|
History
-
Disable history for inbound or outbound messages
KeepMessageFileInbound=False
KeepMessageFileOutbound=False
-
Copy only messages for for specific domains
KeepMessageFileInboundToAddress=@example1.com
KeepMessageFileInboundToAddress=@example.2com
KeepMessageFileOutboundFromAddress=@example1.com
KeepMessageFileOutboundFromAddress=@example2.com
White List
-
Exclude messages from being added to the white list
OutboundAddressWhiteListExclFromAddress=@example1.com
OutboundAddressWhiteListExclToAddress=@example.2com
OutboundAddressWhiteListExclSubject=SomeText
eFax
-
Convert an Exchange IMCEAFAX address to a eFax SMTP address
SMTPAddressFaxTranslation=True
SMTPAddressFaxTranslationDomain=efaxsend.com
In Exchange you need to add the FAX address space to the SMTP connector so that Exchange send FAX messages to XWall.
In Outlook you can select a FAX address from a Contact or you use the extended format:
“[fax:Donald Duck@+45 1020 3040]”
eFax is available from www.eFaxCorporate.com
Bandwidth Throttling
-
Limit the bandwidth to send or receive the data part of a message
InboundSMTPBandwidthThrottling=65536
OutboundSMTPBandwidthThrottling=65536
The bandwidth is in bytes per second.
Common values are:
|
64 |
kbit/s |
ISDN Single |
8192 |
bytes/sec |
|
128 |
kbit/s |
ISDN Dual |
16384 |
bytes/sec |
|
256 |
kbit/s |
ADSL Upload |
32768 |
bytes/sec |
|
512 |
kbit/s |
ADSL Upload |
65536 |
bytes/sec |
|
1 |
Mbit/s |
ADSL
Download |
131072 |
bytes/sec |
|
4 |
Mbit/s |
Line |
524288 |
bytes/sec |
Inbound
SMTP
-
SMTP banner
SMTPTextBanner=WhatEverYouWant
This changes the greeting line that XWall sends to the client after the SMTP connection is established.
-
General information for Greylisting, SLS and SPF
SMTPTextGrey=WhatEverYouWant
SMTPTextSLS=WhatEverYouWant
SMTPTextSPF=WhatEverYouWant
-
Inbound SMTP authentication using a custom application
InboundSMTPAuthApp=True
InboundSMTPAuthAppExe=sample.exe
InboundSMTPAuthAppArg=<USER> <PASSWORD>
InboundSMTPAuthAppExeVerbose=True
The application gets the user and password and must return an error level of zero.
-
Inbound SMTP authentication proxy against Exchange
InboundSMTPAuthProxy=True
After XWall got the user and password from the sender, it opens a new SMTP connection to Exchange and attempt to logon using the credentials. If Exchange accepts them, then XWall itself accepts them from the sender.
-
Inbound SMTP recipient verification against Exchange
ExchInboundEMailAddressQuery=True
ExchInboundEMailAddressQueryInternal=True
After the sending server issued the RCPT TO: with the recipients e-mail address, XWall opens a new SMTP connection to Exchange and send the RCPT TO: with the recipients e-mail address to Exchange. If Exchange accepts the recipient, then XWall knows that the recipient is valid and accepts the message from the sender.
-
Don't enforce a FQDN after the HELO / EHLO command
InboundESMTPEnforceFQDN=False
The RFC requires that the HELO / EHLO command is followed by a FQDN and XWall will not accept a HELO / EHLO without the FQDN. However, some mail clients are not sending a FQDN and so they are not able to send to XWall without disabling it.
-
Add a delay of 3 seconds after the MAIL FROM and RCPT TO command
InboundSMTPThrottling=3
Spammers are trying to send their spam as fast as possible and usually have a limit on how much time they want to spend to send an email. Inserting a delay between after the command makes the connection slower and so an impatient sender will simply give up.
-
Maximum message count in a single SMTP session
InboundSMTPMaxMsgCount=5000
By default XWall accepts 5000 messages in a single SMTP session.
-
Maximum recipient count in a single message
InboundSMTPMaxSendToMessage=5000
By default XWall accepts 5000 recipients in a single message.
