When a message arrives that is neither to nor from a local domain, SecurityGateway is being asked to deliver, or relay, the message on behalf of some third party. SecurityGateway does not allow indiscriminate open relaying, but you can use the settings on this page to allow relaying for your domain mail servers if necessary. Relay Control also has options for designating whether or not the address passed during the SMTP MAIL or RCPT command must exist when it contains a local domain.
Mail Relaying
This server does not 'relay' messages...
SecurityGateway will not relay messages that are neither to nor from one of its domains, because spammers exploit open relay servers to hide their tracks, and therefore relaying mail indiscriminately could result in your domain being blocklisted by one or more DNSBL services.
...unless sent from domain mail server
Click this option if you wish to go ahead and relay messages if they are neither to nor from one of your domains but are being sent by one of your domain mail servers. This option is disabled by default.
Only domain email servers can send local mail
By default SecurityGateway will only accept messages FROM a local domain when the sending server is one of the domain email servers designated for that domain. Clear this checkbox if you do not wish to restrict the sending of local mail to each domain's designated email servers.
...unless message is TO a local account
Check this box if you wish to accept local mail not sent by a one of your domain email servers if the message is addressed TO a local account. This option is disabled by default.
...unless sent via authenticated SMTP session
When a message from a local domain is not being sent by one of the domain's designated email servers, SecurityGateway will still accept the message if this option is enabled and the message is being sent over an authenticated session. An example of this would be a local user sending his outbound email directly through SecurityGateway rather than through the domain email server. This option is enabled by default.
...unless sent from allowlisted IP address or host
Click this option if you wish to allow local mail to be sent from allowlisted IP addresses and hosts, even when the sending server is not one of your domain email servers. This option is disabled by default.
Account Verification
SMTP MAIL address must exist if it uses a local domain
By default SecurityGateway will verify that the MAIL value (i.e. the sender) passed during the SMTP process points to an actual valid account when the message is purported to be from a local domain. If the address does not exist then the message will be refused.
...unless sent via domain email server
Enable this option if you wish to exempt a message from the "SMTP MAIL address must exist..." option when it is being sent from a domain mail server. This is enabled by default.
...unless sent via authenticated SMTP session
Enable this option if you wish to exempt a message from the "SMTP MAIL address must exist..." option when it is being sent via an authenticated SMTP mail session. This option is enabled by default.
...unless sent from allowlisted IP address or host
Click this option if you wish to exempt a message from the "SMTP MAIL address must exist..." option when it is being sent from an allowlisted IP address or host. This is disabled by default.
SMTP RCPT address must exist if it uses a local domain
SecurityGateway will verify that the RCPT value (i.e. the recipient) passed during the SMTP process points to an actual valid account when the message is purported to be for a local domain. If the address does not exist then the message will be refused.
