SMTP In

The Protocols page lets system administrators configure settings for messages received into the SmarterMail server.

Connection and Session Settings

Use this card to specify the following inbound SMTP settings:

• SMTP Banner - The text that is displayed when initially connecting to the port. The banner supports the use of the following variables, which will be replaced with their corresponding values:
• #HostName# - The hostname of the IP address to which the connection is made.
• #ConnectedIP# - The IP address of the remote computer.
• #Time# - The system's local time.
• #TimeUTC# - The time in UTC.
• #UnixTime#- The number of seconds since January 1, 1970.
• Allow Relay - If you are concerned about spammers using the relay function to send mail through your server, or do not want any other mail server to use your SMTP server as a gateway, set this to Nobody.
Note: This is strongly recommended.
• Nobody - Restricts sent mail to only work via SMTP authentication and with accounts on the local SmarterMail Server (except for IPs on the White List).
• Only Local Users - Limits relay access to users (email accounts) for a valid domain on your SmarterMail Server.
• Only Local Domains - Limits relay access only to mail hosts (domains) on your SmarterMail Server.
• Anyone - Allows any other mail server to pass messages through your mail server, increasing the chances of your mail server being used for sending large volumes of messages with domains not associated with your local mail server. Selecting this option turns off statistics for all domains, due to the high amount of messages that are passed through the mail server with an open relay.
• Session Timeout (Minutes) - After a connection fails to respond or issue new commands for this number of minutes, the connection will be closed. By default, the session times out after 15 minutes.
• Enabled - Select this checkbox to enable the session timeout setting.
• Command Timeout (Seconds) - If the server receives a command that sends large amounts of data but the data stops coming in for this number of seconds, the command will be aborted. By default, the command times out after 120 seconds.
• Max Connections (0 = Unlimited) - Some protocols in SmarterMail allow you to specify the maximum number of connections. Increasing this value allows SmarterMail to handle more connections of that type at once, but results in higher CPU and memory utilization. By default, the maximum number of connections is 1000.
• Max Messages Per Session (0 = Unlimited) - The maximum number of messages that can be sent in one session. This is useful in handling cases where spammers will make one connection and then send a large amount of messages with that connection.
• Continue delivery if session is disconnected by client - When enabled, this setting allows your mail server to receive deliveries from legacy mailers, such as PHP Mailer, which do not wait for any feedback from the receiving server before disconnecting a session. This setting is disabled, by default.
Note: If this setting is enabled, it is very possible the mail server will receive duplicate emails from legitimate servers that may have disconnected early as the sending server sees that as a failure, so it will continue to retry delivering its messages.

Message Limits and Delivery

• Max Bad Commands - After this many unrecognized or improper commands, a connection will be automatically terminated. By default, the maximum number of bad commands is 8.
• Max Hop Count - After a message gets delivered through this many mail servers, it is aborted by the software. This prevents looping due to DNS problems or misconfigurations. By default, the max hop count is 20.
• Max Message Size (KB) - This controls incoming messages, and outbound messages sent via email clients configured with IMAP or POP. As such, this setting should match, if not exceed, the Max Message Size set for domains. This will help prevent email client users from having their outbound messages rejected due to the message size. By default, the max message size is 512000 KB and this number includes text, HTML, images and attachments.
Note: Base64 encoding of attachments increases their size by approximately 35%. Knowing this, and in order to provide a better user experience, SmarterMail allows messages to be sent that are technically over the limit set for Max Message Size. For example, a 10MB message with a 490MB attachment will still be sent even though the actual message size, after base64 encoding, would far exceed the 500MB max limit.
• Max Bad Recipients (0 = Unlimited) - At times, spammers will hammer a domain with a dictionary harvesting attack. This means that software is used to send messages to many of the most common mailbox addresses (e.g., admin, user, contact, etc.) or username variations (e.g., alan@, alana@, alanb@, etc.) in order to find valid email addresses. Setting the max bad recipients means that after this many bad recipients (those that don't exist for the domain), the SMTP session will be terminated. This setting allows you to better protect yourself against email harvesting attacks. A value of 20 is recommended in most cases.
• Append Received Line - Select the option for appending the received line for All Inbound Messages, Non-authenticated messages or for no messages at all.
Note: If a message has no Received headers, SmarterMail will add one to prevent issues with some mail clients.
• Enable Delivery Status Notifications (DSN) - Delivery status notifications are automated messages notifying a sender about the delivery status of a message: if it bounces, if it was delayed or if delivery was successful.

Authentication and Security

• Require Auth Match - Select this to force a user's From: address to match their SMTP authenticated address, either by matching the entire email address or by matching just the domain - or not requiring it at all. This setting helps keep senders from spoofing email addresses through email clients.
• Include MIME headers for auth match - This setting works in conjunction with Require Auth Match. When enabled:
  • If "Require Auth Match" is set to "Email Address", the MAIL FROM (Return Path) and either the From or Sender header must match the authenticated user. If the Sender is present and matches the authenticated user but the From does not match, the account associated with the Sender header must have permission to send as the account associated with the From header.
  • If “Require Auth Match” is set to “Domain”, the MAIL FROM (Return Path), From, and Sender (if present) must be in the same domain as the authenticated user.
• Allow relay for authenticated users - This setting enables the "Allow Relay" setting when users are required to use SMTP Authentication for sending messages.
• Enable Domain's SMTP auth setting for local deliveries - Enable this setting to enforce SMTP authentication for all local deliveries. For example, mail from user1@example.com to user2@example.com must be authenticated even though the message is bound for local delivery.
• Disable AUTH PLAIN method for non-SSL SMTP authentication - This setting disables plain authentication.
• Disable AUTH LOGIN method for non-SSL SMTP authentication - This setting disables plain text authentication.
• Disable AUTH CRAM-MD5 methods for non-SSL SMTP authentication - Enabling this will block any insecure authentication types over non-SSL connections.
• Enable VRFY command - Enable this setting to allow others (including other mail servers) to verify an email address on the server.
Note: Some people believe enabling VRFY commands is a security risk, so be sure to research the possible ramifications before enabling this feature.
• Enable EXPN command - Enable this setting to allow others to list all users associated with an alias or list.
Note: Some people believe enabling EXPN commands is a security risk, so be sure to research the possible ramifications before enabling this feature.