Integration through an edge gateway (SMTP verification of recipient email addresses is disabled)
Integration through an edge gateway on which SMTP verification of recipient email addresses is disabled is a type of integration where Kaspersky Secure Mail Gateway receives messages from an edge gateway and relays them to internal mail servers, and also receives messages from internal mail servers and relays them to the edge gateway. In this case, SMTP verification of recipient email addresses is disabled on the edge gateway.
SMTP verification of recipient email addresses is used by mail systems to prevent reception of messages for nonexistent addresses.
If SMTP verification of recipient addresses is disabled, a delivery failure notification is sent when an attempt is made to deliver a message to a nonexistent address. This increases the volume of email traffic and may increase the load on the mail server.
To configure integration of Kaspersky Secure Mail Gateway into the enterprise mail infrastructure through an edge gateway on which SMTP verification of recipient email addresses is disabled:
Add local domains of your organization for which Kaspersky Secure Mail Gateway will receive email messages from any sources including untrusted sources.
In the application web interface window, select the Settings → Built-in MTA → Domains section.
By default, Kaspersky Secure Mail Gateway uses the settings of the DNS server for email routing. You can manually configure email routing for an individual domain.
Click Save.
Repeat steps 'b' to 'd' for each domain or subdomain that you want to add.
If local domains are not specified, Kaspersky Secure Mail Gateway will not be receiving messages for internal mail servers.
Kaspersky Secure Mail Gateway will receive messages from untrusted sources only for specified domains. Messages from untrusted sources intended for other domains are rejected.
Specify the address of the edge gateway. Kaspersky Secure Mail Gateway will be redirecting all messages to this address.
In the application web interface window, select the Settings → Built-in MTA → Basic Settings section.
In the Email destination address field, select Send through an edge gateway.
Enter the address and port of your edge gateway (relayhost). Kaspersky Secure Mail Gateway will be redirecting all messages to this address. However, if you have configured email routing for individual domains, Kaspersky Secure Mail Gateway will be relaying email messages to the addresses specified for each domain.
You can enter an IPv4 address (for example: 192.168.0.1), an IPv6 address (for example: 2607:f0d0:1002:51::4), domain name or FQDN.
If you specified a domain name, you can enable MX record lookup for it. To do so, select the Use MX lookup check box.
Click Save.
Create a list of trusted networks and network hosts that are allowed to send email messages via Kaspersky Secure Mail Gateway. To do so:
In the application web interface window, select the Settings → Built-in MTA → Basic Settings section.
In the Trusted networks field, add addresses or hosts in IPv4 or IPv6 format.
As a rule, these are internal networks and network hosts of the organization.
If trusted networks are not specified, Kaspersky Secure Mail Gateway will not be receiving messages from internal mail servers and relaying them outside the network of your organization.
Click Save.
Disable message scanning using SPF and DMARC technologies because the message sender is the edge gateway from which Kaspersky Secure Mail Gateway receives messages.
In the application web interface window, select the Settings → General → Protection section.
On the External services turn off the Use SPF and Use DMARC switches.
Click Save.
To prevent the edge gateway from generating a great amount of non-delivery reports, in the message processing rules used for all scan modules, replace the Reject applied action with Delete message.
Because SMTP verification of email addresses is disabled on the edge gateway, disable SMTP verification of recipient email addresses.
SMTP verification of email addresses involves verifying the existence of recipient email addresses.
In the application web interface window, select the Settings → Built-in MTA → Advanced Settings section.
In the Reject messages for recipients drop-down list, select the Do not reject mode of SMTP verification of recipient addresses.
Click Save.
The integration through an edge gateway on which SMTP verification of recipient email addresses is disabled is configured.