Content Checks

Perimeter Checks

The Hermes SEG Perimeter Checks page allows you to set settings for any incoming email before they are even processed by the SMTP server or the rest of the subsystems such as the virus and spam filters . You can think of perimeter checks as a type of "front door" checks before they are processed by the system.

NOTE: This section requires any changes to be applied by clicking the Apply Settings button on the bottom of the page.

Inititial Connection Deep Protocol Tests

The Initital Connection Deep Protocol Tests are comprised of the following 3 tests:

If they are all enabled they are very useful in refusing SMTP connections by zombie senders. However, this setting introduces a delay (graylisting) in email delivery and certain legitimate but incorrectly configured email servers do not try to reconnect to deliver their email. If you have problems receiving emails from legitimate servers, you should first attempt to permit the sending email server(s) under Content Checks --> IP & Network Override which will configure Hermes SEG to bypass Initial Connection Deep Protocol Tests on the server(s) IPs you specify. Hermes SEG comes pre-configured to bypass Initial Connection Deep Protocol Tests on certain email services such as Exchange Online and Outlook.com.

Require HELO

If enabled, this setting requires for the incoming email system to start the SMTP session by first sending the HELO or EHLO command before sending the MAIL FROM or ETRN command. Set this setting to Disabled if it starts creating problems with certain homegrown email systems. Otherwise, it is recommended to be set to Enabled (Figure 2).

Reject Unauthorized Domain

If enabled, this setting will reject any incoming email that is destined for a recipient domain or subdomain thereof  that the system does not handle i.e. any domain that is not listed in the Relay Domains (See General Options Above). It is recommended that this settings is set to Enabled.

Sender Policy Framework (SPF) Checks

Enable/Disable SPF checks on the system. When enabled the system will attempt to identify email spam by detecting whether or not the email is spoofed by verifying that the sender IP address is authorized to send email on behalf of the senders domain.

Reject Invalid HELO Hostname

If enabled, this setting will reject any incoming email from a mail server that sends the HELO or EHLO command along with a malformed hostname. It is recommended that this settings is set to Enabled. For best effect of this setting, ensure the Required HELO setting above is also set to Enabled.

Reject Pipelining

If enabled, this setting will reject any incoming email from a mail server that sends SMTP commands where it is not allowed or without waiting for confirmation that the system supports ESMTP commands. This is used by spammers in order to try to speed up delivery of spam email. It is recommended that you set this setting to Enabled.

Reject Non-FQDN Sender Domain

If enabled, this setting will reject any incoming email from a mail server without a FQDN (Fully Qualified Domain Name). Example of a Non-FQDN domain would be: domain.local. It is recommended that you set this setting to Enabled.

Reject Invalid Sender Domain

If enabled, this setting will reject any incoming email from a mail server whose domain as sent in the MAIL FROM command during the SMTP session does not have a DNS A or MX record or has an invalid MX record. It is recommended that you set this setting to Enabled.

Reject Non-FQDN Recipient

If enabled, this setting will reject any incoming email destined for a recipient without a FQDN (Fully Qualified Domain Name) as sent in the RCPT TO command of the SMTP session. It is recommended that you set this setting to Enabled.

Reject Invalid Recipient Domain

If enabled, this setting will reject any incoming email where this system is not the final destination and the email is destined for a recipient domain as specified in the RCPT TO command of the SMTP session that does not have a DNS A or MX Record or an invalid MX record. It is recommended that you set this setting to Enabled.

Realtime Block/Allow Lists Threshold Score

This is the score required for  the system to block an incoming mail server’s IP address that has been listed on Real Time Block/Allow List(s). The final outcome of combining the weights of the Real Time Block/Allow Lists must be less than the number specified below in order for the incoming mail server to be allowed to deliver mail to this system. Realtime Block/Allow Lists are configured under Content Checks --> RBL Configuration.

Message Size Limit

Enter the maximum message size in MB (Megabytes)  to be processed by the system. Please note, the larger the limit the more memory required by the system to process the e-mail. Extremely large message sizes can crash the system. Recommended size is 20 MB or lower.

RBL Configuration

A RBL (Real Time Block List) is a mechanism for determining the reputation of a sender IP address by looking up the sender IP through various RBLs that are configured in the system. RBL lookups are performed using DNS. The reputation of an IP is determined by assigning a score to a sender IP address. The higher the score, the lower the reputation. Once a certain score threshold is reached, the sender IP address is not allowed to send email to the system. The RBL threshold score is configured under Content Checks --> Perimeter Checks --> Realtime Block/Allow Lists Threshold Score.

