Location Screening
Location Screening is a geographically based blocking system that you can use to block incoming connections from unauthorized regions of the world. SecurityGateway determines the country associated with the connecting IP address and then blocks that connection if it is from a restricted location. By default, Location Screening blocks only connections attempting to authenticate. This is useful, for example, when you have no users in a specific country but still wish to be able to receive mail from there. That way you would only block those attempting to log in to your server.
Enable Location Screening
To use Location Screening, enable this option, click the box next to any region or country that you wish to block, and click Save. A checked box indicates that all connections from that region or country will be blocked, except for any IP addresses that you have specifically excluded from this restriction (see Exclusions below). If you click a box a second time, the check mark will be changed to a dash. For those regions or countries, SMTP mail connections will be accepted, but connections attempting to authenticate will be blocked. This can be useful when you wish to be able to receive email from a country but know that you have no users in that country, meaning that any attempt to authenticate to your server from that country would be fraudulent and could be part of a brute force or dictionary attack. Finally, it is worth noting that it is not be possible to use Secure Messaging for recipients in any blocked country, because they will not be able to connect to SecurityGateway to view the secure message.
Add 'X-SGOrigin-Country' header to messages
By default, when Location Screening is on, SecurityGateway will insert the "X-SGOrigin-Country" header into messages, for content filtering or other purposes. This header contains two-letter ISO 3166 country and continent codes instead of full names. Clear this checkbox if you do not wish to insert the header into messages.
Select/Deselect all
Use these button to select or deselect all locations in the list.
Exclusions
Exclude connections from allowlisted IP addresses
By default, all allowlisted IP addresses are exempt from the Location Screening restrictions. Clear this checkbox if you wish to apply Location Screening even to allowlisted IPs.
Exceptions - Domains
If you select a specific domain in the "For Domain:" drop-down list box at the top of the page when configuring these settings, that domain will be listed here after saving the settings. Click the View/Edit link for the corresponding domain to review or edit its Location Screening settings, or click Reset to reset the domain's settings to the default Global values.
