Online criminals hate us. We protect you from attacks that antivirus can't block.

Heimdal™ Email Security (Setup Guide)

In the following guide, you will learn how to setup up the Heimdal™ Email Security on your DNS

Heimdal™ Email Security  user interface: https://dashboard.heimdalsecurity.com

MX Records (needed for inbound email flow):
We recommend a preference/cost of 10 for both entries.

  • eu-esec-01.heimdalsecurity.com
  • eu-esec-02.heimdalsecurity.com

SmartHost (needed for outbound email flow):

  • eu-esec-outbound.heimdalsecurity.com / port 25, 587 or 2525

SPF (used for outbound email flow):
Be aware of NOT removing any 3-party providers delivering e-mails on behalf of your domain.

  • include: spf-esec.heimdalsecurity.com
    Example: v=spf1 include:spf-esec.heimdalsecurity.com -all

Heimdal™ Email Security IP Addresses:
Heimdal™ Email Security must be able to deliver email to your mail environment. Verify your firewall settings and only allow SMTP from these IP addresses. (Port 25 for SMTP traffic)

  • 20.50.183.144 (eu-esec-01.heimdalsecurity.com)
  • 20.50.183.146 (eu-esec-01.heimdalsecurity.com)
  • 20.50.183.145 (eu-esec-02.heimdalsecurity.com)
  • 20.50.183.147 (eu-esec-02.heimdalsecurity.com)
  • 20.50.183.148 (eu-esec-outbound.heimdalsecurity.com)
  • 20.50.183.149 (eu-esec-outbound.heimdalsecurity.com)
  • 20.50.183.150
  • 20.50.183.151

In case your firewall includes special rules for Inbound traffic and for Outbound traffic, you need to whitelist the following:

  • 20.50.183.144/29 (port 25 for Inbound traffic) 
  • 20.50.183.144/29 (all ports for Outbound traffic)

To review the Inbound / Outbound settings, while logged into the user interface, navigate to the Settings tab, select the domain in question, review the domain configuration, and ensure that the Inbound and Outbound servers are accurate.

Additional Configuration

Switching inbound mail-flow

Once the configuration has completed, the company's MX records can be updated to direct to Heimdal™ Email Security. Please note that updates to MX records may take a few minutes to apply.

MX records for this environment are listed in the Important Information section.

Validation

Message logs can be used to validate mail flow once the MX Records are changed to flow email through Centium email security.

Setting up Heimdal™ Email Security with cloud mail providers

Office 365

Inbound configuration in Office 365: Office 365 performs SPF check on all inbound emails and this why the configuration of a transport rule is needed in order to whitelist Heimdal™ Email Security as a mail-relay. Heimdal™ Email Security performs SPF checks on all inbound mails.

The configuration is done in the Exchange Admin Center (EAC) by navigating to Exchange admin > Mail flow > Rules and adding the following IP Addresses to whitelist:

  • 20.50.183.144 (eu-esec-01.heimdalsecurity.com)
  • 20.50.183.146 (eu-esec-01.heimdalsecurity.com)
  • 20.50.183.145 (eu-esec-02.heimdalsecurity.com)
  • 20.50.183.147 (eu-esec-02.heimdalsecurity.com)
  • 20.50.183.148 (eu-esec-outbound.heimdalsecurity.com)
  • 20.50.183.149 (eu-esec-outbound.heimdalsecurity.com)
  • 20.50.183.150
  • 20.50.183.151

In case your firewall includes special rules for Inbound traffic and for Outbound traffic, you need to whitelist the following:

  • 20.50.183.133/29 (port 25 for Inbound traffic) 
  • 20.50.183.144/29 (all ports for Outbound traffic)

You can read more on using a third-party cloud service with Office 365 on the following link: https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/manage-mail-flow-using-third-party-cloud#scenario-1---mx-record-points-to-third-party-spam-filtering

G Suite

Inbound configuration in G Suite: G Suite performs SPF check on all inbound emails and this is why the configuration of an inbound gateway is needed to whitelist Heimdal™ Email Security as an email-relay. Heimdal™ Email Security performs SPF checks on all inbound emails.

The configuration is done by navigating to Apps -> G Suite -> Settings for Gmail -> Advanced settings -> Spam, Phishing and malware -> Inbound Gateway and adding the following IP Addresses to whitelist: 

  • 20.50.183.144 (eu-esec-01.heimdalsecurity.com)
  • 20.50.183.146 (eu-esec-01.heimdalsecurity.com)
  • 20.50.183.145 (eu-esec-02.heimdalsecurity.com)
  • 20.50.183.147 (eu-esec-02.heimdalsecurity.com)
  • 20.50.183.148 (eu-esec-outbound.heimdalsecurity.com)
  • 20.50.183.149 (eu-esec-outbound.heimdalsecurity.com)
  • 20.50.183.150
  • 20.50.183.151

In case your firewall includes special rules for Inbound traffic and for Outbound traffic, you need to whitelist the following:

  • 20.50.183.133/29 (port 25 for Inbound traffic) 
  • 20.50.183.144/29 (all ports for Outbound traffic)

It’s recommended to reject all other mails and to require TLS.

