Overview
Kerio Connect services are configured to launch and run in the background. They can be configured to run using the local system account.
The standard configuration has all the services enabled, including SMTP, POP3, IMAP, NNTP, LDAP, HTTP, XMPP, and their respective secure protocol variations.
Using services you can edit service parameters, change the ports, identify port collisions, disable specific service types, restrict access to certain services, troubleshoot service issues.
Setting Service Parameters
You can set parameters for Kerio Connect services in the Configuration > Services section. By default, all services run on their standard ports.
For every service, you can:
- Configure the service to run automatically on the Kerio Connect startup, as seen in the screenshot below.
- Add, remove, or edit listening IP addresses and ports.
- Limit access to the service for specific IP addresses.
- Specify the maximum number of concurrent connections. When specifying, consider the number of server users. Alternatively, set the value to
0
for an unlimited number of connections (to be able to set0
please uncheck the Maximum Number of Concurrent Connections checkbox too)
Port Collisions
If any service available in Kerio Connect is already running on the server, you have two possibilities:
- Change the traffic port for one of the services; or
- Reserve a different IP address for each instance of the service on the same port.
Note: It is not recommended to reserve IP addresses dynamically, for example, via DHCP.
Troubleshooting Port Collision
For troubleshooting, run the netstat
commands to find out the port occupation, as illustrated below:
Note: The following examples are for LDAP (389) and Secure LDAP (636) services.
- macOS:
netstat -anv | egrep -w [.]389.*LISTEN
netstat -anv | egrep -w [.]636.*LISTEN
- Linux:
netstat -apt | grep ':389'
netstat -apt | grep ':636'
- Windows:
netstat -na | find "389"
netstat -na | find "636"
After identifying the necessary PIDs (Process Identifiers):
- List all the applications using the
ps -ax
command for macOS, Linux, and using standard Resource Monitor (resmon.exe) for Windows; and - Consider disabling/uninstalling the application or changing ports to troubleshoot.
Service Types
Each service is available in both unsecured and secured versions (encrypted by SSL). The following sections describe individual services:
Service Types |
Description |
SMTP |
The SMTP protocol server sends outgoing email messages, receives incoming messages and messages created via mailing lists in Kerio Connect. You can use two methods for encrypting the SMTP traffic:
Note: Since public Wi-Fi networks often do not support traffic on unencrypted protocols, SMTP on port 25 can be blocked. In such cases, users cannot send an email out of the network. SMTPS (Simple Mail Transfer Protocol Secure) on port 465 is usually allowed.
|
SMTP Submission |
|
POP3 |
|
IMAP |
IMAP protocol server allows users to access their messages. With this protocol, messages stay in folders and can be accessed from multiple locations at any time. |
NNTP |
|
LDAP |
If Kerio Connect is installed on a server that is used as a domain controller (in Active Directory), run this service on non-standard ports or disable them. |
HTTP |
|
XMPP |
|
Restricting Access to Some Services
To restrict access to any service for any users, you can define User Access Policies. You can allow or deny access to individual protocols from specific IP addresses to individual users.
Defining Access Policies
- Log into your Kerio Connect instance.
-
In the administration interface, go to Configuration
-
Go to Definitions > User Access Policies.
-
Click Add Policy and type a name for the policy.
-
Click the Add restriction link.
-
Select a protocol and click Allow/Deny/Allow only to set the access. You can add multiple restrictions.
-
Set access for the remaining (unselected) protocols.
-
Click Apply.
Note: To remove a restriction or policy, select it and click Remove.
Assigning Access Policies to Users
Every new user is assigned the Default policy. Follow these steps to assign a different policy to a user:
-
Log into your Kerio Connect instance.
-
In the administration interface, go to Accounts > Users.
-
Double-click a user and go to the Rights tab.
-
Select an Access policy from the drop-down list.
- Click OK.
Troubleshooting
If any problem regarding services occurs, consult the debug log by following these steps:
- Right-click the debug log area;
- Click Messages; and
- Select the appropriate message type (service to be logged) to start troubleshooting. Refer to the following table to learn more about using the correct service depending on your scenario:
Service Type
When to Use the Service
SMTP
When there are problems in the communication between the SMTP server and a client, use the SMTP Server and SMTP Client options.POP3
When problems arise with the POP3 server, enable the POP3 Server option.IMAP
When there are problems with the IMAP Server, enabling of the IMAP server logging might be helpful.NNTP
When there are problems with the NNTP server, enable the NNTP Server option.LDAP
When problems with the LDAP server arise, enable the LDAP Server option.HTTP
- The HTTP Server option enables logging of HTTP traffic on the server's side.
- The WebDAV Server Request option enables logging of queries sent from a WebDAV server. Use this option for Apple Mail (configured through Kerio Account Assistant) if you are experiencing problems with Exchange accounts.
- The PHP Engine Messages and Kerio Connect Client options help to solve problems with the Kerio Connect Client interface.
- The EWS option enables advanced logging for Exchange Web Services. Use this option for Exchange accounts in Apple Mail and Outlook for Mac.
- The KOC Offline requests option is used for troubleshooting KOFF issues.
- The ActiveSync Synchronization option is used to investigate EAS profile issues, such as Outlook EAS, iPhone and Android EAS.
XMPP
When there are problems with the IM server, enable the Instant Messaging and XMPP Server options.
Note: Too many log messages may slow down your server. Once your issue is resolved, disable the logging.