Category Archives: Kerio

Kerio Mac OS X Mac OS X Server Mac Security Mass Deployment Network Infrastructure

A Little More About afctl in OS X Server

June 4, 2013 – 6:00 am

Awhile back I wrote an article on managing the Adaptive Firewall built into Mountain Lion Server at http://krypted.com/mac-os-x-server/managing-lion-servers-adaptive-firewall-from-the-command-line. It’s worth mentioning that when you use this command you’re basically editing some text files. These include the blacklist, blockedHosts and whitelist folders at possibly the shortest folder at this depth in the file system that I’ve ever had the good luck to need to use /var/db/af (okay, okay, I’m sure we’ve all made /a/b/c and that’s shorter, but this is pretty close).

You should use afctl to add and remove machines from these lists. The -w option in afctl used to add a host to a whitelist will cause the host to appear in the /var/db/af/whitelist file. The -a option used to blacklist a host will add it to the /var/db/af/blacklist file. Hosts that are flagged are dropped into /var/db/af/blockedHosts and when you remove those hosts with the -r option they are removed from that file.

I think that pretty much beats that poor afctl horse to death. Simple is good sometimes!

Tags , , , | Permalink | Comments Off
Kerio Mac OS X Server

Can’t Undo Deletes in Kerio

April 23, 2013 – 7:00 am

When you setup a Kerio server, by default there’s a feature called AutoExpunge. This feature keeps mail clients from showing a message with a strikethrough through it when a message is marked for deletion. Once items are processed the message is moved to deleted and the strikethrough message is removed from the folder it was deleted from. Many users can get confused by this, so Kerio built a feature called AutoExpunge. That AutoExpunge feature instead of striking through messages just tosses them. That causes you to be unable to undo a delete.

To disable AutoExpunge, stop Kerio Mail Server and then look for AutoExpungeOnDelete option in /usr/local/Kerio/mailserver/mailserver.cfg (I like to back that file up before making any changes). Then change the value for that from 1 to 0. Then save your changes to the file and start Kerio Connect back up. Once started, test that you can undo a delete and if so, you’re good to go!

Note: If you change settings like this when the mail server is running then it can revert the settings back as the daemon is running. If that happens to you, double-check that the service is stopped before editing the file.

Tags , , , , | Permalink | Comments Off
Kerio Mac OS X Mac OS X Server

Increasing The Maximum Connections In Kerio Connect

April 4, 2013 – 6:00 am

Kerio has a few maximums set by default. There are also a few items that are not in the Kerio Connection Administration page. When using IMAP (and some other services), you can increase the maximum number of allowed connections to allow users to be able to connect to your servers using the variety of devices they likely now have. We’ll look at doing this with IMAP (given that each account accessed by each user is likely using at minimum 2 connections) but you can do this with many other services as well.

To increase the total number of available IMAP connections:

  • Open the Kerio Connect Administration page.
  • Click on the Configuration disclosure box to see Services.
  • Click on Services.
  • From the Services page, double-click on IMAP.
  • At the IMAP box, click on the Access tab.
  • Increase the field for Maximum number of concurrent connections.
  • Click OK.
  • Click Restart to restart the IMAP service.

Screen Shot 2013-04-03 at 8.44.28 AM

Now, let’s say that all of the IMAP connections are coming from what the server sees as the same IP (somewhat common with certain types of routers). Well, there’s also a setting not exposed in the web configuration tool that limits the total number of connections available for a given IP address, so let’s go ahead and increase that as well. To do so, open the mailserver.cfg file located in /usr/local/kerio/mailserver. Here, look in the service-imap table and find the MaxConnectionsIP variable. Change that to, let’s say 300 and then save the changes and restart the IMAP service again. Now you’re done. Good luck!

Tags , , , , | Permalink | Comments Off
Kerio Mac OS X Mac OS X Server Microsoft Exchange Server MobileMe Ubuntu Unix

Converting pst Files to mbox

April 27, 2011 – 1:19 pm

Large scale mail migrations can be tricky. There is a shareware app that can be used to migrate pst files from the pst format into mbox, which can then be used with Mac OS X http://www.littlemachines.com.

