Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Exposing/Using Kerio Mail server from outside the company network (using mail server without extranet, just like hotmail/gmail)
  •  
puretech

Messages: 118
Karma: 5
Send a private message to this user
Hi everyone,

I would like to know what you guys think, or have done for your mail servers.

Basically, I want our users to use Company's email outside the company network, just like we all use hotmail/gmail.

I would like to know how are you guys using it, and how to make it secure etc.

At the moment, our users can only use emails within the company, or using extranet. But apparently, some of the managers and directors want to use it properly, as in setting up their mobile devices etc.

We have aroun 90 users (but not all will be using it from outside).

We have vigor security router, and at the moment we are using rules etc and port forwarding for extranet. Our router does have dmz port, so is there a way to set up within demilitarised zone, and do we need extra firewall?

I would appreciate if i can have your input on how to securely have it exposed.

Thanks
  •  
stothers

Messages: 89
Karma: 0
Send a private message to this user
we just port forward from our firewall, probably more permissive than we should. https, imaps, pop, smtp, (and the secure LDAP for lookups). everything works perfectly (phones, laptops, webmail, etc).

you can go through the exercise of moving the whole thing to a DMZ if you want, but i feel there are greater risks to security and data integrity to worry about.
  •  
puretech

Messages: 118
Karma: 5
Send a private message to this user
On my test environment, I did try just the port forwarding leaving imap and smtp enabled and rest disabled.

But thought to check what are other administrators practising.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
We have exposed all the relevant ports (HTTPS, SMTP, IMAP-SSL, POP3-SSL and SMTP Submission) on the internet. In fact, you can't reach the server from anywhere else. There's a firewall in front of it, but it's mainly for blackholing and traffic limiting. Do your due diligence with regard to exposed services, security patches and put it on the internet. That's where it belongs.
  •  
puretech

Messages: 118
Karma: 5
Send a private message to this user
thanks for the replies. I shall test again on the test environment.
Previous Topic: Outlook 2007 error when searching
Next Topic: Kerio Connect 7.2 Admin Console gone
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 07:25:34 CET 2017

Total time taken to generate the page: 0.00557 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.