Kaspersky Secure Mail Gateway Help

Configuring MTA settings

Kaspersky Secure Mail Gateway is integrated into the existing corporate mail infrastructure and is not a standalone mail system. For example, Kaspersky Secure Mail Gateway does not deliver email messages to recipients and does not manage user accounts.

You can configure the basic MTA settings using the Quick MTA Setup Wizard or manually in the application web interface.

This section describes how you can configure the MTA settings manually.

In this Help section

Configuring basic MTA settings

Configuring advanced MTA settings

SMTP verification of recipient email addresses

Page top
[Topic 100476]

Configuring basic MTA settings

To configure basic MTA settings:

  1. In the main window of the application web interface, open the management console tree and select the Settings section and MTA subsection.
  2. Open the Basic Settings section if it is not already open.
  3. Click any link in the Basic Settings section to open the Basic MTA settings window.
  4. If you want to change the domain name of Kaspersky Secure Mail Gateway (mydomain), enter the new domain name of the application server in the Domain name field.
  5. If you want to change the fully qualified domain name of Kaspersky Secure Mail Gateway (myhostname), enter the new fully qualified domain name of the application server in the Hostname field.
  6. In the Message size limit field, specify the maximum size of the email message received or forwarded through Kaspersky Secure Mail Gateway, including SMTP headers. Specify the maximum size in bytes.

    Type 0 if restrictions are not required.

    The default value is 20971520 bytes.

  7. Create a list of trusted networks and network hosts that are allowed to send email messages via Kaspersky Secure Mail Gateway (mynetworks). As a rule, these are internal networks and network hosts of your organization. For example, you can specify the IP addresses of Microsoft Exchange servers used at your organization.

    If trusted networks are not specified, Kaspersky Secure Mail Gateway will not be receiving messages from internal mail servers and redirect them outside the network of your organization.

    Perform the following actions for each address that you want to add:

    1. In the Trusted networks field, enter the network IP address or the subnet address.

      Type IP addresses in IPv4 format or subnet addresses in CIDR format.

    2. Click the Add button.

      The network IP address or subnet address that you added will be displayed in the list of trusted networks and network hosts.

    Addresses should be entered one at a time. Repeat the actions for adding IP addresses or subnet addresses to the list for all trusted networks and network hosts that you are adding.

  8. In the Email destination address field, enter the address of your edge gateway (relayhost). Kaspersky Secure Mail Gateway will be redirecting all messages to this address.

    You can enter an IPv4 address (for example, 192.0.0.1 or 192.0.0.0/16), domain name or FQDN.

    If you have configured email routing for individual domains, Kaspersky Secure Mail Gateway will be redirecting email messages to the addresses specified for each domain.

  9. In the MX record lookup list, select one of the following values:
    • Enabled, if you want to enable the search for MX records for domain names or FQDNs.
    • Disabled, if you want to disable MX record lookup.
  10. Click the OK button.

The Basic MTA settings window closes.

See also

Configuring MTA settings

Configuring advanced MTA settings

SMTP verification of recipient email addresses

Page top
[Topic 100477]

Configuring advanced MTA settings

To configure advanced MTA settings:

  1. In the main window of the application web interface, open the management console tree and select the Settings section and MTA subsection.
  2. Open the Advanced Settings section.
  3. Click any link in the upper part of the list of settings to open the Advanced MTA settings window.
  4. In the SMTP greeting text field, type the text that will accompany code 220 in the SMTP greeting.
  5. In the Maximum connection attempts field, specify the maximum number of connection attempts by one remote SMTP client to the service of the SMTP server per minute.

    Type 0 if restrictions are not required.

    The default value is 0 (unlimited).

  6. In the Maximum simultaneous connection attempts field, specify the maximum number of simultaneous connection attempts by one remote SMTP client to the SMTP server.

    Type 0 if restrictions are not required.

    The default value is 50.

  7. In the Maximum mail delivery requests field, specify the maximum number of message delivery requests from one remote SMTP client to the SMTP server per minute, regardless of whether this mail server accepts these messages or not.

    Type 0 if restrictions are not required.

    The default value is 0 (unlimited).

  8. In the SMTP session timeout field, specify the maximum period of time during which a request has to be received from the remote SMTP client and a response sent by the SMTP server.

    The default value is 30 seconds.

  9. In the Interval between destination address connection attempts, specify the interval between attempts by the MTA queue manager to connect to the message destination address if the destination address is unavailable.

    The default value is 60 seconds.

  10. In the Minimum delivery interval for Deferred queue field, specify the minimum interval between attempts to deliver a message that has been deferred into the Deferred queue.

    The default value is 300 seconds.

  11. In the [[LabelTitleSettingsMTAAdvancedDialog_maximalBackoffTime] field, specify the maximum interval between attempts to send a message that has been deferred into the Deferred queue.

    The default value is 4000 seconds.

