Setting SMTP Options

How to get here

Note: At the top of each Services page, the name of the Service , its Status (Running or Stopped), and a Start/Stop button appears. This allows you to Start or Stop individual Services from your respective web pages, as well as from the Service Administration page.

The SMTP service processes all incoming and outgoing messages. Due to its openness, it is difficult to simultaneously block unwanted mail (spam) and keep your mail server available to its users. The following settings and options can be configured to help administer this protocol.

Important: After making changes, click Save. Stop the service, wait 5-10 seconds and restart the service.

• Mail Relay Settings. Select one of the following from the list box:
  • Relay Mail for Anyone. Select this option from the list box to allow the SMTP server to accept mail from any host that is destined for any other host, and redeliver that mail (i.e. become a mail gateway). This option is the least secure because it allows your server to be used by anyone to send mail to anyone. Some bulk mailers may take advantage of this capability to not only relay mail through your server, but to make it appear as if mail is originating from your server.

    Note: If you select this option for mail relay, your server may be blacklisted for running an open relay. To remedy this, you should choose to Relay Mail for Addresses.

  • Relay Mail for Addresses. Select this option from the list box to allow the SMTP server to transmit mail originating from local addresses and destined for other hosts. Likewise, the server will accept mail from other hosts that is destined for specified local addresses.
    • Addresses. This button is enabled when Relay Mail for Addresses (above) is selected. Click the Addresses button. The Relay Mail for Addresses page appears.
  • No Mail Relay. Selecting this option from the list box enables the SMTP server to refuse to accept mail destined for other hosts (any host not on the IMail Server), unless the user authenticates. Select this option if all of your users send and receive mail from the same host that IMail Server is on, or if they use web messaging to access mail. You will still receive mail for local users because a message destined for or originating from the IMail Server host does not use the relay function.
  • Relay for Local Users Only. Select this option from the list box to check the "From" address of incoming mail and verify that it contains a valid IMail Server host name, then checks the host for the user ID.

    Note: You can use the accept.txt file in conjunction with this option to make the IMail Server accept the named remote hosts and users as "local" hosts and users. If a user needs to use an alias for his/her e-mail address, the alias needs to be in the accept.txt file. You cannot use this option if you are using a "store and forward" setup to relay mail for another server. The accept.txt file is only used when the SMTP Relay Setting is set to Relay for Local.

  • Relay for Local Hosts Only. Select this option from the list box to check the "From" address of incoming mail to determine that it contains a valid IMail Server host name, then checks that host for the user ID. It does not check user aliases. If the host name or User ID is not valid, the server does not relay mail.

    Note: You can use the accept.txt file in conjunction with this option to make the IMail Server accept the named remote hosts and users as "local" hosts and users. If a user needs to use an alias for their e-mail address, the alias needs to be in the accept.txt file. You cannot use this option if you are using a "store and forward" setup to relay mail for another server. the accept.txt file is only used when the SMTP Relay Setting is set to Relay for Local.

  • Tries Before Return to Sender.  Enter the amount of times that delivery is attempted before returning the mail to the sender. Each time the Retry Timer (on the Queue Manager Settings page) reaches 0, a delivery attempt is made. Thus, if the retry Timer is set to 30 (minutes) and you want to attempt delivery for up to 3 days, this field should contain 144. We recommend a value of 20.

    Example: If the Retry Timer is set to 30 (minutes) and the "Number of Tries" is set to 20 (default), then the message will be returned in about 10 hours. We recommend a value of 20.

    Example: If the Retry Timer is set to 30 (minutes), and you want to attempt delivery for up to 3 days, then the "Number of Tries" box should contain 144.

  • Max Tries for NULL Senders. Enter the maximum number of times that IMail attempts to deliver a message that has no sender (including postmaster messages). This value must be less than the value entered for Tries Before Return to Sender above. If the Tries Before Return to Sender value is less than the value entered here, the Max Tries for NULL Senders option is not enforced.
  • Default Mail Domain or IP. Enter the name or IP address of the domain to send mail to if only a user ID is specified in the mail message and that user ID is not found on the local system.  

    Note: SMTP Default Mail Domain and System Settings > Default Host are the same setting.

  • Domain Name Server. Enter the IP address of the system that provides domain name service for your network. You can enter multiple names here, separated by a space. This option is required in order to send mail externally.
• Save Logs To. Select the file, from the list box, that you want to use for logging SMTP events:
  • SYSMMDD.txt. Selecting this option causes all inbound and outbound mail to be logged in the file where MM is the month and DD is the day the log was written.
  • No Log. Selecting this option disables logging.
  • App Log. Selecting this option causes inbound mail to be logged in the Application Log, which is viewed with the Windows Event Viewer.
  • Log Server. Selecting this option causes messages to be sent to the log file specified on the Log Manager tab.
    • Debug Messages.  Select the check box to write debug messages to the log file.
    • Verbose Logging. Select the check box to record more information than in standard logging. This can create very large log files; however, this can be helpful in troubleshooting problems.

