Altospam and MailOut installation procedure

by Stephane

Optimizing email filter settings

This article describes the various operations to be carried out when setting up Altsopam or MailOut for optimal mail flow configuration.

Altospam configuration (incoming stream)

Once your account has been created on our systems, you’ll receive a configuration email asking you to make a few changes to your DNS. You can also optimize your settings by correctly configuring recipient filtering and securing your mail server:

1) Modify your DNS MX fields

To activate Altospam, simply redirect the MX fields in the DNS zone of the domain name to be protected to the Altospam servers assigned to you. From then on, traffic will start to flow through our servers, but you’ll have to wait a maximum of 48 hours (depending on your TTL) for all incoming traffic to be filtered by Altospam. During this time, some messages will arrive directly via the old MX fields, so these servers should remain operational during the 48-hour period. So there’s no risk of messages being lost when you go live, because if the messages don’t pass through our servers straight away, they’ll arrive via your existing equipment.

Your MX fields must be modified on the DNS that manages your domain. You’ll find the information in the configuration e-mail you received from Altospam. You’ll find explanatory videos for the main hosting providers: https: //www.altospam.com/actualite/2014/12/comment-installer-altospam/ Above all, only modify the MX fields (not the CNAME or A fields), and only set Altospam servers in the MX field. Don’t leave your old servers configured (you’ll receive live spam).

2) Recipient filtering

In order for Altospam to automatically know the list of your active users, without having to update them manually or set up an LDAP or ActiveDirectory directory synchronization, it is preferable, but not mandatory, to configure your server to manage “recipient filtering”. The principle consists of a return 500 generated by your server just after the RCPT TO in the SMTP protocol. Our article ” What is recipient filtering? ” details the advantages of such a configuration.

You can test the activation of recipient filtering directly via your Altospam management interface, in the “Technical” section, then “Test mail server”.

On PostFix and Exim servers, this is configured by default, so it’s very rare to have to touch it. On qMail servers, this depends on the package used and especially on the plug-ins installed. On Exchange 2000 and 2003, recipient filtering is active by default. On Microsoft Exchange 2007 and 2010, it’s easy to activate. However, without an Edge server, configuration on Exchange 2013 or 2016 is a little more complex. If you use another mail server, please contact our support team directly, who will tell you how to proceed.

3) Protecting your mail server

If your server is not shared, it’s a good idea to limit incoming flows by adding network filtering rules to accept only incoming mail from Altospam servers. This prevents spam from being sent directly to your server, and protects it from intrusion.

All you need to do is identify the IPs of the Altospam servers assigned to you (simply ping the MX servers), then modify the rule in your firewall authorizing ANY to send TCP/25 SMTP to your mail server. Simply replace ANY with the IPs of the two Altospam servers.

Our support team will be happy to help you in this process.

MailOut configuration

Once the service has been installed on our platforms, you will receive an email from us telling you that you can send us your outgoing mail stream. As a reminder, emailing is strictly forbidden via MailOut. We can recommend specialized companies for this purpose.

1) Setting up the active host or relayhost

For the MailOut service, configuration is even simpler than for Altospam, since all you have to do is configure your mail server(s) to forward all outgoing emails to our MailOut servers. Configuration procedures are available from our support team to help you configure your mail server. Please contact us for more information.

Generally speaking, on Microsoft Exchange the principle consists in creating an “active host” to send your mail flow to our MailOut servers. This can be found in the SMTP Connector properties in the “General” tab. From Exchange 2010, you need to create a send connector, via “New send connector” on the “Transport Hub”.

On Microsoft 365, it is necessary to create a dedicated outbound connector to a “partner organization”. A detailed step-by-step guide is available in our documentation, accessible via the “Help” button in the top right-hand corner of the administration interface, section Mailout / Installation / Office 365.

On Postfix, the parameter to configure is called “relayhost” and is generally set in the file: /etc/postfix/main.cf.

On qMail, the principle is to add a “smtproute” and on Lotus, simply configure a “Relay host for messages leaving the local interne domain” in the “Basics” configurations of the “Router/SMTP” tab.

On EXIM, you need to create a new route in “router” with a specific “route_list”. As this depends on your configure file, please contact our support team directly for assistance.

For IceWarp, the configuration is in MailService / General/ Delivery/ Use relay server” and on Mdeamon, you’ll find it in “Domaine Manager / domain.tld / SmartHost/ Configure smart host for this domain” or “Server Setting / Devlivery” for versions 12 and above.

Some operators may block or filter the outgoing TCP/25 flow, in which case it may be useful or necessary to route the outgoing SMTP flow via another port. Our servers also listen on port TCP/2525 for this purpose. All you need to do is configure the relay host to forward traffic on port TCP/2525 rather than TCP/25.

2) SPF and DKIM configuration

The configuration of SPF and DKIM has become essential if you want to ensure a minimum of quality in the deliverability of your emails. The idea is to add two TXT fields to your domain’s DNS servers. All the necessary information and validity tests can be accessed directly from your Altospam administration interface in the “Settings” section, then “MailOut”. Once the TXT fields have been added and propagated, you’ll need to return to the interface to activate the DKIM signature for outgoing emails.

If you’d also like to configure your DMARC fields, our support team will be able to help you configure them to suit your needs.

By following all these recommendations, your e-mail system will be fully optimized for both incoming and outgoing traffic. All traffic will then be automatically processed by Altospam and MailOut to ensure effective security and deliverability of your business emails.

Test Altospam’s solutions!

Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …