Issue
How is SMTP authentication used to allow or deny relaying based on user authentication?
Solution
Using SMTP authentication is a way to prevent spammer access to your appliance. If you have a appliance that is reachable from the internet, you should use SMTP authentication.
There are several ways to implement SMTP authentication. This article describes three of the most common configurations:
- Single-tier environment using a Message Server and SMTP client
- Multi-tier environment using a RazorGate appliance or Mirapoint Message Director serving as a router to a Message Server, and SMTP client
- Multi-tier environment using either a RazorGate appliance or Mirapoint Message Director as an IMR, OMR to a Message Server, and SMTP client
If your appliance configuration is different from those described below, and you require assistance with setting up SMTP authentication, contact Mirapoint Professional Services.
Setting Up SMTP Authentication in a Single-Tier Environment
When setting up SMTP authentication in a single-tier environment where all incoming and outgoing mail routes through the Message Server (MAS.example.com in the figure below), and an SMTP client is used (for example: Netscape, Outlook Express, or Webmail), set SMTP authentication on the Message Server to Norelay, and add the authorized SMTP clients to the Message Server's relay list.
By configuring SMTP authentication this way, users are not be required to authenticate by entering a login and password every time they want to send a message, but and unauthorized domain or user outside of the Message Server is not able to send mail through your system.
If an authorized user wants access your Message Server from an outside unauthorized domain, they are asked to enter their login and password before mail can be sent.
To set up user authentication and allow the Message Server to relay messages, use the CLI to enter the following commands on the Message Server:
To add the SMTP client domains to the Message Server relay list, enter the following command for each domain name or IP address to be added:
Setting Up SMTP Authentication in a Multi-Tiered Environment
There are three multi-tiered configurations that occur frequently. They are:
- Configuration 1-Multi-tier environment using a RazorGate appliance or some other router (Mirapoint Message Director) to a Message Server, and an SMTP client
- Configuration 2-Multi-tier environment using either a RazorGate appliance or a Message Director as an IMR, OMR to a Message Server, and an SMTP client
Configuration 2 accommodates systems with higher SMTP traffic better than configuration 1, and provides better control over message filtering.
Configuration 1
When setting up SMTP authentication in a multi-tiered environment where either a RazorGate appliance is serving as a router to a Message Server and an SMTP client, or some other router (possibly a Mirapoint Message Director) , Message Server, and an SMTP client are used, protect the Message Server and SMTP client behind a firewall.
The router or Message Server can be used to send outgoing mail, but only the router is reachable from the internet.
To set up user authentication in a multi-tiered environment using a RazorGate appliance as the router, or using a Mirapoint Message Director as the router with a Message Server, and an SMTP client, do the following:
Remember to protect your Message Server and authorized SMTP clients behind your firewall.
Configuration 2
When setting up SMTP authentication in a multi-tiered environment where a RazorGate appliances is serving as either an IMR or OMR to a Message Server and and SMTP client, or Mirapoint Message Director is serving as an IMR, OMR to a Message Server, and where an SMTP client is used, protect the OMR, Message Server, and SMTP client behind a firewall. The OMR is used to send outgoing mail, and only the IMR is reachable from the Internet.
To set up user authentication in a multi-tiered environment using a RazorGate appliances serving as either an IMR or OMR to a Message Server and SMTP client, or using a Message Director serving as either an IMR, OMR to a Message Server and an SMTP client, do the following:
Remember to protect the OMR, Message Server, and authorized SMTP clients behind your firewall.
For more information on Mirapoint CLI commands, see either the on-line CLI help, or the Mirapoint Administration Protocol Reference Article for your MOS version.
Comments
0 comments
Please sign in to leave a comment.