SMTP
On the
SMTP
tab, you complete the SMTP parameter settings for the host.Item | Description |
|---|---|
Inbound mail filtering only | Select this option if you plan to use this Scanner to process inbound email only. When you select this option, the Inbound Mail Settings details appear. |
Outbound mail filtering only | Select this option if you plan to use this Scanner to process outbound email only. When you select this option, the Outbound Mail Settings and Authentication Mail Settings details appear. |
Inbound and Outbound mail filtering | Select this option if you plan to use this Scanner to process both inbound emails and outbound emails. When you select this option, the Inbound Mail Settings , Outbound Mail Settings , and Authentication Mail Settings details appear. |
Item | Description |
|---|---|
Inbound mail IP address | Location at which inbound messages are received. |
Port | Port on which inbound mail is received, typically port 25. |
Optional Inbound mail IPv6 address | IPv6 address at which inbound messages are received. Individual IPv6 addresses are specified as IP addresses in any standard IPv6 format and are stored and displayed in shortened format. |
Port | Port on which inbound mail is received, typically port 25. |
Accept TLS encryption | Indicates whether to accept TLS-encrypted connections. You must configure an MTA TLS certificate and assign it to this Scanner before you can accept TLS encryption. If an inbound connection presents a client certificate that is expired, self-signed, or otherwise invalid, the message is rejected. The Message Audit Log reports tls_invalid_client_certificate in this situation. |
Certificate [drop-down list] | Assigns an available certificate for TLS encryption to this Scanner. The certificate authenticates the Scanner as a trusted source to clients using TLS-encrypted connections. |
Request client certificate | Requests that client present a valid TLS encryption certificate when initiating a TLS-encrypted connection. |
Require TLS encryption | Requires that client present a valid TLS encryption certificate when initiating a TLS-encrypted connection. |
Accept inbound mail connections from all IP addresses and domains | Indicates that all connections for inbound messages are accepted. This setting is the default. |
Accept inbound mail connections from only the following IP addresses and domains | Indicates that this host only accepts inbound connections from the clients that are checked in the IP Addresses list.
When you select this option, the options to Import and Export become active. |
Entries per page | Sets the number of entries to display per page. |
Display | Select a range of entries to display. |
Add | Adds a row to the IP Addresses list. You can specify the IP address, domain, or CIDR address of a site from which you want to accept inbound email. Individual IPv6 addresses are specified in any standard IPv6 format and are stored and displayed in shortened format. Ranges are expressed in CIDR notation as a combination of an address part and a prefix. |
Edit | Click the box beside an entry in the IP Addresses list and click Edit to edit the IP address, domain, or CIDR address. |
Delete | Removes the entry that you selected in the IP Addresses list. |
Delete All | Deletes all entries. |
Import |
Import the Inbound Mail Acceptance IP addresses from which you want to accept messages. For the Import option to be active, you must have first selected the Accept inbound mail connections only from the following IP addresses and domains option. When you click Import , the Import Inbound Mail Acceptance IP Addresses page appears. Specify or browse to the file that contains the Inbound mail acceptance IP addresses and click Import . You can import files with comma, semicolon, space, and tab delimiters. |
Export | Exports the inbound SMTP client IP addresses. |
Goes to beginning of entries. | |
Goes to previous page of entries. | |
Goes to next page of entries. | |
Navigates to last page of entries or 50 pages ahead if there are more than 50 pages. | |
Inbound Local Mail Delivery | |
Add | Adds a row to the Hosts list, where you can specify the IPv4 address, port, MX lookup, and preference for the relay host. IPv6 addresses are not supported for this feature. |
Edit | Click the box next to an entry in the Hosts list and click Edit to edit the host details. |
Delete | Removes the host that you selected in the Hosts list. |
Item | Description |
|---|---|
Outbound mail IP address | Specifies the IP address to which outbound messages are sent. |
Port | Specifies the port to which outbound mail is sent. The default is port 25. |
Optional Outbound mail IPv6 address | IPv6 address at which outbound messages are received. Individual IPv6 addresses are specified in any standard IPv6 format and are stored and displayed in shortened format.
