Online criminals hate us. We protect you from attacks that antivirus can't block.

MailSentry - E-Mail Security and Spamfilter (Setup Guide)

In the following guide, you will learn how to setup up the MailSentry - E-Mail Security and Spamfilter on your DNS

MailSentry - E-Mail Security and Spamfilter user interface: https://dashboard.heimdalsecurity.com

MX Records (needed for inbound email flow):
We recommend a preference/cost of 10 for both entries.

  • eu-esec-01.heimdalsecurity.com
  • eu-esec-02.heimdalsecurity.com

SmartHost (needed for outbound email flow):

  • eu-esec-outbound.heimdalsecurity.com / port 25, 587 or 2525

SPF (used for outbound email flow):
Be aware of NOT removing any 3-party providers delivering e-mails on behalf of your domain.

  • include: spf-esec.heimdalsecurity.com
    Example: v=spf1 include:spf-esec.heimdalsecurity.com -all

MailSentry E-Mail Security and Spamfilter IP Addresses:
MailSentry - E-Mail Security and Spamfilter must be able to deliver email to your mail environment. Verify your firewall settings and only allow SMTP from these IP addresses. (Port 25 for SMTP traffic)

  • 20.50.183.144 (eu-esec-01.heimdalsecurity.com)
  • 20.50.183.146 (eu-esec-01.heimdalsecurity.com)
  • 20.50.183.145 (eu-esec-02.heimdalsecurity.com)
  • 20.50.183.147 (eu-esec-02.heimdalsecurity.com)
  • 20.50.183.148 (eu-esec-outbound.heimdalsecurity.com)
  • 20.50.183.149 (eu-esec-outbound.heimdalsecurity.com)
  • 20.50.183.150
  • 20.50.183.151

In case your firewall includes special rules for Inbound traffic and for Outbound traffic, you need to whitelist the following:

  • 20.50.183.144/29 (port 25 for Inbound traffic) 
  • 20.50.183.144/29 (all ports for Outbound traffic)

To review the Inbound / Outbound settings, while logged into the user interface, navigate to the Settings tab, select the domain in question, review the domain configuration, and ensure that the Inbound and Outbound servers are accurate.

Additional Configuration

Switching inbound mail-flow

Once the configuration has completed, the company's MX records can be updated to direct to MailSentry - E-Mail Security and Spamfilter. Please note that updates to MX records may take a few minutes to apply.

MX records for this environment are listed in the Important Information section.

Validation

Message logs can be used to validate mail flow once the MX Records are changed to flow email through Centium email security.

Setting up MailSentry - E-Mail Security and Spamfilter with cloud mail providers

Office 365

Inbound configuration in Office 365: Office 365 performs SPF check on all inbound emails and this why the configuration of a transport rule is needed in order to whitelist MailSentry - E-Mail Security and Spamfilter as a mail-relay. MailSentry - E-Mail Security and Spamfilter performs SPF checks on all inbound mails.

The configuration is done in the Exchange Admin Center (EAC) by navigating to Exchange admin > Mail flow > Rules and adding the following IP Addresses to whitelist:

  • 20.50.183.144 (eu-esec-01.heimdalsecurity.com)
  • 20.50.183.146 (eu-esec-01.heimdalsecurity.com)
  • 20.50.183.145 (eu-esec-02.heimdalsecurity.com)
  • 20.50.183.147 (eu-esec-02.heimdalsecurity.com)
  • 20.50.183.148 (eu-esec-outbound.heimdalsecurity.com)
  • 20.50.183.149 (eu-esec-outbound.heimdalsecurity.com)
  • 20.50.183.150
  • 20.50.183.151

In case your firewall includes special rules for Inbound traffic and for Outbound traffic, you need to whitelist the following:

  • 20.50.183.133/29 (port 25 for Inbound traffic) 
  • 20.50.183.144/29 (all ports for Outbound traffic)

You can read more on using a third-party cloud service with Office 365 on the following link: https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/manage-mail-flow-using-third-party-cloud#scenario-1---mx-record-points-to-third-party-spam-filtering

G Suite

Inbound configuration in G Suite: G Suite performs SPF check on all inbound emails and this is why the configuration of an inbound gateway is needed to whitelist MailSentry - E-Mail Security and Spamfilter as an email-relay. MailSentry - E-Mail Security and Spamfilter performs SPF checks on all inbound emails.

The configuration is done by navigating to Apps -> G Suite -> Settings for Gmail -> Advanced settings -> Spam, Phishing and malware -> Inbound Gateway and adding the following IP Addresses to whitelist: 

  • 20.50.183.144 (eu-esec-01.heimdalsecurity.com)
  • 20.50.183.146 (eu-esec-01.heimdalsecurity.com)
  • 20.50.183.145 (eu-esec-02.heimdalsecurity.com)
  • 20.50.183.147 (eu-esec-02.heimdalsecurity.com)
  • 20.50.183.148 (eu-esec-outbound.heimdalsecurity.com)
  • 20.50.183.149 (eu-esec-outbound.heimdalsecurity.com)
  • 20.50.183.150
  • 20.50.183.151

In case your firewall includes special rules for Inbound traffic and for Outbound traffic, you need to whitelist the following:

  • 20.50.183.133/29 (port 25 for Inbound traffic) 
  • 20.50.183.144/29 (all ports for Outbound traffic)

It’s recommended to reject all other mails and to require TLS.

