Hexamail Guard Configuration Reference [SMTPRelay]

[SMTPRelay]

The following settings can be used in this section:

Enable
You can turn on/off the entire SMTP relay module using this switch
bool
On/Off, True/False, Yes/No, 1/0
On
Enable=On
SMTPProxy
This module is part of an SMTP Proxy
true
SMTPProxy=true
Host
The ip address or host name of your existing mail server
text
server_notconfigured
Host=127.0.0.1
Port
The SMTP port of your existing mail server, usually 25, or 2500 if its on the same machine
number
25
Port=25
SSL
this selects use of SSL to communicate with the mailserver. Be sure that your mailserver supports SSL (Secure Socket Layer) communications before enabling this feature.
bool
On/Off, True/False, Yes/No, 1/0
Off
SSL=Off
SSLOpenSSL
Use OpenSSL for mailserver comms
bool
On/Off, True/False, Yes/No, 1/0
Off
SSLOpenSSL=Off
SSLTLS
Use SSL/TLS or STARTTLS to encrypt connections when the failover server supports it. SSL/TLS is an encrypted connection to the server usually on port 587 or 465. STARTTLS connects unencrypted and then triggers an encrypted session using the STARTTLS command. This is usually on port 25 or 587. Use the STARTTLS setting to ensure STARTTLS is used IF the remote server advertises STARTTLS support. If set to STARTTLS Required then the email will be failed for recipient(s) on the server(s) that do not advertise/support STARTTLS in their greeting response to the SMTP EHLO command.
select
Off, SSL/TLS, STARTTLS, STARTTLS Required
Off
SSLTLS=Off
DomainRoutes
You can configure Hexamail Guard to deliver inbound emails to different servers for different domains. The Domain Route keeps track of what internal email server to deliver what message. If a domain is not listed here, it will be sent to the server specified in the original mail server. If the port of the target server is other than standard port 25, you cans specify the port by adding a colon after the server name/address and then port number. (ex: myserver:250) If you specify the SSL port 465 encrypted SSL communications will be used. if you specify a port of "tls" then STARTTLS will be required when talking to the server on port 25, e.g. domain3.com:server.domain3.com:tls
text
DomainRoutes=domain2.com:server2,domain3.com:server3,domain4:server4:250
DomainSingleRcpt
You can configure Hexamail Guard to deliver email to certain domains using one recipient per connection. Some mailservers are configured to block email to more than a few recipients, so this settings allows you to force Hexamail Guard to use a less efficient delivery mechanism of one recipient per connection, but should ensure delivery to problematic domains.
text
DomainSingleRcpt=domain2.com,domain3.com,*.domain.com
SenderRoutes
You can configure Hexamail Guard to deliver outbound email based on the sender email address. Each sender can have email sent via a different server with separate SMTP authentication logins for each. You can use wildcards for the sender email address match to have all senders from a given domain use a specified server host/port combination.
text
SenderRoutes=email@domain.com:servername,port,userlogin,userpassword,sslsetting a@test.com:smtp.isp1.com,465,a,password,SSL b@test.com:smtp.isp1.com,587,b,password,TLS *@anotherdomain.com:smtp.anotherisp.com,25,username,password,STARTTLS *@*.net:mail.myisp.com,25 test@test:net,mail.test.com,2525
SenderRouteFile
You can configure Hexamail Guard to deliver outbound email based on the sender email address. Each sender can have email sent via a different server with separate SMTP authentication logins for each. You can use wildcards for the sender email address match to have all senders from a given domain use a specified server host/port combination.
