Carefully configure your mail relay settings
It is important that your mail relay settings have strict limits. All mail servers have this option. You can specify for which domains and IP addresses your mail server will relay mail. In other words, this parameter specifies to whom your SMTP Protocol should forward mail. If configured incorrectly, hackers can use your mail server (and network resources) as a gateway to send spam to other users, which will lead to the fact that, in a fairly short period of time, you will be blacklisted.
Configure SMTP authentication
SMTP authentication forces people, using your server, to obtain permission to send mail by first providing a user name and password. This approach allows you to prevent open relay and abuse of your server. With proper configuration, only registered accounts will be able to use SMTP servers to send e-mail. By the way, authentication is required if your mail server has a routed IP-address.
Limit the number of connections
The number of connections to your SMTP server should be limited. Because this setting depends on the technical characteristics of the server’s hardware (memory, network adapter bandwidth, processor, etc.). As well as from the daily nominal load. That is, with the increase of the number of connections, the load on the server will increase and sooner or later there will be a failure. Therefore, you need to limit the maximum number of connections and the maximum connection speed. Moreover, it can be very useful for preventing spam and DoS attacks targeting your network infrastructure.
Activate reverse DNS
Before accepting a message, most messaging systems use DNS queries to verify the sender’s email domain. Reverse lookup is also an effective option for dealing with fake mail senders. After activating reverse DNS lookup, your SMTP checks the sender’s IP address, to see if it matches the host and domain names that were sent by the SMTP client in the EHLO / HELO command. This is very useful for blocking messages that do not pass address matching.
Use DNSBL servers
One of the most effective ways to protect your mail server is to use DNS-based blacklists. Checking the sender’s domain or IP address for compliance with the global DNSBL database worldwide (for example, Spamhaus) can significantly reduce the amount of spam received. Activating this option and using the maximum number of DNSBL servers will significantly reduce the number of unwanted incoming emails (spam, etc.).
Not satisfied with email protection?
Create yourself a VEDA account and put the tires on a powerful solution.