If the migration process needs to be automated (they all seem to at scale) then a script could be written to crawl users, finds the pst files and then convert them. Or it could be done on the client side using a self-destructing launchd item. Conversion syntax for libpst would be something like the following:

readpst -o /output/folder /server/path/user.pst

Before you can use readpst, it needs to be built via libpst on the system that will run any scripts. Download libpst from http://alioth.debian.org/frs/?group_id=30390. This can be done with curl:

curl http://alioth.debian.org/frs/download.php/2492/libpst-0.5.3.tar.gz --O libpst-0.5.3.tar.gz

Next, extract the tar:

tar -zxvf libpst-0.5.3.tar.gz

Then cd into the new directory:

cd libpst-0.5.3

Then make libpst:

make

And now readpst should be available to convert mailboxes. This could be run from a centralized server or distributed to clients.

Tags , , , , | Permalink | Comments Off
Kerio Mac OS X Mac OS X Server Mac Security

Using OpenSSL to Test Connectivity

October 7, 2009 – 4:41 pm

Almost wrote this up again and then realized I already did once (sure it was a few years ago but luckily not much changes with some of the command line stuff). Check it out here:
http://krypted.com/mac-os-x/using-openssl-to-test-connectivity

If you want to see more on openssl check this one out too:
http://krypted.com/unix/openssl-and-signatures

Tags , , , | Permalink | Comments Off
Business Consulting Kerio Mac OS X Mac OS X Server Mac Security Mass Deployment

Backup Planning

September 18, 2009 – 4:00 am

The two attached files are a sample checklist and a sample backup calculator to be used in conjunction with the talk I’m giving at MacSysAdmin, which has been moved up to 10:45 in the morning today.

Tags , , , , , | Permalink | Comments (4)
Kerio Mac OS X Microsoft Exchange Server Windows Server

Entourage Web Services Edition Available

August 13, 2009 – 12:54 pm

For those who have been waiting for a time when Entourage uses less bandwidth, has enhanced support for EWS features and well, works better, the time has come. The beta came and went and we waiting. And the wait is now over. Entourage Web Services Edition is now available for download. You only really need this if you have an Exchange Server 2007 environment and can support EWS.

Tags , , , , | Permalink | Comments Off
Kerio Mac OS X Mac OS X Server Xsan

6TB of Hot Swappable Drives for $600

July 29, 2009 – 3:00 pm

IcyDock makes a 4 port chassis for SATA drives that allows you to build your own RAID out of large and inexpensive drives. The resultant JBOD can then be formatted into RAID0 or RAID1 (software RAID) and presented to backup applications (ie – Retrospect) as offline storage. Amazon sells an IcyDock, populated with 1.5TB drives for a total of 6TB, which is how I’m now snapshotting my VMs in my lab. I’m also using it as the backup destination for my home Kerio server.  Works nicely so far.

You can also buy the IcyDock with no drives and likely populate them with 2TB drives, although I haven’t tested this yet (aka – requires confirmation).  The IcyDock connects to Mac, Windows and Linux machines over eSATA and the drive hot swappable modules are eSATA. If you don’t already have an eSATA card for your Mac then then you can get one of those at Amazon as well. If you would rather roll with the 2TB drives then you can get those at Amazon too!

Tags , , , , , | Permalink | Comments (2)
Kerio Mac OS X Mac OS X Server Microsoft Exchange Server

iPhone and GroupWise

June 3, 2009 – 1:00 am

There is no built-in support for GroupWise on the iPhone. Apple supports a number of other services, but GroupWise has not been high on the priority list and honestly, I don’t know that it would be high on mine either… Having said that, it did pop up on my radar and I was able to find a couple of ways to achieve a good sync. The first is Entourage. You can use Entourage as a conduit to then grab information and sync it with GroupWise. This has a hopefully obvious disadvantage, which is that it does not synchronize wirelessly – you have to cradle sync to get the data onto the iPhone.

