Integration through an edge gateway (SMTP verification of recipient email addresses is enabled)

Integration through an edge gateway on which SMTP verification of recipient email addresses is enabled is a type of integration where Kaspersky Secure Mail Gateway receives messages from an intermediate gateway and relays them to internal mail servers, and also receives messages from internal mail servers and relays them to the edge gateway. In this case, SMTP verification of recipient email addresses is enabled on the edge gateway.

SMTP verification of recipient email addresses is used by mail systems to prevent reception of messages for nonexistent addresses.

To configure integration of Kaspersky Secure Mail Gateway into the corporate mail infrastructure through an edge gateway on which SMTP verification of recipient email addresses is enabled:

  1. Add local domains of your organization for which Kaspersky Secure Mail Gateway will receive email messages from any sources including untrusted sources.
    1. In the application web interface window, select the Settings Built-in MTADomains section.
    2. Click Add domain.

      In the record creation window, add the relevant domain or subdomain and turn on the Local domain switch.

    3. If necessary, configure routing.

      By default, Kaspersky Secure Mail Gateway uses the settings of the DNS server for email routing. You can manually configure email routing for an individual domain.

    4. Click Save.
    5. Repeat steps 'b' to 'd' for each domain or subdomain that you want to add.

    If local domains are not specified, Kaspersky Secure Mail Gateway will not be receiving messages for internal mail servers.

    Kaspersky Secure Mail Gateway will receive messages from untrusted sources only for specified domains. Messages from untrusted sources intended for other domains are rejected.

  2. Specify the address of the edge gateway. Kaspersky Secure Mail Gateway will be redirecting all messages to this address.
    1. In the application web interface window, select the SettingsBuilt-in MTABasic Settings section.
    2. In the Email destination address field, select Send through an edge gateway.
    3. Enter the address and port of your edge gateway (relayhost). Kaspersky Secure Mail Gateway will be redirecting all messages to this address. However, if you have configured email routing for individual domains, Kaspersky Secure Mail Gateway will be relaying email messages to the addresses specified for each domain.

      You can enter an IPv4 address (for example: 192.168.0.1), an IPv6 address (for example: 2607:f0d0:1002:51::4), domain name or FQDN.

    4. If you specified a domain name, you can enable MX record lookup for it. To do so, select the Use MX lookup check box.
    5. Click Save.
  3. Create a list of trusted networks and network hosts that are allowed to send email messages via Kaspersky Secure Mail Gateway. To do so:
    1. In the application web interface window, select the SettingsBuilt-in MTABasic Settings section.
    2. In the Trusted networks field, add addresses or hosts in IPv4 or IPv6 format.

      As a rule, these are internal networks and network hosts of the organization.

      If trusted networks are not specified, Kaspersky Secure Mail Gateway will not be receiving messages from internal mail servers and relaying them outside the network of your organization.

    3. Click Save.
  4. Disable message scanning using SPF and DMARC technologies because the message sender is the edge gateway from which Kaspersky Secure Mail Gateway receives messages.
    1. In the application web interface window, select the SettingsGeneralProtection section.
    2. On the External services turn off the Use SPF and Use DMARC switches.
    3. Click Save.
  5. To prevent the edge gateway from generating a great amount of non-delivery reports, in the message processing rules used for all scan modules, replace the Reject applied action with Delete message.
  6. Because SMTP verification of email addresses is enabled on the edge gateway, enable SMTP verification of recipient email addresses.
    1. In the application web interface window, select the SettingsBuilt-in MTAAdvanced Settings section.
    2. In the Reject messages for recipients drop-down list, select the Reject for unverified recipients mode of SMTP verification of recipient addresses.

      The application rejects the message if the recipient's server is unavailable or rejects the request (reject_unverified_recipient).

      SMTP Recipient Address Verification is not performed when Kaspersky Secure Mail Gateway receives messages from trusted network hosts.

      If SMTP verification of recipient addresses is disabled, a delivery failure notification is sent when an attempt is made to deliver a message to a nonexistent address. This increases the volume of email traffic and may increase the load on the mail server.

    3. Click Save.

The integration through an edge gateway on which SMTP verification of recipient email addresses is enabled is configured.

Page top