AnswerIn GFI MailEssentials, an important requirement for effective spam capture is that of defining the email servers within the company which first receive email from external domains. These servers are the perimeter servers, since they have defined the email perimeter of the company.
GFI MailEssentials makes use of perimeter servers to identify which external server sent the email to the local email server. The IP address of the external server is then used by SpamRazer (including SPF), IP DNS Blocklist and IP Whitelist.
Perimeter servers should be configured depending on the type of network setup. Listed below are 3 common scenarios present in most networks:
GFI MailEssentials as the ONLY perimeter server
In this scenario, the mail server where GFI MailEssentials is installed acts as the only perimeter server. The perimeter servers do not need to be configured, since GFI MailEssentials will verify the IP sending to it by default.
GFI MailEssentials receiving email through a gateway perimeter
In this scenario, the email received from external servers is first received in an email gateway and then forwarded to the local mail server, where GFI MailEssentials is installed.
GFI MailEssentials must have the IP address of the email gateway configured in the perimeter servers list. In this case, if no perimeters are configured in GFI MailEssentials, it would consider the IP address of the email gateway as the perimeter server, thus being incapable of identifying the IP addresses of the external servers, which are potentially sending spam email and would need to be verified.
GFI MailEssentials receiving from a perimeter which forwards to another perimeter
In this scenario, there are two perimeter servers receiving email from external servers. The first of these perimeters, 'Email Gateway 1' forwards all email to 'Email Gateway 2', without sending any email directly to the local mail server. 'Email Gateway 2' then sends all received email, both from internet and from 'Email Gateway 1' directly to the local mail server, where GFI MailEssentials is installed.
GFI MailEssentials should have the IP address of both email gateways configured in the perimeter servers. The way in which the perimeter server is checked when processing an email, is that of identifying the route back from the local mail server to the first external mail server IP address. Thus, if an email is routed through 'Email Gateway 1', GFI MailEssentials would identify the IP of the mail server which sent to 'Email Gateway 1', not the IP which sent to 'Email Gateway 2' (which would be 'Email Gateway 1').
How to configure Perimeter Servers
The perimeter servers are configured from the GFI MailEssentials configuration > Anti-Spam > Anti-Spam Settings > Perimeter SMTP Servers tab.
If GFI MailEssentials is installed on the only perimeter server, choose ‘This is the only SMTP server which receives emails from the internet’.
If GFI MailEssentials is not installed on the perimeter server, and receives email from other perimeter server(s), choose “The following SMTP servers receive email directly from the internet and forward them to this server” and specify the IP addresses of the perimeter servers.
If GFI MailEssentials is installed on a perimeter server, and the same server receives incoming emails from other mail servers, choose “The following SMTP servers receive email directly from the internet and forward them to this server”, and specify the IP addresses of the other mail servers in the list of perimeter servers.
Alternatively use the “Detect” button, to resolve the MX records of the Inbound Email Domains configured in GFI MailEssentials. Normally, the MX records of these domains would be the perimeter servers for the domains.
Having the option ‘This machine is not a Perimeter SMTP server’ enabled with no perimeter servers configured, will cause adverse effects to the anti-spam modules which make use of the Perimeter server list. For example, the DNS Blacklist filter will not block any spam.