We value your privacy

We use cookies to personalize your use of our site. This includes third-party cookies for that we use for advertising and site analytics. See our Privacy Statement and Cookie Policy for more information on how we collect and use data.

Cookie Options
OK
Knowledge Center

Mail Delivery

General

Set up SMTP-related limits on user logins and inbound/outbound mail delivery.

  1. Go to Mail Delivery > General.
  2. Tick the checkbox of Enable SMTP authentication. When connecting to MailPlus Server via SMTP, clients will have to provide user credentials to log in.
    Two more authentication options are available:
    • Skip authentication for local network connections from terminal: Without login credentials, clients in the MailPlus Server's local network can still receive and send emails using a terminal.
    • Check if the sender's email addresses belong to the login accounts: Users have to send emails using the sender addresses that are associated with their login accounts.
  3. Prohibit plaintext authentication over unencrypted connection: Plaintext authentication will increase the vulnerability because user credentials might be exposed, especially over an insecure connection. Tick the checkbox to disallow plaintext authentication on an insecure connection.
  4. Set up an SMTP profile for your MailPlus Server:
    • Hostname (FQDN): Specify the hostname in FQDN format. Make sure that the hostname matches the IP address in the DNS server.
    • SMTP banner: Specify the text that will show up on an SMTP client's Telnet terminal.
    • Max recipients per message: Set the maximum number of recipients for an inbound/outbound message. If the number of recipients exceeds the limit, the message will be rejected.
    • Max message hops: Set the maximum number of hops (i.e., mail relays) made by an inbound/outbound message. Messages that exceed the limit will be rejected.
    • Maximum size per email (MB): Set the maximum size of an inbound/outbound message. Messages that exceed the limit will be rejected.
  5. Click the External Postmaster button and then the plus icon to add an email address for the external postmaster, which will receive system emails sent to Mailer-daemon and Postmaster aliases from other mail servers.
  6. Click Apply to save the settings.

Delivery

Configure your MailPlus Server to send emails through other mail servers while not being exposed to the Internet and subject to possible attacks.

To set up general delivery rules:

Set up a common rule for the delivery flow. Emails can be sent either directly from your MailPlus Server or through a single relay host.

  1. Go to Mail Delivery > Delivery > Relay Settings.
  2. Select a rule type:
    • Send emails directly from this server: All emails will be sent by MailPlus Server directly.
    • All mails are sent through a single relay host: All emails will be relayed through a designated relay host. Specify the following settings of the designated relay host:
      • Server: Specify the IP address or hostname of the relay server.
      • Port: Specify the port of the relay server to receive emails from MailPlus Server.
      • Always use a secure connection (STARTTLS): Enable this option to relay emails over a STARTTLS-protected connection.
      • Authentication required: When the relay server requires login credentials, enable this option and enter your relay server's username and password.
  3. Click Apply to save the settings.

To set up specific delivery rules:

Set up dedicated rules for a specific email address or domain. When an email meets the rules, it will be sent through the designated relay server.

  1. Go to Mail Delivery > Delivery > Relay Exceptions.
  2. Click Relay Host List.
  3. Specify the rule type:
    • Recipient Rule: Emails sent to a specific email address or domain will be sent through a designated relay server.
    • Sender Rule: Emails sent from a specific email address or domain will be sent through a designated relay server.
  4. Click Create.
  5. Name the rule and set the designated relay host. Select the target type and specify the targets on the Recipient List or Sender List.

Relay Control

MailPlus Server can send or receive emails for other mail servers.

To relay outbound mails for other mail servers:

  1. Go to Mail Delivery > Relay Control. Under the Relay Outbound Mails section, click Trusted List.
  2. Click Create.
  3. Enter a rule name and specify the IP address or subnet mask of the mail server.
  4. Click OK to save the settings.

To relay inbound mails for other mail servers:

Set up DNS records first and then go to Domain List to add the mail server:

  1. Set up an external DNS server for MailPlus Server.
  2. Enter your domain name in the MX record on the external DNS server and enter the IP address of MailPlus Server in the A record. Doing this can help other mail servers route emails to MailPlus Server.
  3. Set up an internal DNS server for MailPlus Server to find the main mail server.
  4. Enter your domain name in the MX record on the internal DNS server and enter the IP address of the domain in the A record. The priority set on the internal DNS server must be higher than the one set on the external DNS server.
  5. Go to DSM > Control Panel > Network > General. Tick the checkbox of Manually configure DNS server, enter the IP address of the internal DNS server in the Preferred DNS Server field, and enter the IP address of the external DNS server in the Alternative DNS Server field. Once MailPlus Server receives an email, it will check the MX records on the two DNS servers and send emails to the mail server with the higher priority.
    Note: The Alternative DNS Server field is not available when the domain server type is set to AD domain or LDAP.
  6. Launch MailPlus Server and go to Mail Delivery > Relay Control. Under the Relay Inbound Mails section, click Domain List.
  7. Click Create.
  8. Enter the rule name and domain name.
  9. Click OK to save the settings.