The second and third options are outsourced services that just handle everything for you. Of these, GroupWise Sync is a great option (they have a free version that just grabs mail or pay-per-month for contacts and calendars) as is the monthly version of the CompanionLink GroupWise sync. CompanionLink has a separate desktop client, but much of what it does can be obtained by using GroupWise 6.5 along with Office 2003 and iTunes to synchronize contacts and calendars while cradled.

Finally there’s NotifyLink, which works with Exchange, Kerio, Gmail, CommuniGate Pro, FirstClass, Scalix, Zimbra and about anything else you could ask for, providing synchronization services to iPhone, Palm, Windows Mobile, Blackberry and Symbian.  In short NotifyLink is the Swiss Army knife of the mobile sync world.  Take anything, sync to pretty much anything else, for a monthly fee.  Just make sure your users look at the results before you put it into production en masse as it is a little different than the standard screens they’re used to seeing in some cases…

Tags , , , , , , , , , , | Permalink | Comments Off
Kerio Unix

Kerio Mail Server in 10 Minutes

February 16, 2009 – 11:49 am

The good people at Kerio have been kind enough to distribute their mail server software bundled into a CentOS installation on a Virtual Machine. You can just snap it into Fusion very easily, if you want to take the Kerio Mail Server (KMS) for a ride. I can’t say I would recommend running it full time in Fusion on Mac hardware though, you might be better served installing the package installer that Kerio distributes in that case..

There is a second nice thing about the VM in that it does most of the work in setting up Kerio for you. When you download and run the VM, it immediately fires up into a wizard

To Install Kerio?

To Install Kerio?

At this step, you can really just type yes to get started going through the interactive shell script. Next, you’ll be asked to read and accept the EULA for KMS, read it, use the down arrow (or space bar) to scroll down the screen and type yes to accept the agreement (assuming you accept it).

Accept the EULA

Accept the EULA

Now KMS will install all the various parts and components. When it’s done and prompts you, hit enter to start the funny LILO looking configuration wizard (at this point it’s installed, we’re just going to config it). At the Welcome screen, click Next and you will find yourself at the Mail Hostname and Internet Domain screen. Here, type the domain that you’ll be accepting mail for (eg – krypted.com) and the name of the host that will accept mail for that domain. When you’re satisfied with your settings, tab to the Next button and press enter.

picture-11

Kerio Domain and Host Name

Next, you will be prompted to configure an administrative account, here enter the username and password you’d like to use to log into either the web administration console or the GUI administration console to access this server. When you are satisfied with your selections, select Next.

Kerio Admin Account

Kerio Admin Account

Next, select where Kerio will store its data. You can leave it at a default, but Kerio makes it easy by putting this into the configuration wizard to use your iSCSI SAN or some other path outside of the VM. This data can then be interchangeable with a Kerio install on, let’s say Mac OS X. When you have the path just as you’d like it, hit Finish.

Kerio Path

Kerio Path

Next, the KMS documentation will fire up in Firefox on your VM. Go ahead and type http://127.0.0.1/ into a new browser window and verify that the webmail screen opens up. Now would also be a good time for you to test localhost mail flow by sending a message to the server admin account you created earlier.picture-16You should also fire up the Kerio Administration Console, from the CentOS desktop. Once you authenticate you can use the Kerio Administration Console to perform most of the standard administrative tasks. Since we’re using a trial in this demo, the most important might be finding the expiration date of the trial. To find this, simply click on Kerio Mail Server at the root level of the configuration screens. Here, you can also register your software if you have a serial number.

KMS Administration Console

KMS Administration Console

You can, and should, also check the logs, configure message hygiene and setup any required users before you go further… Anyway, more on Kerio later (like AD/OD integration). But this quick tutorial should have you serving mail, sharing mailboxes, contacts and calendars and in general collaborating in 10 minutes or less (minus the download of course) – just think of that next time you’re pulling an all-nighter with Exchange 2007…

Tags , , | Permalink | Comments Off

Next Page »

Next Page »