SMTP

On the
SMTP
tab, you complete the SMTP parameter settings for the host.
Edit Host Configuration – Mail Filtering settings
Item
Description
Inbound mail filtering only
Select this option if you plan to use this Scanner to process inbound email only. When you select this option, the
Inbound Mail Settings
details appear.
Outbound mail filtering only
Select this option if you plan to use this Scanner to process outbound email only. When you select this option, the
Outbound Mail Settings
and
Authentication Mail Settings
details appear.
Inbound and Outbound mail filtering
Select this option if you plan to use this Scanner to process both inbound emails and outbound emails. When you select this option, the
Inbound Mail Settings
,
Outbound Mail Settings
, and
Authentication Mail Settings
details appear.
Edit Host Configuration – Inbound Mail Settings
Item
Description
Inbound mail IP address
Location at which inbound messages are received.
Port
Port on which inbound mail is received, typically port 25.
Optional Inbound mail IPv6 address
IPv6 address at which inbound messages are received.
Individual IPv6 addresses are specified as IP addresses in any standard IPv6 format and are stored and displayed in shortened format.
Port
Port on which inbound mail is received, typically port 25.
Accept TLS encryption
Indicates whether to accept TLS-encrypted connections. You must configure an MTA TLS certificate and assign it to this Scanner before you can accept TLS encryption.
If an inbound connection presents a client certificate that is expired, self-signed, or otherwise invalid, the message is rejected. The Message Audit Log reports
tls_invalid_client_certificate
in this situation.
Certificate [drop-down list]
Assigns an available certificate for TLS encryption to this Scanner. The certificate authenticates the Scanner as a trusted source to clients using TLS-encrypted connections.
Request client certificate
Requests that client present a valid TLS encryption certificate when initiating a TLS-encrypted connection.
Require TLS encryption
Requires that client present a valid TLS encryption certificate when initiating a TLS-encrypted connection.
Accept inbound mail connections from all IP addresses and domains
Indicates that all connections for inbound messages are accepted. This setting is the default.
Accept inbound mail connections from only the following IP addresses and domains
Indicates that this host only accepts inbound connections from the clients that are checked in the
IP Addresses
list.
When you select this option, the options to
Import
and
Export
become active.
Entries per page
Sets the number of entries to display per page.
Display
Select a range of entries to display.
Add
Adds a row to the
IP Addresses
list. You can specify the IP address, domain, or CIDR address of a site from which you want to accept inbound email.
Individual IPv6 addresses are specified in any standard IPv6 format and are stored and displayed in shortened format. Ranges are expressed in CIDR notation as a combination of an address part and a prefix.
Edit
Click the box beside an entry in the
IP Addresses
list and click
Edit
to edit the IP address, domain, or CIDR address.
Delete
Removes the entry that you selected in the
IP Addresses
list.
Delete All
Deletes all entries.
Import
Import the Inbound Mail Acceptance IP addresses from which you want to accept messages.
For the
Import
option to be active, you must have first selected the
Accept inbound mail connections only from the following IP addresses and domains
option.
When you click
Import
, the
Import Inbound Mail Acceptance IP Addresses
page appears. Specify or browse to the file that contains the Inbound mail acceptance IP addresses and click
Import
.
You can import files with comma, semicolon, space, and tab delimiters.
Export
Exports the inbound SMTP client IP addresses.
Icon First
Goes to beginning of entries.
Icon Previous
Goes to previous page of entries.
Icon Next
Goes to next page of entries.
Icon Last
Navigates to last page of entries or 50 pages ahead if there are more than 50 pages.
Inbound Local Mail Delivery
Add
Adds a row to the
Hosts
list, where you can specify the IPv4 address, port, MX lookup, and preference for the relay host. IPv6 addresses are not supported for this feature.
Edit
Click the box next to an entry in the
Hosts
list and click
Edit
to edit the host details.
Delete
Removes the host that you selected in the
Hosts
list.
Edit Host Configuration – Outbound
Item
Description
Outbound mail IP address
Specifies the IP address to which outbound messages are sent.
Port
Specifies the port to which outbound mail is sent. The default is port 25.
Optional Outbound mail IPv6 address
IPv6 address at which outbound messages are received.
Individual IPv6 addresses are specified in any standard IPv6 format and are stored and displayed in shortened format.
Port
Specifies the port to which outbound mail is sent.
The default is port 25.
Accept TLS encryption
Indicates whether to accept TLS-encrypted connections. You must configure an MTA TLS certificate and assign it to this Scanner before you can accept TLS encryption.
Certificate [drop-down list]
Specifies an available certificate for TLS encryption to this Scanner. The certificate authenticates the Scanner as a trusted source from which to receive TLS encrypted connections.
Entries per page
Sets the number of entries to display per page.
Display
Select a range of entries to display.
Add
Adds a row to the
IP Addresses
list. You can specify the IP address, domain, or CIDR address of a client from which you want to accept outbound email.
Individual IPv6 addresses can be specified in any standard IPv6 format and are stored and displayed in shortened format. Ranges are expressed in CIDR notation as a combination of an address part and a prefix.
Edit
Click the box beside an entry in the
IP Addresses
list and click
Edit
to edit the IP address, domain, or CIDR address.
