Phone Lines icon GFI Support Home

Articles in this section

See more

Restricting access to some services in Kerio Connect

Author: Vladyslav Velychko Updated

Overview 

When trying to set up client restriction for specific protocols, i.e. IMAP, SMTP, the Kerio Connect User Access policies need to be configured. Then the required users can be modified to use a particular access policy. Such a setup can be useful when some Kerio Connect functionality has to be limited, for example, CalDAV and CardDAV protocols only for Calendar and Contacts syncing respectively.

Defining user access policies allows restricting access to any service for any users from a certain IP address group.

Solution

  1. In the administration interface, go to Configuration (Gear Icon). Under the Definitions section, click User Access Policies.
  2. Click Add Policy.

      
  3. Enter a name for the policy.
  4. Click the Add restriction link.        

  5. Select a Protocol from the drop-down menu.
  6. Select the level of access (Allow/Deny/Allow only to). For example, allowing WebDAV, CalDAV, and CardDAV protocol only for the local client's IP address group. All other protocols should be denied. You can add multiple restrictions.
    user_access_policy.png
  7. Set access for the remaining (unselected) protocols.
  8. Click Apply.
  9. To remove a restriction, select it and click Remove.
  10. To remove a policy, select it and click Remove.
  11. (Optional) If you want to disable mail server communication server-wide and leave only one specific service, i.e. HTTPS, stop the necessary services accordingly. For more information, please refer to Kerio Connect Services.
    only_https.png

 

Assigning Policies to Users

  1. In the administration interface, go to Accounts > Users.
  2. Double-click a user and go to the Rights tab.
  3. Select an Access policy from the drop-down list.
    user_access_policy2.png
  4. Click OK.

Confirmation and Testing

Test if the policy works by logging in as a user and attempt to access the service. 

If any problem regarding services occurs, consult the Debug log by selecting the appropriate message type option (service to be logged):

Service type Debug options
SMTP SMTP Server and SMTP client 
POP3 POP3 Server
IMAP IMAP Server
NNTP NNTP Server
LDAP LDAP Server
HTTP
  • The HTTP Server enables logging of HTTP traffic on the server's side
  • The WebDAV Server Requests option enables logging of queries sent from a WebDAV server, like Calendar or Contacts synchronization through CalDAV or CardDAV protocols
  • The EWS option enables logging of Exchange Web Services requests, communication between the Kerio Connect server and email clients such as Apple Mail and Outlook for Mac
  • The PHP Engine Messages and Kerio Connect Client options might help to solve problems with the Kerio Connect Client interface
  • The KOC Offline Requests option allows viewing the extended output between the Kerio Connect server and Kerio Outlook Connector (Offline Edition), so-called KOFF
XMPP  Instant Messaging and XMPP Server

 

Too many log messages may slow down your server. Once you solve your problem, disable the logging.

 

Related articles