User`s guide
Chapter 1 Introduction
6
A public server can be as the following example:
company.com MX 10 mail.company.com
mail.company.com A 215.75.128.33
You should also set a record for your backup mail server, if you have one available.
Firewall configuration
Kerio Connect is installed in a local network behind a firewall. In addition to the mailserver’s
configuration, it is also necessary to perform corresponding additional settings of the firewall.
If the mailserver is to be accessible from the Internet, certain ports have to be opened (mapped)
in the firewall. Each mapped port might introduce security problems. Therefore, map ports
only for those services which you want to make available from the Internet.
In the case of our network environment, it is necessary to map port 25 (a default port for the
SMTP service). This setting is required for cases where an MX record for the particular domain
is addressed to the server. Any SMTP server on the Internet can connect to your SMTP server
to send email to one of its domains. For this reason access to the mapped port 25 must not
be restricted to particular IP addresses.
Now, it is necessary to map ports that will be used for connections out of the local network.
Since the security risk is higher here, only SSL/TLS-secured services will be mapped. Settings
are shown in table 1.1.
Service (default port) Outgoing connection Incoming connection
SMTP (25) allow allow
SMTPS (465) allow allow
POP3 (110) allow deny
POP3S (995) allow allow
IMAP (143) allow deny
IMAPS (993) allow allow
NNTP (119) allow deny
NNTPS (563) allow allow
LDAP (389) allow deny
LDAPS (636) allow allow
HTTP (80) allow deny
HTTPS (443) allow allow
Table 1.1 Services to be allowed on the firewall