28 Jul 2014 • BLOG - News
The Dos and Don’ts of Setting Up an SMTP Server
28 Jul 2014
While setting up an SMTP server, certain dos and don’ts have to be kept in mind – otherwise, the transfer of mail may not take place properly. To configure email relaying, all the data must be modified carefully. Modern SMTP servers require authentication of clients by credentials before allowing any access. This more flexible system is friendly to mobile users and allows them to have a fixed choice of a configured outbound SMTP server.
Remote Message Queue Starting is a special feature of SMTP that permits a remote host to start processing of the mail queue on a particular server so that it receives the messages destined to it by sending the ‘Turn’ command. This feature when deemed to be insecure; was extended in RFC 1985 with the [ETRN] command, which is more secure as it uses an authentication method based on Domain Name System information.
[MAIL], [RCPT] and [DATA] commands
An SMTP transaction mainly consists of three command and reply sequences. [MAIL] command is used to establish the return address. This is the address to which bounce messages are sent. [RCPT] command is used to establish a recipient for the message. This command can be issued multiple times but once for each recipient. [DATA] consists of a message header and a message body separated by an empty line. It is a group of commands. The server replies once to the [DATA] command to acknowledge that whether it is ready to receive the text and secondly after the end of data sequence for accepting or rejecting the entire message. These sequences should be very carefully prepared while setting up an SMTP server.
SMTP authentication and sender match authentication spoofed emails can be a big problem. Also, some compliancy agencies require mail servers to ensure that emails can’t be spoofed. Hence, mail admins should enforce SMTP authentication and then take the step of enabling sender match authentication, so that the mail server ensures the sending address matches with the SMTP authentication address. Doing this will drastically reduce – if not completely eliminate – the sender’s spoofing mail accounts.
Check the reports
An eye on the reports must be kept necessarily. Smarter mail has a number of reports that the admins can use to keep an eye on their server, traffic and the spam that’s being caught and much more. Reports are a unique and great way to spot trends and identify the potential for trends so that admins can head issues before they become big problems. Some reports of important interest are SMTP Out usage, SMTP Out Connections, Outgoing Spam Reports.
Locking down the mailing lists is also important. Mailing lists can be a big problem, especially if they are set in an improper manner. Only moderators should be allowed to post a list unless the list is very small or very well managed. The mailing list email must be set to lower priority. Throttle the outgoing messages. These small dos and don’ts can be followed while setting up an SMTP server for the best possible results.