Only accept email from a filter gateway.
Question asked by Larry Lubman - February 27, 2015 at 10:52 AM
Answered
OK, first of all, as pointed out in another thread, the "Incoming Gateway" section of the help for SmarterMail is really confusing.  Its terminology is a bit vague and ambiguous.  It is hard to tell if you're making that instance of SmarterMail an incoming gateway or if you're trying to configure that instance of SmarterMail to accept email from an incoming gateway.  It needs work.
 
Now to my question.  I'm using McAfee's Incoming Email protection service which is basically a SPAM filtering gateway.  I changed my MX records to point to their servers.  Problem is that the SPAMMERS are bypassing McAfee and using cached MX records or cached IP addresses and still going directly to my SmarterMail instance.  
 
So, how in SmarterMail do I set to only accept incoming email from McAfee's filter servers (I have the IP addresses) and still be able to send email from my email clients?  I'd like to avoid changing the IP address of my mail server if possible.
 
Thanks in advance!

4 Replies

Reply to Thread
0
I'd like to set this through SmarterMail itself.  I think it would be pretty straightforward to be able to set the incoming gateway servers since SmarterMail itself can act as a gateway server.  Is this possible?
0
Employee Replied
Employee Post
Hi Larry,
 
If you only want SmarterMail to accept SMTP traffic over port 25 for a specific IP you can do the following steps:
  • Login as system admin
  • Go to Security | Black List
  • Add the range of IP address you do not want to accept for example if your Gateway is coming from 10.10.10.15 you will black list 0.0.0.0-10.10.10.14 and 10.10.10.16-255.255.255.255. 
Now all SMTP traffic from port 25 will be blocked with the exception of your gateway.  If your customer are using email clients such as Outlook, Thunderbird, etc you will need to make sure you have an alternate SMTP port enabled or they will not be able to send emails.  To do this follow the steps below:
  • Login as the system admin
  • Go to Settings | Binding | IP Address | (edit IP(s) address) | Enable Submission Port
  • Click Save.
Now your customer can use email client to send though SmarterMail but all port 25 SMTP traffic will only be accepted from the specified IP address.  This way if spammer try to connect using a different IP address SmarterMail will reject it.
 
0
Hi Brian,
This means that we need to change all of our email clients to use another port also, correct?  So, we'd set them to use for example port 587 on all email clients and only accept port 25 from our email gateway?
 
I guess this is the only way to do what I'm asking without making impossible for people to send email. Or, I guess we could put outgoing email on another IP address.
 
Thanks for your help,
Larry
0
Bump.
 
Hi Team,
 
We are currently in the same scenario - we have a Spam Filter, we have multiple users (1000+) on Dynamic IPs, using a variety of ports (25, 587, 465) and we have an issue where a number of users are getting Spam Attacks that are directed at the SmarterMail Instance and ignoring the MX records (which would route mail through the filter and block it)
 
Ideally - we would like to be able to set Smartermail to only accept unauthenticated connections on the inbound ports from specific IPs (the IPs of our SpamFilters) and to require authenticated connections for all other IPs.
 
It seems a major shortfall of the Smartermail product if this is not a possibility.
 
Thanks

Reply to Thread