MailEssentials can be installed in two ways; either directly on the Microsoft® Exchange server, or on an Email gateway (relay/perimeter) server. This article describes the procedure to install MaillEssentials on an Email Gateway.
Refer to this linked article for more details on the advantages/disadvantages of this deployment scenario.
GFI MailEssentials can be installed:
- On a perimeter server (for example, in a DMZ)
- As a mail relay server between the perimeter (gateway) SMTP server and mail server.
Both setups are commonly used to filter spam on a separate machine, usually installed in the DMZ. In this environment, a server (also known as a gateway/perimeter server) is set to relay emails to the mail server. MailEssentials is installed on the gateway/perimeter server so that spam and email malware is filtered before reaching the mail server.
The next section provides more details on the installation process.
GFI MailEssentials can be installed:
- On a perimeter server (e.g. in a DMZ)
- As a mail relay server between the perimeter (gateway) SMTP server and the recipients’ inboxes.
Both setups enable you to reduce unnecessary email traffic by using your Active Directory resources (at a perimeter/gateway server level) to drop connections for non-existent email recipients in incoming email. This helps counter spamming techniques such as Directory Harvesting Attacks (a brute force type of attack used by spammers to find valid/existent e-mail addresses at a domain). This deployment architecture stops the majority of spam from arriving at your Microsoft Exchange server.
If upgrading to a newer version, ensure you have all the prerequisites in place and follow the upgrade procedure as described in How to Install or Upgrade GFI MailEssentials.
- Upgrades cannot be undone i.e. you cannot downgrade to an earlier version once you have installed the latest version.
- On upgrading an existing installation, licensing reverts to trial version and a new license key for the newer version is required.
- You cannot change the installation path during GFI MailEssentials upgrades.
- When installing GFI MailEssentials on a DMZ, the recommendation is to use LDAP lookups to get the list of email users (required for user-based configuration/rules e.g. disclaimers) from your SMTP server. This is because AD on a DMZ will usually NOT include all the network users (email recipients).
When MailEssentials is installed on the gateway/perimeter server, it makes use of the IIS SMTP service as its SMTP Server therefore the IIS SMTP service must be configured to act as a mail relay server.
This is achieved by following these steps:
Step 1: Enable IIS SMTP Service
- Launch Windows Server Manager.
- Navigate to the Features node and select Add Features.
- From the Add Features Wizard select SMTP Server.
- Note: The SMTP Server feature might require the installation of additional role services and features. Click Add Required Role Services to proceed with the installation.
- In the following screens click Next to configure any required role services and features, and click Install to start the installation.
- Click Close to finalize the configuration.
Step 2: Create SMTP domain(s) for email relaying
- Go to Start > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager.
- In the left pane, expand the respective server node. Right-click Default SMTP Virtual Server and select Properties.
- Select the IP address currently assigned to your SMTP server and click OK
- Expand Default SMTP Virtual Server node.
- Right-click Domains and select New > Domain.
- Select Remote and click Next.
- Specify the organization domain name (for example, test.gfi.com) and click Finish.
Step 3: Enable email relaying to the Microsoft Exchange server
- Right-click on the new domain (e.g. test.gfi.com) and select Properties.
- Select Allow the Incoming Mail to be Relayed to this Domain.
- Select Forward all mail to smart host and specify the IP address of the server managing emails in this domain. IP address must be enclosed in square brackets, for example,
[18.104.22.168], to exclude them from all DNS lookup attempts.
- Click OK to finalize your configuration.
Step 4: Secure the SMTP email-relay server
If unsecured, the mail relay server can be exploited and used as an open relay for spam. To avoid this from happening, it is recommended to specifically define which mail servers can route emails through this mail relay server (i.e. allow only specific servers to use this email relaying setup).
To achieve this:
- Go to Start > Control Panel > Administrative Tools
- Click on Internet Information Services (IIS) Manager
- In the left pane, expand the respective server node. Right-click on Default SMTP Virtual Server and select Properties
- Click on the Access tab and select Relay
- Select the Only the list below option and click Add
- Specify IP(s) of the mail server(s) that are allowed to route emails through this mail relay server
- Single computer - i.e. Authorize one specific machine to relay email through this server. Use the DNS Lookup button to lookup an IP address for a specific host.
- Group of computers - i.e. Authorize specific computer(s) to relay emails through this server.
- Domain - Allow all computers in a specific domain to relay emails through this server.
- Note: The Domain option adds a processing overhead that can degrade SMTP service performance. This is due to the reverse DNS lookup processes triggered on all IP addresses (within that domain) that try to route emails through this relay server.
Step 5: Enable your mail server to route emails via GFI MailEssentials
SMTP/POP3 mail server
Configure your mail server to route all inbound and outbound email through GFI MailEssentials. In the configuration program of your mail server, use the option to relay all outbound emails via another mail server (this option is usually called something similar to Forward all messages to host. Enter the computer name or IP of the machine running GFI MailEssentials.