-
Maximum bad recipient count in a single SMTP session
InboundSMTPMaxBadMailSession=50
XWall closes the connection after the sending MTA sent that many RCPT TO: with an bad e-mail address. By default XWall slows
down, but doesn't close the connection after 50 bad e-mail addresses.
Don't set this value to low, because else you might have a problem getting newsletters.
-
Send the message back to the sender (echo service)
SMTPEchoAddress=echo@yourdomain.com
XWall will send back every message to that e-mail address back to the user.
This is useful for testing XWall from outside.
Outbound SMTP
-
Route outbound messages based on the MAIL FROM e-mail address
FromStaticRoute=newsletter@mydomain.com.au:smarthost.somewhere.com:0
Send all messages from an e-mail address to a specific smart host.
The double colon is the field delimiter, the first field is the from address, the second field is the smart host, the third
field is ignored.
-
Set how many outbound connections for each priority XWall should create
SMTPSubObjectMax=1
ExchSubObjectMax=1
By default XWall creates one connection to each host for each priory and all messages with the same priority are sent serial. This settings allows you to set how many connection for the same priority XWall creates.
- Send all outgoing messages to a smart
host
SmartHost=mailer1.myisp.com
SmartHostPort=24
This sample defines the first smart host, using a
non-standard port.
SmartHostAlias=mailer2.myisp.com
SmartHostAliasPort=24
SmartHostAlias=mailer3.myisp.com
SmartHostAliasPort=24
SmartHostAlias=mailer4.myisp.com
SmartHostAliasPort=24
This settings define additional smart hosts, also
using a non-standard port.
In this sample XWall will try to connect to the
first smart host (mailer1.myisp.com on port 24 ) and
if this failes, XWall tries to connect to all other
host until one of them accepts the message.
- Send all outgoing messages to Virgin Media smart host
SmartHost=smtp.virginmedia.com
SmartHostPort=465
OutboundSMTPSendTyp=0
OutboundSMTPAuthUser=yourid@virginmedia.com
OutboundSMTPAuthPassword=10yourpassword
In this sample XWall will try to connect to
smtp.virginmedia.com on port 465, which is a
SMTPS/TLS connection. XWall will then authenticate
using your ID and password.
Note: This is only for customers of
Virgin Media (virginmedia.com)
- Connect to more than one Exchange
ExchHostAlias=exchange2.mydomain.com
ExchHostAlias=exchange3.mydomain.com
In this sample XWall will try to connect to the first Exchange and if this failes, XWall tries to connect to all other Exchange until one of them accepts the message.
- Relay messages based on IP address or hostname and MAIL FROM e-mail address
RelayRule=optionalIPAddress:optionalHostname:MAILFROM-EMail
RelayRule=216.38.12.16:www.mydomain.com:newsletter@mydomain.com
Relay messages that are sent from that IP address or
that hostname using the MAIL FROM e-mail address.
The double colon is the field delimiter, the first
field is the optional IP address, the second field
is the optional hostname, the third field is the
email address.
Connection Statistic
-
Dumps the connection statistic to the logfile every x minute
(MBAdmin Signal->Dump Connection Statistic)
DumpConnectionStatisticLogEvery=5
This settings dumps the connection statistic to
the logfile every 5 minute.
This is useful for collecting statistic data
over along time period.
Connection Cache
-
Cache the connection to Exchange
OutboundExchConnectionCache=True
If enabled, XWall waits 10 seconds until the
QUIT is sent and the connection is closed. If a
new message arrives within that timeframe, the
messages is sent to Exchange using the existing
connection.
The benefit of the cache is that the TLS/SSL and
ESMTP handshake is avoided for every message,
which results in less traffic and CPU usage.
OutboundExchConnectionCacheWaitTime=10
The default wait time until the connection is
closed is 10 seconds.
VerboseConnectionCache=True
Show addititional information about the
connection cache in the logfile
-
Cache the connection to any SMTP server
OutboundSMTPConnectionCache=True
If enabled, XWall waits 10 seconds until the
QUIT is sent and the connection is closed. If a
new message arrives within that timeframe, the
messages is sent to Exchange using the existing
connection.
