Disable inbound e-mail if behind antispam
Question asked by Manuel Righi - 3/7/2020 at 1:08 PM
Unanswered
Hello,
we have some SmarterMail installations that, for security reasons and because we were looking for a better antispam / antivirus, the role of antispam and antivirus has been delegated to dedicated appliances (which are the domain MX). 
Then these appliances send mail to smartermail.

Unfortunately, however, if an attacker knows that SmarterMail is also exposed on port 25, he can send mail directly to SmarterMail (where there is no antispam check because there are un antispam appliance). 

Is there a setting to disable receiving mail in SmarterMail if it doesn't come from antispam? 
Or force all email inputs with authentication? 

Thank you!
Manuel

6 Replies

Reply to Thread
3
Sébastien Riccio Replied
What about firewalling port 25 and only allow it to be reaced from your antispam appliance ?
Sébastien Riccio
System & Network Admin

0
Manuel Righi Replied
I can't block port 25 because are used from each mailbox for smtp connection from mail client.
3
Christopher Hiatt Replied
Set the clients up on SSL and have them submit on 465 instead.


0
Ronald Raley Replied
For each domain, what if you set "Inbound Message Delivery" to "External (Use MX Record)". Might this correct the issue?

Thanks,
Ron
0
Manuel Righi Replied
Se the clients up on SSL and port 465 is not a solution, because an attacker can still take advantage of this setting.

Set domain to "External (use MX Record)", it should not be done, otherwise a loop will be created.

it would be great if there was a setting that set SmarterMail to accept email only from Antispam Appliance if sender is outside domain or not authenticated.

Manuel
3
Sébastien Riccio Replied
E-mail clients should use port 587 (smtp submission port) and not port 25 which should be reserved for inter-server communication

Sébastien Riccio
System & Network Admin

Reply to Thread