Note:

  • If you tick the checkbox of Check if the senders' email addresses belong to the login accounts on the General tab, emails from the Trusted List might be rejected by MailPlus Server. You can tick the checkbox of Skip the check for sender's email address to see if it belongs to the login account for emails sent from trusted networks to avoid this situation.
  • If you tick the checkbox of Skip authentication for local network connections from terminal on the General tab, emails from the local network will not be blocked by MailPlus Server.
  • For more information on how to set up DNS records, refer to this article.

Security

To create block and allow lists:

With the block and allow lists, the system will reject, discard, or allow certain messages based on the criteria you set.

  1. Go to Mail Delivery > Security > Block/Allow List.
  2. Click Block/Allow List.
  3. Select either of the following rule types:
    • Block list: Set a rule to reject or discard matching email messages.
    • Allow list: Set a rule to allow matching email messages.
  4. Click Create.
  5. Name the rule and specify its criteria:
    • Sender: Specify the sender address (e.g., 123@abc.com).
    • Recipient: Specify the recipient address (e.g., 456@abc.com).
    • IP: Specify the sender's IP address (e.g., 192.163.1.1).
    • IP/subnet mask: Specify the sender's IP address and subnet mask (e.g., 192.163.1.1/255.100.10.1).
    • Domain (for allow list): Specify the sender domain (e.g., abc.com).
    • Do this (for block list): Select an action against the matching messages:
      • Discard it: Abandon the matching messages without informing senders.
      • Reject it: Prohibit the matching messages from passing through MailPlus Server.
  6. Click OK to save the rule.

Note:

  • Emails matching any allow list rule might still get blocked if they do not pass other security tests (e.g., DNSBL, antivirus scans, and DKIM). The table below shows the security tests that will be skipped depending on the settings of your allow list. You can adjust the relevant settings to ensure that important messages can be received.
    • DNSBL SPF Antivirus Scan DKIM DMARC
    IP
    IP/subnet mask
    Sender
    Recipient
    Domain
  • To always allow matching emails to pass through, it's recommended to create allow list rules using IP addresses, so that matching emails will not be blocked by any other kinds of rules like DKIM.

To create sender policies:

Set up policies to block emails from unidentified domains.

  1. Go to Mail Delivery > Security > Sender Policy.
  2. Enable the following options based on your needs:
    • Reject senders without fully qualified domain name (FQDN): Bounces emails when the sender is from a domain without an FQDN.
    • Reject senders using unknown domains: Bounces emails when the intended recipient is not an existing MailPlus user and when the sender domain does not have a valid DNS entry.
  3. Click Apply to save the settings.

To create connection policies:

Set up policies to block client hosts that cannot be identified or may cause MailPlus Server to overload.

  1. Go to Mail Delivery > Security > Connection Policy.
  2. Enable the following options based on your needs:
    • Reject unknown client hostnames: Tick the checkbox to block client connections from a host without an analyzable IP or hostname.
    • Keeping more concurrent connections than the limit: Set the maximum number of concurrent connections from a client host. When the limit is reached, additional connections will be blocked.
    • Sending more messages than the limit in one minute: Set the maximum number of outbound messages sent from a client host in one minute. When the limit is reached, the client host will be blocked for a minute.
    • Building more connections than the limit in one minute: Set the maximum number of connections built by a client host in one minute. When the limit is reached, the client host will be blocked for a minute.
  3. Click Apply to save the settings.

To create advanced security rules:

  1. Go to Mail Delivery > Security > Advanced.
  2. Enable the following options based on your needs:
    • Reject unauthorized pipelining requests: Tick the checkbox to block client connections that keep sending SMTP commands to avoid system overload.
    • Reject HELO hostnames without fully qualified domain name (FQDN): Tick the checkbox to reject connections from hosts that send a HELO/EHLO command and do not have an FQDN hostname.
    • Reject unknown HELO hostnames: Tick the checkbox to reject connections from hosts that send a HELO/EHLO command and do not have a valid DNS entry.
    • Block any IP emailing more non-existent accounts than the limit: Set the maximum number of non-existent MailPlus accounts that an IP address can send emails to. When the limit is reached, the IP address will be blocked for a day.
    • Max junk commands per session: Set the maximum number of junk commands (i.e., noop, vrfy, etrn, and rset) that a client connection can send before delivering emails. Every 10 junk commands will cause a one-second delay in mail delivery.
  3. Click Apply to save the settings.
General
Delivery
Relay Control
Security