Overview
The Kerio Connect SMTP server has built-in settings to secure the email messages' connection. Misconfigured SMTP may produce the following error in Security logs:
SMTP connection from x.x.x.x rejected: directory harvest attack
The Server IP could end up in the internet blacklist. The configurable protection options include per IP address limits (control load capacity) and additional DNS and SMTP settings (PTR, number of failed commands, recipients, SMTP message size, etc).
Methods to Secure the SMTP Server
Allow Relay Only to Authorized IP or User
This setting answers the question, "Who can send emails using Kerio Connect?"
-
The Users authenticated through SMTP for outgoing email option should be enabled.
-
Never set a public Kerio Connect to an Open Relay.
0.0.0.0
, it means all IPs are allowed, which is very dangerous if you are connected to the Public Internet (is equivalent to OPEN relay).Additionally: If the Users from IP address group and Users authenticated through SMTP options are selected and the SMTP authentication fails, Kerio Connect does not verify whether the user belongs to the allowed IP address. As a result, users cannot send outgoing messages.
However, the request that will not send authentication information will be checked based on the IP group.
Apply Limits
Navigate to Configuration > SMTP Server > Security Options and enable the following IP address based limits:
Limits |
Description |
Max. Number of Messages per Hour |
It discards any new message sent from the same IP address after reaching the set limit. |
Max. Number of Concurrent SMTP Connections |
It gives protection from Denial of Service (DoS) or Denial of Server attacks, which overload the server. |
Max. Number of Unknown Recipients |
It protects the Kerio Connect directory from harvest attacks in which an application connects to your server and uses the dictionary to generate possible usernames. |
Additional Options
Spammers often send messages using applications that connect to SMTP servers and ignore its error reports. The "Max. number of failed commands in a SMTP Session" option protects against these applications by closing the SMTP connection automatically after the defined number of failed commands. To block messages with large attachments that can overload your server, enable the "Limit maximum incoming SMTP message size to" option.
Option |
Description |
Block if sender's domain was not found in DNS |
This option blocks senders with fictional email addresses. |
Block messages if the client's IP address has no reverse DNS entry (PTR) |
This option blocks incorrectly configured DNS entries. |
Max. Number of Recipients in a Message |
This option blocks spam messages sent to a large number of recipients. |
On the SMTP Delivery tab, ensure that the "Use SSL/TLS if supported by remote SMTP server" option is enabled.
Related Articles
- Securing Kerio Connect
- Antivirus and Content Filters
- Anti-Spam Filters
- Sender Policy Framework Filter
- Anti-Spam Advanced Filter