|
Port | Specifies the port to which outbound mail is sent. The default is port 25. |
Accept TLS encryption | Indicates whether to accept TLS-encrypted connections. You must configure an MTA TLS certificate and assign it to this Scanner before you can accept TLS encryption. |
Certificate [drop-down list] | Specifies an available certificate for TLS encryption to this Scanner. The certificate authenticates the Scanner as a trusted source from which to receive TLS encrypted connections. |
Entries per page | Sets the number of entries to display per page. |
Display | Select a range of entries to display. |
Add | Adds a row to the IP Addresses list. You can specify the IP address, domain, or CIDR address of a client from which you want to accept outbound email. Individual IPv6 addresses can be specified in any standard IPv6 format and are stored and displayed in shortened format. Ranges are expressed in CIDR notation as a combination of an address part and a prefix. |
Edit | Click the box beside an entry in the IP Addresses list and click Edit to edit the IP address, domain, or CIDR address. |
Delete | Removes the entry that you selected in the IP Addresses list. |
Delete All | Deletes all entries. |
Import |
Import the outbound mail acceptance IP addresses from which you want to deliver messages. When you click Import , the Import Outbound Mail Acceptance IP Addresses page appears. Specify or browse to the file that contains your outbound mail acceptance IP addresses and then click Import . You can import a file with comma, semicolon, space, and tab delimiters. |
Export | Exports the outbound SMTP client IP addresses. |
Goes to beginning of entries. | |
Goes to previous page of entries. | |
Goes to next page of entries. | |
Navigates to last page of entries or 50 pages ahead if there are more than 50 pages. | |
Use MX Lookup for non-local domain mail | Choose this option to use MX Lookup to route non-local mail, instead of specifying relay hosts. |
Relay non-local domain mail to the following hosts | Lists an unlimited number of hosts to which mail addressed to non-local domains is sent after they are received. |
Add | Adds a row to the Hosts list, where you can specify the IPv4 address, port, MX lookup, and preference for the host. IPv6 addresses are not supported for this feature. |
Edit | Click the box next to an entry in the Hosts list and click Edit to edit the host details. |
Delete | Removes the host that you selected in the Hosts list. |
To view the Authentication Mail Settings section, you must enable either
Outbound mail filtering only
or Inbound and Outbound mail filtering
.Item | Item |
|---|---|
Enable Authentication | Click to enable SMTP authentication. SMTP authentication allows users connecting remotely to send mail using your MTA. |
Authentication mail IP address | Click to select the IP address for which you want to authenticate users. The available choices are the Ethernet interfaces and virtual interfaces that are available on the selected Scanner. Either leave the default port assignment of 587, or enter a new port in the Port field. The port you assign here is either the port that you configure mail clients to access, or the port that you instruct users to configure in their mail clients.You must use an IP address/port combination for SMTP authentication that is different from both your inbound and your outbound IP address/port combinations. For more information, see the following RFC: |
Port | Specifies the port for the authentication mail IP address. |
Optional Authentication mail IPv6 address | Optional IPv6 address that can be used to authenticate users. The available choices are the IPv6 addresses that are configured on the interface that is available on the selected Scanner. |
Port | Specifies the port for the authentication mail IPv6 address. |
Accept TLS encryption | Check if you want the host to accept connections using TLS encryption. If you leave this option unchecked, Symantec Messaging Gateway does not advertise support for TLS encryption during the SMTP session. You must configure an MTA TLS certificate and assign it to this Scanner before it can accept TLS encrypted email from a connection. Select the name of a certificate from the drop-down menu to authenticate the Scanner as a trusted source to clients sending over TLS-encrypted connections. |
Request client certificate | Check if you want the scanner to request a TLS encryption certificate from a sender before accepting a TLS-encrypted connection. |
Require TLS encryption | Check to allow only TLS-encrypted connections. Symantec strongly recommends that you require TLS encryption when you enable SMTP authentication. |
Authentication Source | Click either LDAP server or SMTP forwarding .If you choose LDAP server you must have a directory data source defined for authentication.If you choose SMTP forwarding , specify the SMTP server and TLS services you want to use. |
Accept authenticated mail connections from all IP addresses and domains | You may want to choose this option if the users who travel frequently and connect by SMTP authentication. |
Accept authenticated mail connections from only the following IP addresses and domains | Choose this option if users consistently connect from the same IP addresses, for better security.
When you select this option, the options to Import and Export become active. |
Entries per page | Sets the number of entries to display per page. |
Display | Select a range of entries to display. |
Add | Adds a row to the IP Addresses list. Specify the IP address, domain, or CIDR address of a site from which you want to accept authenticated inbound email. |
Edit | Click the box beside an entry in the IP Addresses list and click Edit to edit the IP address, domain, or CIDR address. |
Delete | Removes the entry that you selected in the IP Addresses list. |
Delete All | Deletes all entries. |
Import |
Imports the SMTP authentication mail connection IP addresses from which you want to accept messages. For the Import option to be active, you must have first selected the Accept authenticated mail connections only from the following IP addresses and domains option. When you click Import , the Import SMTP Authentication Mail Acceptance IP Addresses page appears. Specify or browse to the file that contains your SMTP authentication mail acceptance IP addresses and click Import . You can import a file with comma, semicolon, space, and tab delimiters. |
Export | Exports the SMTP authentication mail connection IP addresses. |
Goes to beginning of entries. | |
Goes to previous page of entries. | |
Goes to next page of entries. | |
Navigates to last page of entries or 50 pages ahead if there are more than 50 pages. |
The following options appear at the bottom of each tab:
Apply above settings to all Scanners |
Applies all the settings on this page, except host-specific settings such as ports, IP addresses, and TLS settings, to all connected and enabled hosts. |
Advanced Settings | Navigates to a page where you can specify advanced SMTP settings. |
Save | Saves your changes. |
Cancel | Cancels your changes and returns you to the Host Configuration page. |