Setting SMTP Security

You can set who has access to your mail server and control SMTP security in several ways:

  • Set Mail Relay Options that determine how your server can be used by other Internet mailers and protect your server from mass mailings (spam mail).

See "Antispamming Features" in Chapter 1 for background information on how bulk mailers use SMTP to send mail.

  • Set access to your local mailing lists.
  • Validate incoming mail to check that it was sent from a valid user mail account or to deny access to specified mail addresses.
  • Specify an IP address or set of IP addresses that are either granted access to the mail server or denied access.
  • Send a copy of every inbound and outbound message to a specified mailbox.

To set any of these options for the SMTP server:

  1. In the Control Panel, double–click the IMail Server icon.

The IMail services dialog box appears.

  1. Click the SMTP Security tab. The SMTP Security properties appear.

wpe2.gif (11189 bytes)

  1. Enter any of the options (described in the following sections) you want to use to set security for the SMTP server.
  2. Click Apply to save your changes. Click OK to save your changes and exit the dialog box.

Note:

If you make changes to the IP addresses that can use the SMTP server, you must stop and restart the SMTP service for changes to take affect.

Setting Mail Relay Options

You can use the Mail Relay Options to prevent unauthorized mailings, such as mass promotional mailings (known on the Internet as spam mail) from passing through the IMail Server as a relay or gateway. The Relay mail for option lets you configure IMail Server to only accept mail that originates from local users or that is destined for local users. You can define the systems or address blocks that you want to consider local.

Relay mail for anyone

Allows the SMTP server to accept mail destined for other hosts and redeliver that mail to the proper host (i.e, become a mail gateway). This is the default setting.

Relay mail for

Allows the SMTP server to accept mail destined for other hosts only if the mail is received from the specified IP addresses (which the mail server will consider to be local addresses).

If you use this option, you need to specify any host that you receive mail for and you need to create a matching entry in the \winnt\sys-tem32\drivers\etc\hosts file. For example, if your DNS is set up to receive mail for a primary domain, mailer1.ipswitch.com, and also for another domain, mailer2.acme.com, the MX record will look like this:

MX
10 mailer1.ipswitch.com
20 mailer2.acme.com

To relay mail for the mailer2.acme.com domain, you need to specify its IP address in the Relay mail for option and also enter its hostname and IP address in the hosts file on your mail server.

To specify the valid IP addresses, click the addresses button. The Access Control dialog box appears.

wpe3.gif (5226 bytes)

  1. Click the Add button. The Accept as Local dialog box appears.

wpe4.gif (4256 bytes)

  1. In the IP Address box, enter the IP address of the computer to be considered local to the IMail Server.

To add a group of computers, select the Group of Computers option. In the IP Address and Subnet Mask boxes, enter the IP address and subnet mask for the group to be considered local.

For example, if you have a class C address space of 156.21.50.0, enter a group address of 156.21.50.0 and a subnet mask of 255.255.255.0. This will allow those 254 systems to be considered the same as the local system and they can use the mail server to send mail to the outside world.

  1. Click OK to add the IP address(es) to the list.

IMail Server will relay mail for all the computers listed.

  1. Click OK to save the changes. Note that you must stop and restart the service for the changes to take affect.

A "non–local" system that attempts to send mail through the IMail Server system will receive the following message:

550 unknown local host %s, not a gateway

No Mail Relay

The SMTP server will refuse to accept mail destined for other hosts.

Setting List Access Options

You can use the following options to set access to distribution lists (aliases of type List) on your mail server. (These options do not affect mailing lists created with the List server.

Allow remote mail to local lists

When selected, the SMTP server will accept mail addressed to an alias that was defined as a List alias and will resend the message to the list contents.

Allow remote view of local lists

When selected, the SMTP server will reveal the contents of a List alias in response to an EXPN SMTP command.

Validating Incoming Mail

You can use the following options to check that incoming mail was sent from a valid user mail account or to deny access to specified mail addresses. IMail Server will always include the IP address of the source of a message in the message header.

Refuse NULL <> Senders

If enabled, refuses to accept mail if the null address (<>) is specified in the MAIL FROM line of an incoming message. Note that Microsoft Exchange uses the null address for messages from the postmaster.

Check valid sender

If enabled, requires that the user mail address (user@host) is specified in the MAIL FROM line of an incoming mail message. Note that a null address (< >) in the MAIL FROM line is handled sepa-rately by enabling or disabling the Refuse NULL < > Senders option.

Edit kill file

The kill file lets you specify a mail address or a particular mail host that you do not want to accept mail from. To specify a mail address or host in the kill file, click the Edit kill file button.

The file kill.lst appears in the Windows Notepad. In the kill.lst file, enter one entry per line in either of the following formats:

userid@host
@host

For example, to deny access from a user mail account, you could enter: fred@widget.com To deny access to all users from the mail host widget.com, you can enter: @widget.com.

IMail Server checks the incoming message’s MAIL FROM: <user@host> line. When it receives mail from an address listed in the kill file, IMail Server returns the message:

501 unacceptable mail address

The kill.lst resides in the IMail directory and applies to the primary domain and all virtual domains.

Setting Access to the SMTP Server

You can specify an IP address or set of IP addresses that are either granted access to the SMTP server or denied access. Systems that do not have access to the SMTP server system will not be allowed to create a connection. This is useful when you know the IP address(es) of a mail sender that is making unauthorized use of your mail server.

To deny access to a specific computer or group of computers:

  1. Click the Control access button. The Access Control properties appear.
  2. Select the Granted Access option.
  3. Click the Add button. The Deny Access On dialog box is displayed.
  4.  
  5. In the IP Address box, enter the IP address of the computer to be denied access to the SMTP server.

To deny access to a group of computers, select the Group of Computers option. In the IP Address and Subnet Mask boxes, enter the IP address and subnet mask for the group to be denied access. For example, if you have a class C address space of 156.21.50.0, enter a group address of 156.21.50.0 and a subnet mask of 255.255.255.0. This will deny access to those 254 systems.

  1. Click OK to add the IP address(es) to the list.

Access will be granted to all computers except those listed.

  1. Click OK to save the changes. Note that you must stop and restart the service for the changes to take affect.

To grant access to a specific computer or group of computers:

  1. Click the Control access button. The Access Control properties appear.
  2. Select the Denied Access option.
  3. Click the Add button. The Grant Access On dialog box is displayed.
  4. In the IP Address box, enter the IP address of the computer to be granted access to the SMTP server.

To grant access to a group of computers, select the Group of Computers option. In the IP Address and Subnet Mask boxes, enter the IP address and subnet mask for the group to be granted access. For example, if you have a class C address space of 156.21.50.0, enter a group address of 156.21.50.0 and a subnet mask of 255.255.255.0. This will grant access to those 254 systems.

  1. Click OK to add the IP address(es) to the list.

Access will be denied to all computers except those listed.

  1. Click OK to save the changes. Note that you must stop and restart the service for the changes to take affect.
If you like this site, tell your friends.  If not,  e-mail us at support@texoma.net or call us at one of the following numbers between 9:00 a.m.  and  9:00 p.m., 7 days a week.
Dallas (972) 484-3434
Denison (903) 465-9331
Gainesville (940) 612-2332
McKinney (972) 542-4020
Sherman (903) 813-4500
Long Distance (800) 697-0206

All trademarks used are the property of their respective owners.

Home | Tech Support | MailMan | Pricing | Policy | Sign Up | Contact Us