Back to Community Threads
3
Disable inbound e-mail if behind antispam
Question asked by Manuel Righi - 3/7/2020 at 1:08 PM
Unanswered
Hello,
we have some SmarterMail installations that, for security reasons and because we were looking for a better antispam / antivirus, the role of antispam and antivirus has been delegated to dedicated appliances (which are the domain MX). 
Then these appliances send mail to smartermail.

Unfortunately, however, if an attacker knows that SmarterMail is also exposed on port 25, he can send mail directly to SmarterMail (where there is no antispam check because there are un antispam appliance). 

Is there a setting to disable receiving mail in SmarterMail if it doesn't come from antispam? 
Or force all email inputs with authentication? 

Thank you!
Manuel

6 Replies

Reply to Thread
3
Sébastien Riccio Replied
3/8/2020 at 9:07 AM
What about firewalling port 25 and only allow it to be reaced from your antispam appliance ?
Sébastien Riccio System & Network Admin https://swisscenter.com
0
Manuel Righi Replied
3/8/2020 at 10:11 AM
I can't block port 25 because are used from each mailbox for smtp connection from mail client.
3
Christopher Hiatt Replied
3/8/2020 at 2:45 PM
Set the clients up on SSL and have them submit on 465 instead.
0
Ron Raley Replied
3/8/2020 at 3:53 PM
For each domain, what if you set "Inbound Message Delivery" to "External (Use MX Record)". Might this correct the issue?

Thanks,
Ron
0
Manuel Righi Replied
3/8/2020 at 11:18 PM
Se the clients up on SSL and port 465 is not a solution, because an attacker can still take advantage of this setting.

Set domain to "External (use MX Record)", it should not be done, otherwise a loop will be created.

it would be great if there was a setting that set SmarterMail to accept email only from Antispam Appliance if sender is outside domain or not authenticated.

Manuel
3
Sébastien Riccio Replied
3/9/2020 at 12:06 AM
E-mail clients should use port 587 (smtp submission port) and not port 25 which should be reserved for inter-server communication
Sébastien Riccio System & Network Admin https://swisscenter.com
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Configure SmarterMail as a Free Gateway ServerSmarterMail > Server Configuration and Management
Slow 250 response after Mail From command is issued during an SMTP session.SmarterMail > Troubleshooting
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management