You can read more about setting up an inbound email gateway on the following link: https://support.google.com/a/answer/60730?hl=en

The next step is to configure Heimdal™ Email Security. To do that, access the following link: https://support.heimdalsecurity.com/hc/en-us/articles/360007381137-MailSentry-E-Mail-Security-and-Spamfilter-Configuration-

 

See how to set up and configure Heimdal™ Email Security  in the following video:


-----------------------------------------------------------

Below, you can read information about how Anti Spoofing Mechanisms work and what SPF, DKIM, or DMARC do.

◦        SPF (Sender Policy Framework)
          More about SPF: https://en.wikipedia.org/wiki/Sender_Policy_Framework
◦        DKIM (Domain Keys Identified Mail)
          More about DKIM: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
◦        DMARC (Domain-based Message Authentication, Reporting & Conformance)
         Read more about DMARC: https://dmarc.org/wiki/FAQ

 

**SPF (Required for domains using Heimdal™ Email Security outbound sending system)

SPF records basically tell the world what hosts or IPs are allowed to send an email for your domain. When email servers receive an email that claims to be from your domain, they can look up your SPF record and if the sending server is included. We strongly recommend you set up an SPF record that includes Heimdal™ Email Security. This will not only make your email seem more legitimate and thus less likely to be sent to spam folders, but it will also help protect your domain from attackers who send emails with forged headers pretending to be you.

Heimdal™ Email Security SPF record to include: _spf.centiumsecurity.dk

The “include:_spf.centiumsecurity.dk” means you allow the servers of Heimdal™ Email Security to send on behalf of your domain. If you want to keep an existing SPF record, simply add the “include:_spf.centiumsecurity.dk” to it right after the “v=spf1”.

**DKIM
DKIM is a method of email authentication that cryptographically verifies if an email is sent by trusted servers and untampered. Basically, when a server sends an email for your domain, it will calculate an encrypted hash of the email contents using a private key (that only trusted servers know) and add it to the email headers as a DKIM signature. The receiving server will verify the email contents by looking up the corresponding public key in your domain’s DNS records, decrypting the encrypted hash, calculating a new hash based on the email contents is received, and see if the decrypted hash matches the new hash. If there is a match, then the email was not changed and so DKIM passes. Otherwise, DKIM fails and the email is treated with suspicion.

Important: The DKIM record for your domain, is added to the hostname of your domain in the following syntax:

selector._domainkey.domainname (selector is predefined as centium{currentdate} )

Example: If domainname is defendas.com, the TXT DKIM public key is added to:

centium{currentdate}._domainkey.defendas.com

It can seem complicated but implementing DKIM for your domain is quite easy in Heimdal™ Email Security. Once you request a new certificate for your domain, Heimdal™ Email Security will generate a DKIM key pair and show you the TXT record to add if you want to enable DKIM signing. This record contains the public key and is different for every domain.

Once you added the TXT record to your domain, you can ‘Check DNS’ to verify your public DKIM key and enable outbound signing if validation is successful.

Some online services provide DKIM verification to test if your e-mails are DKIM signed correctly by sending e-mails to a specific e-mail address. Here is a few, but more can be found online:

https://www.port25.com/authentication-checker/

http://dkimvalidator.com/

**DMARC

Domain-based Message Authentication, Reporting and Conformance (DMARC) makes it possible to instruct the receiving server in how to handle a received email coming (or pretending to come) from your domain which fails the SPF and DKIM email verification checks. DMARC enables you to choose one of three predefined actions to unverified emails: none, quarantine, and reject.

A basic DMARC TXT record example: v=DMARC1; p=none; rua=mailto:your@emailaddress.com

The “p=” specifies the action to take for emails that fail DMARC and here, “none” basically means don’t do anything, accept the email as usual. The “rua=” is an optional parameter that specifies an email address where other email services can send aggregate reports to so you can see how many of your emails are failing DMARC. Once you are confident your legitimate emails are passing DMARC (either SPF passes or DKIM passes), then you may want to set “p=quarantine”, which tells the receiving server to send failed emails to the spam folder. Even more aggressively, you can set “p=reject” to tell the receiving server to not accept failed emails. We advise working towards “p=quarantine” or even “p=reject” if you think you are likely to be a target of spoofing. For example, Yahoo, PayPal, and eBay use “reject” to prevent spammers from impersonating them.

Important: The DMARC record for your domain, is added to the hostname of your domain in the following syntax:

_dmarc.domainname

Example: If domain name is defendas.com, the TXT DMARC record is added to _dmarc.defendas.com

Heimdal™ Email Security is supporting the collection and reporting of DMARC reports. With the addition of an online service that provides DMARC Wizards to create your DMARC record as you want, and provide you with the full DMARC records and reports, your organization has fully implemented DMARC for their email infrastructure.

Examples of Online Service for DMARC record wizards & reporting:

https://dmarcian.com/dmarc-inspector/

https://www.dmarcanalyzer.com/ 

 

*Attached you can find the Heimdal™ Email Security diagram that will show you the exact flow of an email. 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.