Gateway Options

• Remote Gateway Hostname. Enter the name of another domain to send mail to for further delivery, when that mail cannot be delivered directly to the destination host. This can be used in conjunction with the Send All Remote Mail Through Gateway option, to force delivery of mail through the gateway host. Since IMail Server should be able to reach all hosts directly, this field should typically be blank.
• Tries Before Send to Gateway. Enter the number of times that delivery directly to a remote host should be attempted before giving up and delivering to the gateway host. Proper function of this value is dependent on the validity of the Remote Mail Gateway Host name and the Send All Remote Mail Through Gateway option.
  • Send All Remote Mail Through Gateway. Selecting this check box causes IMail Server to send all mail to the Remote Mail Gateway Host above, which forwards it on to the addressee's mail host. If this option is not selected, IMail Server will send mail directly to the addressee's mail host.

SSL Settings

Important: Enabling SSL or TLS will only accept SSL and TLS connections. This will not initiate SSL and TLS connections.

Note: IMail Server uses OpenSSL Command Line Tool (v0.9.8e) which supports up to 4096-bit RSA and 2048-bit DSA. OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.

• Enable SSL. Select the check box to enable a dedicated port that accepts only SSL- encrypted connections from the SMTP service. You can change the default port used by the SSL Listener in the SSL port box.
• SSL Port. Enter the port used by the dedicated SSL Listener to accept connections. The default SMTP SSL port is 465; the valid range is from 1 - 32,000.
• Enable TLS. Select the check box to enable the SMTP service to accept SSL/TLS connections over the SMTP port through use of the STARTTLS command.

Dictionary Attack A method used to break security systems, specifically password-based security systems, in which the attacker systematically tests all possible passwords beginning with words that have a higher possibility of being used, such as names and places. The word "dictionary" refers to the attacker exhausting all of the words in a dictionary in an attempt to discover the password. Dictionary attacks are typically done with software instead of an individual manually entering each password. Also,  an e-mail spamming technique in which the spammer sends out thousands or millions of e-mails with randomly generated addresses using combinations of letters added to known domain names in the hopes of reaching a percentage of actual e-mail addresses. For example, a dictionary attack list might begin with john@yahoo.com, john1@yahoo.com, john2@yahoo.com, and so on until all possible combinations of letters and numbers has been exhausted. Options

Tip: Dictionary Attack settings are skipped for users that are using SMTP Auth.

Note: All settings related to Dictionary Attack blocking default to 0.

• Max Invalid Recipients Per Session. Enter the maximum number of invalid recipients the server will accept before the session is dropped.

  An invalid recipient is an addressee that is not valid for that server when the client issues a RCPT to command.

• Soft Error Limits. Enter the number of errors that may occur on a session before error responses are delayed.
• Hard Error Limits.  Enter the amount of errors that may occur on a session before the session is dropped and the IP address is added to the Control Access table.
• Minutes to Deny Access. Enter the number of minutes to deny a sender access after a session is dropped.
• Error Delay Seconds. Enter the amount of time in seconds to delay error responses in the Soft Error Limits scenario.

  The following is an example of an error response:

  'anyuser@anywhere.com' on 7/6/2005 11:59 AM

  550 Connection denied after dictionary attack

Security Options

• Copy to Mail Address. Allows capability to copy all outgoing messages to a specified e-mail address. Enter the full e-mail address to which you want to send a copy of each message. This option will not function unless the Enable Copy All Mail check box is selected.

  This feature is similar to adding a BCC to all incoming mail messages. It will be processed by all spam filter as set by the administrator, and will then be delivered to the e-mail address set in copyall.

  Note: Copyall will only send one e-mail message to copyall when a group address is used.

  Note:To send to more than one e-mail address, simply add comma between each valid e-mail address.

  • Enable Copy All Mail. Select this check box to enable copying of all mail.
• Allow Remote Mail to Local Groups. Select this check box to allow the SMTP server to accept mail addressed to a group that has been defined using IMail Administrator. The SMTP server re- sends the message to users in the group.
• Allow Remote View of Local Groups. Select this check box to let the SMTP server allow a remote host to execute an SMTP "EXPN" command to show all users in a group defined by using IMail Administrator.

  When selected, the SMTP server will respond to an EXPN SMTP command with the members of a private group created only with the IMail Client application.

  When cleared, the SMTP server will respond to an EXPN SMTP command, however, the server returns a 550 lists are confidential error.

  Note:Group aliases and list-server mailing lists are not affected by this setting.

• Check Valid Sender. Select this check box to require that the user's mail address (user@host) is specified in the MAIL FROM or REPLY-TO line of an incoming mail message.
• Auto Deny Possible Hack Attempts. Select this check box if more than 512 characters are sent during anything but the SMTP DATA command to temporarily put the sender's remote IP address in the "deny access" (Control Access) file until you stop and restart the service.