  12. In the Maximum queue lifetime for a message, set a limit on the time during which a message with a permanent error status will be stored in the queue. When this time elapses, the message is considered undelivered.

    The default value is 3 days.

  13. In the Deferred queue processing interval field, specify the frequency at which the Deferred queue is scanned by the queue manager.

    The default value is 1000 seconds.

  14. In the Maximum queue lifetime for a bounce message, set a limit on the time during which a bounce message with a permanent error status will be stored in the queue. When this time elapses, the message is considered undelivered.

    The default value is 3 days.

  15. In the BCC address for all messages field, specify an optional email address for receiving blind carbon copies of all messages received by the MTA.
  16. In the Check addresses format for RFC 821 compliance list, configure (enable or disable) checking of email addresses in the SMTP MAIL FROM and RCPT TO to verify that such addresses are in angle brackets and do not contain RFC 822 comments and phrases. This check prevents reception of messages from malicious applications.

    To configure the scanning of addresses, in the Check addresses format for RFC 821 compliance list, select one of the following values:

    • Yes, if you want to enable checking.
    • No if you want to disable checking.

    The default value is Yes.

  17. Configure the Disable recipient verification SMTP VRFY setting, which enables or disables the SMTP VRFY command. The SMTP VRFY command prevents specific services from collecting email addresses.

    To enable or disable the SMTP VRFY command, select one of the following values in the Disable recipient verification SMTP VRFY list:

    • Yes, if you want to enable the command.
    • No, if you want to disable the command.

    The default value is Yes.

  18. In the EHLO keywords not sent by SMTP server in response field, select check boxes next to those non-case-sensitive EHLO commands (for example: pipelining, starttls, auth), which your SMTP server will not announce in the response to the EHLO request from an external SMTP client.

    Default values are: silent-discard, dsn, etrn.

  19. Click the OK button.

    The Advanced MTA settings window closes.

See also

Configuring MTA settings

Configuring basic MTA settings

SMTP verification of recipient email addresses

Page top
[Topic 90599]

SMTP verification of recipient email addresses

This section contains information about SMTP authentication of message recipients and how to configure it.

In this Help section

About SMTP verification of recipient email addresses

Enabling and disabling SMTP verification of recipient email addresses

Page top
[Topic 95399]

About SMTP verification of recipient email addresses

SMTP verification of recipient email addresses – verification performed to check if email addresses of message recipients actually exist.

When Kaspersky Secure Mail Gateway receives messages for secure domains and redirects them to a back-end mail server, Kaspersky Secure Mail Gateway must be prevented from receiving messages for non-existent email addresses. This is required for two reasons:

  • Receiving messages to be sent to nonexistent email addresses loads the processor because mail is processed unnecessarily.
  • Attempts to deliver messages to non-existent email addresses can cause Kaspersky Secure Mail Gateway or the back-end server to create delivery failure notifications; because of such notifications, Kaspersky Secure Mail Gateway or your back-end mail server will be added to the black list.

Authentication of message recipients is not performed when Kaspersky Secure Mail Gateway receives messages from trusted network nodes.

See also

SMTP verification of recipient email addresses

Enabling and disabling SMTP verification of recipient email addresses

Page top
[Topic 95400]

Enabling and disabling SMTP verification of recipient email addresses

To enable or disable SMTP verification of recipient email addresses:

  1. In the main window of the application web interface, open the management console tree and select the Settings section and MTA subsection.
  2. Open the Advanced Settings section.
  3. Click the Reject messages for unknown recipient domains or Reject messages for unverified recipients link to open the Advanced MTA settings window.

    In the Reject messages for unknown recipient domains list, select one of the following values:

    • Yes if you want Kaspersky Secure Mail Gateway to reject the message delivery request if the RCPT TO domain name does not contain MX records of the DNS server and the DNS address or MX record is distorted (for example, a zero-length address of the MX host is specified).
    • No if you do not want Kaspersky Secure Mail Gateway to reject the message delivery request if the RCPT TO domain name does not contain MX records of the DNS server and the DNS address or MX record is distorted (for example, a zero-length address of the MX host is specified).

    The default value is Yes.

  4. To the right of the Reject messages for unverified recipients setting name, select one of the following options:
    • None, if you do not want to reject messages to unverified addresses.
    • Reject for unverified recipients, if you want to reject the message delivery request if the RCPT TO is not available.
    • Reject for recipients not in valid list, if you want to reject the message delivery request if the RCPT TO address is not in the list of valid domains for its domain class.
  5. Click the OK button.

The Advanced MTA settings window closes.

SMTP verification of recipient email addresses is not performed when Kaspersky Secure Mail Gateway receives messages from trusted network hosts.

Intense mail traffic can increase the load on the mail server due to transmission of failed message delivery notifications.

See also

SMTP verification of recipient email addresses

About SMTP verification of recipient email addresses

Page top
[Topic 100480]