text
SenderRouteFile=A file, e.g. smtplogins.csv containing lines such as: email@domain.com,servername,port,userlogin,userpassword,AUTHTYPE,sslsetting a@test.com,smtp.isp1.com,465,a,password,PLAIN,SSL b@test.com,smtp.isp1.com,587,b,password,LOGIN,TLS *@anotherdomain.com,smtp.anotherisp.com,25,username,password,LOGIN,STARTTLS *@*.net,mail.myisp.com,25 test@test.net,mail.test.com,2525
SenderDomainBinds
You can configure Hexamail Guard to deliver email using different local IP addresses for different domains. The Domain Binds keeps track of which IP address to use to deliver which message. If a domain is not listed here, it will be sent using the default NIC/IP address
text
SenderDomainBinds=senderdomain1.com:192.168.1.3,senderdomain2.com:192.168.1.4,senderdomain3.com:192.168.1.5
MailserverBind
Use this NIC to send to the mailserver (bind)
text
SmartBind
Use this NIC to send to the mailserver (bind)
text
DefaultBind
Use this NIC to send to the mailserver (bind)
text
SmartHostEnable
Use a smarthost for outbound delivery (on/off)
bool
On/Off, True/False, Yes/No, 1/0
true
SmartHostEnable=true
SmartHost
If you wish to use a smarthost to deliver email, enter your Smart Host name or IP Address and port (usually 25) into the appropriate boxes. A Smart Host is an email forwarding server, usually provided by your ISP for relay of outgoing emails from your organization. If your existing email server is setup to use a SmartHost, copy those settings into here, and adjust your existing email server settings to use Hexamail as your Smart Host for outgoing email. If your existing email server is not setup to use a SmartHost, leave these settings blank, but be sure to set your email server to use Hexamail as the smarthost for delivery of all emails in order that it can process outbound email. Use the Test Connection button to get the application to test a connection to your smarthost, verifying that the smarthost is accessible to Hexamail and that the configuration is correct.
text
SmartHost=smtp.yourisp.com
SmartPort
The smarthost port to send all outbound email to
number
25
SmartPort=25
SmartSender
Some smarthosts require all email to be sent using the same SMTP envelope sender. This setting, when set, will force all email via the smarthost to use the same specified SMTP MAIL FROM sender address
text
FillInSender
Some mailservers require all email to be sent using a non-blank SMTP envelope sender. However, exchange sends email with a blank SMTP sender when sednign out of office replies and other automted messages. These can end up blocked by other servers. This setting allows you to fill in blank senders with the MIME From (displayed sender) field, and fail-over to the fixed address or just always use a fixed address
text
Off
FillInSender=Off
FillInSenderAddress
Options to use as sender for email with no SMTP Envelope sender
text
FailOverHost
The failover server to send all inbound email to
text
FailOverHost=192.168.1.20
FailOverPort
The failover server port to send all inbound email to
number
25
FailOverPort=25
FailOverSSLTLS
Use SSL/TLS or STARTTLS to encrypt connections when the failover server supports it. SSL/TLS is an encrypted connection to the server usually on port 587 or 465. STARTTLS connects unencrypted and then triggers an encrypted session using the STARTTLS command. This is usually on port 25 or 587. Use the STARTTLS setting to ensure STARTTLS is used IF the remote server advertises STARTTLS support. If set to STARTTLS Required then the email will be failed for recipient(s) on the server(s) that do not advertise/support STARTTLS in their greeting response to the SMTP EHLO command.
select
Off, SSL/TLS, STARTTLS, STARTTLS Required
Off
FailOverSSLTLS=Off
FailOverFor
number
120 seconds
FailOverFor=360
ForceSender
Some smarthosts require all email to be sent using the same SMTP envelope sender. This setting, when set, will force all email via the smarthost to use the same specified SMTP MAIL FROM sender address
text
CustomHELO
You can instruct Hexamail Guard to use a customized HELO line when performing SMTP communications with remote servers for sending email. Typical uses of this is to instruct Hexamail Guard to use your domain name or host name when performing the HELO, e.g. HELO mail.example.com, where mail.example.com is the fully qualified hostname of the server running Hexamail Guard. Use the token <domain> to insert your primary domain automatically: HELO <domain> becomes HELO example.com when example.com is your configured primary domain. Use the token <host> to insert the host name of your server automatically: HELO <host> becomes HELO mailserver when mailserver is your host name. Hence, HELO <host>.<domain> becomes HELO mailserver.example.com. Alternatively use HELO mailserver.example.com directly to ensure the correct fully qualified host name is sent. If you are trying to use Authentication with a Microsoft Exchange Server and get Send Hello first errors, set this to EHLO instead of HELO to resolve the issue. To configure a specific domain use: HELO mydomain.com
