SMTP Service Options

How to get here

Note: At the top of each Services page, the name of the Service, its Status (Running or Stopped), Start/Stop and Restart button appears. This allows you to Start, Stop, or Restart individual Services from your respective web pages, as well as from the Service Administration page.

The SMTP Service processes all incoming and outgoing messages. Due to its openness, it is difficult to simultaneously block unwanted mail (spam) and keep your mail server available to its users. The following settings and options can be configured to help administer this protocol.

Important: After making changes, click Save, and restart the service.

General Options

• Mail Relay Settings. Select one of the following from the drop down list:
  • No Mail Relay (Default setting). Selecting this option from the drop down list enables the SMTP server to refuse to accept mail destined for other hosts (any host not on the IMail Server), unless the user authenticates. Select this option if all of your users send and receive mail from the same host that IMail Server is on, or if they use web messaging to access mail. You will still receive mail for local users because a message destined for or originating from the IMail Server host does not use the relay function.
  • Relay Mail for Addresses. Select this option from the drop down list to allow the SMTP server to transmit mail originating from local addresses and destined for other hosts. Likewise, the server will accept mail from other hosts that is destined for specified local addresses.
    • Addresses. This button is enabled when Relay Mail for Addresses is selected. Click the Addresses button. The Relay Mail for Addresses page appears.

Important: DomainKeys / DKIM Signature Verification will not be processed when an address exists in the "Relay Mail for Addresses".

• Relay for Local Users Only. Select this option from the drop down list to check the "From" address of incoming mail and verify that it contains a valid IMail Server host name, then checks the host for the user ID.

  Note: You can use the accept.txt file in conjunction with this option to make the IMail Server accept the named remote hosts and users as "local" hosts and users. If a user needs to use an alias for his/her e-mail address, the alias needs to be in the accept.txt file. You cannot use this option if you are using a "store and forward" setup to relay mail for another server. The accept.txt file is only used when the SMTP Relay Setting is set to Relay for Local.

• Relay for Local Hosts Only. Select this option from the drop down list to check the "From" address of incoming mail to determine that it contains a valid IMail Server host name, then checks that host for the user ID. It does not check user aliases. If the host name or User ID is not valid, the server does not relay mail.

  Note: You can use the accept.txt file in conjunction with this option to make the IMail Server accept the named remote hosts and users as "local" hosts and users. If a user needs to use an alias for their e-mail address, the alias needs to be in the accept.txt file. You cannot use this option if you are using a "store and forward" setup to relay mail for another server. the accept.txt file is only used when the SMTP Relay Setting is set to Relay for Local.

• Relay Mail for Anyone. Select this option from the drop down list to allow the SMTP server to accept mail from any host that is destined for any other host, and redeliver that mail (i.e. become a mail gateway). This option is the least secure because it allows your server to be used by anyone to send mail to anyone. Some bulk mailers may take advantage of this capability to not only relay mail through your server, but to make it appear as if mail is originating from your server.

  Note: If you select this option for mail relay, your server may be blacklisted for running an open relay. To remedy this, you should choose to Relay Mail for Addresses.

SMTP/Queue Manager Log Settings

• Save Logs To. Select the file type from the drop down list, that you want to use for logging SMTP events:
  • No Log. Selecting this option disables logging.
  • SYSMMDD.txt. Selecting this option causes all inbound and outbound mail to be logged in the file where MM is the month and DD is the day the log was written.
  • Log Server. Selecting this option causes messages to be sent to the log file specified on the Log Manager tab.
• Debug Messages.  Select the check box to write debug messages to the log file.
• Verbose Logging. Select the check box to record more information than in standard logging. This can create very large log files; however, this can be helpful in troubleshooting problems.

SSL Settings

Important! Enabling SSL or TLS will only accept SSL and TLS connections. This will not initiate SSL and TLS connections.

Note: IMail Server uses OpenSSL Command Line Tool (v0.9.8e) which supports up to 4096-bit RSA and 2048-bit DSA. OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.

• Enable SSL. Select the check box to enable a dedicated port that accepts only SSL- encrypted connections from the SMTP service. You can change the default port used by the SSL Listener in the SSL port box.
  • SSL Port. Enter the port used by the dedicated SSL Listener to accept connections. The default SMTP SSL port is 465; the valid range is from 1 - 32,000.
• Enable TLS. Select the check box to enable the SMTP service to accept SSL/TLS connections over the SMTP port through use of the STARTTLS command.

Account Harvesting Prevention

The Account Harvesting feature allows the IMail Administrator to control user authentication to prevent attempts by a client to continuously try and gain access and attain user names and passwords.

• Enable Harvesting Prevention. (Turned on by default) Configurable user authentication options for the IMail Administrator are as follows:
  • Max Failed Logins Per Session. (Default set to 3) Once this setting has been reached by failed authentication attempts, the client will be disconnected.
  • Max Failed Sessions Per IP. (Default set to 9) After this setting has been met by disconnections from the failed authentication attempts, the client will be terminated and blacklisted.
  • Blacklist Duration (in Minutes). (Default set to 60) Length of time that the offending IP will not be able to access the login page.

    Tip: The Blacklist Duration is the length of time the IP address will be blocked and will remain in the Control Access list.

Dictionary Attack Options

Note: All settings related to Dictionary Attack blocking default to 0.

