This service is probably the most important service your mail server will run. It is the point of entry for mails from other mail servers and is also usually where users will direct their outgoing mails. Using the available options in this service, the administrator can control the listening port, manage security and set up SSL.
- Enable Service - This controls whether the service is enabled.
- Ports - This controls which ports the service will listen on. It is recommended that you keep the default value of "25;587" as these are the standard SMTP ports. To set multiple ports, simply separate each port with a semi-colon (';').
- Max Connections - This controls the maximum number of simultaneous connections the service will allow. It is recommended that this value be no higher than 200.
- Idle Time-out - If a connection remains idle, this value will control the period of time before the connection is forcefully shutdown.
- Use Server Default - If selected, this will bind the ports to the IPs specified by the General settings.
- Bind to All Available IPs - If selected, this will bind the ports to all available IPs.
- Listen Only on IP(s) - If selected, this will bind the port to the IPs listed here. To set multiple IPs, simply separate each IP with a semi-colon (';'). Also, it is acceptable to specify a domain name instead of an IP.
- Use Explicit SSL - This allows incoming connections to use the STARTTLS command to initiate a secure TLS connection.
- Use Implicit SSL - This allows a secondary dedicated port for secure SSL connections to be opened. The implicit SSL port will also be affected by all the normal port bindings and limits.
- SSL Ports - This controls which ports the SSL part of the service will listen on. It is recommended that you keep the default value of 465 as this is the standard SMTP SSL port. To set multiple ports, simply separate each port with a semi-colon (';').
- Certificate - This option controls which SSL certificate will be used for SSL sessions. For more information on how to edit the SSL certificates, please view the SSL Certificates page.
- SSL Mode - This controls which SSL / TLS mode will be used for SSL sessions.
- Enable Anti-Hammering - Enabling this option will protect the service against brute force password guessing attacks. If an IP performs too many login failures, that IP will be prevented from logging in again for a set period of time. For more information, please view the General page.
IP Restrictions #
- Enable Blocked IPs - If enabled, the IPs and IP ranges in the list box will be blocked from accessing the service.
- Enable Safe IPs - If enabled, the IPs and IP ranges in the list box will always be allowed access to the service. This protection overrules blocked IPs but does not overrule Anti-Hammering.
Relaying Access #
- Enable SMTP Authentication - This option allows you to secure the SMTP and prevent it from being an open relay. This option will allow users to authenticate themselves with a user and password or using 'POP Before SMTP'. If enabled, only authenticated users will be able to use the SMTP as a relay (for outgoing mail). If this option is enabled with IP Range Control, an SMTP connection must satisfy both options before relaying is allowed.
- Allow Login - If enabled, users will be able to authenticate themselves for relaying using a user and password.
- Allow Any Accounts Login Details - This option will enable the SMTP to accept a user and password from any local account for authentication. However, if an account is part of a group which does not allow 'SMTP Authentication Access', that account's login details will not be accepted.
- Allow Only The Following - To ensure SMTP Authentication is even more secure, you can restrict relaying access to a single user and password.
- User - If SMTP Authentication is restricted to a single user and password, this option will set the user.
- Password - If SMTP Authentication is restricted to a single user and password, this option will set the password.
- Allow POP Before SMTP (Pre-Authentication) - If enabled, users can pre-authenticate themselves by first logging into their account using POP3. After login, their IP will automatically be allowed relaying access for a set period of time.
- Authentication Time Period - If using 'POP Before SMTP', this is the period of time that an IP will be allowed relaying access before it must re-authenticate itself.
- Enable IP Range Control - To ensure your SMTP is protected further, you can also restrict relaying access to certain IPs and IP ranges. If this option is enabled with SMTP Authentication, an SMTP connection must satisfy both options before relaying is allowed.
- Block Locally Assigned IPs - If enabled, any connections from IPs assigned to the computer on which Ability Mail Server is running will not be allowed relaying access.
- Enable Safe IPs - This option ensures that certain IPs are always allowed relaying access without having to authenticate themselves. This is useful for important computers, scripting applications or other internal mail servers. This option overrules SMTP Authentication and IP Range Control.
- Allow Locally Assigned IPs - This will ensure that any connections from IP addresses which are assigned to this computer will be classed as safe IPs.
- Disable AUTH Reporting - This option will stop the SMTP service from announcing that it allows SMTP Authentication. Although SMTP Authentication is not affected by this option, it will help keep the mail server secure against potential brute force password guessing attacks. However, enabling this option may also prevent some email clients from being able to log into the SMTP.
- Hide IP in Header Fields - If enabled, the SMTP will not print the senders IP address in the received line at the top of the mail header. This is useful if you wish protect against exposing your users IPs to the receivers of their mail.
- Insert 'For' Field into Received Header Line - If enabled, the SMTP will print the first SMTP recipient into the received line using the 'For' field.
- Convert Bare LFs into CRLF Pairs During Mail Transfer - If enabled, any bare LF characters received during the mail transfer will be converted into a CRLF pair. Although this option shouldn't require enabling, some poorly constructed HTML mails can often be truncated due to the use of bare LFs.
- Max Mails Per IP Per Day - This option allows you to set a limit on the number of allowed mails an IP can send into the SMTP per day. This helps protect against incoming SPAM mails, abusive users and also as backup protection in case a SPAM system is some how able to breach your other security restrictions.
- Max Mails Per IP Per Day (KB) - This option allows you to set a size limit on the amount of mail data an IP can send into the SMTP per day. This helps protect against incoming SPAM mails, abusive users and also as backup protection in case a SPAM system is some how able to breach your other security restrictions.
- Max Recipients Per Mail - This restricts the maximum number of recipients per mail during a mail transfer. This is a simple security restriction which helps prevent abuse of the SMTP.
- Max Hop Count - Often mail servers may be configured in such a way that they accidentally form mail loops which can cause a mail to jump between two mail servers indefinitely. This option helps prevent mail loops by setting a limit on the number of hops allowed.
- Send Hop Count Failure Message - If the hop count level is triggered, this option allows a failure message to be generated and sent to the original sender.
- Only Accept Mail From Clients With Relaying Access - If enabled, only clients with relaying access will be able to deliver mail to both local or external accounts. This option is only useful for non-public SMTP services.