Navigation:  Security Menu > Security Settings > Security Settings >

IP Shield

Print this Topic Previous pageReturn to chapter overviewNext page

The IP Shield, located under the Security » Security Settings menu, is a list of domain names and matching IP addresses that will be checked during the MAIL From command during the SMTP session. An SMTP session claiming to be from someone at one of the listed domains will be honored only if it is coming from one of the associated IP addresses. For example, suppose your domain name is mdaemon.com and your local LAN computers use IP addresses in the range from 192.168.0.0 to 192.168.0.255. With this information you can setup the IP Shield to associate the domain name mdaemon.com with the IP address range 192.168.0.* (wildcards are allowed). Thus anytime a computer connects to your SMTP server and states, "MAIL FROM <someone@mdaemon.com>", the SMTP session will continue only if the connecting computer has an IP address within the required range from 192.168.0.0 to 192.168.0.255.

You can exempt authenticated sessions from IP Shield restrictions via an option on the SMTP Authentication screen.

IP Shield

This is the list of domain names and their corresponding IP addresses that will be compared when someone attempts to connect to MDaemon claiming to be from one of them.

Domain name

Enter the domain name that you wish to associate with a specific IP address range.

IP address

Enter the IP address that you wish to associate with a domain name.  You must enter this address in dotted decimal form.

Add

Click the Add button to add the domain and IP address range to the listing.

Remove

Click this button to remove the selected entries from the listing.

Don't apply IP Shield to messages sent to valid local users

Click this option if you want only those messages that are destined for a non-local user or invalid local user to be checked for a domain/IP match. This will prevent others from posing as one of your local users in order to relay their mail through your server, but it will save resources by not checking messages that are address to your users. If you enable both this option and the IP Shield honors aliases option below, messages to valid aliases will be accepted as well.

IP Shield honors aliases

Enable this option if you want the IP Shield to honor address aliases when checking domain/IP address shields. The IP Shield will translate an alias to the true account to which it points and thus honor it if it passes the shield. Without this option enabled, the IP Shield will treat each alias as if it is an address independent of the account that it represents. Thus, if an alias' IP address violates an IP Shield then the message will be refused. This option is mirrored on the Options screen of Address Aliases — changing the setting here will be reflected there.

If you want incoming messages that are addressed to valid aliases to be exempt from IP Shielding then click both this option and the Don't apply IP Shield to messages sent to valid local users option above.