Trying to figure out if this can be done in Kerio.
I have several postfix servers operating in the below fassion. I am hoping Kerio can do something similar.
Some customers are running outside filtering services for SPAM/AV.
I want to set the Kerio mail server to only accept email from the ip address space of the SPAM/AV service.
However, all of the endusers need to be able to connect and auth through port 25.
This poses a problem where spammers can make direct connections to the server and bypass the outside filtering (many spammers disregard MX records).
In postfix, we use two different methods.
1) We force the end-users to SMTP auth on port 465 or 587 and only allow the spam/av subnet.
2) We configure postfix to only allow outside email from auth'd connections and subnets from the spam/av service.
This is accomplished by permitting sasl authenticated users, checking client access (cidr map), and rejecting everything else.
We prefer option 2 because it does not require the client to change anything. In addition, this allows us to host domains that do not use the spam/av service. We can add their domain to a check_recipient_access map to allow direct connections for their domain only.
Does anyone know how to accomplish something similar in Kerio?
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of