If you need to change the ports or other SMTP settings used by SecurityGateway, the Email Protocol page contains various options governing SecurityGateway's technical handling of email. For example, you will use this page to designate the ports that will be used for receiving mail, the maximum number of concurrent SMTP sessions allowed, whether or not SecurityGateway will honor VRFY requests, whether or not you will allow plain text passwords, and other similar advanced options
Log into SecurityGateway with a global administrator account
Click on Setup/Users in the lower-left corner
Locate the Mail Section
Click on Email Protocol
- From here, you can configure the following options:
- HELO Domain Name
This is the hostname given after the HELO/EHLO command when SecurityGateway connects to a remote server to send mail (i.e helo mail.domain.com or ehlo smtp.domain.com). It is also used in Received headers, authentication-results headers, and other places where it is necessary to identify exactly what server was processing a message. This should be the fully qualified domain name of the SecurityGateway server. - SMTP Ports
This is where you can configure the ports on which SecurityGateway listens for incoming SMTP connections. Note that you can specify more than one port by putting a comma between each port you wish to use. By default, this is set to 25. - Dedicated SSL Ports
This is for configuring the ports on which SecurityGateway listens on for secure SMTP connections using SSL/TLS. As above, you can choose to listen on more than one port. By default, this is set to 465. - MSA Ports
This is for configuring the alternate ports on which SecurityGateway listens for incoming SMTP connections. The MSA port is used if the sending client cannot send on port 25 due to network configurations or policies. Note that connections on the MSA port must be authenticated with a username and password. By default, this is set to 587. It can be set to listen on more than one port as with SMTP ports. - Bind sockets to these IPs
If you wish to bind SecurityGateway to specific IP addresses, list those IPs here separated by commas. - Maximum concurrent SMTP inbound sessions
This value controls the number of concurrent inbound SMTP sessions that SecurityGateway will accept before it begins responding with a 'Server Too Busy' message. The default value is 100. - Maximum concurrent SMTP outbound sessions
The value entered here is the maximum number of concurrent outbound SMTP sessions that will be created when sending mail. Each session will send outbound messages until all waiting messages are sent. For example, if this option is set to the default value of 30, then thirty sessions could be simultaneously created, allowing SecurityGateway to attempt to deliver 30 different messages at once.. - Default domain
Choose a domain from the drop-down list box. This is the domain that SecurityGateway will assume should be used when someone attempts to log in without including a domain name, and it is the domain that will be used for MAIL, RCPT, and VRFY commands when no domain is specified. - Use ESMTP whenever possible
When enabled SecurityGateway will use Extended SMTP commands whenever possible. By default this is enabled. - Honor VRFY command
Enabling this will allow connections to the SecurityGateway server to use the extended SMTP command VRFY to verify the existence of a local user. By default, this is disabled. - Allow plain text passwords (SSL or CRAM-MD5 not required)
This allows incoming SMTP connections to use the SMTP AUTH command to authenticate the connection. By default, this is enabled. - Honor CRAM-MD5 authentication method
This allows incoming connections to use the CRAM-MD5 authentication method to authenticate the connection without sending the password in plain-text. This is enabled by default. - Hide ESMTP SIZE command parameter
This disallows the use of the extended SMTP command SIZE from being used to send the size of a message before it is transmitted. By default, this is disabled. - Check commands and headers for RFC compliance
Enabling this will check all incoming and outgoing messages for compliance with the RFC standard for messages, which can help reduce spam, but can also prevent the sending of valid email as well. By default, this is not checked. - Allow this many RCPT commands per message
This setting determines how many RCPT commands a sending server may issue before being rejected by SecurityGateway. By default, this is set to 100, which is the minimum total number recommended by RFC 2821. - Maximum acceptable SMTP message size
Setting a value here will prevent SecurityGateway from accepting mail that exceeds a certain fixed size. When this feature is active SecurityGateway will attempt to use the ESMTP SIZE command specified in RFC-1870. If the sending agent supports this SMTP extension then SecurityGateway will determine the message size prior to its actual delivery and will refuse the message immediately. If the sending agent does not support this SMTP extension then SecurityGateway have to allow the sending server to begin transmitting the messages, but will reject the message later if the maximum size is reached. The default value of '0' mean that there is no size limit placed on messages. - Kill connection if data transmission exceeds ___:
If the transmission of data during an SMTP connection exceeds this threshold, SecurityGateway will close the connection. The default value in this option is '0', meaning that there is no size limit. - Maximum message hop count
This option will monitor the number of 'hops', or servers passed through, that incoming messages have taken as listed in the Received header of the message. If it goes over this number, it will stop the message from being delivered to prevent an infinite-loop situation. By default, this is set to 20 hops.
- HELO Domain Name
Additional Comments
Adding or changing any of SecurityGateway's port settings requires a restart of the service to allow for it to bind the new port information. This will happen automatically when you click Save.