Relay Control and Authentication

In order to prevent unauthorized use of your mail server, FTGate has a series of controls that can be used to limit both the amount of access and the relay abilities of those that access your SMTP Server.

Relaying is the condition in which the recipient of the message is not hosted on your server and usually only occurs if either one of your users sends an outbound message (authorised use) or a spammer is trying to use your server to hide the original source of their unwanted messages (unauthorized use).

Security Policy IP Options

To control access to the SMTP server you need to configure the following flags for the address range you wish to control.

PA
(Permit Access)

Setting this flag will allow an address within the address range to connect to the server

AA
(Auto Authenticate)

This setting will consider all connections from within the address range to be authenticated, however access to facilities that require specific mailbox privileges will NOT be granted without further authentication.

AS

(Authenticate by SMTP)

This flag will cause the SMTP server to permit access to the SMTP authentication protocol functions. If this flag is cleared then no mailbox authentication will be possible.

AM

(Authenticate by Mailbox)

This flag will cause the connection to be considered authenticated if a recent mailbox access was made from the connected IP address. This does not give access to facilities that require specific mailbox privileges.

AR

(Authenticated Relaying)

This flag will enable authenticated users to relay though the server.

If the AR flag is cleared , then no relaying is possible. If the AR flag is set but the AA, AS and AM flags are cleared then again no relaying is possible.

Note: Setting the AR and AA flags on an address range will grant that address range unrestricted relaying and should be avoided unless the IP range is trusted not to abuse the privilege.

Authentication Controls

The security policy has a section specifically for the SMTP server. In the SMTP Authentication section the administrator can specify whether the authentication mechanism should check the attempted authentication against a hosted mailbox or against the explicitly specified entries.

If the explicit entries method is used then users will have to match the details entered in the policy. However, while the users will be able to relay they will not be able to access any facilities that require specific mailbox authentication.

Service access control

Each service has an access control list available. If this list is enabled then the service can only be used by users who authenticate with a specific mailbox and password, other users will be rejected.

Thus if the access control list is enabled, and the AS flag is not set, no users will be able to access the system.

Senders MAIL FROM Address control

In most circumstances administrators will desire that the senders from address of a message matches the authenticated address for the connection. This ensures that an account is not hijacked because of poor password choice. The domain privileges offer control over the permitted from address of a message and can be set such that:

  1. The from address must match the authenticated address

  2. The from address must be from the same domain as the authenticated address (note that it does not have to be a valid mailbox name).

  3. The from address can be any address and does not have to match any part of the authenticated address.

If the connection is authenticated with either the AM, AS or the explicit authentication options then there are no checks made on the from address.

Note that the from address in the message is not checked as there are many legitimate reasons why the message header might have a different from address. However, it is desirable for the SMTP session “MAIL FROM” address to match the authenticated address.

Summary

FTGate offers a wide range of flexible options for authentication and relay control. In its default configuration it is not possible for unauthorized users to relay though the server. It is recommended that administrators carefully consider the possible consequences before changing the authentication and relay options.

See: