Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Domain Restrictions
  •  
crackd

Messages: 11
Karma: 0
Send a private message to this user
We just upgraded to the latest greatest release of Kerio Mail 6.1.1 I noticed there is a "new" feature that I wanted to take advantage of, but it doesn't appear to work the way I believe it should.

I have a group (called STAFF) with 20 users in it and I want to restrict it so only people in our domain can send emails to it. There is tab (Restrictions) that allows you to do this. The problem that I see is not only does it restrict outside people from sending emails to staff<_at_>xyz.com but also to individuals who are in that group. So if John Doe was in the STAFF group and you try to send a message to johndoe<_at_>xyz.com it will tell you it is restricted. My belief is that it should only restrict outside users from sending to the group account not invdividuals who are members. Am I correct is this how the feature suppose to work?

Thanks.
S
  •  
Soup

Messages: 74
Karma: 0
Send a private message to this user
I agree with you that it's misleading, although I think it's not a mistake. I made the same mistake before, we have an (all users) group which we use internally to send messages to everyone, however if a spammer gets this address it means everyone recieves the spam so i ticked that box expecting it to restrict it's use to internal only.

As you discovered too, what actually happened was that everyone in thatemail group (the whole company) could no longer send any external email!

We really do need the ability to restrict access to our internal email groups from outside with effecting our internal users.

Paul.

3 x Apple Xserve G5 DP2.3
1 x Apple Xserve RAID
40ish users
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I've done the same thing. We have a group we use to send updates and memos to everyone in the company. Not wanting a spammer to use it, I ticked that setting, and then my phone started ringing off the hook. It wasn't pretty.

Scott
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
I'm not sure why this might be confusing. The text "This group can send/receive email to/from its own domain only" to me indicates that the people in the group will only be able to send and receive mail from within the domain that the group is defined in.

The text does not translate or imply "This group will only receive mail from internal users" for me, but maybe I'm partial because I support the product Smile

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
Usually groups like this have nothing to do with administration, and are merely used for sending mail to a group of people. Up until now, that's all they've been used for. I would expect a setting like this to be user-specific, and have a template take care of assinging it to users.

If we were talking about Active Directory integrated groups, I would expect it, but not from the mailserver groups.

Scott
  •  
Kerio_jthomas

Messages: 511
Karma: 1
Send a private message to this user
This option is for restricted users that only need to send or recieve from the local domain, and nothing more.

Joshua Thomas
Technical Support Manager
2350 Mission College Blvd, Suite 400
Santa Clara, CA 95054
Phone: (408) 496-4500
Fax: (408) 496-6902
http://www.kerio.com/support.html

  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
This is the way groups work in all user administration solutions (Novell NDS, MS Active Directory, etc.)

A group is (besides a mailing list of sorts) a way to easily give or take away rights to a number of people.

If you don't like this, you could make separate groups for the 'mailing list' and access rights parts.
  •  
Soup

Messages: 74
Karma: 0
Send a private message to this user
I guess it all comes down to how you percieve the word 'group'.

Personally, I only use groups as mail distribution groups, so one will be 'account managers' and one will be 'design' etc and will contain all the users from that dept. Although I see my error now, when setting this up I percieved it as a mailing group and not a group for setting mass permissions.

Is there another way to set-up delivery groups so that the group email address can be restricted without effecting the individual users?

Paul.

3 x Apple Xserve G5 DP2.3
1 x Apple Xserve RAID
40ish users
  •  
sparhawk

Messages: 7

Karma: 0
Send a private message to this user
I just sent a lengthy message to technical support on this issue. For those of you in support reading this, sorry about the length, but this definitely appears to be a major issue.

It is certainly true that most systems set up access restrictions/rights this way (AD, OD, most Unix in fact), but the use of a system like MailServer is primarily for communications, not file sharing and access. I think the difficulty comes in that the system is RUNNING on one of these systems, so there is a bit of a disconnect between what has always been done, and perhaps how things might/should be done.

I believe the real point comes down to Internal and External communications.

Mailing Lists are great for managing communications to your External contacts, as it allows moderation of messages going out, keeping your employees from accidentally sending embarrassing or inappropriate communiques to your customers.

Internally, however, the same restrictions are not necessarily needed, and in fact hinder Internal communications in many cases. If I have a Design group, which allows the design team to communicate with each other, I will likely want a member of the Sales team to send a feature/bug request to the entire team without knowing each of their individual addresses. I may not, however, want customers to be able to send messages to the entire Design group.

If I set up Design as a group, I can either allow people outside the domain to send to them, or restrict them from sending to anyone outside the domain. If I set them up using a Mailing List, a moderator must be designated to filter out the messages from outside the domain, while allowing that Sales person through - it's all explicit.

My suggestion to the support staff was to either a) keep the Send/Receive restriction setting in the Group from overriding the setting for each individual User, or b) separate the restriction into two settings: Receive only from this domain, and Send only to this Domain.

This change would allow me to keep people from outside the domain from sending to the group, while allowing anyone internal to send to it and allowing all members to communicate outside the domain. If I wished to restrict the abilities of the members, I would in a) set the restriction for the user, or in b) activate the Send restriction.

Anyone have thoughts on why this might not be possible or practical?

Jim Macknik
Dir. of Technology
Sparhawk School

-= James M. Macknik =-
Dir. of Technology
Sparhawk School
~~~~~~~~~~~~~~~~~~~~~~
I hear, and I forget.
I see, and I remember.
I do, and I understand.
~ Chinese Proverb
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Having groups to distribute rights is very handy (and natural to me), so I would like to keep that functionality (incl. the possibility to distribute the right to send/receive to/from outside through a group).

But I also see where you're coming from.

So the easiest and most insightful way to resolve this (IMHO) is to remove the ability to attach an email address to the current groups (making it strictly a way to distribute rights) and to create a separate kind of group ('Email group') for the explicit purpose of a distribution list (including perhaps per-group settings to limit who can send/receive to/from it).

This way it becomes clear what to configure where and it also makes it easier for Kerio to implement added functionality to one or the other kind of group, since they have become separate entities.
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
We have a suggestion on file to toggle the ability for a group to recieve messages from an external domain. I believe this suggestion would handle this particular scenario.

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
sparhawk

Messages: 7

Karma: 0
Send a private message to this user
-= KTrumbull =-

I take it you are referring to a suggestion that is in your wishlist for a future feature/version release. If so, fantastic...I'll stop harping.

Thanks for the follow-up. Feel free to contact if any clarification is needed on what I am looking for.

Aloha,

-= James M. Macknik =-
Dir. of Technology
Sparhawk School
~~~~~~~~~~~~~~~~~~~~~~
I hear, and I forget.
I see, and I remember.
I do, and I understand.
~ Chinese Proverb
  •  
komakino

Messages: 16
Karma: 0
Send a private message to this user
The ability to prevent a group address from receiving email from external domains would be very helpful. I see that this suggestion still has not been implemented; consider this another vote for this feature.

Chris Williams
Consulting Engineer
DaVinci Digital
Portland, OR
Previous Topic: MacOS X Mail List Server Recommendation
Next Topic: 'Sender' Tab gone in Kerio OutLook Connector w/Offline?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 08:59:00 CET 2017

Total time taken to generate the page: 0.00532 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.