• Max Invalid Recipients Per Session. Enter the maximum number of invalid recipients the server will accept before the session is dropped. An invalid recipient is an addressee that is not valid for that server when the client issues a RCPT to command.
• Soft Error Limits. Enter the number of errors that may occur on a session before error responses are delayed.
• Hard Error Limits.  Enter the amount of errors that may occur on a session before the session is dropped and the IP address is added to the Control Access table.
• Minutes to Deny Access. Enter the number of minutes to deny a sender access after a session is dropped.
• Error Delay Seconds. Enter the amount of time in seconds to delay error responses in the Soft Error Limits scenario.

  Example of an error response:

  'anyuser@anywhere.com' on 7/6/2005 11:59 AM

  550 Connection denied after dictionary attack

Security Options

• Copy to Mail Address. Enter the full e-mail address to which you want to send a copy of each message. This option will not function unless the Enable Copy All Mail check box is selected.
  • Enable Copy All Mail. Select this check box to enable copying of all mail.
• Allow Remote Mail to Local Groups. Select this check box to allow the SMTP server to accept mail addressed to a group that has been defined using IMail Administrator. The SMTP server re-sends the message to users in the group. Use this option to set access to local mail groups (Local groups are aliases of type Group) on the mail server.

  Note: This option does not affect list-server mailing lists, standard aliases, or program aliases.

• Check Valid Sender. Select this check box to require that the user's mail address (user@host) is specified in the MAIL FROM or REPLY-TO line of an incoming mail message.
• Auto Deny Possible Hack Attempts. (Set by default) When checked it will assume that sending more than 512 characters in a command other than the SMTP DATA command is an attempt to "hack" into your server. The remote IP address will be temporarily placed into the "deny access" (Control Access) file, until the services are restarted.

  Auto Deny with the use of extended SMTP will allow 1600 characters in a command other than the SMTP DATA command.

  Warning: Sending between 512 and 1600 characters in a command will drop the connection. Over 1600 characters will be denied.

  Note: You will not see the address in the Control Access list, but it is reported in the log file.

• Disable SMTP "VRFY" Command. Select this check box to deny a remote host to test for valid user IDs. The SMTP VRFY command is used to verify a user ID on a host, and as such it can be used from a remote host to test for valid user IDs. Disabling the command helps prevent "spoofing" by not allowing someone outside your network to check if a user ID is valid.

  If you select this option when IMail Server receives an SMTP VRFY request, it returns the message: 502 Command not implemented.

  If you disable the SMTP VRFY command, when IMail Server receives an SMTP VRFY request, it will return the message: 502 Command not implemented

  Note: When using peer servers, do not select Disable SMTP "VRFY" Command. A peer server needs to use this command to verify a user that is on the other peer. See Setting Up Peering for more information.

• Require CRAM-MD5 Authentication. This setting when set will force encryption authentication when logging in to SMTP services.

  Note: CRAM-MD5 Authentication only functions when using an IMail User Database. CRAM-MD5 Authentication is currently not supported for user databases with Active Directory or ODBC.

Advanced Options

Warning: The default advanced settings should be appropriate for most installations. If you need to change these settings, be aware that they can change the operation of the server.

• Max Recipients Per Message. Enter the maximum number of addresses that can receive a single message. The default is 0.

  Note: Max Recipients Per Message option does not apply to authenticated users.

• Delay Between Recipients. Sets a delay (Milliseconds), between message recipients, for relayed external mail. This prevents spammers from consuming all of the CPU time. However, the setting slows mail server performance. The default is 0.
• Host Delimiters. To change the default characters, enter the character(s) to use to delimit the host name. Each character is seen by IMail Server as equivalent to the @ in e-mail addresses. Any of the defaults can be used between the user ID and the virtual host name in the POP3 or IMAP4 login user ID. By default, the characters used are: @ % * : $ and &.

  Important: Be sure to restart IIS (host delimiters are cached for web services), SMTP, and Queue Manager Services.

  Note: IMail Web Messaging requires the @ character for the host delimiter.

• Mailbox Delimiter. Enter the character that will be used to delimit the mailbox name in a user ID. If nothing is entered, the default delimiter is - (dash).
• Max Connections. Enter the maximum number of connections handled by the SMTP Service. Use the default of 0 (zero) for an unlimited number of connections.
• Port. Enter the port that the SMTP service listens on. The default SMTP port is 25. The valid range is from 0-32000.

  Note: If you update the port here, it will automatically update in the Client as well.

• Hello Message. To change the SMTP service welcome message, enter the new message in this text box. The text is limited to 400 characters or less. If over 400 characters are entered, the default message is used. To revert to the default message, delete the custom message text from the Hello Message box.
• Delivery application.  To replace the mail delivery application with an external program, enter the full pathname of the file in this text box.
• Enable Extra Port. Select to enable an extra port.
  • Extra Port. If you've chosen to enable an extra port, enter its number here.
  • Force AUTH on Extra Port. Select this check box to force SMTP authorization on an extra configured port.
• Disable SMTP AUTH. Select this check box to disable SMTP authentication. SMTP Auth provides a means of authenticating the user ID and password of a user sending mail. This is handled transparently by the mail server and client. When the mail client connects to the mail server, the server tells the client the authorization methods it can use. The client then sends the user ID and password to the server and the server verifies them. If a user issues the AUTH command when Disable SMTP AUTH is selected, SMTPD responds with the "502 command not implemented" message.
• Enable SMTP to Listen on All IP. Select this check box if you want to have IMail Server listen on all available IP addresses and configured ports on the server.

Save. Click to save your settings.

Related Topics

Control Access

Kill File

Accept List

White List

SMTP Delivery Application Utility

Supported SMTP RFCs