SMX Provisioning Email (Scrubbing Only)
Copy of the email SMX send when a new client is provisioned
This email is to confirm that the provisioning for your requested SMX services has been completed.
The Next Steps – DNS Changes – Inbound Service
The next move is to update the DNS MX records so all inbound email is relayed to our servers. The recommended MX records are:
10 mx1.securemx.biz.
20 mx2.securemx.biz.
(Ensure there are no other MX records present).
Once completed, SMX will immediately begin accepting email from the world, and deliver it to the defined Mail Relay Host that has been configured – your mail server.
When modifying your DNS MX records please ensure that you do not remove the ‘A’ record for your mail server, as this is where SMX will be relaying all inbound emails.
Also, when making any DNS changes, the TTL (Time to Live) for the DNS record needs to be considered. Ideally you would have reduced the duration of your TTL well ahead of the DNS change, to minimise transition time. We recommend a TTL of 300 seconds (5 minutes) – a short TTL will also let us rollback to previous config rapidly, should it become necessary.
After the DNS change, there are several additional changes that should be made to complete the process of commissioning the SMX Inbound service – these are outlined below.
Port 25 block – Inbound Service
We strongly recommend blocking inbound port 25 on the firewall for all except our IP address ranges, which are as follows:
203.84.134.0/23 (203.84.134.0 to 203.84.135.255)
113.197.64.0/22 (113.197.64.0 to 113.197.67.255)
This ensures that spammers cannot bypass our filters by sending spam directly to your mail server. Without this, you will not receive the full protection from our service.
Disable other IP Checks – Inbound Service
SMX is acting as an email gateway for all inbound email. In order to ensure seamless and timely delivery of email to your platform, any measures your email server may have employed that refer to IP address validity or reputation should be turned off.
In particular:
– SPF. If you have Sender Policy Framework (SPF) checks enabled, these will fail, as you will not see SMX as an authorised sender for most domain names.
– RBL/Blacklists. If you have any Blacklist subscriptions that are driven by the IP that is connecting to you directly, these should be disabled – in the unlikely event that the SMX platform is listed on a blacklist, you could end up rejecting your own email.
– Rate Limits. We will now be the sole source of email to your mail server, with the vast majority all appearing to come from a small list of IP addresses. Any rate limiting technologies you have deployed, may have a detrimental affect on your inbound email.
SMX’s platform carries out all of the above checks, so let us do the work for you!
Define your ‘SmartHost’ – Outbound Service
Important: If you have an SPF record published, you must amend this before actioning the next step. See below for details.
The next move is to update your outbound mail server to use SMX OMR host as the ‘SMTP Smart Host’. This means all of your outbound mail will be passed to SMX, for us to on-deliver on your behalf.
The SMX OMR hostname is omr.securemx.biz.
Additional Information about omr.securemx.biz.
If your mail server supports MX queries for SmartHosts, you will get the full benefit of our redundant OMR configuration. The address omr.securemx.bizhas two MX records provisioned, which will let you automatically fail over to our secondary datacentre, should the primary have a problem. The records are arranged like this:
10 omr1.securemx.biz.
20 omr2.securemx.biz.
As an alternative you can directly configure ‘omr1.securemx.biz‘ and ‘omr2.securemx.biz‘ within your system to provide for your own mail server to fail over to the alternate.
Port 25 block – Outbound.
Where practical, we recommend that you block outbound Port 25 to all destinations that are not our subnet. This has the effect of forcing all outbound mail delivery (on port 25) through our platform, preventing email from bypassing our security measures. The network ranges you should permit are as follows:
203.84.134.0/23 (203.84.134.0 to 203.84.135.255)
113.197.64.0/22 (113.197.64.0 to 113.197.67.255)
Sender Policy Framework (SPF).
SMX recommends that our customers publish SPF records into the DNS.
SPF lets the holders of a domain name declare openly, who is permitted to send email on their behalf. This provides mail servers with a means to establish whether the email coming in is legitimate, or is a case of domain name impersonation.
An SPF record is simply a DNS entry of type TXT, added to your DNS Zone.
For a customer whose email is entirely relayed through the SMX OMR service, we recommend the following SPF record:
“v=spf1 mx include:spf.securemx.biz -all“
For more information about SPF, including tools that will help you create an SPF record suitable for your needs, visit openspf.net.
If you would like assistance setting up your SPF records please contact our support team
Note: If you already have SPF deployed, you must amend your published record to include the parameter ‘include:spf.securemx.biz‘ before you switch to our OMR host. Failure to do this in advance may cause some remote parties to reject email we send on your behalf, as we won’t have been declared as authorised to send it.
Support Procedures.
If you have any problems or questions and wish to contact SMX, our support FAQ is your first stop.
FAQ: https://smxemail.com/support
In the FAQ you can find out how to:
-
submit a false positive report (legitimate mail mis-classified as Spam)
-
submit a false negative report (spam that has not been filtered/stopped by SMX)
-
contact us with any other general enquiries.
The SMX Portal provides our customers with the ability to see information about their inbound mail flow, and if you have the appropriate permissions, you can create policies to blacklist or whitelist email based on certain conditions, or make changes to your Mail Relay Host settings.
Portal Login: https://smxemail.com/login
The credentials for the Portal have already been emailed to all valid portal users. If you don’t have this information, please contact us for assistance.
SMX Terms and Conditions.
SMX’s standard customer Terms and Conditions can be viewed on our website:
https://smxemail.com/aboutsmx/
Trial Customers, Please Note: It is the responsibility of the customer (who is taking part in the trial of an SMX service) to notify SMX within 3 working days of their trial end date if they do not wish to continue using the service being trialled. SMX will consider no notification to be an acceptance of the terms and conditions of the service being trialled and confirmation that the customer wishes to be billed for the ongoing use of that service.
Don’t hesitate to call or email us if you have any queries with any of the above.
Regards,
SMX NZ Provisioning Team
Web: http://smxemail.com
Tel: 0800 769 769 (from NZ)
1800 476 976 (from Aus)
+64 9 302 0515 (from all other countries)
Fax: +64 9 302 0518 (monitored during NZ business hours)