Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » How to block users to send email to... (i need help on blocking specific stuff)
  •  
gornati

Messages: 26
Karma: -1
Send a private message to this user
Hi all pros.

There is a user in our company, who is using our kerio connect to send email to his own domain.

We would like that he is unable to send mail to this specific domain.

After looking thru all the options, i couldnt find how to block the spefici domain.

Any pointers?


Thanks in advance.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
You can't do that anywhere in Kerio Connect as far as I know, but you could always blackhole/null route the IP address in his MX record in your router or firewall. If you're running on Linux, blackholing is very easy to do with iptables. Don't be tempted to just block the IP since the outgoing mails will end up just being queued.

If you run your own DNS you can also put your own MTA in the MX record for his domain (you can not do this trick with a regular hosts file), while you make sure your MTA receives mail for it. If you want to be really cruel (although not being very sneaky about it), forward his "special" mail to himself.

If you don't control your perimeter or run your own DNS, you're likely SOL.
  •  
gornati

Messages: 26
Karma: -1
Send a private message to this user
Hi, thanks for the quick reply.

I could use some help to do that on the MX RECORD, i have access to the domain and dns controller...

If i block this way, user will still be able to access the webpage for the domain?
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
If you control the DNS you can do whatever you want, especially if the user's computer get its DNS server via a DHCP lease which you also control. A sorta-rule-of-thumb: mail servers look for MX records, while browsers (I'm assuming you want to kill his/her webmail) look for A records.

A howto on changing DNS records is well beyond the scope of this forum, especially since you're effectively "stealing" a domain as far as your local clients are concerned. It may even be against the law where you are. But then again, it may not. Be 100% sure that you have your boss on board before you proceed. That's all I have to say.

Disclaimer: all my posts in this thread are for entertainment purposes only. None of my posts constitutes technical and/or legal advice. Proceed at your own risk. May be too intense for some sysadmins. Listen to your mom.
  •  
gornati

Messages: 26
Karma: -1
Send a private message to this user
ok, i get it...

i appreciate your help on this.

But i really dont want this user to send email to his own doamin, so on MSEXCHANGE we can do this type of blocking.

Kerio should enable us to do it...
  •  
stupot1397

Messages: 54
Karma: 0
Send a private message to this user
The issue is that Kerio is a lot less expensive than Exchange, so there will be less features.

Dare I say this, but wouldnt it be easier just asking the user to stop? Its obvious that you know they are doing it so I think that would be the best way forward for you.

As for setting up an MX record for blocking, if you need help to do this but have access to the Domain Controller and DNS then I think it would be best that you leave well alone for fear of breaking something. DNS is core to Active Directory so it would not be a good idea to mess with it if you dont know what you are doing.

Just a thought......
  •  
gornati

Messages: 26
Karma: -1
Send a private message to this user
i know how to do it, i did some tests, but thats not what we want to do it.

I know kerio is cheaper, but i got in touch with kerio personnel, and requested this feature, i think most of us, administrators, could use this simple feature.

Anyway, this is not very complicated. we can wait.

I appreciate the help by the way.
  •  
stupot1397

Messages: 54
Karma: 0
Send a private message to this user
I agree it would be a nice feature Smile

Our email is monitored and basically the user can get themselves in trouble if they want to, its up to them!

Whether they implement it or not is another matter........
  •  
Kedar

Messages: 1320
Karma: 48
Send a private message to this user
gornati wrote on Mon, 06 June 2011 17:21

After looking thru all the options, i couldnt find how to block the spefici domain.

Any pointers?


There is ugly hack Smile
Create new local domain in Kerio Connect with name of domain you want to block. So server is not searching for MX records, because domain is local and server tries to deliver message to this domain. A message will be returned with permanent error back to the user.

Additionally, create alias with asterisk in this domain *<_at_>yourdomain (ie. catch-all address) and forward it to some another (administration) e-mail and all messages to this domain will be silently eated Smile
  •  
gornati

Messages: 26
Karma: -1
Send a private message to this user
is not the case of him getting in trouble, the problem is putting the company in trouble, by sending unauthorized email thru the corporate account.
  •  
gornati

Messages: 26
Karma: -1
Send a private message to this user
have you tested this?

Imma going to try that..

Thanks for the idea, i'll let you know.
Previous Topic: Kerio 7.2 Patch 1?
Next Topic: Problem in ASyncWBXml.cpp
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 23:04:25 CET 2017

Total time taken to generate the page: 0.00460 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.