Contents
- Integration through an edge gateway (SMTP verification of recipient email addresses is disabled) with the help of a wizard
- Step 1. Configuring email routing (transport_map)
- Step 2. Entering address of your Edge Gateway (relayhost)
- Step 3. Adding trusted networks and network hosts (mynetworks)
- Step 4. Finishing integration of Kaspersky Secure Mail Gateway through an edge gateway (SMTP verification of recipient email addresses is disabled)
Integration through an edge gateway (SMTP verification of recipient email addresses is disabled) with the help of a wizard
Integration through an edge gateway on which SMTP verification of recipient email addresses is disabled is a type of integration where Kaspersky Secure Mail Gateway receives messages from an edge gateway and relays them to internal mail servers, and also receives messages from internal mail servers and relays them to the edge gateway. In this case, SMTP verification of recipient email addresses is disabled on the edge gateway.
SMTP verification of recipient email addresses is used by mail systems to prevent reception of messages for nonexistent addresses.
To configure integration of Kaspersky Secure Mail Gateway into the corporate mail infrastructure through an edge gateway on which SMTP verification of recipient email addresses is disabled:
- In the main window of the application web interface, open the administration console tree and select the Quick MTA Setup section.
- In the Integrating Kaspersky Secure Mail Gateway into mail infrastructure section, select Integrate through Edge Gateway.
- Click the Start integration link to go to the SMTP verification of recipient email addresses on the Edge Gateway. section.
- Select SMTP verification of recipient email addresses is disabled on the Edge Gateway.
- Click the Go to configuring email routing link to start performing the steps of the wizard.
Step 1. Configuring email routing (transport_map)
Configure email routing at this step.
By default, Kaspersky Secure Mail Gateway uses the settings of your DNS server for email routing. To configure email routing manually, create a transport map: enter the names of the domains for which email messages are intended and then type the IP addresses or FQDN names of the domains to which Kaspersky Secure Mail Gateway will be redirecting messages intended for the domains.
For example, if you want messages intended for the example.com domain to be redirected to the address 1.1.1.0:25, add the example.com domain to the transport map and then specify the IP address 1.1.1.0 and port number 25 for routing messages intended for the example.com domain.
To configure email routing:
- Click the Add a record to the transport map link to open the Email routing window.
- In the Enter domain name field, type the name of the domain for which email messages are intended.
Type the domain names in FQDN format.
- In the Enter email destination address (IPv4, domain name or FQDN) field, type the IP address or domain name of the server the routing of email to which you want to configure.
You can enter an IPv4 address (for example: 192.0.0.1 or 192.0.0.0/16), an IPv6 address (for example: 2607:f0d0:1002:51::4), subnet mask in CIDR format (for example: fc00::/7), domain name or FQDN.
- In the Enter the port number to connect with the email destination address, select the port number.
The default value is 25.
- Select one of the following options:
- Do not enable MX lookup.
- Enable MX lookup (for domain names or FQDNs).
- Click OK.
The Email routing window closes.
Transport map records are added one at a time. Repeat the process of adding records to the transport map for all records that you are adding.
Proceed to the next step of the wizard.
Step 2. Entering address of your Edge Gateway (relayhost)
At this step, enter the address of your edge gateway. Kaspersky Secure Mail Gateway will be redirecting all messages to this address.
For example: 192.0.2.1 or domain.com.
If you have configured email routing for individual domains, Kaspersky Secure Mail Gateway will be redirecting email messages to the addresses specified for each domain.
To enter the address of an edge gateway:
- In the Entering address of your Edge Gateway field, type the IP address of the edge gateway.
Type the address in IPv4 format, domain name or FQDN format.
- Select one of the following options:
- Do not enable MX lookup.
- Enable MX lookup (for domain names or FQDNs).
Proceed to the next step of the wizard.
Step 3. Adding trusted networks and network hosts (mynetworks)
At this step, create a list of trusted networks and network hosts that are allowed to send email messages via Kaspersky Secure Mail Gateway.
As a rule, these are internal networks and network hosts of your organization.
For example, you can specify the IP addresses of Microsoft Exchange servers used at your organization.
If trusted networks are not specified, Kaspersky Secure Mail Gateway will not be receiving messages from internal mail servers and redirect them outside the network of your organization.
To add a list of trusted networks and network hosts:
- Click the Add a trusted network or network host link to open the Adding a trusted network window.
- In the Enter network address or network host address field, type the name of the domain for which email messages are intended.
Type the domain names in FQDN format.
- In the Enter email destination address (IPv4, domain name or FQDN) field, type the IP address of the network or a subnet address.
Type IP addresses in IPv4 format or subnet addresses in CIDR format.
- Click OK.
The Adding a trusted network window closes.
Addresses are added one at a time. Repeat the process of adding addresses to the list for all addresses that you are adding.
Proceed to the next step of the wizard.
Step 4. Finishing integration of Kaspersky Secure Mail Gateway through an edge gateway (SMTP verification of recipient email addresses is disabled)
At this step, check the settings you have specified for integrating Kaspersky Secure Mail Gateway into the corporate mail infrastructure and confirm your choice.
When integration into the corporate mail infrastructure is completed, the following settings of Kaspersky Secure Mail Gateway are configured automatically:
- SPF authentication of message senders is disabled.
Do not enable SPF authentication of message recipients because the message sender is the edge gateway from which Kaspersky Secure Mail Gateway receives messages.
- DMARC authentication of domains from which Kaspersky Secure Mail Gateway receives messages is disabled.
Do not enable DMARC authentication of domains because Kaspersky Secure Mail Gateway receives messages from an intermediate gateway.
- SMTP verification of recipient email addresses is disabled.
Do not enable SMTP verification of recipient email addresses because SMTP verification of recipient email addresses is disabled on the edge gateway.
After you complete all steps of the Quick MTA Setup, Kaspersky Secure Mail Gateway resets all values of MTA setting and replaces them with values that you specified in the Quick MTA Setup Wizard.