KBA-01911

Configuring relaying options in SecurityGateway

This article explains how to configure the way SecurityGateway handles messages that sending servers are attempting to 'relay' which means to send mail from a domain not local to the server onto an address that is also not local to the server. Servers that allow messages to be relayed in this manner are known as 'open relays', and can be targets for spammers. Being an open relay can result in being blacklisted, and having mail from your server refused.

From the Dashboard, after logging in:

  1. Click on Security in the lower-left corner
  2. Locate the Anti-Abuse section
  3. Click on Relay Control

You may then configure the following options:

  • This server does not 'relay' messages

    SecurityGateway will not accept any email not sent from a local domain, and not bound for a local domain. This is always enabled, and therefore cannot be changed.

  • Only domain email servers can send local mail

    If a message is purportedly coming from a local domain, SecurityGateway will only accept it if it is coming from the domain mail server(s) registered for that local domain. By default, this is enabled.

    • ... unless message is TO a local account

      If the message is from a local address, to a local address, SecurityGateway will accept it, regardless of if it is coming from a domain email server registered for that domain or not. This can happen if users send email from their accounts from a remote location, such as from their home. By default, this is enabled.

    • ... unless sent via authenticated SMTP session

      If the incoming session is authenticated with a username and password on the server, but not from the domain mail server(s) for that domain, it will be accepted. By default, this is enabled.

    • ... unless sent from whitelisted IP address or host

      If the incoming session is from a server whose IP address or domain is registered in SecurityGateway, but not from the domain mail server(s) for that domain, it will be accepted. By default, this is disabled.

  • SMTP MAIL address must exist if it uses a local domain

    If an incoming session gives a MAIL FROM command with an address from a local domain, that address must be valid, to help prevent the 'spoofing' of fake local addresses by spammers. By default, this is enabled.

    • ... unless sent from whitelisted IP address or host

      If the incoming session is from a server whose IP address or domain is registered in SecurityGateway, it will be accepted, even if sent from an invalid local address. By default, this is disabled.

    • ... unless sent by authenticated SMTP session

      If the incoming session is authenticated with a username and password on the server, it will be accepted, even if sent from an invalid local address. By default, this is disabled.

    • ... unless sent via domain email server

      If the incoming session is from one of the domain email servers registered for that domain, it will be accepted, even if sent from an invalid local address. By default, this is disabled.

  • SMTP RCPT address must exist if it uses a local domain

    If an incoming session gives a RCPT TO command with an address from a local domain, that address must be valid. This is always enabled, and therefore cannot be changed.

    Additional Comments

    These settings are for all domains on the server, and cannot be configured for individual ones.