Save the new settings and restart your mail server.
The specific step to achieve this if using MS Exchange are:
- Launch Exchange System Manager
- Right-click the Connectors node and select New > SMTP Connector
- Select the Forward all mail through this connector to the following smart host option, and specify the IP of your mail relay server within square brackets (i.e. the IP of the machine on which GFI MailEssentials is installed) e.g. [22.214.171.124]
- Click Add and select the virtual SMTP Server (i.e. the email relay server on which GFI MailEssentials is running)
- Click on the Address Space tab then click Add
- Select SMTP and click OK
- Click OK to finalize the configuration. All emails will now be forwarded to the GFI MailEssentials server.
Step 6: Update the domain MX record to point to mail relay server
Update the MX record of the domain to point to the IP of the new mail relay server. If the DNS server is managed by your ISP, ask your ISP to update the MX record for you.
Note: If the MX record is not updated, all emails will be routed directly to your email server - hence bypassing GFI MailEssentials anti-spam and anti-malware filters.
Verify that the MX record has been successfully updated using the following steps:
- Click Start > Run and type: cmd to launch the Windows Command Prompt.
- From the command prompt type in:
- Type in:
- Specify your mail domain name
The MX record should return the IP addresses of the mail relay servers.
Step 7: Test the new mail relay server
Before proceeding to install MailEssentials, verify that the new mail relay server is working correctly by performing the following:
Test IIS SMTP inbound connection
- Send an email from an ‘external’ account (e.g. from a Gmail account) to an internal email address.
- Ensure that the intended recipient received the test email in the respective email client.
Test IIS SMTP outbound connection
- Send an email from an ‘internal’ email account to an external account (e.g. to a Gmail account).
- Ensure that the intended recipient/external user received the test email.
Note: Telnet can also be used to manually send the test email and obtain more troubleshooting information.
Back to top
Logon to the Microsoft Exchange Server machine using administrator credentials
Double click mailessentials.exe to launch the installation wizard
Select the preferred install language and click Next
Select whether to check for newer versions/builds of GFI MailEssentials and click Next
Read the licensing agreement. To proceed with the installation select I accept the license agreement and click Next
Click Next to install into the default location or click Browse to change path
Specify user details and enter the license key. Click Next to continue
Specify the Administrator email address where notifications (e.g. failed anti spam filters, spam digests) are to be sent
Specify whether MailEssentials will get the list of email users (required for user-based configuration/rules e.g. disclaimers) from Active Directory or SMTP server. Click Next to continue.
If Microsoft Message Queuing Services (MSMQ) is not installed then a dialog prompt will open. Select Yes to install MSMQ. Click Next to continue.
Click Finish to finalize your installation. On completion, setup will:
Prompt to restart the SMTP service.
Important: Failing to restart the SMTP service will negatively affect anti spam filtering and email flow.
Check whether the Microsoft XML engine is installed. This is automatically installed if not found on UK/US English OS. For other OS languages, this has to be manually downloaded and installed. Microsoft XML engine can be downloaded from MSXML 4.0 Service Pack 2 (Microsoft XML Core Services)
For new installations, setup will automatically launch the Post-Installation Wizard.
- Click Next on the welcome page
- In the DNS Server dialog, select:
- Use the same DNS server used by this server - Select this option to use the same DNS server that is used by the operating system where GFI MailEssentials is installed.
- Use an alternate DNS server - Select this option to specify a custom DNS server IP address.
- Click Test DNS Server to test the connection with the specified DNS server. If the test is unsuccessful, specify another DNS server. Click Next to continue.
- In the Internet Connectivity Settings dialog, specify how the server where GFI MailEssentials is installed connects to the internet. If the server connects through a proxy server, click Configure proxy server... and specify proxy settings. Click Next to continue.
- In the Inbound email domains dialog specify all the domains to filter for spam. Any local domains that are not specified in this list will not be filtered for spam. Click Next to continue.
- Note: When adding domains, select Obtain domain’s MX records and include in perimeter servers list to retrieve the domain’s MX records and automatically add them to the perimeter SMTP servers list (configured in the next step).
- In the SMTP Servers dialog, specify how the server receives external emails. If emails are routed through other servers before they are forwarded to the GFI MailEssentials server, add the IP address of the other servers in the list. For more information about perimeter SMTP servers refer to Configuring Perimeter SMTP Servers
- When using hosted email security products GFI MAX MailProtection or GFI MAX MailEdge, enable checkbox Emails are also filtered by….
- In the Default anti-spam action dialog, select the default action to be taken when emails are detected as spam. Click Next to continue.
- Click Finish to finalize the installation.
Note: To re-run the Post-Installation wizard, from the command prompt, navigate to the GFI MailEssentials installation folder and run the following command: