Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » How to block all un-authenticated inbound email?
  •  
33rez

Messages: 15
Karma: 0
Send a private message to this user
Can someone please explain how exactly I set KMS/KC to do the following:

ONLY allow inbound email on port 25 (SMTP) and the other SMTP ports, if the sender "logs in" and has an account on the server?

No 3rd party source (e.g. google gmail, constant contact, spammers, etc.) should be able to send any email into the server.

I have looked at Advanced->Security Policy, and tried both Require Secure Authentication and Require Encrypted Authentication, and I have both LOGIN and PLAIN "checked", but I am still getting inbound email from various sources that are "allowed" to send email into the server.

I ONLY want users who have an account on the system, to be able to send email into or through the system.

[Updated on: Sat, 15 November 2014 15:52]

  •  
ComputerBudda

Messages: 106
Karma: 5
Send a private message to this user
So the you only want users to be able to create email on kerio and not send email to kerio? Block port 25 inbound but allow port 25 outbound. Probably have to do that on the router.
  •  
33rez

Messages: 15
Karma: 0
Send a private message to this user
ComputerBudda wrote on Sat, 15 November 2014 10:01
So the you only want users to be able to create email on kerio and not send email to kerio? Block port 25 inbound but allow port 25 outbound. Probably have to do that on the router.



NO--

There are users on the web who have accounts on the server (pop/smtp) accounts, and they need to be able to connect into the server to email other users on the server and outbound through the server to the web.

I do not want ANY EMAIL coming into the server unless the user logs in (fully authenticates) that they have an account.

Blocking ports on the firewall is not a solution to this. Those ports need to be open so that the users can access them, but to the 'world', the server should not accept any email unless they login first.
  •  
Pavel Dobry (Kerio)

Messages: 5240
Karma: 251
Send a private message to this user
33rez wrote on Sat, 15 November 2014 16:12
ComputerBudda wrote on Sat, 15 November 2014 10:01
So the you only want users to be able to create email on kerio and not send email to kerio? Block port 25 inbound but allow port 25 outbound. Probably have to do that on the router.



NO--

There are users on the web who have accounts on the server (pop/smtp) accounts, and they need to be able to connect into the server to email other users on the server and outbound through the server to the web.

I do not want ANY EMAIL coming into the server unless the user logs in (fully authenticates) that they have an account.

Blocking ports on the firewall is not a solution to this. Those ports need to be open so that the users can access them, but to the 'world', the server should not accept any email unless they login first.



Disable port 25 completely on the server and have users to use SMTP Submission port 587 instead.
  •  
33rez

Messages: 15
Karma: 0
Send a private message to this user
Is there no other way to do this??
  •  
33rez

Messages: 15
Karma: 0
Send a private message to this user
And secondly, then what is the purpose of the Advanced->Security Policy, if port 25 service does not enforce the "login" requirement to accept a message?
  •  
Pavel Dobry (Kerio)

Messages: 5240
Karma: 251
Send a private message to this user
Port 25 is required to accept emails for local users without authentication. It is dedicated for this. If you want to force authentication, you need to use SMTP Submission port 587. Most of email client use this automatically.
Previous Topic: How to eliminate this pest?
Next Topic: ~<mailaccount<_at_>example.com> folders appear in Apple Mail when sharing calendar
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun May 28 16:37:19 CEST 2017

Total time taken to generate the page: 0.00833 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.