Configuring IP Shielding options in SecurityGateway
This article explains how to configure SecurityGateway to use IP Shielding, which is a method to require connections from certain hosts to match a specific IP, or range of IPs, and reduce the chance of a malicious sender from giving fake domain information.
From the Dashboard, after logging in:
- Click on Security in the lower-left corner
- Locate the Anti-Abuse section
- Click on IP Shielding
You will then be presented with the list of shielded IPs that have been added, listing the domain, the IP address that the domain should be connecting from, and any comments included when the item was added.
To add a new item, click on New at the top of the list, and put in the domain to shield, the IP address that the domain must be connecting from, and a comment if you choose. Note that wildcards such as '?' for a single number and '*' for an entire range are supported, as well as the use of CIDR notation. Click 'Save and Close' to save the entry.
Exclude messages to valid local users
SecurityGateway will not check for a shielded IP on connecting domains if the message is bound for a local user that can be validated on the server, and only check for messages being sent to remote addresses, or non-valid local addresses. This can help save on system resources as it limits the amount of shielded IP checks SecurityGateway makes. By default, this is enabled.
These options can only be configured for the entire server, and not for individual domains.