1.5 Basic security rules
After installation, successful license activation and basic configuration MetaDefender Email Gateway Security is ready to be used.
However, MetaDefender Email Gateway Security blocks all emails by default. To allow both inbound and outbound email traffic some basic security rule configuration is needed.
The basic security rules created in this chapter may be too permissive and may not be suitable for production deployments.
Prerequisites
The following information is needed to create the basic security rules:
-
SMTP type server profile containing the email gateway (see 1.4 Creating relay and notification SMTP server profile)
-
SMTP type server profile containing the mail server (see 1.4 Creating relay and notification SMTP server profile)
-
MetaDefender Core type server profile containing the Core (see 1.3 Creating MetaDefender Core server profile)
-
Internal email addresses (email address or QRegExp pattern; may be restricted to organization internal addresses only, or allow any email address)
-
External email addresses (email address or QRegExp pattern)
Configuration
To allow both inbound and outbound email traffic go to Policy > Security rules and create the following two basic security rules.
In the examples below we assume that
-
The email gateway IP address is 10.0.0.1 and the SMTP type server profile GateWayRelayProfile contains it,
-
The mail server IP address is 10.0.0.9 and the SMTP type server profile MailServerRelayProfile contains it,
-
Both are on the same /24 subnet.
-
The Core server is configured in the MetaDefender Core type serve profile CoreProfile.
Inbound
Properties not listed in the table below may be left on their default values (if they have, e.g. settings on ACTIONS or ADVANCED tabs) or filled according to the organizational policies (e.g. USE TLS).
Tab |
|
FILTER |
SCAN |
RELAY |
||
Field |
DIRECTION |
SENDER IP ADDRESS |
SENDER DOMAIN OR ADDRESS |
RECIPIENT DOMAIN OR ADDRESS |
METADEFENDER CORE |
FORWARD PROCESSED EMAILS TO |
Value |
INBOUND |
Email gateway IP address |
External email addresses |
Internal email addresses |
MetaDefender Core type server profile containing the Core |
SMTP type server profile containing the mail server |
Examples |
INBOUND |
|
|
|
CoreProfile |
MailServerRelayProfile |
Outbound
Properties not listed in the table below may be left on their default values (if they have, e.g. settings on ACTIONS or ADVANCED tabs) or filled according to the organizational policies (e.g. USE TLS).
Tab |
|
FILTER |
SCAN |
RELAY |
||
Field |
DIRECTION |
SENDER IP ADDRESS |
SENDER DOMAIN OR ADDRESS |
RECIPIENT DOMAIN OR ADDRESS |
METADEFENDER CORE |
FORWARD PROCESSED EMAILS TO |
Value |
OUTBOUND |
Mail server IP address |
Internal email addresses |
External email addresses |
MetaDefender Core type server profile containing the Core |
SMTP type server profile containing the email gateway |
Example |
OUTBOUND |
|
|
.+@.+ (any email recipient) |
CoreProfile |
GateWayRelayProfile |
For details about security rules in MetaDefender Email Gateway Security see 4.2 Security rules.