Delete
Removes the entry that you selected in the
IP Addresses
list.
Delete All
Deletes all entries.
Import
Import the outbound mail acceptance IP addresses from which you want to deliver messages.
When you click
Import
, the
Import Outbound Mail Acceptance IP Addresses
page appears. Specify or browse to the file that contains your outbound mail acceptance IP addresses and then click
Import
.
You can import a file with comma, semicolon, space, and tab delimiters.
Export
Exports the outbound SMTP client IP addresses.
Icon First
Goes to beginning of entries.
Icon Previous
Goes to previous page of entries.
Icon Next
Goes to next page of entries.
Icon Last
Navigates to last page of entries or 50 pages ahead if there are more than 50 pages.
Use MX Lookup for non-local domain mail
Choose this option to use MX Lookup to route non-local mail, instead of specifying relay hosts.
Relay non-local domain mail to the following hosts
Lists an unlimited number of hosts to which mail addressed to non-local domains is sent after they are received.
Add
Adds a row to the
Hosts
list, where you can specify the IPv4 address, port, MX lookup, and preference for the host. IPv6 addresses are not supported for this feature.
Edit
Click the box next to an entry in the
Hosts
list and click
Edit
to edit the host details.
Delete
Removes the host that you selected in the
Hosts
list.
To view the Authentication Mail Settings section, you must enable either
Outbound mail filtering only
or
Inbound and Outbound mail filtering
.
Edit Host Configuration – Authentication Mail Settings
Item
Item
Enable Authentication
Click to enable SMTP authentication. SMTP authentication allows users connecting remotely to send mail using your MTA.
Authentication mail IP address
Click to select the IP address for which you want to authenticate users. The available choices are the Ethernet interfaces and virtual interfaces that are available on the selected Scanner.
Either leave the default port assignment of 587, or enter a new port in the
Port
field. The port you assign here is either the port that you configure mail clients to access, or the port that you instruct users to configure in their mail clients.
You must use an IP address/port combination for SMTP authentication that is different from both your inbound and your outbound IP address/port combinations.
For more information, see the following RFC:
Port
Specifies the port for the authentication mail IP address.
Optional Authentication mail IPv6 address
Optional IPv6 address that can be used to authenticate users.
The available choices are the IPv6 addresses that are configured on the interface that is available on the selected Scanner.
Port
Specifies the port for the authentication mail IPv6 address.
Accept TLS encryption
Check if you want the host to accept connections using TLS encryption. If you leave this option unchecked, Symantec Messaging Gateway does not advertise support for TLS encryption during the SMTP session.
You must configure an MTA TLS certificate and assign it to this Scanner before it can accept TLS encrypted email from a connection.
Select the name of a certificate from the drop-down menu to authenticate the Scanner as a trusted source to clients sending over TLS-encrypted connections.
Request client certificate
Check if you want the scanner to request a TLS encryption certificate from a sender before accepting a TLS-encrypted connection.
Require TLS encryption
Check to allow only TLS-encrypted connections.
Symantec strongly recommends that you require TLS encryption when you enable SMTP authentication.
Authentication Source
Click either
LDAP server
or
SMTP forwarding
.
If you choose
LDAP server
you must have a directory data source defined for authentication.
If you choose
SMTP forwarding
, specify the SMTP server and TLS services you want to use.
Accept authenticated mail connections from all IP addresses and domains
You may want to choose this option if the users who travel frequently and connect by SMTP authentication.
Accept authenticated mail connections from only the following IP addresses and domains
Choose this option if users consistently connect from the same IP addresses, for better security.
When you select this option, the options to
Import
and
Export
become active.
Entries per page
Sets the number of entries to display per page.
Display
Select a range of entries to display.
Add
Adds a row to the
IP Addresses
list. Specify the IP address, domain, or CIDR address of a site from which you want to accept authenticated inbound email.
Edit
Click the box beside an entry in the
IP Addresses
list and click
Edit
to edit the IP address, domain, or CIDR address.
Delete
Removes the entry that you selected in the
IP Addresses
list.
Delete All
Deletes all entries.
Import
Imports the SMTP authentication mail connection IP addresses from which you want to accept messages.
For the
Import
option to be active, you must have first selected the
Accept authenticated mail connections only from the following IP addresses and domains
option.
When you click
Import
, the
Import SMTP Authentication Mail Acceptance IP Addresses
page appears. Specify or browse to the file that contains your SMTP authentication mail acceptance IP addresses and click
Import
.
You can import a file with comma, semicolon, space, and tab delimiters.
Export
Exports the SMTP authentication mail connection IP addresses.
Icon First
Goes to beginning of entries.
Icon Previous
Goes to previous page of entries.
Icon Next
Goes to next page of entries.
Icon Last
Navigates to last page of entries or 50 pages ahead if there are more than 50 pages.
The following options appear at the bottom of each tab:
Apply above settings to all Scanners
Applies all the settings on this page, except host-specific settings such as ports, IP addresses, and TLS settings, to all connected and enabled hosts.
Advanced Settings
Navigates to a page where you can specify advanced SMTP settings.
Save
Saves your changes.
Cancel
Cancels your changes and returns you to the
Host Configuration
page.