Overview
Kerio instant messaging service is based on XMPP open technology for real-time communication. The instant messaging (IM) service runs in Kerio Connect automatically. This article covers the steps to configure it properly.
Step-By-Step Guide
Here are the steps to check if instant messaging is accessible:
-
From the administration interface, go to Configuration > Instant Messaging.
-
Click the option Check Service Accessibility.
-
Make sure to open these ports on the firewall (both directions):
- 5222 - for the IM service
- 5223 - for secured IM service
- 5269 - if sending outside of the domain is allowed
- DNS records must be configured for the domain. For additional information, refer to Configuring DNS for instant messaging
Securing Instant Messaging
The recommended option is to secure instant messaging by using TLS (Transport Layer Security):
- Choose a security policy to require an encrypted connection or secure authentication, go to Configuration > Security > Security Policy tab.
(For Kerio Connect 8.1 and older: Configuration > Advanced Options > Security Policy tab.) - Use an unsecured instant messaging service (port 5222). You can also only enable the secure instant messaging service (port 5223) and use SSL.
Note: Security policy applies to all services in your Kerio Connect.
Limiting Access to Instant Messaging
To restrict access to any users, define User Access Policies to:
- Disable access to IM.
- Restrict IM access to specific addresses.
-
To display which users are connected to the IM server, go to the Active Connections section in the administration interface.
Contact List
Once users log in to an IM client, their account will display a list containing contacts of users from their domain (Colleagues). The list of users that appear in Chat is not based on the Global Address List (GAL). Kerio Connect creates the contact list on all users of the domain, even if not published on the GAL.
If a user is having problems with their contact list (e.g., if they've incorrectly deleted any users), you can restore their contact list by following these steps:
-
In the administration interface, go to section Accounts > Users.
-
Select the user and right-click to open the dropdown menu.
Go to More Actions > Restore IM Contact List. -
Click Continue Anyway to confirm.
Maximum size of the automatic contact list
The maximum number of users in the automatic contact list is set to 300. The users who exceed this number are not included in the Colleagues contact list. Also, their contact list will appear empty.
To change the maximum size of the contact list:
-
Stop the Kerio Connect engine.
-
In Kerio Connect installation folder, open the
mailserver.cfg
file. -
Edit the following line:
<variable name="RosterMaximum">300</variable>
To disable the automatic contact list completely, set the
RosterMaximum
value to0
(zero). -
Save the file.
-
Start the Kerio Connect engine.
-
After increasing the RosterMaximum value, you need to perform Restore IM Contacts list operation for the affected users.
-
(Optional) In the cases of AD bounded users, you might try to remove the user (keeping the folders), then re-add the user from the AD.
Kerio Connect saves information about exceeding the maximum number of users in the warning log.
Note: The size of the contact list affects the performance of the server. We recommend the following RAM size for the different contact list sizes:
- 0-100 users — 256 MB
- 100-200 users — 384 MB
- 200-500 users — 768 MB
- 500+ users — 2048 MB
Troubleshooting
If any problem regarding instant messaging occurs, consult the Debug log (right-click the Debug log area and enable Messages > Instant Messaging).
If you rename a domain, users must re-configure their IM clients. All previous changes to their contact list will be lost.