You can read more about setting up an inbound email gateway on the following link: https://support.google.com/a/answer/60730?hl=en

The next step is to configure MailSentry - E-Mail Security and Spamfilter. To do that, access the following link: https://support.heimdalsecurity.com/hc/en-us/articles/360007381137-MailSentry-E-Mail-Security-and-Spamfilter-Configuration-

 

See how to set up and configure MailSentry - E-Mail Security and Spamfilter in the following video:


-----------------------------------------------------------

Below, you can read information about how Anti Spoofing Mechanisms work and what SPF, DKIM, or DMARC do.

◦        SPF (Sender Policy Framework)
          More about SPF: https://en.wikipedia.org/wiki/Sender_Policy_Framework
◦        DKIM (Domain Keys Identified Mail)
          More about DKIM: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
◦        DMARC (Domain-based Message Authentication, Reporting & Conformance)
         Read more about DMARC: https://dmarc.org/wiki/FAQ

 

**SPF (Required for domains using MailSentry security outbound sending system)

SPF records basically tell the world what hosts or IPs are allowed to send an email for your domain. When email servers receive an email that claims to be from your domain, they can look up your SPF record and if the sending server is included. We strongly recommend you set up an SPF record that includes MailSentry - E-Mail Security and Spamfilter. This will not only make your email seem more legitimate and thus less likely to be sent to spam folders, but it will also help protect your domain from attackers who send emails with forged headers pretending to be you.

MailSentry - E-Mail Security and Spamfilter SPF record to include: _spf.centiumsecurity.dk

The “include:_spf.centiumsecurity.dk” means you allow the servers of MailSentry to send on behalf of your domain. If you want to keep an existing SPF record, simply add the “include:_spf.centiumsecurity.dk” to it right after the “v=spf1”.

**DKIM
DKIM is a method of email authentication that cryptographically verifies if an email is sent by trusted servers and untampered. Basically, when a server sends an email for your domain, it will calculate an encrypted hash of the email contents using a private key (that only trusted servers know) and add it to the email headers as a DKIM signature. The receiving server will verify the email contents by looking up the corresponding public key in your domain’s DNS records, decrypting the encrypted hash, calculating a new hash based on the email contents is received, and see if the decrypted hash matches the new hash. If there is a match, then the email was not changed and so DKIM passes. Otherwise, DKIM fails and the email is treated with suspicion.

Important: The DKIM record for your domain, is added to the hostname of your domain in the following syntax:

selector._domainkey.domainname (selector is predefined as centium{currentdate} )

Example: If domainname is defendas.com, the TXT DKIM public key is added to:

centium{currentdate}._domainkey.defendas.com

It can seem complicated but implementing DKIM for your domain is quite easy in MailSentry - E-Mail Security and Spamfilter. Once you request a new certificate for your domain, MailSentry will generate a DKIM key pair and show you the TXT record to add if you want to enable DKIM signing. This record contains the public key and is different for every domain.

Once you added the TXT record to your domain, you can ‘Check DNS’ to verify your public DKIM key and enable outbound signing if validation is successful.

Some online services provide DKIM verification to test if your e-mails are DKIM signed correctly by sending e-mails to a specific e-mail address. Here is a few, but more can be found online:

https://www.port25.com/authentication-checker/

http://dkimvalidator.com/

**DMARC

Domain-based Message Authentication, Reporting and Conformance (DMARC) makes it possible to instruct the receiving server in how to handle a received email coming (or pretending to come) from your domain which fails the SPF and DKIM email verification checks. DMARC enables you to choose one of three predefined actions to unverified emails: none, quarantine, and reject.

A basic DMARC TXT record example: v=DMARC1; p=none; rua=mailto:your@emailaddress.com

The “p=” specifies the action to take for emails that fail DMARC and here, “none” basically means don’t do anything, accept the email as usual. The “rua=” is an optional parameter that specifies an email address where other email services can send aggregate reports to so you can see how many of your emails are failing DMARC. Once you are confident your legitimate emails are passing DMARC (either SPF passes or DKIM passes), then you may want to set “p=quarantine”, which tells the receiving server to send failed emails to the spam folder. Even more aggressively, you can set “p=reject” to tell the receiving server to not accept failed emails. We advise working towards “p=quarantine” or even “p=reject” if you think you are likely to be a target of spoofing. For example, Yahoo, PayPal, and eBay use “reject” to prevent spammers from impersonating them.

Important: The DMARC record for your domain, is added to the hostname of your domain in the following syntax:

_dmarc.domainname

Example: If domain name is defendas.com, the TXT DMARC record is added to _dmarc.defendas.com

MailSentry - E-Mail Security and Spamfilter is supporting the collection and reporting of DMARC reports. With the addition of an online service which provides DMARC Wizards to create your DMARC record as you want, and provide you with the full DMARC records and reports, your organization has fully implemented DMARC for their email infrastructure.

Examples of Online Service for DMARC record wizards & reporting:

https://dmarcian.com/dmarc-inspector/

https://www.dmarcanalyzer.com/ 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.