Mail Delivery
General
You can set up general SMTP-related limits on users' login and inbound/outbound mail delivery.
- Go to Mail Delivery > General.
- Select Enable SMTP Authentication. When connecting to MailPlus Server via SMTP, clients will have to provide user credentials for login.
- Two more authentication options are available:
- Skip authentication for local network connections from terminal: Without login credentials, clients in MailPlus Server's local network can directly receive and send emails using a terminal.
- Check if the sender's email addresses belong to the login accounts: When sending emails, the logged-in user has to use a sender's email address that belongs to the login account.
- To stop SMTP clients from auto-forwarding emails, select Disable auto forwarding.
- Set up an SMTP profile for MailPlus Server:
- Hostname (FQDN): Specify the hostname of MailPlus Server in FQDN format. Make sure that the hostname matches the IP address in the DNS server.
- SMTP banner: Specify the texts that will show up on an SMTP client's Telnet terminal.
- Max recipients per message: Set the maximum number of recipients in an inbound/outbound message. A message exceeding the limit will be rejected.
- Max message hops: Set the maximum number of hops (i.e. mail relays) made by an inbound/outbound message. A message exceeding the limit will be rejected.
- Maximum size per email (MB): Set the maximum size of an inbound/outbound message. A message exceeding the limit will be rejected.
- Click the External Postmaster button and then the plus icon to add email addresses for external postmasters. External postmaster is set to receive system mails sent to Mailer-daemon and Postmaster aliases from other mail servers.
- Click Apply to save the settings.
Delivery
MailPlus Server can send mails through other mail servers while not be exposed to the Internet and subject to possible attacks.
To deliver mails from MailPlus Server:
- Go to Mail Delivery > Delivery.
- Select a rule type:
- Send mails directly from this server: All mails will be sent by MailPlus Server directly.
- All mails are relayed through a single relay host: All mails will be relayed through a designated relay host. Specify all of the following settings of the designated relay host:
- Server: Specify the IP address or hostname of a relay server for MailPlus Server.
- Port: Specify the port of the relay server to receive emails from MailPlus Server.
- Always use a secure connection (TLS): Enable this option to relay emails through a TLS-protected connection.
- Authentication required: When the relay server requires login, enable this option and enter your relay server username and password.
- Sent via multiple relay hosts: You can specify multiple rules. When a mail fits a rule, it will be sent through a designated relay server.
- Click Relay Host List.
- Specify rule type:
- Recipient Rule: Mails sent to designated mail addresses or domains will be sent through a designated relay server.
- Sender Rule: Mails sent from designated addresses or domains will be sent through a designated relay server.
- Click Create.
- Enter rule name, specify all the other settings of the designated relay host, and select and enter the matching targets in Recipient List or Sender List.
- Click Apply to save the settings.
Relay Control
MailPlus Server can send or receive mails for other mail servers.
To relay outbound mails for other mail servers:
- Go to Mail Delivery > Relay Control, and in the Relay Outbound Mails section, click Trusted List.
- Click Create.
- Enter rule name, and specify the IP address or subnet mask of other mail servers.
- Click OK to save the settings.
To relay inbound mails for other mail servers:
Please set up a DNS record first, and then go to Domain List to add the mail server, you may refer to the following steps:
- Set up an external DNS server for MailPlus Server.
- Enter your domain name in the MX record on the external DNS server, and enter the IP address of MailPlus Server in the A record. In this way, other mail servers will be able to send mails to MailPlus Server based on these DNS records.
- Set up an internal DNS server for MailPlus Server to find your main mail server.
- Enter your domain name in the MX record on the internal DNS server, and enter the IP address of the domain in the A record. The priority of the DNS records on the internal DNS server must be higher than that on the external DNS server.
- Go to DSM > Control Panel > Network > General, and tick the Manually configure DNS server checkbox, enter the IP address of the internal DNS server in the Preferred DNS Server field, and enter the IP address of the external DNS server in the Alternative DNS Server field to make sure the internal and external connections of MailPlus Server can work properly. After MailPlus Server receives mails, it will check the MX records of the two DNS servers, and send the mails to the mail server with the higher priority.
- Launch MailPlus Server, and go to Mail Delivery > Relay Control, and under the Relay Inbound Mails section, click Domain List.
- Click Create.
- Enter rule name and domain.
- Click OK to save the settings.
