This article explains how to configure the way SecurityGateway handles messages that sending servers are attempting to 'relay' which means to send mail from a domain not local to the server onto an address that is also not local to the server. Servers that allow messages to be relayed in this manner are known as 'open relays', and can be targets for spammers. Being an open relay can result in being blacklisted, and having mail from your server refused.
From the Dashboard, after logging in:
- Click on Security in the lower-left corner
- Locate the Anti-Abuse section
- Click on Relay Control
You may then configure the following options:
-
This server does not 'relay' messages
SecurityGateway will not accept any email not sent from a local domain, and not bound for a local domain. This is always enabled, and therefore cannot be changed.
-
Only domain email servers can send local mail
If a message is purportedly coming from a local domain, SecurityGateway will only accept it if it is coming from the domain mail server(s) registered for that local domain. By default, this is enabled.
-
... unless message is TO a local account
If the message is from a local address, to a local address, SecurityGateway will accept it, regardless of if it is coming from a domain email server registered for that domain or not. This can happen if users send email from their accounts from a remote location, such as from their home. By default, this is enabled.
-
... unless sent via authenticated SMTP session
If the incoming session is authenticated with a username and password on the server, but not from the domain mail server(s) for that domain, it will be accepted. By default, this is enabled.
-
... unless sent from whitelisted IP address or host
If the incoming session is from a server whose IP address or domain is registered in SecurityGateway, but not from the domain mail server(s) for that domain, it will be accepted. By default, this is disabled.
-
-
SMTP MAIL address must exist if it uses a local domain
If an incoming session gives a MAIL FROM command with an address from a local domain, that address must be valid, to help prevent the 'spoofing' of fake local addresses by spammers. By default, this is enabled.
-
... unless sent from whitelisted IP address or host
If the incoming session is from a server whose IP address or domain is registered in SecurityGateway, it will be accepted, even if sent from an invalid local address. By default, this is disabled.
-
... unless sent by authenticated SMTP session
If the incoming session is authenticated with a username and password on the server, it will be accepted, even if sent from an invalid local address. By default, this is disabled.
-
... unless sent via domain email server
If the incoming session is from one of the domain email servers registered for that domain, it will be accepted, even if sent from an invalid local address. By default, this is disabled.
-
-
SMTP RCPT address must exist if it uses a local domain
If an incoming session gives a RCPT TO command with an address from a local domain, that address must be valid. This is always enabled, and therefore cannot be changed.