How to force all inbound traffic to authenticate if using an external filtering service.


SUMMARY

This article explains how to configure MailEnable to only accept inbound mail from authenticated connections. This can be configured as a global server policy or as a postoffice level policy. A scenario where inbound authentication policy is applicable, is if you require MailEnable to only accept connections from an external spam gateway or proxy and reject any direct inbound traffic from other sources. This ensures that only connections that have authenticated can send to (or relay through) the server or postoffice.

SOLUTION

Configuring the inbound authentication option as a global server policy:

  1. Navigate within the MailEnable administration console to: Servers > Localhost > Services and Connectors > SMTP.
  2. Right click on SMTP and select properties.
  3. Next navigate to the "Advanced SMTP" tab and use the drop down menu within the "Inbound authentication" section.
  4. Set the option to "Require authentication for all inbound connections".
  5. Click "Apply" and then "Ok".
  6. Restart the SMTP.

Note: Please consult within your spam gateway/proxy documentation on how to configure the service to authenticate.

Configuring the inbound authentication option as a postoffice level policy:

  1. Navigate within the MailEnable administration console to: Servers > Localhost > Services and Connectors > SMTP.
  2. Right click on SMTP and select properties.
  3. Next navigate to the "Advanced SMTP" tab and use the drop down menu within the "Inbound authentication" section.
  4. Set the option to "Authentication determined by postoffice".
  5. Restart SMTP.
  6. Next navigate to the relevant postoffice in the administration console and right click the postoffice and select properties.
  7. Navigate to the "Restrictions" tab and tick the option for "Any emails to this postoffice must come from authenticated connections".
  8. Click "Apply" and then "Ok".

MORE INFORMATION

In order for the spam gateway/proxy to relay messages via the MailEnable server it is necessary to add the IP address of the spam gateway/proxy server to the MailEnable SMTP relay option for "Allow relay for privileged IP ranges". Please see: http://www.mailenable.com/documentation/10.0/Enterprise/SMTP_props_-_Relay.html

The above policies will only prevent inbound connections from being able to send to the server or domain. Connections from spammers and other foreign locations will still occur. Therefore, to help stop the unwanted connections from being to abuse the server the "Abuse detection and Prevention" option can be enabled under the "localhost" properties within the "Policies" tab. For more information about the abuse policy please see: http://www.mailenable.com/documentation/10.0/Enterprise/Localhost_-_Policies.html

Along with the "Abuse detection and prevention" option you can further restrict and tighten up security to restrict authentication attempts to specific countries. The connecting IP address is checked against a country database and will either be blocked or allowed to perform a login attempt. This can also be set as a global server policy or as a postoffice level policy. Please see:

http://www.mailenable.com/documentation/10.0/Enterprise/NewTopic2.html

http://www.mailenable.com/documentation/10.0/Enterprise/NewTopic.html

  


 
 
 


Product:MailEnable (ME-Any Pro-Any Ent-Any)
Article:ME020450
Module:SMTP
Keywords:Postini,SPAM,spam,filter,proxy,cant,send,to,server,relay,external,inbound,mail,authenticate,authenticated,authentication,force,gateway
Class:HOWTO: Product Instructions
Revised:Tuesday, March 13, 2018
Author:
Publisher:MailEnable