Protect Your SMTP Server from Email Relaying

Email relaying, also called mail spamming or open mail relay, is an intrusion in which a person uses your email server, address, and other resources, to send large amounts of spam email. This can cause system crashes, equipment damage, and financial loss.

If you are not familiar with the issues involved with mail relaying, or are unsure whether your email server is vulnerable to mail relaying, we recommend you research your own email server and learn its potential vulnerabilities. The XTM device can give basic mail relay protection if you are unsure of how to configure your email server. However, you find out how to use your email server to prevent email relaying.

To protect your server, you change the settings of the SMTP-proxy policy that filters traffic from the external network to your internal SMTP server to include your domain information. When you type your domain, you can use the wildcard * character. Then, any email address that ends with @your-domain-name is allowed. If your email server accepts email for more than one domain, you can add more domains. For example, if you add both *@example.com and *@*.example.com to the list, your email server will accept all email destined to the top-levelexample.com domain and all email destined to sub-domains of example.com. For example, rnd.example.com.

Before you start this procedure, you must know the names of all domains that your SMTP email server receives email for.

  1. Select Firewall > Proxy Actions.
  2. Select the SMTP-proxy action for the SMTP-proxy policy that filters traffic from the external network to an internal SMTP server. Click Edit.
  3. From the Address drop-down list, select Mail From or Rcpt To.
  4. From the Action to take if no rule above is matched drop-down list, select Deny.
    Any email destined to an address other than the domains in the list is denied.

Another way to protect your server is to type a value in the Rewrite As text box in this dialog box. The XTM device then changes the From and To components of your email address to a different value. This feature is also known as SMTP masquerading.

See Also

About the SMTP-Proxy

SMTP-Proxy: Mail From/Rcpt To

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base