MailEnable Enterprise Guide
SMTP - Relay
Services and Connectors > SMTP Connector > SMTP - Relay

Mail servers accept messages for recipients that have their mailboxes hosted on the mail server itself. Any attempt to send a message to a non-local recipient (i.e. a recipient on a different mail server) is called a ‘relay’. It is critical to regulate who can send messages to others (non-local recipients) or the server will be identified as an Open Relay. This means that people on the Internet can send email out through the server without authenticating. Secure the server by configuring strict rules as to who can relay messages to non-local recipients.

For a server on the Internet, the best relay setting to have is to only have Allow relay for authenticated senders checked, and leave Allow relay for local sender addresses unchecked. This will make everyone who wants to send email out via the server provide a username and password.

To access the SMTP Relay options, open the Administration program, expand the Servers > Localhost > Connectors branch, right click on the SMTP icon, select Properties from the popup menu, and click the Relay tab.

The following table provides an explanation of the various relay settings.

Setting

Description

Enable Mail Relay

Mail relaying needs to be enabled in order to send mail. Otherwise MailEnable will only be able to receive email. There are four options available to limit who can send mail out through the server. It is possible to select any combination of the four, however, a client only has to match one of the items in order to relay through the mail server.

Allow relay for authenticated senders

Requires that people sending mail through the server enter a username and password (i.e. this option enables SMTP authentication). To set this is different for various mail clients, but in Microsoft Outlook Express and Microsoft Outlook for instance, this is done in account properties via the "My server requires authentication" checkbox under the "Servers" tab. It is advisable to have this option enabled if the server is not using privileged IP ranges. Also, ensure that Secure Password Authentication (SPA) is not enabled.

Authentication method

Select the authentication method for authenticated senders.

MailEnable/integrated authentication – uses the MailEnable username/password

Windows authentication – uses the Windows username/password valid for that machine

Authenticate against the following username/password – specify your own username and password.

Allow relay for privileged IP ranges

Allows people with certain IP addresses to send email through the server. If the IP addresses of persons who are able to send email out through the server is known, use this option. DO NOT select this option if the list of IP addresses is unknown, as this may inadvertently allow everyone access.  This option is usually required to allow sending through the server from a web server or web page.

Allow relay for local sender addresses

Allows people to send mail if their ‘From’ address has a domain that is hosted on MailEnable. For instance, if you host example.com, and someone sends a message from your server that has their ‘From’ address as peter@example.com, the email will be sent. Unfortunately, spammers may still abuse this by spoofing ‘from’ addresses, so most servers will not use this option. Using this option may cause some anti-spam blacklists to consider the server as “open relay” and block email from the server.

POP before SMTP authentication

The IP address of users who authenticate via POP is remembered and permitted to relay. The time period to remember the IP address for can be set. Some client applications will try to send email before retrieving (e.g.: Microsoft Outlook), so they will generate an error message on the first send try. Subsequent send attempts will then work if they are before the specified time.

This is required due to some ISPs and certain routers not allowing SMTP authentication.  This feature will bypass this issue by authenticating a client using POP. If this authenticates then the SMTP service will allow this IP access for a designated period of time.

To remember the IP address, a file is written to the Mail Enable\Config\Connections directory. The file name is the IP address and the file extension is .pbs.