Usualy there is no benefit caching conentions to
any SMTP server and it wastes a lot of memory.
OutboundSMTPConnectionCacheWaitTime=10
The default wait time until the connection is
closed is 10 seconds.
Bind to IP Address and/or Port
-
Bind XWall to IP address and/or port
|
SMTPIPAddress2=0.0.0.0:23 |
; port 23 on
any IPv4 |
|
SMTPIPAddress2=10.1.176.22:24
|
; port 24 on
IP 10.1.176.22 |
|
SMTPIPAddress2="0:0:0:0:0:0:0:0":26
|
; port 26 on
any IPv6 address |
|
SMTPIPAddress2=:27
|
; port 27 on
any IPv4 and any
IPv6 address |
|
SMTPIPAddress2="2001:db8::4711:12":28
|
; port 28 on
IP
2001:db8::4711:12 |
Note: Repeat the lines for additional bindings
-
Bind to port 587 for Apple iPhone
SMTPIPAddress2=0.0.0.0:587
Apple iPhone supports
RFC 4409 - Message Submission for Mail and
so it expects to find the SMTP server at port
587 and not at the default port 25
Note: You also need to enable inbound
authentication in
Options->General->Authentication
Backup MX
Processing messages
-
Define a inbound size limit for an e-mail
address
InboundSizeLimitUser=user1@domain1.com:500000
InboundSizeLimitUser=user2@domain1.com:300000
This tells XWall that this e-mail addresses
have a special size limit and that this limit
overrules the global size limit. You can use
wildcards in the e-mail address and the first
one limit that matches will be used.
-
Define a inbound and outbound limit for message payload
InboundPayloadLimit=500000
OutboundPayloadLimit=500000
The message payload is calculated using the formula: message size in bytes x recipient count
If the payload is above the limit, then XWall rejects the message during the SMTP session.
-
Inbound and outbound reassemble message
InboundAssembleHdr=X-SomeHeader
InboundAssembleHdr=X-AnotherHeader
OutboundAssembleHdr=X-SampleHeader
OutboundAssembleHdr=X-AnotherSample
This setting tells XWall to adopt the header
lines in case they exist in the original
message.
By default XWall removes all
unknown or unsafe header lines lines when
reassembling a message. The reason is to
safeguard from attacks with spoofed or faked
headers lines.
-
Disable DSN to NEVER and/or MAIL FROM to a NULL-address for spam and OOF
InboundDSNNeverOnOFOAndSpam=False
OutboundDSNNeverOnOFO=False
By default XWall sets DSN to NEVER and/or MAIL FROM to a NULL-address for spam and out-of-office messages. This is to avoid automatic
answers and out-of-office messages as a reply to a spam message. This setting disables this and sends spam messages as normal
messages.
-
Add a header line to every message where the
action was triggered
InboundSpamHeader=X-SomeHeader: AnyData
By default XWall adds the X-XWall-Spam:
header line to every message where the action
was triggered. This setting let's you add your
own header line. This is useful if you want to
create some special rules in your e-mail client
or for e-mail clients that expect a fixed header
line like GroupWise.
-
Block outbound messages that are not from an internal domain
OutboundBlockAddressOnlyInternal=True
As spam typically originates from random sender addresses, this can be used to filter outgoing spam that are originated by a
user that uses XWall as a relay.
Note: This also blocks auto-forwarded mails. As a consequence, this is the end of auto-forwarder loops, too. Some users will be
disappointed that their forwarders to external web mailers are stopped, but administrators have one less issue to worry about.
-
Reject internal From: address during the
SMTP session
InboundBlockFromUsSMTPLevel=True
If
Check if the message has an internal From:
address is enabled, then this setting
rejects the message during the SMTP session.
Note: An exclusion for the
recipients address will not work, because the
message is rejected before the recipients
address is known.
Startup
- Send a message to postmaster after XWall is started
(start service or mbserver.exe)
SendStartup=True
XWall sends a message to postmaster after all configuration checking is done.
SendStartupTo=other@domain.com
By default the messages is sent to postmaster, but this is where you can define an alternate address.
- Send a message to postmaster after XWall is
restarted
(internal restart because the configuration has
changed )
SendStartupAlways=True
XWall sends a message to postmaster after all configuration checking is done.