text
EHLO <domain>
CustomHELO=EHLO <domain>
CustomHELOLocal
You can instruct Hexamail Guard to use a customized HELO line when performing SMTP communications with the local server for delivering email. Typical uses of this is to instruct Hexamail Guard to use your domain name or host name when performing the HELO, e.g. HELO mail.example.com, where mail.example.com is the fully qualified hostname of the server running Hexamail Guard. Use the token to insert your primary domain automatically: HELO becomes HELO example.com when example.com is your configured primary domain. Use the token to insert the host name of your server automatically: HELO becomes HELO mailserver when mailserver is your host name. Hence, HELO . becomes HELO mailserver.example.com. Alternatively use HELO mailserver.example.com directly to ensure the correct fully qualified host name is sent. Sometimes when talking to exchange locally you need to use the local machine name alone, e.g. HELO machinename If you are trying to use Authentication with a Microsoft Exchange Server and get Send Hello first errors, set this to EHLO instead of HELO to resolve the issue. To configure a specific domain use: EHLO mydomain.com To use a specific hostname use EHLO myhost.mydomain.com
text
EHLO <host>
CustomHELOLocal=EHLO <host>
CustomHELODomain
Domain name used to complete tags in any custom HELO line configured to contain
text
ReceivedFromHeader
You can optionally turn off the insertion of received from headers into outgoing emails. Uncheck the control to disable insertion of these headers.
bool
On/Off, True/False, Yes/No, 1/0
true
ReceivedFromHeader=true
ScanFixOutbound
Some mailservers are incapable of receiving email with unmatched LF characters in (all LF should be part of a CRLF pair). Sometimes it is difficult if not impossible to correct the source of the email with the unmatched LF in, so this option instructs Hexamail to scan all outbound email for the problem and correct it on sending. If you receive errors/notifications from other servers concerning unmatched LF characters you can enable this option. Once enabled it will also log which lines of your outbound email contains the problem to better allow you to fix the application generating the email and correct the issue at source.
bool
On/Off, True/False, Yes/No, 1/0
true
ScanFixOutbound=true
MaxConnections
You can use a large number of simultaneous connections to provide for large amounts of email traffic being sent. Set this high if there is lots of outgoing mail and your mail server can handle large numbers of connections simultaneously.
number
1 - 64
12
MaxConnections=8
TimeOut
If no response is received from a remote server within this time the connection is dropped and retried later
300 seconds
TimeOut=60
MaxDuration
If an operation is not completed within this time the connection is dropped and retried later
6000 seconds
MaxDuration=6000
DNS Servers
You can optionally specify DNS servers to use for MX Lookups. If you do not specify anything here the default DNS servers configured on the machine on which Hexamail Guard is running will be used, or, if they are not available or configured, the standard root DNS servers are used. NOTE: these are only used if outbound email is being sent through Hexamail Guard and MX lookup delivery is being used. If a smarthost is configured, the Smart host will perform the MX lookup and delivery and no DNS server list is required. If you are experiencing MX Lookup errors, check your DNS settings on the machine or add your DNS server IP addresses to this list to ensure the correct DNS servers are being used.
text
MXFailureRetry
By default if no MX host exists for a domain hexamail will try sending to the domain name as a host inline with the SMTP RFC and retry as per your retry schedule under the Errors settings. If you prefer to immediately fail the email for a recipient if the MX lookup fails for a recipient select Off for this setting.
bool
On/Off, True/False, Yes/No, 1/0
On
MXFailureRetry=On
MXExplicitHost
You can optionally specify an explicit NIC or Host name to use for MX Lookups. This is the IP address of the NIC (network device) to be used for MX lookups. If you do not specify anything here the default NIC configured on the machine on which Hexamail Guard is running will be used. NOTE: these are only used if outbound email is being sent through Hexamail Guard and MX lookup delivery is being used. If a smarthost is configured, the Smart host will perform the MX lookup and delivery and this setting is ignored. If you are experiencing MX Lookup errors, check your settings on the machine or explicitly add your external NIC IP address as this setting to ensure MX lookups use the external NIC.
text
MaxRetry
Sometimes emails are not sent due to recoverable errors, such as network dropout, server unavailability etc. Use this setting to set the maximum number of retry attempts before failing.