Note:
- If you tick the Check if the senders' email addresses belong to the login accounts checkbox in the General tab, mails from Trusted List might be rejected by MailPlus Server. You can go to the General tab, and tick the Skip the check for sender's email address to see if it belongs to the login account for emails sent from trusted networks checkbox to skip the check. If you tick the Skip authentication for local network connections from terminal checkbox in the General section, mails from local networks will not be blocked by MailPlus Server.
- For more information on how to set up a DNS record, please refer to MailPlus Server Administrator’s Guide.
Security
To create black and white lists:
With the black and white lists, the system will reject, discard, or allow certain messages based on various criteria.
- Go to Mail Delivery > Security > Black and White Lists.
- Select either rule type:
- Blacklist: Set rules to reject/discard matching email messages.
- Whitelist: Set rules to allow through matching email messages.
- Click Create.
- Name the rule and specify its criteria:
- IP: Specify a sender IP address (e.g. 192.163.1.1).
- IP/subnet mask: Specify a sender IP address and its subnet mask (e.g. 192.163.1.1/255.100.10.1).
- Sender: Specify a sender address (e.g. 123@abc.com).
- Recipient: Specify a recipient address (e.g. 456@abc.com).
- Domain (for whitelist rules): Specify a sender domain (e.g. abc.com).
- Do this (for blacklist rules): Select the action against a matching message:
- Reject it: Ban a matching message from passing through MailPlus Server.
- Discard it: Abandon a matching message without informing the sender.
- Click OK to save the rule.
Note:
- Emails matching any whitelist rule might be blocked if they do not pass other security tests (e.g. DNSBL, antivirus scans, and DKIM). The table below shows the security tests that will be skipped based on the different whitelist settings. You can adjust settings according to this table to ensure important messages can be received.
|
DNSBL |
SPF |
Antivirus Scan |
DKIM |
DMARC |
IP |
✓ |
✓ |
✓ |
✓ |
✓ |
IP/subnet mask |
✓ |
✓ |
|
✓ |
✓ |
Sender |
|
✓ |
✓ |
|
|
Recipient |
|
✓ |
✓ |
|
|
Domain |
|
✓ |
✓ |
✓ |
✓ |
- To always allow through matching emails, whitelist rules should be created based on IP addresses. Matching emails will not be blocked by other kinds of rules like DKIM.
To create sender policies:
You can set policies to block emails from senders from unidentifiable domains.
- Go to Mail Delivery > Security > Sender Policy.
- Enable the following options to suit your needs:
- Reject senders without fully qualified domain name (FQDN): Bounce emails when senders are from a domain without an FQDN.
- Reject senders using unknown domains: Bounce emails when intended recipients are not existing MailPlus Server users and when the sender domain does not have a valid DNS entry.
- Click Apply to save the settings.
To create connection policies:
You can set policies to block client hosts that cannot be identified or may cause MailPlus Server to overload.
- Go to Mail Delivery > Security > Connection Policy.
- Enable the following options to suit your needs:
- Reject unknown client hostnames: Block client connections from a host without an analyzable IP or hostname.
- Keeping more concurrent connections than the limit: Set the maximum number of concurrent connections from a client host. When the limit is reached, extra connections will be blocked.
- Sending more messages than the limit in one minute: Set the maximum number of outbound messages sent from a client host in one minute. When the limit is reached, the client host will be blocked until next minute.
- Building more connections than the limit in one minute: Set the maximum number of connections built by a client host in one minute. When the limit is reached, the client host will be blocked until next minute.
- Click Apply to save the settings.
To create advanced security rules:
- Go to Mail Delivery > Security > Advanced.
- Enable the following options to suit your needs:
- Reject unauthorized pipelining requests: Block client connections that keep sending SMTP commands to avoid system overload.
- Reject HELO hostnames without fully qualified domain name (FQDN): Reject connections from hosts that send a HELO/EHLO command and do not have an FQDN hostname.
- Reject unknown HELO hostnames: Reject connections from hosts that send a HELO/EHLO command and do not have a valid DNS entry.
- Block any IP emailing more non-existent accounts than the limit: Set the maximum number of non-existent MailPlus Server accounts that an IP can send email to. When the limit is reached, the IP will be blocked until next day.
- Max junk commands per session: Set the maximum number of junk commands (i.e.
noop
, vrfy
, etrn
, and rset
) that a client connection can send before sending email. Every 10 junk commands will cause one-second delay on mail delivery.
- Click Apply to save the settings.