There are two types of RBLs configured in Hermes SEG; Block type and Allow type. Block type RBLs are assigned a positive integer for weight and allow type RBLs are assigned a negative integer for weight.

Each RBL added to the system is assigned a weight based on the perceived effectiveness of that particular RBL. Each time a sender IP is matched against a RBL, a score is assigned to that IP depending on the weight of that RBL. For example, if a sender IP address matched against a block type RBL with a weight of 3 and also matched against a block type RBL with a weight of 1, but then matched against an allow type RBL with a weight of -1, then the RBL score for that IP address would be 3. So, if the RBL threshold score configured is 4, then that sender IP would be allowed to deliver email since sender IP reputation of 3 is lower than the RBL threshold score of 4.

The are many RBLs in existence today varying in degree of effectiveness and reputation. Thus which RBLs you choose to use can make a big difference in the effectiveness of Hermes SEG to identify IPs with poor reputation.

The following is a list of RBLs we can recommend:

Block Type RBLs

Allow Type RBLs

Add Realtime Block List

  1. Under the Select the type of entry... ensure Block List is selected.
  2. Under the Block List field, enter the block list host name.
  3. Under the Weight field enter a positive integer to assign as a weight to this RBL (if you do not enter a weight, a weight of 1 will be automatically assigned).
  4. Click the Add button (Figure 1).

Figure 1

image-1609596069789.png

  1. Each RBL entry you add shows up in the Realtime Block/Allow List(s) to be added section (Figure 2).

Figure 2

image-1609596086206.png

  1. Continue adding RBL entries as needed. When finished, click on the Apply Settings button on the bottom of the page (Figure 3).

Figure 3

image-1609596099938.png

Add Realtime Allow List

  1. Under the Select the type of entry... ensure Allow List is selected.
  2. Under the Allow List field, enter the allow list host name.
  3. Under the Arguments field, enter any arguments for the allow list if required.
  4. Under the Weight field enter a negative integer to assign as a weight to this RBL (if you do not enter a weight, a weight of 1 will be automatically assigned which will in effect invalidate the allow list so ensure you enter a negative integer).
  5. Click the Add button (Figure 4).

Figure 4

image-1609596108817.png

  1. Each RBL entry you add shows up in the Realtime Block/Allow List(s) to be added section (Figure 5).

Figure 5

image-1609596115964.png

  1. Continue adding RBL entries as needed. When finished, click on the Apply Settings button on the bottom of the page (Figure 6).

Figure 6

image-1609596124769.png

 

Delete RBL

  1. Under the Delete Realtime Block/Allow Lists section, select the entry you wish to delete and click the Delete button below (Figure 7). Note that only one entry can be selected to be deleted at a time.

Figure 7

image-1609596131706.png

  1. Each entry you select to be deleted shows up in the Permitted Relay IPs/Network to be deleted section (Figure 8).

Figure 8

image-1609596138983.png

  1. Continue selecting entries to be deleted as needed. When finished, click on the Apply Settings button on the bottom of the page (Figure 9).

Figure 9

image-1609596145734.png

IP & Network Override

The IP & Network Override section will allow you to Permit or Deny specific IPs or Networks. The permit or deny action will occur at the perimeter check level. If the action is permit, then the perimeter checks will be effectively bypassed and the email will be allowed to be processed by the rest of the subsystems such as the spam filter and the antivirus engines(s). If the action is deny, then the connection will be immediately dropped by Hermes SEG and no further processing will occur.

Override an IP Address

  1. Ensure IP Address is selected.
  2. Under the Note field, enter a note describing the entry you are adding.
  3. Under the IP field, enter the IP address of the remote server.
  4. Under the Action field, select either Permit or Deny.
  5. Click the Add button (Figure 1).

Figure 1

image-1609596199968.png

  1. Each entry you add shows up in the IP & Network Address(es) to be added section (Figure 2).

Figure 2

image-1609596207564.png

  1. Continue adding entries as needed. When finished, click on the Apply Settings button on the bottom of the page (Figure 3).

Figure 3

image-1609596214756.png

Override a Network Address

  1. Ensure Network is selected.
  2. Under the Note field, enter a note describing the entry you are adding.
  3. Under the Network field, enter the network address you are adding.
  4. Under the Subnet drop-down field select the subnet mask of the network you are adding.
  5. Under the Action field, select either Permit or Deny.
  6. Click the Add button (Figure 4).

Figure 4

image-1609596222787.png

  1. Each entry you add shows up in the IP & Network Address(es) to be added section (Figure 5).

Figure 5