number
1 - 96 Attempts
48 Attempts
MaxRetry=3
RetryPeriod
Sometimes emails are not sent due to recoverable errors, such as network dropout, server unavailability etc. Use this setting to set the time period between successive retries.
number
1 - 720 Minutes
5 Minutes
RetryPeriod=60
MaxRetryAction
The action to take if the number of retries exceeds the maximum: Return - dispatch a non-delivery report (NDR) to the sender, Store - store the email in the error email store, AdminAlert - send an alert to the administrator, Forward - forward the email to the nominated email address
flags
Return+Store
MaxRetryAction=Return
MaxRetryForward
The address to forward emails to if they have exceeded the retry count and the Forward action is selected.
text
MaxRetryForward=admin@yourdomain.com
ReturnSenderAddress
The address to use as the sender when returning emails/dispatching non-delivery reports for emails that have exceeded the retry count, if Return is selected as a retry action.
text
ReturnSenderAddress="YourCompany Postmaster" <postmaster@yourdomain.com> or "YourCompany Postmaster" < >
ReturnAttachOriginalEmail
You can optionally attach the original email to Non delivery reports (NDRs) when they are sent due to delivery failure after the maximum number of retries.
bool
On/Off, True/False, Yes/No, 1/0
Off
ReturnAttachOriginalEmail=On
StoreSentEmail
All email sent can be stored in the configured directory.
bool
On/Off, True/False, Yes/No, 1/0
off
StoreSentEmail=off
StoreSentSystemEmail
Storing of sent system emails can be enabled by type.
flags
Audit
StoreSentSystemEmail=Audit
ReapSentNum
Automatically delete sent email if more than the specified number
number
1 - 50000
10000
ReapSentNum=10000
ReapSent
This setting allows automatic deletion of sent items when they have been in the store for longer than the specified number of days
bool
On/Off, True/False, Yes/No, 1/0
on
ReapSent=on
ReapSentAgeDays
Automatically delete sent items older than the specified number of days
number
1 - 730 Days
365 Days
ReapSentAgeDays=4
StoreErrorEmail
All email that could not be sent can be stored in the configured directory.
bool
On/Off, True/False, Yes/No, 1/0
on
StoreErrorEmail=on
StoreErrorSystemEmail
Storing of system emails that fail can be enabled by type.
flags
Audit
StoreErrorSystemEmail=Audit
ReapErrorNum
Automatically delete error email if more than the specified number
number
1 - 50000
25000
ReapErrorNum=10000
ReapError
This setting allows automatic deletion of error email when they have been in the store for longer than the specified number of days
bool
On/Off, True/False, Yes/No, 1/0
on
ReapError=on
ReapErrorAgeDays
Automatically delete error email older than the specified number of days
number
1 - 730 Days
365 Days
ReapErrorAgeDays=4
AuthType
this selects the type of authentication required by the mail server you are sending emails to. Leave this as "None" if you do not use authentication to send emails from your usual email clients to your mail server
select
None, Plain, Login, NTLM
None
AuthType=None
See Also:
AuthUsername
The authentication username required by the mail server you wish to send emails to for the authentication type configured.
text
AuthID
The authentication authorization ID. This is used by the SMTP authentication mechanism PLAIN only, it is ignored for the authentication type LOGIN. For more information on the authentication mechanism PLAIN please refer to your mail server documentation or the relevant RFC
text
AuthPassword
The authentication password required by the mail server you wish to send emails to for the authentication type configured.
encryptedtext
SmartSSL
this selects use of SSL to communicate with the smarthost. Be sure that your smarthost supports SSL (Secure Socket Layer) communications before enabling this feature.
bool
On/Off, True/False, Yes/No, 1/0
Off
SmartSSL=Off
SmartSSLOpenSSL
Use OpenSSL for Smarthost comms
bool
On/Off, True/False, Yes/No, 1/0
Off
SmartSSLOpenSSL=Off
SmartSSLTLS
Use SSL/TLS or STARTTLS to encrypt connections when the failover server supports it. SSL/TLS is an encrypted connection to the server usually on port 587 or 465. STARTTLS connects unencrypted and then triggers an encrypted session using the STARTTLS command. This is usually on port 25 or 587. Use the STARTTLS setting to ensure STARTTLS is used IF the remote server advertises STARTTLS support. If set to STARTTLS Required then the email will be failed for recipient(s) on the server(s) that do not advertise/support STARTTLS in their greeting response to the SMTP EHLO command.
