SMTP Addresses explained

This topic aims to provide a more detailed look at the addresses page of the various Services within FTGate. Specifically, how adding an IP address or a range affects access to the services, and some of the benefits of adding IPs to the field(s) on addresses pages. We will also look at how the different fields interact with each other.

Benefits

The main benefit of the addresses page is that it can be used to increase security of the services in the following ways:

 

  1. Define LAN IP addresses

  2. Allows non LAN IP addresses access to the service

  3. Blocks defined IP addresses from accessing the service

  4. Define which external IP addresses are permitted access to the Service

 

So to explain how these work:

Local addresses

By adding an IP address or range to 'The following addresses are from local domains' field, those IPs will be allowed unrestricted access to the service with no security look up carried out, e.g. MAPS RBL (if enabled).

Allow non LAN addresses

Although the addresses in the 'The following addresses are from local domains' field do not have to be from just the LAN, they can be from anywhere, by defining them here they would be treated as local or friendly. The usual security checks, e.g. the MAPS RBL (if enabled) would not be carried out on these addresses.

Refuse connection

Having defined a range of IP addresses, you may wish to block access from a specific machine or a department who have a smaller range within the larger range defined in 'The following addresses are from local domains' field.  To do this you would simply define the machine IP address or the range in this field.

An Example

The aim of this example is to detail how to:

 

This is achieved by following these steps:

  1. Add the class "B" IP range 192.168.x.x subnet mask 255.255.0.0 to 'The following addresses are from local domains' field

  2. Add two specific IP addresses, 192.168.0.26 & 192.168.0.169 both with the subnet 255.255.255.255 to the 'Refuse connections from the following addresses' field

  3. Add the Class "C" address range 192.168.1.x subnet 255.255.255.0 to the 'Refuse connections from the following addresses' field

 

 

This will allow access to the whole of the Class "B" IP range except for those IP addresses defined in the 'Refuse connections from the following addresses' field.

Permit connections ONLY from the following addresses

By adding an IP address or range to this field, you will block ALL connections from ALL other IPs.

Example

Consider a large company, with three offices, where all mail comes into the main FTGate at head office. All mail is routed to and from the branches via the main FTGate. So the IP address of the Main FTGate server is added to this field, with the LAN IP range in 'The following addresses are from local domains' field.  The result of this would be to block all other connections to the SMTP service other than the machines on the LAN and the Main FTGate at head office.

 

Should you wish to further restrict access to this service you can define only the specific IP addresses from where access will be allowed in this field, but remove the LAN address range from 'The following addresses are from local domains' field. This would only allow the defined IPs access.