Ensure Delivery to Destination Servers
In some cases configuration changes are required to the destination server to ensure the Mail Assure servers can deliver to your destination server without interruption. This includes disabling any spam filtering, and any SPF, DMARC, and any Authentication checks as these checks are already performed by the Mail Assure systems.
Multiple filtering of a message/connection is not advisable or supported. To ensure delivery of legitimate messages, disable all filtering for Mail Assure IP addresses, as the IP address for the source of the message on the secondary filtering will be Mail Assure, not the original sender.
Microsoft Exchange
For more information, see the Microsoft documentation for Antispam protection in Exchange Server.
Ensure configuration as per:
When a message is delivered to a Mail Assure Filtering server it will check for SPF.
If the delivering server is allowed to deliver, we will accept it (given that other parts of the spam filtering process also indicate it is not spam).
When Mail Assure delivers the scanned messages to your destination server, your server will most likely reject, block or delete the messages because your server sees our servers as the delivering servers which are not listed in the SPF records as valid delivery system. To stop this behaviour from happening we highly recommend you to disable SPF checking. In most cases this needs to be done on server level and cannot be done on domain-level.
See Configure Incoming Filtering with Exchange Online (Microsoft 365) for full details.
Please ensure that the steps below are done, for correct delivery to WHM/cPanel based environments:
- Make sure your Email Routing is set to Local Mail Exchanger and not at Auto Mail Exchanger (assuming email is handled locally)
- Ensure that the "catch-all" option is disabled for domains, this can be done by setting the following option:
"Default Address" > "Discard the email while your server processes it by SMTP time with an error message
- Accept delivery servers. This allows us to bypass sender/recipient/spam and relaying checks and ensure proper delivery, and can be done by adding the delivery IPs to the "Only-Verify-Recipient" option in:
Exim Configuration Manager > Basic Editor > Access Lists
- If you are using ConfigServer Firewall (CSF) within WHM/Cpanel, it is advised to accept delivery IPs there too. The delivery IPs can be added directly in the following location:
/etc/csf/csf.ignore
- Once added, restart CSF
- Ensure that smtp_accept_max is set to cPanel default (100)
If cPanel detects non-local hostnames it will consider the domain remote and will stop accept email for it
It's also possible to add the IPs directly in the following file:
/etc/trustedmailhosts
Please make sure that the IPs are not present in /etc/skipsmtpcheckhosts , but only in /etc/trustedmailhosts as otherwise the status of the domain can appear to be catch-all.
If you are using Postfix with Amavis, there is an easy solution to allow our servers to bypass any filtering on your destination server.
- In your Postfix configuration you need to add this line (or append it to your already existing smtpd_client_restrictions):
smtpd_client_restrictions = check_client_access hash:/etc/postfix/amavis_bypass
- Then create a new file /etc/postfix/amavis_bypass with content:
# Bypass amavis entirely for emails originating from # Mail Assure' delivery cloud by immediately re-inserting # into Postfix # delivery.antispamcloud.com FILTER smtp:[127.0.0.1]:10025
- Save the file and postmap it by entering:
postmap /etc/postfix/amavis_bypass
- Restart Postfix and all of the deliveries originating from our platform will bypass any virus-, spam- and spf checks initiated by Amavis
This will not affect any of your other domains on this destination server, only connections originating from delivery.antispamcloud.com.
Follow the below steps to ensure uninterrupted deliveries from Mail Assure to SmarterMail.
Allow list delivery servers
To avoid subjecting Mail Assure deliveries to SMTP IDS rules, greylisting and standard spam checks, allow the Mail Assure IP addresses on the SmarterMail server:
- Log into SmarterMail as the Administrator and click the Settings icon in the top toolbar
- In the navigation pane, go to Security. Then click on the Allow list tab
- To add a Allow list entry click the New button then complete the following information
-
In the IP Address (single, range or CIDR block) textbox, enter the delivery.antispamcloud.com IP range
185.201.16.0/22
- For identification, enter "Mail Assure Incoming Filter" in the Description field
- Enable the SMTP and SMTP Spam Bypass options
- Click Save once complete
We also cover the above steps (with images) in the SmarterMail Integration Incoming Filter section.
Turn off SPF and DKIM spam checks
Where enabled, SmarterMail runs SPF and DKIM spam on ALL emails, including those from trusted senders and Allow listed IP addresses. To ensure SmarterMail does not subject Mail Assure deliveries to these identity checks, turn off the SPF and DKIM spam checks:
- Log into SmarterMail as the Administrator and click the Settings icon in the top toolbar
- In the navigation pane, go to Antispam
- Click on the Spam Checks tab
- Click on the DKIM spam check
- Untick Enable Spool Filtering and click Save
- Click on the SPF spam check
- Untick Enable Spool Filtering and click Save
For integration information, visit the SmarterTools SmarterMail Mail AssureIntegration section.
A multi-purpose PHP script can be found here for KerioConnect which creates/updates an IP Address Group with our delivery IP's.
View the readme.txt file within the .zip folder for usage information before running the PHP script.
This script is provided as-is. We are unable to provide support for this. No warranty is given on proper operation, use at your own risk.
This list can be used to disable various limits/filters such as spam filtering, SPF checking and the Spam Repellant.
To prevent your DirectAdmin system from rejecting deliveries you can add the delivery IPs or hostname to the following file:
/etc/virtual/allowlist_hosts
For Hosted Cloud users Please add "delivery.antispamcloud.com" to the above mentioned file.