Previous Topic

Next Topic

Book Contents

Book Index

General

security_general

Field

Description

POP before SMTP (Min)

Check this option and a local email address which has made a successfully authenticated POP or IMAP connection will be allowed (for specified number of minutes) to initialize SMTP session (from the same IP address which was used for the POP or IMAP connection) with the same rights as if it was successfully SMTP authenticated.

Reject if originator's domain is local and not authorized

If the sender of the message is a local user (claims to be from your local domain) they have to authorize themselves. Authorization can be done using the SMTP authentication, relaying from IP address or the POP before SMTP feature.

This option can reject also local users if they authenticate against different SMTP server, e.g. their ISP SMTP server.

NOTE: Whitelist and blacklist are skipped if the remote side tells us the sender is local, but the session is not authenticated nor comes from a trusted IP. The email is then processed as usually – other rules are applied.

It can be turned off only using API Console – the  SpamSkipBypassLocalUntrusted variable.

Bypass reason code – H. For more information about reason codes, refer to the AntiSpam – Reason Codes chapter.

Add

Click the button to add a new IP address. The IP Address dialog opens.

Edit

Select an IP address and click the button to edit this address. The IP Address dialog opens.

Arrows

Use the buttons to move addresses up or down in the list.

Edit File

Click the button to open the simple text file containing the IP ranges. Examples are given there.

The Trusted IPs list shows the IP address ranges you consider trustworthy. SMTP connections from these IP addresses will be allowed without authentication.

note_small

NOTE: This list of trusted IPs %& Hosts is also used by the AntiSpam Engine's Whitelist as a bypass list, if the "Whitelist trusted IPs and authenticated sessions" option is checked in Antispam/Whitelist/General.

ip_address_dialog

Field

Description

IP Address

Fill in an IP address. You can use masks, as shown above, and ranges, for example 192.168.0.1-50

NOTE: You can use host names as well as IP addresses.

Submission Port (RFC4409)

This port is used as a way to avoid SMTP abuse. Users are forced to use port 587 that requires authentication. In this case, the standard port 25 is used only for communication that is not authenticated (between SMTP servers). It means that all possible spam attempts etc. go via antispam and antivirus filters/rules set on the server for unauthenticated communication.

If you want to use this feature:

  1. Enable SMTP AUTH via API:

    tool modify system c_mail_smtp_delivery_messagesubmission 1

  2. Inform users to change their email clients (account properties/advanced) to use port 587 for SMTP.
  3. Check whether the SMTP service has set the 2nd basic service field set to 587. (System – Services – General – SMTP dialog – Properties tab). If not, change it.

exclamation_mark_small

NOTE: Since WebClient requires authentication by default, it is also necessary to change the port in the SMTP Server field (Console – WebClient – General). E. g. mail.icewarpdemo.com:587.

See Also

Security

DNS

Intrusion Prevention

Advanced