The Email Protocol page contains various options governing SecurityGateway's technical handling of email. For example, you will use this page to designate the ports that will be used for receiving mail, the maximum number of concurrent SMTP sessions allowed, whether or not SecurityGateway will honor VRFY requests, whether or not you will allow plain text passwords, and other similar advanced options. |
Server
HELO Domain Name:
This is the domain name that SecurityGateway will use to identify itself during the SMTP process (e.g. mail.example.com, smtp.domain.com, or the like). This will also be used in Received headers, authentication-results headers, and other places where it is necessary to identify exactly what server was processing a message. Note: If you are using SecurityGateway in a Clustering environment, you can set this option to a unique value on each server in the cluster.
SMTP Ports (comma delimited):
These are the ports on which SecurityGateway will receive SMTP messages. You can list multiple ports by separating them with commas. The default SMTP port is 25.
Dedicated SSL Ports (comma delimited):
List your dedicated SSL ports here, on which you will receive mail. You can list multiple ports by separating them with commas. The default SSL port is 465.
MSA Ports (comma delimited):
This option is for listing your MSA ports. Separate multiple ports with a comma. The default MSA port is 465.
Bind sockets to these IPs (comma delimited):
If you wish to bind SecurityGateway to specific IP addresses, list those IPs here separated by commas.
Maximum concurrent SMTP inbound sessions:
This value controls the number of concurrent inbound SMTP sessions that SecurityGateway will accept before it begins responding with a "Server Too Busy" message. The default value is 100.
Maximum concurrent SMTP outbound sessions:
The value entered here is the maximum number of concurrent outbound SMTP sessions that will be created when sending mail. Each session will send outbound messages until all waiting messages are sent. For example, if this option is set to the default value of 30, then thirty sessions could be simultaneously created, allowing SecurityGateway to attempt to deliver 30 different messages at once.
Maximum concurrent POP collection sessions:
This value controls the maximum number of concurrent POP collection sessions that the server will accept before it begins responding with a "Server Too Busy" message.
Default Domain:
Choose a domain from the drop-down list box. This is the domain that SecurityGateway will assume should be used when someone attempts to log in without including a domain name, and it is the domain that will be used for MAIL, RCPT, and VRFY commands when no domain is specified. Further, SecurityGateway will use this domain when sending alerts and messages to external administrators.
SMTP Protocol Settings
Honor VRFY command
Use this option if you wish to honor VRFY commands. This is disabled by default.
Allow plain text passwords (SSL or CRAM-MD5 not required)
By default, SecurityGateway accepts plain text passwords sent during SMTP authentication. If you disable this option then SSL or the CRAM-MD5 method of authentication is required.
Honor CRAM-MD5 authentication method
When this option is enabled, SecurityGateway will honor the CRAM-MD5 authentication method. This is disabled by default.
Hide software version identification in response and 'Received:' headers
Click this checkbox if you wish to hide SecurityGateway's software version info in server responses and 'Received:' headers. This option is disabled by default.
Check commands and headers for RFC compliance
Enable this option if you wish to reject messages that are not compliant to RFC internet standards. When enabled, SecurityGateway will reject messages with parameters that contain control or 8-bit characters and messages missing a Date, Sender, or From header. Further, these required headers must have a corresponding value—they cannot exist as empty headers. If you do not wish to reject non-compliant messages, then clear this check box.
Allow this many RCPT commands per message: [xx] (RFC says 100)
This is the number of RCPT commands (i.e. the number of recipients) that will be allowed per message. The default value is 100.
Maximum acceptable SMTP message size: [xx] KB (0 = no limit)
Setting a value here will prevent SecurityGateway from accepting mail that exceeds a certain fixed size. When this feature is active SecurityGateway will attempt to use the ESMTP SIZE command specified in RFC-1870. If the sending agent supports this SMTP extension then SecurityGateway will determine the message size prior to its actual delivery and will refuse the message immediately. If the sending agent does not support this SMTP extension then SecurityGateway have to allow the sending server to begin transmitting the messages, but will reject the message later if the maximum size is reached. The default value of "0" mean that there is no size limit placed on messages.
Kill connection if data transmission exceeds: [xx] KB (0 = never)
If the transmission of data during an SMTP connection exceeds this threshold, SecurityGateway will close the connection. The default value in this option is "0", meaning that there is no size limit.
Connection Timeout: [xx] seconds (Recommended: 30)
This is how long SecurityGateway will wait for an SMTP connection before timing out.
Protocol Timeout: [xx] seconds (Recommended: 300)
Once a connection has been established, this is the number of seconds that SecurityGateway will wait for the host to begin the SMTP protocol dialog.
Maximum message hop count (1-100):
RFC standards stipulate that a mail server must stamp each message each time that it is processed. These stamps can be counted and used as a stopgap measure against recursive mail loops that can sometimes be caused by errant configurations. If undetected, these looping delivery cycles could consume your resources. By counting the number of times the message has been processed, such messages can be detected and placed in the Bad Messages queue. The default value of this option is 20.