Configuring SMTP authentication options in SecurityGateway

This article explains how to configure SecurityGateway's requirements regarding SMTP authentication, to help further validate the sender as a valid user on the server, and therefore prevent malicious users from sending messages from supposed local addresses.

From the Dashboard, after logging in:

  1. Click on Security in the lower-left corner
  2. Locate the Anti-Abuse section
  3. Click on SMTP Authentication

You may then configure the following options:

  • Authentication is always required when mail is from local accounts

    If an incoming session does not authenticate with a username and password on the server, and gives a local address in the MAIL FROM command, SecurityGateway will refuse to accept the message, and return a 'recipient unknown' error. By default, this is disabled.

    • ... unless message is to a local account

      If the message is being sent from a local address, to a local address, SecurityGateway will not require authentication to send the message. This may need to be enabled if mail is sent with a local user's address, but from another domain mail server, such as a user's Internet Provider's server. By default, this is disabled.

  • Authentication credentials must match those of the email sender

    Incoming sessions must be authenticated with the username and password of the account given in the local address provided in the MAIL FROM account, or the message will be refused. This requires senders to use their own account's login information. By default, this is disabled.

  • Mail from 'postmaster', 'abuse', 'webmaster' require authentication

    Since these addresses are popular targets for spammers, since they are commonly used (and, according to RFC guidelines, required to exist for 'postmaster' and 'abuse'), an incoming session giving any of these addresses as the MAIL FROM command must authenticate with a username and password on the server. By default, this is enabled.

    Additional Comments

    These settings can be configured for individual domains, or for the entire server, if you so wish. Click on the 'For Domain' drop down at the upper right to change for individual domains.