Overview

GFI MailEssentials can be installed:

• On a perimeter server (for example, in a DMZ)
• As a mail relay server between the perimeter (gateway) SMTP server and mail server.

This setup is commonly used to filter spam on a separate machine, commonly installed in the DMZ. In this environment, a server (also known as a gateway/perimeter server) is set to relay emails to the mail server. GFI MailEssentials is installed on the gateway/perimeter server so that spam and email malware is filtered before reaching the mail server.

GFI MailEssentials uses the IIS SMTP service as its SMTP Server and therefore, the IIS SMTP service must be configured to act as a mail relay server. 

Step-By-Step Guide

1. Enable IIS SMTP Service.
   
   

   a. Launch Windows Server Manager.

   b. Navigate to the Features node and select Add Features.

   c. Select SMTP Server from the Add Features Wizard.

   NOTE: The SMTP Server feature might require the installation of additional role services and features.

   d. Click Add Required Role Services to proceed with the installation.

   e. In the following screens, click Next to configure any required role services and features, and click Install to start the installation.

   f. Click Close to finalize configuration.

   
   
   
2. Create SMTP domain(s) for email relaying.
   
   

   a. Go to Start > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager.

   b. In the left pane, expand the respective server node.
   
   c. Right-click Default SMTP Virtual Server and select Properties.

   d. Expand Default SMTP Virtual Server node.

   e. Right-click Domains and select New > Domain.

   f. Select Remote and click Next.

   g. Specify the organization domain name (for example, test.mydomain.com) and click Finish.

   
   
   
3. Enable email relaying to your mail server.
   
   

   a. Right-click on the new domain and select Properties.

   b. Select Allow the Incoming Mail to be Relayed to this Domain.

   c. Select Forward all mail to smart host and specify the IP address of the server managing emails in this domain. IP address must be enclosed in square brackets, for example, [123.123.123.123], to exclude them from all DNS lookup attempts.

   d. Click OK to finalize your configuration.

    
4. Secure your SMTP email-relay server.
   
   

   If unsecured, your mail relay server can be exploited and used as an open relay for spam. To prevent this, it is recommended that you specify which mail servers can route emails through this mail relay server (for example, allow only specific servers to use this email relaying setup). To achieve this:

   a. Go to Start > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager.

   b. In the left pane, expand the respective server node.
   
   c. Right-click on Default SMTP Virtual Server and select Properties.

   d. From the Access tab, select Relay.

   e. Select Only the list below and click Add.

   f. Specify IP(s) of the internal mail server(s) that are allowed to route emails through your mail relay server. You can specify:

   • Single computers - Authorize one specific machine to relay email through this server. Use the DNS Lookup button to lookup an IP address for a specific host.
   • Group of computers - Authorize specific computer(s) to relay emails through this server.
   • Domain - Allow all computers in a specific domain to relay emails through this server.

   NOTE: The Domain option adds a processing overhead that can degrade SMTP service performance. This is due to the reverse DNS lookup processes triggered on all IP addresses (within that domain) that try to route emails through this relay server.
   
   

5. Enable your mail server to route emails via GFI MailEssentials.
   
   
   

   SMTP/POP3 mail server

   Configure your mail server to route all inbound and outbound email through GFI MailEssentials. In the configuration program of your mail server, use the option to relay all outbound email via another mail server (this option is usually called something similar to Forward all messages to host. Enter the computer name or IP of the machine running GFI MailEssentials. Save the new settings and restart your mail server.

   Lotus Notes

   For more information on how to set up Lotus Domino routing, refer to Configuring Lotus Domino to Route Emails through MailEssentials.

6. Update your domain MX record to point to mail relay server.
   
   

   Update the MX record for your domain to point to the IP of the new mail relay server. If your DNS server is managed by your ISP, ask your ISP to update the MX record for you.

   NOTE: If the MX record is not updated, all emails will be routed directly to your email server - hence bypassing GFI MailEssentials.

   Verify that MX record has been successfully updated.

   To verify whether MX record is updated:

   a. From command prompt key in nslookup and hit Enter.

   b. Key in set type=mx and hit Enter.

   c. Specify your mail domain name and hit Enter.

   The MX record should return the IP addresses of the mail relay servers.
   
   

7. Test your new mail relay server.
   
   

   Before proceeding to install GFI MailEssentials, verify that your new mail relay server is working correctly.

   Test IIS SMTP inbound connection

   a. Send an email from an ‘external’ account (example, from a Gmail account) to an internal email address/user.

   b. Ensure that the intended recipient received the test email in the respective email client.

   Test IIS SMTP outbound connection

   a. Send an email from an ‘internal’ email account to an external account (example, to a Gmail account).

   b. Ensure that the intended recipient/external user received the test email.

   NOTE: You can also use Telnet to manually send the test email and obtain more troubleshooting information.