SendStartupTo=other@domain.com
By default the messages is sent to postmaster, but this is where you can define an alternate address.
- Send a message to postmaster after XWall is started when there is a configuration error or warning
SendStartupWarn=True
XWall sends a message to postmaster after all configuration checking is done and there was a warning or error.
SendStartupToWarn=other@domain.com
By default the messages is sent to postmaster, but this is where you can define an alternate address.
- Add a delay at startup after a reboot
StartupDelayFresh=30
Since November 2008 the DNS server of Windows 2003 doesn't work immorality after a reboot. As a result the DNS checking of XWall may
fail. Adding a delay in XWall gives the DNS server enough time for housekeeping.
Logfile
- Send logfile to postmaster
(MBAdmin Signal->Send logfile)
SendLogFileTo=youremail@domain.com
By default the logfile is sent to postmaster, but this is where you can define an alternate address.
TLS
- Disable weak cipher
TLSServOmitWeakCipher=True
TLSClientOmitWeakCipher=True
This setting
disables SSLv2 and 40bit and 56bit ciphers.
-
Enforce TLS for domains
- for inbound connections
InboundSMTPTLSRequired=trusted-sender.com
InboundSMTPTLSRequired=hotmail.com
- for outbound connections
OutboundSMTPTLSRequired=secure-bank.com
OutboundSMTPTLSRequired=trusted-recipient.com
This setting enforces TLS for the given domain.
For inbound connections this is the domain of the senders e-mail address.
For outbound connections this is the domain of the recipients e-mail address.
In the case the connections omits TLS, XWall sends back error
530 5.7.0 must issue a STARTTLS command first
-
Enforce TLS for an IP address or a host name
- for inbound connections
InboundSMTPTLSRequiredHost=mail.trusted-sender.com
InboundSMTPTLSRequiredIP=176.12.17.0/24
This setting enforces TLS for the given IP address or host name.
In the case the connections omits TLS, XWall sends back error
530 5.7.0 must issue a STARTTLS command first
-
Enforce TLS for authenticated users
- for inbound connections
InboundSMTPTLSRequiredAuthUsers=True
This setting enforces TLS authenticated users.
In the case the connections omits TLS, XWall sends back error
530 5.7.0 must issue a STARTTLS command first
-
Verify TLS certificate for outgoing
connections
- for outbound connections
OutboundSMTPTLSVerify=True
Verifies the certificate of the
server and shows a trust level.
OutboundSMTPTLSVerifyOCSPAndCLR=True
Verifies the certificate revocation
status using CRL (Certificate
Revocation List) or
OCSP (Online Certificate Status
Protocol)
- for Exchange connections
OutboundExchTLSVerify=True
Verifies the certificate of the
server and shows a trust level.
OutboundExchTLSVerifyOCSPAndCLR=True
Verifies the certificate revocation
status using CRL (Certificate
Revocation List) or
OCSP (Online Certificate Status
Protocol)
X-Message-Flag
Outlook displays the content
of the x-message-flag Internet header line in the left
upper part of the message dialog, right above the From:
field. So this can be uses to show some information to
the user.
XWall can show the following information:
- Show the SPF status of the message
InboundXMessageFlagSPF=True
- Show the DomainKey status of the message
InboundXMessageFlagDKIM=True
- Show the SMIME status of the message
InboundXMessageFlagSMIME=True
- Show the TLS status of the message
InboundXMessageFlagTLS=True
- Show the reason why the message was excluded
from spam checking
InboundXMessageFlagExcl=True
- Show the format that was removed from the
message
InboundXMessageFlagFormat=True
RAR
- Add support for RAR archive
UseUnRARDLL=True
Download the latest UnRAR dll from
http://www.rarlab.com/rar_add.htm
and copy it into the XWall directory. Thereafter XWall will use the dll to extract the files from a RAR
archive, the same way as it does for a zip archive.
Central Checksum Service (CCS)
The Central Checksum Service
(CCS) is designed to detect bulk e-mail on a worldwide
level,
a full description is
here.
Since v3.46 CCS also acts as a global heuristic spam
repository.