select
Off, SSL/TLS, STARTTLS, STARTTLS Required
STARTTLS
SmartSSLTLS=STARTTLS
SmartAuthType
this selects the type of authentication required by the smart host you are sending emails to. Leave this as "None" if you do not use authentication to send outbound emails from your usual email clients through your smarthost
select
None, Plain, Login, NTLM
None
SmartAuthType=None
See Also:SmartAuthUsername, SmartAuthPassword
SmartAuthUsername
The authentication username required by the smart host you wish to send emails to for the authentication type configured.
text
SmartAuthID
The authentication authorization ID. This is used by the SMTP authentication mechanism PLAIN only, it is ignored for the authentication type LOGIN. For more information on the authentication mechanism PLAIN please refer to your mail server documentation or the relevant RFC
text
SmartAuthPassword
The authentication password required by the smart host you wish to send emails to for the authentication type configured.
encryptedtext
MXSSLIgnoreErrors
If an MX server has issues with its SSL certificate (or it mismatches the server) this setting can be used to ignore such errors
bool
On/Off, True/False, Yes/No, 1/0
Off
MXSSLIgnoreErrors=Off
MXSSLOpenSSL
Use OpenSSL for MX comms
bool
On/Off, True/False, Yes/No, 1/0
Off
MXSSLOpenSSL=Off
CustomNDRFrom
Enter the display name you wish to use for the NDR (Non delivery report) Sender. ex: Administrator
text
Postmaster
CustomNDRFrom=Administrator
CustomNDRsender
Enter the email address you wish to use for the NDR Sender. ex: postmaster@domain.com
text
CustomNDRsender=postmaster@domain.com
CustomNDRSubject
Enter the custom Non Delivery subject you would like to use.
text
Failure notice
CustomNDRSubject=Failure notice
CustomNDRMessage
Enter the custom Non Delivery Message you would like to use.
text
This is the sender program at <domain>. The message with subject: <subject> was not delivered to all recipients: Address: <to> Reason: <reason>
CustomNDRMessage=This is the sender program at <domain>. The message with subject: <subject> was not delivered to all recipients: Address: <to> Reason: <reason>
CustomNDRInclude
You can optionally attach the original email to Non delivery reports (NDRs) when they are sent due to delivery failure after the maximum number of retries.
bool
On/Off, True/False, Yes/No, 1/0
Off
CustomNDRInclude=On
LogSMTP
The SMTP protocol transactions will be logged to the file logs/SMTPOut.log
bool
On/Off, True/False, Yes/No, 1/0
off
LogSMTP=off
LogSMTPData
Log MIME DATA payloads
off
LogSMTPData=off
LogSMTPHosts
Only SMTP diagnostic log connections to these hosts. You can use hostname, IP or domain and wildcards
LogSMTPSndrs
Only SMTP diagnostic log connections to these sender email addresses. You can use wildcards
LogSMTPRcpts
Only SMTP diagnostic log connections to these recipient email addresses. You can use wildcards
MaxRecvBandwidth
You can throttle the maximum bandwidth allowed for sending email to other MTAs. Typically you do not need to change this setting.
number
1 - 1000000 kbps
1000000 kbps
MaxRecvBandwidth=64
MaxSendBandwidth
You can throttle the maximum bandwidth allowed for sending email to other MTAs. Typically you do not need to change this setting.
number
1 - 1000000 kbps
1000000 kbps
MaxSendBandwidth=64
UseTLS
Use STARTTLS to encrypt connections whenever the remote MX servers support it. If set to When Available STARTTLS will be used if the remote MX server advertises STARTTLS support. If set to Required then the email will be failed for recipient(s) on the server(s) that do not advertise STARTTLS support in their greeting response to the SMTP EHLO command. NOTE that this is only for servers found using MX DNS lookups, to use TLS for a smarthost or your mailserver please see the relevant setting under thed smarthost or mailserver settings.
