Configuring relay control options

Functionality on the page Settings > Inbound/Outbound > Relay Control is used to prevent the unauthorized use of your mail system as an open relay by limiting the domains and IP address groups for which your server is allowed to relay mail.

Protected domains are defined on the page Settings > Users > Domain Groups. Trusted IP address groups are defined on the page Settings > Inbound/Outbound > IP Groups.

Configure relay control settings on the page Settings > Inbound/Outbound > Relay Control as follows:

Steps

  1. In the section Inbound Relay Options, enable Sender Policy Framework (SPF) checking by marking the check box Enable SPF.
    This option is enabled by default.
  2. Mark the relevant check boxes to configure the SPF check function to reject mail for the following results:
    • Fail: The domain owner’s SPF record does not authorize the sender host machine to send email for the domain.
    • SoftFail: The domain owner’s SPF record allows the sender host machine to send email for this domain, even though the host is not explicitly authorized to do so.
    • Neutral: The domain owner’s SPF record makes no statement as to whether the sender host machine is authorized to send email for the domain.
    • None: The lack of definitive SPF information prevents an SPF check (e.g., an SPF record does not exist).
    • PermError: A permanent error occurs (e.g., the SPF record has an invalid format).
    • TempError: A transient error occurs (e.g., a DNS timeout). These options are not marked by default.
  3. In the Bypass SPF Option box, specify a sender domain group for which SPF settings are bypassed.
    1. Mark the check box Bypass SPF validation for senders in the following domain group
    2. Select a sender domain from the pull-down menu Domain group
  4. In the section Outbound Relay Options, select the relay setting for senders in protected domains when SMTP authentication is not required; Allow relays only for senders from trusted IP addresses or Allow all outbound relays.

    The default setting is Allow relays only for senders from trusted IP addresses. Allowing all outbound relays may create a security vulnerability in your system.

    You must use the default setting if you use SMTP authentication.

    Mark the check boxes for the IP groups for which to allow relays.

  5. In the section Internal Relay Options, select the relay setting for mail between protected domains when SMTP authentication is not required; Allow relays only for senders from trusted IP addresses or Allow all internal relays.

    The default setting is Allow relays only for senders from trusted IP addresses. Allowing all internal relays may create a security vulnerability in your system.

    The default setting is required if you use SMTP authentication.

  6. Click OK.
    The settings are saved.