In this mode, the SMTP server does not check users who use it to send email. Thus any user can send email messages to any domain.

Use this option to activate user authentication by IP addresses or usernames and passwords (see below). Generally, authenticated senders can use email messages to any domain via this server, whereas unauthorized users can send messages only to local domains.

Use this option to define a group of IP addresses from which email can be sent to any domain. To define a new group that would meet your specific demands, go to Configuration → Definition → IP Groups (see also section IP Address Groups). Besides user workstations, add also all trustworthy servers to this IP group. These servers will not be scanned by antispam tests SPF, Caller ID and SpamAssassinem. However, this filter can be enabled by a special option in the Spam Filter section on the Spam Rating tab if necessary.

Kerio Connect hides local IP address in the Received field of email headers in messages of all users who send their email from the specified IP address group.

Each SMTP server that the message passes through inserts an entry into the Received field, specifying where the message came from, where it is going and who received it. This implies that the first record in the Received header contains the sender's email and IP addresses. If the SMTP server is placed on a private network behind a firewall, the client's private IP address is inserted. Therefore, outgoing email messages can carry information about a private network that would normally be hidden from the Internet. This information could make it easier to attack your network. Only switch this option on if Kerio Connect is installed on a private network behind a firewall (even if it runs on the same machine as the firewall).

Users authenticated through SMTP server using a valid username and password will be allowed to send email to any domain. Thus, all users that have their own accounts in Kerio Connect will have this right.

Users authenticated through POP3 (username and password) will be granted relay access from their IP address for a period of time given in the Allow SMTP relay for ... minutes after successful POP3 login field.

Maximum count of messages that can be sent from one IP address per hour. This protects the disk memory from overload by too many messages (often identical and undesirable).

Maximum number of concurrent TCP connections to the SMTP server from one IP address. This measure protects from so called DoS attacks.

Also known as a Directory Harvest attack, this condition is met when an application that guesses common usernames of recipients' fails up to the number of allowed unknown recipients. If this type of protection is enabled, the server sending messages to an unknown recipient is blocked for an hour.

Group of IP addresses on which the limitations will not be applied. This rule is often used for groups of local users (see the Relay Control tab). It is also recommended to include the secondary SMTP server to the list of allowed IP addresses, because in some cases, its behavior can be similar to that of an attacking server.

When a message is received Kerio Connect checks whether the sender's domain has a record in DNS. If not, the message will be rejected. This feature protects from senders with fictional email addresses.

This function may slow down Kerio Connect (responses of DNS servers may take up to several seconds).

Maximum number of message recipients that will be accepted (in number of Rcpt commands in the SMTP envelope).

Spam is often sent by special applications that connect to SMTP servers and ignore its error reports. If this option is enabled, Kerio Connect will close the SMTP connection automatically after the defined number of failed commands has been expired.

Maximum size of a message that will be accepted by the SMTP server. This protects the server from being overloaded by large messages, therefore we strongly recommend to activate this option. The 0 value means that no limitation is set.

This parameter helps the server block messages that have been trapped in a loop.

Mail will be delivered directly to destination domains using MX records.

All outgoing mail will be sent via another relay SMTP server.

DNS name or IP address of relay SMTP server.

Port where the relay SMTP is running. In most cases, SMTP server runs on the standard port 25.

Use this option if relay server requires authentication of sender (Kerio Connect) using username and password. Specify the User and Password entries.

A method used for authentication at the parent server: SMTP AUTH Command or POP3 before SMTP.

POP3 before SMTP — first, the user authenticates to the POP3 account at the server. After this authentication the user is known already and they can send email via the SMTP server. Username and password used here will be used to login to the mailbox and no messages can be read. Therefore you do not need to define mailbox in Configuration → Delivery → POP3 Download to send an email message.)

When sending a message, SMTP server attempts to use encrypted connection first (SSL). If SSL connection is not supported, unencrypted connection will be used. Thus the maximal possible security of sent messages is ensured.

Maximum number of delivery threads that will send messages from the queue (maximum count of messages sent at one moment). The value should be chosen with respect to processor capacity and to speed of the Internet connection.

Interval that will be used for repeated retry attempts for sending an email message.

If the message is not delivered in the time defined, it will be discarded and its header including  DSN will bounce to the sender. It will be also automatically removed from the queue and no more delivery attempts will be taken by the server.

If the message could not be delivered by expiration of this period, sender will be sent a warning (server will continue in sending attempts).

Language that will be used for error, warning and informative reports (such as information about non-delivered messages, viruses found, subscribing/unsubscribing to/from mailing lists).