Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Evaluating KMS for replacement of current system - opinions of real users wanted.
  •  
aszurom

Messages: 10

Karma: 0
Send a private message to this user
Currently my company is running Gordano GMS. The server hardware is getting replaced because it can no longer handle the load we're putting on it - and I thought that while doing this it would be a fine time to shop alternative email servers.

Kerio floated to the top of my list due to the integrated spam/av filtering, and Active Directory integration. The price is right too, for a 1k user license.

Our current situation -

380 users, 150 groups/lists/forwarders. 2.8 Ghz single-Xeon box with 1GB RAM. (new server, not out of the box yet) Active Directory on win2000 that I desperately want/need to reorganize.

Here's what I'd like to have - tell me if I can do this?

-------- Active Directory synchronization.

I'd like this tied to account name, and if I change the email address in the AD profile for the account, will Kerio adjust itself accordingly? What are the limits on AD synch?

In my reorganizing of AD, I want to create individual OG containers for each of 100 sales regions out in the field. Each sales region on our current email system (GMS) is an account. This is due to the limitation in GMS that you cannot make a group a member of another group. To nest like we need to, I currently have to create an email account and set it to forward to everyone - so it's a haxored group of sorts. I hate this.

What I'd like to be able to do is this: Create a OG named "Region30" for example, and have Region30<at>ourcorp.com distribute emails to all user accounts that are inside the container in AD. If I grab a user and move him to another region's AD container, then it would be REALLY NICE if he was moved from one mailing group to another automagically as well. Can Kerio handle this?

-------- Spam and Virus filtering

It looks like Kerio is going to cost us about $5300.00 for KMS + av and spam. Currently we don't have anything, since the av and spam suite for Gordano costs $9000.00 beyond the other licensing fees for the server itself.

I already read a post on here today about Spamassassin being locked down in KMS and not really configurable - and also out of date. Well, that's not what I'd call good - but currently it's the viruses that are breaking me. I can deal with a little spam, as compared to the virus hell my users put me through daily.

Can I use blacklists of spammers from other sites that provide them?

How is the anti-virus reliablity? You guys having much get past it? Does it scan inside of .zip file attachments? Since I've currently got anything BUT zip attachments blocked, it it doesn't scan inside them then it's worthless to me.

-------- Migration from GMS to KMS

Ideally it would be great to bring the Kerio server online and import the Gordano mailboxes into it. Not sure if that can happen. My current though is failing that magic, I'd just leave the old server up and give the users a deadline to wean themselves off of it. Suggestions?

-------- Contact Info

Any opinions or advice you don't want to put publicly on the board here, direct to:
aszurom<at>tokyo.com
icq 3632710

  •  
jshaw541

Messages: 471
Karma: 0
Send a private message to this user
I'm probably a good person to answer this, so I'll take a stab at it. I don't know of any other users using AD integration to the level I am (and if there is, I'd love to hear their experiences from them and trade tips).

aszurom wrote on Fri, 28 May 2004 16:55

Currently my company is running Gordano GMS. The server hardware is getting replaced because it can no longer handle the load we're putting on it - and I thought that while doing this it would be a fine time to shop alternative email servers.



What's your current hardware look like? Do you plan to get new mail server hardware?

Quote:


Here's what I'd like to have - tell me if I can do this?

-------- Active Directory synchronization.

I'd like this tied to account name, and if I change the email address in the AD profile for the account, will Kerio adjust itself accordingly? What are the limits on AD synch?



With Kerio's AD integration, all of the user's information is stored in the user's AD object. When you first install KMS, you'll want to install the KMS AD schema extensions (don't worry, they're pretty minor). This is all in the documentation and easy.

There really isn't any synching as KMS queries AD live. That is, it uses AD as its user database.

Quote:


In my reorganizing of AD, I want to create individual OG containers for each of 100 sales regions out in the field. Each sales region on our current email system (GMS) is an account. This is due to the limitation in GMS that you cannot make a group a member of another group. To nest like we need to, I currently have to create an email account and set it to forward to everyone - so it's a haxored group of sorts. I hate this.



You can't use nested AD groups for emailing with KMS, currently. This seems like it would be fairly easy for the Kerio folks to add, but it isn't there right now. (I could go into more detail on this subject, the way LDAP stores group information).

See my work-around, below.

Quote:


What I'd like to be able to do is this: Create a OG named "Region30" for example, and have Region30<at>ourcorp.com distribute emails to all user accounts that are inside the container in AD. If I grab a user and move him to another region's AD container, then it would be REALLY NICE if he was moved from one mailing group to another automagically as well. Can Kerio handle this?



I implemented this scheme by writing a vbscript that automatically populate AD groups by querying different OU levels. It runs every hour or so. Seems to work pretty well, although I had to add some delays into the script as I encountered bugs when performing AD operations at interpreter execution speed. This is an AD issue that has nothing to do with Kerio, though.

