Configuring Perimeter Protection

Use the features on the Perimeter Protection tab to defend against denial of service and directory harvest attacks and to block mail from non-existent domains.

Note
The options on this page are turned on by default, and the threshold settings for denial of service and directory harvest protection are appropriate for most organizations. It is not recommended that you make adjustments unless you have advanced knowledge of mail transfer agents and SMTP.
  • Block mail from non-existent domains: This option, selected by default, prevents the receipt of mail from external senders with DNS or MX records that are non-existent or malformed. It is recommended that this option always remain enabled. It should only be turned off if you have specific needs, such as a requirement to receive email from a sender who is unable to configure a valid DNS entry for their domain.
  • Denial of service and directory harvest protection: This option, selected by default, enables MTA-level throttling, which rejects messages from mail relays that exceed the configured limits.
    • Maximum simultaneous connections for each connecting SMTP relay: Messages from such relays are rejected until traffic from the relay drops below the limit. This option should not be enabled in network configurations where the Email Appliance is not at the gateway (that is, it has trusted SMTP relays between the Email Appliance and the internet). The default is 50 connections.
      • Within a time window of : The amount of time in seconds for which the settings below apply. The default is 60 seconds.

        Note
        Setting any of the following options to "0" means that there is no maximum. The number of connections, requests, recipients, or sessions becomes unlimited. Each of the following settings is per client.
        • Max connections: The number of connections permitted within the defined time window. The default is 1000 connections.
        • Max delivery requests: The number of requests permitted in the defined time window. The default is 100 requests.
        • Max number of recipients: The number of recipients permitted within the defined time window. The default is 5000 recipients.
        • Max number of TLS sessions: The number of new TLS sessions permitted within the defined time window. This does not include any cached sessions. The default is 0.
    • Reset to Defaults: Returns all of the "session count" and "rate controls" to their default values.

After you have made any necessary changes you can:

  • Click Apply to save your changes.
  • Click Cancel to discard your changes.