  If more than 512 characters are sent in an SMTP command other than the SMTP DATA command, the remote IP address is temporarily put in the "deny access" (Control Access) file until you stop and restart the service.

  Sending more than 512 characters in a command other than the SMTP DATA command would look like an attempt to "hack" in to your server.

  You will not see the address in the "deny access" list, but it is reported in the log file.

  Note: Sending more than 512 characters in anything but the SMTP DATA command looks like an attempt to hack into your server. You will not see the address in the Control Access list, but it is reported in the log file.

• Disable SMTP "VRFY" Command. Select this check box to deny a remote host to test for valid user IDs. The SMTP VRFY command is used to verify a user ID on a host, and as such it can be used from a remote host to test for valid user IDs.

  If you disable the SMTP VRFY command, when IMail Server receives an SMTP VRFY request, it will return the message: 502 Command not implemented.

  The SMTP VRFY command is used to verify a user ID on a mail domain. It can be used to test for valid user IDs. Disabling the command helps prevent "spoofing" by not allowing someone outside your network to check if a user ID is valid.

  Note:  When using peer servers, do not select the Disable SMTP "VRFY" Command on the Services > SMTP tab. Peer servers need to use this command to verify a user that is on the other peer.

• Require CRAM-MD5 Authentication. This setting when set will force encryption authentication when logging in to SMTP services.

Advanced Options

Warning: The default advanced settings should be appropriate for most installations. If you need to change these settings, be aware that they can change the operation of the server.

• Max Recipients Per Message. Enter the maximum number of addresses that can receive a single message. The default is 0.
• Min Threads. Enter the minimum number of worker threads that the SMTPD thread pool makes available for client requests. Adjust the setting based upon the server capabilities and the processing demands on your server. For example, a powerful server that is normally busy might use a setting greater than 2, whereas a low end server that is not too busy might use a setting of 2. The default SMTP min threads is 2. The valid range is from 2-8.
• Delay Between Recipients. Sets a delay (in milliseconds), between message recipients, for relayed external mail. This prevents spammers from consuming all of the CPU time. However, the setting slows mail server performance. The default is 0.
• Max Threads.  Enter the maximum number of worker threads that the SMTPD thread pool makes available for client requests. Adjust the setting based upon the server capabilities and the processing demands on your server. For example, a powerful server that is normally busy might use a setting greater than 10, whereas a low end server that is not too busy might use a setting of 10. The default SMTP max threads is 60. The valid range is from 10-200.
• Host Delimiters. To change the default characters, enter the character(s) to use to delimit the host name. Each character is seen by IMail Server as equivalent to the @ in email addresses. Any of the defaults can be used between the user ID and the virtual host name in the POP3 or IMAP4 login user ID. By default, the characters used are: @ % * : $ and &.

  Note: IMail Web Messaging requires the @ character for the host delimiter.

• Mailbox Delimiter. Enter the character that will be used to delimit the mailbox name in a user ID. If nothing is entered, the default delimiter is - (dash).
• Max Connections. Enter the maximum number of connections handled by the SMTP Service. Use the default of 0 (zero) for an unlimited number of connections.
• Port. Enter the port that the SMTP service listens on. The default SMTP port is 25. The valid range is from 0-32000.

  Note: If you update the port here, it will automatically update in the Client as well.

• Hello Message. To change the SMTP service welcome message, enter the new message in this text box. The text is limited to 400 characters or less. If over 400 characters are entered, the default message is used. To revert to the default message, delete the custom message text from the Hello Message box.
• Outgoing Helo/Ehlo Host Name. Enter the name you wish to use for outgoing communications with the recipient.
• Delivery application.  To replace the mail delivery application with an external program, enter the full pathname of the file in this text box.
• Enable Extra Port. Select to enable an extra port.
• Extra Port. If you've chosen to enable an extra port, enter its number here.
• Force AUTH on Extra Port. Select this check box to force SMTP authorization on an extra configured port.
• Disable SMTP AUTH. Select this check box to disable SMTP authentication. SMTP Auth provides a means of authenticating the user ID and password of a user sending mail. This is handled transparently by the mail server and client. When the mail client connects to the mail server, the server tells the client the authorization methods it can use. The client then sends the user ID and password to the server and the server verifies them.

  If a user issues the AUTH command when Disable SMTP AUTH is selected, SMTPD responds with the "502 command not implemented" message.

• Enable SMTP to Listen on All IP. Select this check box if you want to have IMail Server listen on all available IP addresses and configured ports on the server.
• Save. Click to save your settings. An "Update Successful" message and the time of the update appears.

Related Topics

Control Access

Kill File

Accept List

White List

SMTP Delivery Application

Supported SMTP RFCs