I handled the nested groups issue by creating mail lists in KMS and then making the AD sub groups a member of this list. For example:

Principals<at>foo.com (this is a KMS mail list)
+-> Principals Elem (an AD group, principals_el<at>foo.com)
+-> Principals High (an AD group, principals_hi<at>foo.com)
+-> Principals Mid (an AD group, yadda yadda)

If you go with KMS and AD integration, you will need to be comfortable with scripting (probably VBScript). You will also have to come up with some creative hacks at times. Nonetheless, everything I have going runs pretty smoothly.

Luckily, I've probably already been through most of your problems and can provide you with a solution ;). BTW, if you would like some script examples for something, email me offline at jshaw at sps dot lane dot edu.

Quote:


-------- Spam and Virus filtering

It looks like Kerio is going to cost us about $5300.00 for KMS + av and spam. Currently we don't have anything, since the av and spam suite for Gordano costs $9000.00 beyond the other licensing fees for the server itself.



Ouch $9k?!

Quote:


I already read a post on here today about Spamassassin being locked down in KMS and not really configurable - and also out of date. Well, that's not what I'd call good - but currently it's the viruses that are breaking me. I can deal with a little spam, as compared to the virus hell my users put me through daily.



I wouldn't take the spam issue too slightly. We suddenly, and I do mean suddenly got pounded with a lot of spam suddenly around Dec 2003, and the shirts quickly got mad and wanted something done. Again about a month ago the rate of spam increased sharply again, and were even more annoyed.

Take. Spam. Seriously. It looks like you've already read the "SPAM filtering" thread? If not, read that one, too.

Quote:


Can I use blacklists of spammers from other sites that provide them?



Yep, just add them into the blacklist ssection in the KMS admin console.

See the "Internet blacklists - logging" and again, the "SPAM filtering" topic where I discuss adding blacklists in a post or two.

Quote:


How is the anti-virus reliablity? You guys having much get past it? Does it scan inside of .zip file attachments? Since I've currently got anything BUT zip attachments blocked, it it doesn't scan inside them then it's worthless to me.



Dunno, don't use it. I AM using the attachment filtering however, so we rarely even see a virus, because we block damn near any executable type (*.scr,*.bat,*.pif,*.cpl,*.hta, etc etc).

Quote:


-------- Migration from GMS to KMS

Ideally it would be great to bring the Kerio server online and import the Gordano mailboxes into it. Not sure if that can happen. My current though is failing that magic, I'd just leave the old server up and give the users a deadline to wean themselves off of it. Suggestions?



Weaning is probably the easiest way. You don't really want to try and migrate messages as you'll encounter problems, as KMS uses index files to keep track of invidual messages.

What we did is left up the old mail server, changed the MX records to the new server, and told people to "check your email one last time on the old server, THEN change your settings to use the new server".

If you have any more questions, I'd be glad to answer them. And like I said if you want scripts or anything, lemme know. I'll help with your implementation troubles as best I can. The Kerio support folks seem to be on the ball too. KMS isn't perfect, as you may have read, but it's still a really solid product, has tons of features, and is very easy to manage.

Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
  •  
aszurom

Messages: 10

Karma: 0
Send a private message to this user
Thanks, man. You're my new best friend (or will be as soon as this thing gives me trouble, hehe)

Ok, one last question...

Limitation of GMS is that I cannot nest groups. You said I can't nest AD groups, but what about just plain'ol groups in Kerio itself?
  •  
jshaw541

Messages: 471
Karma: 0
Send a private message to this user
aszurom wrote on Fri, 28 May 2004 23:02

Thanks, man. You're my new best friend (or will be as soon as this thing gives me trouble, hehe)

Ok, one last question...

Limitation of GMS is that I cannot nest groups. You said I can't nest AD groups, but what about just plain'ol groups in Kerio itself?


With KMS is AD integration mode, groups == AD groups. There are no "plain" groups in KMS in this configuration. The closest analog to "plain groups" are KMS lists, which is what I used for nested situations as described in my earlier response.

Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
  •  
jshaw541

Messages: 471
Karma: 0
Send a private message to this user
Ah crap, the one thing I also wanted to mention was to do yourself a favor and purchase O'Reilly's Active Directory Cookbook, even if you have to spend your own money on it. It will save you countless hours and large sums of sanity.

Unfortunately, I did not have this book, nor any documentation really, when I wrote a majority of my scripts, but I've certainly been able to streamline and find better ways to fix up those scripts since the book's release. Greast stuff.

Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
Previous Topic: Kerio on SuSE 9.0?
Next Topic: Will KMS support SPF?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 15:07:23 CET 2017

Total time taken to generate the page: 0.00429 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.