Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Managing Messages > Managing connection options
Managing connection options
Administrator Help | TRITON AP-EMAIL | Version 8.2.x
You can improve system performance by limiting the number of simultaneous connections. In the Settings > Inbound/Outbound > Connection Control page, Connection Options section, enter the maximum number of allowed simultaneous connections per IP address, from 1 - 500 (default is 10). Specify the maximum number of seconds of inactivity allowed before a connection is dropped, from 1 - 43200 (default is 300).
You can also configure the following settings in the Connection Control page:
*
Using a real-time blacklist (RBL)
*
Using reverse DNS verification
*
Using the reputation service
*
Delaying the SMTP greeting
*
Enabling the SMTP VRFY command
*
Changing the SMTP port
*
Using access lists
If you want to collect and view detailed information about some connections, you can allow connection control functions to save these details in the mail processing log, accessed via an appliance. When the function is activated, the log collects detailed data regardless of whether the connection control itself is enabled. This function is available for the following connection control options:
*
Real-time blacklist (RBL)
*
Reverse DNS lookup
*
Reputation service
*
SMTP greeting delay
Click OK when you finish configuring connection control settings.
Using a real-time blacklist (RBL)
A Real-Time Blacklist (RBL) is a third-party published list of IP addresses that are known sources of spam. When RBL checking is enabled, messages from a sender listed on an RBL are prevented from entering your system. The Email module supports the use of the Spamhaus Datafeed server or the entry of up to 3 third-party RBLs for RBL lookups.
In the Real-time Blacklist (RBL) Options section, mark the Perform RBL check box to enable RBL checking. Select 1 of the following RBL lookup methods:
*
Spamhaus service. Use the Spamhaus server for RBL lookups
*
Domain address. Enter up to 3 domain addresses of the RBL services you want to use. Separate multiple addresses with a semicolon (;).
This feature is not enabled by default.
Mark the Save connection details in the mail processing log check box to save detailed connection information in the appliance mail processing log. If you enable this option, ensure that at least 1 third-party RBL is entered in the Domain address field.
Using reverse DNS verification
Reverse DNS lookup uses a pointer (PTR) record to determine the domain name that is associated with an individual sender IP address. The reverse DNS lookup function can determine whether email sent to your system is from a legitimate domain. Use of this option can enhance the detection of commercial bulk email. See Commercial bulk email for information about this type of email.
Note, however, that if you enable Reverse DNS, server performance may be affected, or legitimate users may be rejected. This function is not enabled by default.
Mark the Enable reverse DNS lookup check box in the Reverse DNS Lookup Options section to activate the reverse DNS function. You can then determine the response to a reverse DNS lookup by selecting 1 or more of the following options:
*
Disconnect if the PTR record does not exist.
*
Disconnect if the PTR record does not match the A record.
*
Disconnect if a soft failure occurs during a reverse DNS lookup.
If you select this option, a connection is terminated when the following events occur:
*
Named DNS lookup cache service is down.
*
Your DNS server is down.
*
A timeout occurs during a DNS lookup.
*
Disconnect if the PTR record does not match the SMTP EHLO/HELO greeting.
Mark the Save connection details in the mail processing log check box to save detailed connection information in the appliance mail processing log.
Using the reputation service
The email protection system can check an email sender's IP address against the reputation service, which classifies email senders based on past behavior. With this function, the email system can block mail from known spam senders.
To use the reputation service, mark the Enable Reputation Service check box (the default setting) in the Reputation Service Options section. Then select 1 of the following analysis levels to specify the threshold for blocking mail:
*
Conservative, which blocks mail from addresses that send spam 100% of the time
*
Medium, which blocks mail from addresses that send spam 99% of the time
*
Aggressive, which blocks mail from addresses that send spam 97% of the time
*
Custom, which you can use to enter a custom spam percentage. The email system blocks mail from addresses that send spam the specified percentage of time.
Mark the Save connection details in the mail processing log check box to save detailed connection information in the appliance mail processing log.
Delaying the SMTP greeting
You can specify that an SMTP greeting message be delayed for a specified time interval, so that a connection from a client will be dropped if the client tries to send data during this time interval. This option can help prevent mail from spam-sending applications that send a high volume of messages very quickly. The connection is dropped as soon as a message is sent to the SMTP server before it is ready.
Enable the SMTP greeting delay by marking the Enable SMTP greeting delay check box in the SMTP Greeting Delay Options section. Specify the delay time, in seconds, from 1 - 60 (default is 3).
This feature is not enabled by default.
Mark the Save connection details in the mail processing log check box to save detailed connection information in the appliance mail processing log.
Enabling the SMTP VRFY command
The SMTP VRFY command can be used to verify an email username. When asked to validate a username, a receiving mail server responds with the user's login name. Enable this command by marking the Enable SMTP VRFY command check box (the default setting) on the Settings > Inbound/Outbound > Connection Control page in the SMTP VRFY Command Option section.
* 
Important 
Use this command with care. Although helpful in validating a user, this command can also create a network security issue if the user information is retrieved by someone with malicious intent.
Changing the SMTP port
The default SMTP port number is 25. Proper communication with the email hybrid service requires the use of port 25 for SMTP.
However, if you need to customize this port number for any reason, you can change it on the Settings > Inbound/Outbound > Connection Control page in the SMTP Port Option section. Valid values are from 25 to 5000.
* 
Note 
Changing this port setting causes Email module services to restart.
Using access lists
An access list enables you to specify an IP address group for which certain email analysis is not performed. The Allow Access List Options in the Settings > Inbound/Outbound > Connection Control page let you identify these IP addresses. Mail from these addresses bypasses the following email analysis:
*
Connections per IP address
*
RBL checks
*
Reverse DNS lookup
*
Reputation service
*
SMTP greeting delay
*
Directory harvest attack prevention
*
Inbound relay control
*
True Source IP detection
Because mail from the Trusted IP Addresses group bypasses additional email analysis, that group should not be entered in the Allow Access List. See Managing domain and IP address groups for details.
You define IP address groups in Settings > Inbound/Outbound > IP Groups. The groups you have defined on that page appear in the Connection Control Allow Access List Options section, in the IP group drop-down list.
To create and modify an access list:
1.
Select an IP group name in the IP group drop-down to display the addresses in the IP addresses list and enable the Edit button.
2.
Click Edit to modify the access list in the Edit IP Groups page.
3.
Add a predefined IP address group by clicking Browse next to the IP address file field and navigating to the desired text file. The file format should be 1 IP address per line.
4.
You can also enter an individual IP address in the IP Address box and click the arrow button to add the information to the Added IP Addresses box on the right.
* 
Note 
Any changes made here to an IP address group are reflected in the Settings > Inbound/Outbound > IP Groups page.
5.
Click OK.
When you have finished your access list, you can export the list to a location in your network. Click Export to save the access list file to another location.
You can delete an IP address from the Added IP Addresses list by selecting it and clicking Remove.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Managing Messages > Managing connection options
Copyright 2016 Forcepoint LLC. All rights reserved.