, I can enter credentials, but sadly not in the "if recipient is not found in this domain, forward mail to server x" field of the domain... which is to my understanding actually a remnant of the Kerio 6.x era, where you did not have distributed domains...

  •  
p0ddie

Messages: 242
Karma: -3
Send a private message to this user
*bump* this is kinda sorta an issue here... anyone have any ideas? I will have to go for a vm with a postfix on it that supports smtp auth otherwise... which is quite nerdy and a crude workaround.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Is there a particular reason for the branch office NOT having a static IP or VPN? A good small business VPN router costs around €250 and is IMHO a better solution than concocting all sorts of digital Rube Goldberg machines (which inevitably will end up being legacy stuff that nobody understands).
  •  
p0ddie

Messages: 242
Karma: -3
Send a private message to this user
Hi,

Sadly, there is good reason... The customer is a school in Germany, and schools can get a free dsl line from the major telco here, unfortunately only with a dynamic ip address.

Using a vpn to send via a static ip on the other side is a nice idea though, as they have a nice vpn router. What kind of service/setup incorporating vpn did you have in mind?
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Just configure the VPN tunnel to be on the same subnet as your local Kerio Connect server and set up the remote server to relay through the local one. In other words: use VPN to extend your LAN to the school.

We use Linksys/Cisco RV082 and RV042 VPN routers at all our customer's premises. Setting up a VPN tunnel takes about 5 minutes. They've got a nice web interface and handles dynamic addresses at the remote end.
  •  
p0ddie

Messages: 242
Karma: -3
Send a private message to this user
Hey, thought so. Unfortunately, there is no other end as the other addresses are hosted by a normal pop3 provider. I will use the Mac OS X mailser er as a relay for the relay. I frown upon this, but there is no other solution I can think of... Thanks for your input!
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
With "other end" I meant the other end of the internet pipe. I.e. the VPN routers I mentioned is OK with one end being on a dynamically allocated IP address. Just to be absolutely clear: with a VPN tunnel you can have your Kerio Connect server on IP address 192.168.1.10 and the school's Kerio Connect server at IP address 192.168.1.11. That will take care of your relaying problems.
  •  
p0ddie

Messages: 242
Karma: -3
Send a private message to this user
hey,

I got that... the problem is there is no place with a static ip these people can vpn to. I won't get my boss to allow relaying of mails (even as a pay service for customers) to send via our 100mbit /8 subnet... :-/
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Don't the school's ISP have a smarthost?

[Updated on: Wed, 13 October 2010 09:54]

  •  
p0ddie

Messages: 242
Karma: -3
Send a private message to this user
of course they have a relay server, but I need to authenticate to the host in some way... but hmm, only smtp auth is not possible, if I could get them to do oldschool smtp after pop3, this could work. I just need to download pop3 mailboxes every minute, which is done anyway. Let me check that...
  •  
bbbr

Messages: 9
Karma: 0
Send a private message to this user
Hello !

I have the same problem. i have pop3 users, and i would like to migrate them to my local server.
The easy way is setting up the forward for the users who are not in the local server. the only problem is the authentication. my isp doesnt support forwarding without authentication. i am thinking about a vmbox with sendmail... that would forward all my mails to the isp with authentication.
Do you think that is the only one solution ??? what is the reason why we cannot forward to isp with authentication ? i siply cant understand it...
  •  
elias

Messages: 114
Karma: 0
Send a private message to this user
bbbr wrote on Tue, 11 January 2011 23:18
Hello !

I have the same problem. i have pop3 users, and i would like to migrate them to my local server.
The easy way is setting up the forward for the users who are not in the local server. the only problem is the authentication. my isp doesnt support forwarding without authentication.

You don't need to authenticate to send mail to mailboxes hosted by your ISP. You only need to authenticate if you want to relay mail through them. If your Kerio server is delivering mail directly and you want to do domain forwarding to your ISP, you won't need to authenticate.

-Elias
kbehrens

Messages: 2
Karma: 0
Send a private message to this user
elias wrote on Wed, 12 January 2011 18:20
You don't need to authenticate to send mail to mailboxes hosted by your ISP. You only need to authenticate if you want to relay mail through them. If your Kerio server is delivering mail directly and you want to do domain forwarding to your ISP, you won't need to authenticate.


Unfortunately, that's not true for all providers. I ran into the exact same problem today - the Kerio server is behind a dynamic IP address, and the provider (1&1 / Schlund) is not accepting the forwardings because it's checking the client IP against Spamhaus PBL:

h++p://www.spamhaus.org/pbl/

I was able to re-route the forwardings through a Postfix server on a fixed IP address, but that's not a permanent solution. If Kerio could just add SMTH AUTH capabilities to the domain forwarding settings, we'd all be happy Smile

Regards,
Karsten
Previous Topic: Sync folder ActiveSync Android not work
Next Topic: inbox messages do not shown
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 23:16:31 CET 2017

Total time taken to generate the page: 0.00504 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.