When trying to set up client restriction for specific protocols, i.e. IMAP, SMTP, the Kerio Connect User Access policies need to be configured. Then the required users can be modified to use a particular access policy. Such a setup can be useful when some Kerio Connect functionality has to be limited, for example, CalDAV and CardDAV protocols only for Calendar and Contacts syncing respectively.
Defining user access policies allows restricting access to any service for any users from a certain IP address group.
- In the administration interface, go to Configuration (Gear Icon). Under the Definitions section, click User Access Policies.
- Click Add Policy.
- Enter a name for the policy.
- Click the Add restriction link.
- Select a Protocol from the drop-down menu.
- Select the level of access (Allow/Deny/Allow only to). For example, allowing WebDAV, CalDAV, and CardDAV protocol only for the local client's IP address group. All other protocols should be denied. You can add multiple restrictions.
- Set access for the remaining (unselected) protocols.
- Click Apply.
- To remove a restriction, select it and click Remove.
- To remove a policy, select it and click Remove.
- (Optional) If you want to disable mail server communication server-wide and leave only one specific service, i.e. HTTPS, stop the necessary services accordingly. For more information, please refer to Kerio Connect Services.
Assigning Policies to Users
- In the administration interface, go to Accounts > Users.
- Double-click a user and go to the Rights tab.
- Select an Access policy from the drop-down list.
- Click OK.
Confirmation and Testing
Test if the policy works by logging in as a user and attempt to access the service.
If any problem regarding services occurs, consult the Debug log by selecting the appropriate message type option (service to be logged):
|Service type||Debug options|
|SMTP||SMTP Server and SMTP client|
|XMPP||Instant Messaging and XMPP Server|
Too many log messages may slow down your server. Once you solve your problem, disable the logging.