select
Off, When Available, Required
Off
UseTLS=Off
MaxHops
The number of Received: headers in the email is checked vs this setting. If it exceeds this configured number of maximum hops (servers through which the email can pass) then the email will be failed with an error. This helps prevent/limit email looping caused my a misconfiguration, for example configuring your smarthost or mailserver to be the same server and port as is running Hexamail (thereby sending email back to itself)
number
24 - 256 hops
40 hops
MaxHops=120
MailServer
If you are running Exchange and Hexamail Guard on the same machine use this setting to automatically have Exchange settings modified ready to run with Hexamail Guard. Your existing Exchange settings will be recorded and restored if you uninstall Hexamail Guard. The settings changed are: Protocols/SMTP/Default SMTP server/Bindings, Protocols/SMTP/Default SMTP server/Delivery/Smarthost
text
off
MailServer=off
MailServer
If you are running Exchange and Hexamail Guard on the same machine use this setting to automatically have Exchange settings modified ready to run with Hexamail Guard. Your existing Exchange settings will be recorded and restored if you uninstall Hexamail Guard. The settings changed are: Protocols/SMTP/Default SMTP server/Bindings, Protocols/SMTP/Default SMTP server/Delivery/Smarthost
text
off
MailServer=off
ExchangeBindingsBackup
Stores the binding strings for Exchange before automatic integration
text
ExchangeBindingsBackup=unassigned:25
ExchangeBindings
text
ExchangeIP
text
127.0.0.1
ExchangeIP=127.0.0.1
ExchangePort
text
2500
ExchangePort=2500
ExchangeSMTPSvc
text
1
ExchangeSMTPSvc=1
ExchangeInstance
text
-1
ExchangeInstance=-1
ExchangeOutboundEnable
Enable this to make Exchange send outbound emails back through Hexamail Guard to allow outbound processing
bool
On/Off, True/False, Yes/No, 1/0
on
ExchangeOutboundEnable=on
ExchangeSmartHostBackup
Stores the smarthost setup of Exchange before automatic integration
text
ExchangeSmartHostBackup=smtp.myisp.com
ExchangeSmartHost
Smarthost setting in Exchange for enabling outbound processing through Hexamail Guard
text
<gethostname>
ExchangeSmartHost=<gethostname>
MailServer
text
off
MailServer=off
MailServer
text
off
MailServer=off
StoreMax
This setting allows automatic removal of old email when the maximum number to store is exceeded.
number
250 - 250000 email
75000 email
StoreMax=75000
StoreCache
This sets the maximum amount of memory used to cache email in the quarantine, sent and error stores. NOTE if you change this setting you will need to press APPLY and then stop and start the service.
number
1 - 1024 mbytes
132 mbytes
StoreCache=132
StoreReap
This setting allows automatic deletion of email when it has been in the store for longer than the specified number of days
bool
On/Off, True/False, Yes/No, 1/0
off
StoreReap=off
StoreReapAgeDays
Automatically delete email older than the specified number of days
number
1 - 365 Days
30 Days
StoreReapAgeDays=4
StorePurgeAgeDays
Automatically purge deleted email older than the specified number of days
number
1 - 120 Days
15 Days
StorePurgeAgeDays=4
StoreNormalizedSubjects
Show automatically normalized subject lines. Only applies to the spam email store
bool
On/Off, True/False, Yes/No, 1/0
On
StoreNormalizedSubjects=On
ErrorStoreMax
This setting allows automatic removal of old email when the maximum number to store is exceeded.
number
250 - 100000 email
20000 email
ErrorStoreMax=20000
ErrorStoreReap
This setting allows automatic deletion of email when it has been in the store for longer than the specified number of days
bool
On/Off, True/False, Yes/No, 1/0
on
ErrorStoreReap=on
ErrorStoreReapAgeDays
Automatically delete email older than the specified number of days
number
1 - 200 Days
30 Days
ErrorStoreReapAgeDays=4
ErrorStorePurgeAgeDays
Automatically purge deleted email older than the specified number of days
number
1 - 120 Days
15 Days
ErrorStorePurgeAgeDays=4