Best Practices for Adding Trusted Outbound Relays in an SMTP Scanner

  • 7020515
  • 24-Aug-2010
  • 25-Oct-2017




What is the best practice for adding Trusted Outbound relays in a SMTP scanner?


GWAVA is, by default, set up to relay from all private IP addresses (10.*.*.* / 172.16.*.* / 192.168.*.*  and
This setting should be changed, so that you only allow GWAVA to relay messages from the servers that are sending outbound mail for your domain(s).  Take the following steps, to do so:
1) Navigate to Server/Interface Management | <Server Name> | Manage Interfaces | <Interface name> | Interface settings | Trusted outbound relay servers.
2) Remove all IP addresses except the IP address(es) of your outbound mail server(s).
a) It is recommended that you remove from the Trusted outbound relay servers.
b) The only IP addresses you want in the "Trusted outbound relay servers" field, are the server(s) that send outbound mail for your domain.  As an example, In the diagram shown above, the IP of the sending mail server is

c) In general it is also recommended to remove wild cards in most cases.

Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 1833.