Although Kerio MailServer is located in a private network, email will be sent and received to and from the Internet. Therefore, it is necessary to set the corresponding record in the public DNS for a public IP address assigned by the provider (in this example, the 215.75.128.33 IP address will be used). In the local network it is necessary to assign the mail.company.com name the local IP address 192.168.1.10. The private address will be set in the local DNS.

If no backup server is set, a public server log can be as follows:

company.com               MX      10      mail.company.com
mail.company.com          A               215.75.128.33

Kerio MailServer is installed in a local network behind a firewall. In addition to the mailserver's configuration, it is also necessary to perform corresponding additional settings of the firewall.

If the MailServer is to be accessible from the Internet, certain ports have to be opened (mapped) in the firewall. Each mapped port might introduce security problems. Therefore, map ports only for those services which you want to make available from the Internet.

In the case of our network environment, it is necessary to map port 25 (a default port for the SMTP service). This setting is required for cases where an MX record for the particular domain is addressed to the server. Any SMTP server on the Internet can connect to your SMTP server to send email to one of its domains. For this reason access to the mapped port 25 must not be restricted to particular IP addresses.

Now, it is necessary to map ports that will be used for connections out of the local network. Since the security risk is higher here, only SSL/TLS-secured services will be mapped. Settings are shown in table 1.1  Services to be allowed on the firewall.