XWall queries the CCS for the IP address of
the sending MTA and gets back the threshold of heuristic
spam for that IP address.
Further it reports the IP
address of the sending MTA in the case a heuristic spam
is detected.
Blacklist
- Enable the Blacklist
InboundAddressBlackList=True
The Blacklist is similar to the White List, except that it blocks all messages that are sent by an e-mail addresses that is on the
list. This allows your users to add e-mail addresses to the Blacklist by simply sending a command message to the Blacklist.
The action that is triggered when the e-mail is the same as in Options->Blocking->Email
- Maintain a separate Blacklist for each user
InboundAddressBlackListUserBased=True
If enabled, XWall will create a separate Blacklist for each user, rather then one list for all users.
- Reject the message during the SMTP session
InboundAddressBlackListBlockSMTPLevel=True
If enabled, XWall will reject the message during the SMTP session and the message will not be accepted.
Note: This setting will not work when a separate list for each user is enabled. The reason is that at the time when the
sender is checked, the recipient is not available yet.
- Pack the Blacklist at midnight
InboundAddressBlackListASCII=True
If enabled, XWall will sync AdrIBL-A.dat with AdrIBL-B.dat. More technically speaking XWall will remove outdated and duplicated
entries from AdrIBL-A.dat
- Max addresses to gather
InboundAddressBlackListMaxSlots=100000
Defines how large the Blacklist should become
- Manage the Blacklist by sending a message with an e-mail
address in the subject to Add e-mail address or Delete e-mail address
InboundAddressBlackListFeedAdd=add@blacklist.xxx
InboundAddressBlackListFeedDel=del@blacklist.xxx
Defines an e-mail address that is NOT in your domain and that is used for manually adding or deleting of e-mail addresses.
If you are not sure what e-mail address you should use, then use add@blacklist.xxx and del@blacklist.xxx
To add an e-mail address, send a message to add@blacklist.xxx with the e-mail address that should be added in the subject. To delete
an e-mail address send a message to del@blacklist.xxx with the e-mail address that should be deleted in the subject.
Header
- Suppress Received: header line from Exchange
SuppRecvLn=True
By default XWall adds a Received: header line with
the IP address and the host name of Exchange. This
setting is to disable the Received: header line.
-
Remove X-Originating-IP header line for outbound messages
OutboundRemoveHeaderXOriginatingIP=True
By default Exchange 2010 SP1 adds the originating IP address ( e.g. the IP address that Outlook uses ) to the header of every outgoing message.
With this setting enabled, XWall removes the header x-originating-ip line from outbound messages.
- Add header line to outbound messages
OutboundHeader=:sender@yourdomain.com:reciepient@outbound.com:X-MYHEADER:WhatEverIsNeeded
sender@yourdomain.com is the From: address. If it is blank, it matches all.
reciepient@outbound.com is the To: address. If it is blank, it matches all.
X-MYHEADER: WhatEverIsNeeded is the header line that is added
- Delete header line from outbound messages
OutboundHeaderDel=:sender@yourdomain.com:reciepient@outbound.com:X-MYHEADER
sender@yourdomain.com is the From: address. If it is blank, it matches all.
reciepient@outbound.com is the To: address. If it is blank, it matches all.
X-MYHEADER is the header line that is
removed
IPv6
- Bind to IPv6
InboundSMTPIPv6=True
Using this setting, XWall accepts IPv6 connections.
-
Use IPv6 for outgoing connections
OutboundSMTPIPv6=True
Using this setting, XWall uses IPv6 for outgoing connections.
In the case IPv6 doesn't work, IPv4 is used.
-
Use IPv6 for Exchange connections
OutboundExchIPv6=True
Using this setting, XWall uses IPv6 for Exchange connections.
In the case IPv6 doesn't work, IPv4 is used.
ClamAV
- Connect to ClamAV
VirusScannerClamAVNative=True
VirusScannerClamAVHost=localhost
VirusScannerClamAVPort=3310
This setting forces XWall to connect to ClamAV, the same way as clamdscan.exe connects to clamd.exe.
In the case there is a problem, XWall starts the on-demand scanner, which is usually clamdscan.exe
|
