Best Practices for Adding Trusted Outbound Relays in an SMTP Scanner

  • Document ID:7020515
  • Creation Date:24-Aug-2010
  • Modified Date:25-Oct-2017
    • Micro Focus Products:
      GWAVA (Secure Messaging Gateway)

Environment


GWAVA 6.x

Situation

What is the best practice for adding Trusted Outbound relays in a SMTP scanner?

Resolution



GWAVA is, by default, set up to relay from all private IP addresses (10.*.*.* / 172.16.*.* / 192.168.*.*  and 127.0.0.1)
 
This setting should be changed, so that you only allow GWAVA to relay messages from the servers that are sending outbound mail for your domain(s).  Take the following steps, to do so:
1) Navigate to Server/Interface Management | <Server Name> | Manage Interfaces | <Interface name> | Interface settings | Trusted outbound relay servers.
2) Remove all IP addresses except the IP address(es) of your outbound mail server(s).
a) It is recommended that you remove 127.0.0.1 from the Trusted outbound relay servers.
b) The only IP addresses you want in the "Trusted outbound relay servers" field, are the server(s) that send outbound mail for your domain.  As an example, In the diagram shown above, the IP of the sending mail server is 10.1.28.10.

c) In general it is also recommended to remove wild cards in most cases.

Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 1833.