Running and managing an email server is far from simply sending and receiving email messages to and from users' inboxes. Administrators responsible for managing corporate email infrastructure need to have a 360-degree approach to ensure their network is secure from outside attacks on their email system as well as when delivering outbound emails to other domains. Companies often run into situations where other receiving servers reject emails because one or more IP addresses get blacklisted. This article focuses on steps you should take in order to prevent your IP address from getting blacklisted.
This page discusses different scenarios that you need to consider.
It is important to configure your firewall so it only allow outbound traffic on TCP port 25 from your email server. Traffic from any other IP address should be denied. In the above example, Client A is trying to send an outbound email directly to the outside world through your firewall. Such attempts should be denied.
Assuming you have blocked outbound traffic on port 25, as suggested in Scenario# 1, every email should go out from your email server. This allow administrators to correctly monitor messages that are going out of your network. Looking at the reports and logs of your email server can give you an in-depth summary of outbound messages. For example, Xeams provides following features that will help you keep an eye on your outbound emails:
This report gives you a count of emails sent by a particular user in your system. You could even limit the maximum number of messages sent out in an hour using this mechanism. Click Reports/Authenticated Messages Reports on the main menu to access this screen.
This report is sent to the administrators around midnight and contains the number of outbound messages sent. Seeing an unusually high number should trigger further investigation.
Several logs, such as
SuccessfulLogins.log can help you discover unusual activities on your server.