LevelBlue Completes Acquisition of Trustwave to Form the World's Largest Pure-Play MSSP.  Learn More

LevelBlue Completes Acquisition of Trustwave to Form the World's Largest Pure-Play MSSP.  Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Operational Technology
End-to-end OT security
Microsoft Security
Unlock the full power of Microsoft Security
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Microsoft Security
Unlock the full power of Microsoft Security
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Loading...
Loading...

HOWTO: How do I use remote authentication with MailMarshal?

Expand / Collapse


This article applies to:

  • Trustwave MailMarshal (SEG)

Question:

  • How do I use remote authentication for client connections to MailMarshal?
  • Can I use SMTP Authentication for outbound connections from MailMarshal?

Information:

Outbound authentication:

Current versions of SEG/MailMarshal allow SMTP authentication for outbound connections to other servers. Authentication can use several mechanisms and you can also require TLS connections.

For details, see the section "Editing Routing Table Information" in the MailMarshal User Guide, and the Help for routing table configuration.

Client or Inbound authentication:

All versions of MailMarshal SMTP allow inbound SMTP authentication. Remote users outside your network can supply a user name and password to relay through MailMarshal. Bona fide remote users are allowed to send e-mail, while unauthorized users (such as spammers) are prevented from using MailMarshal to relay.

Why use remote authentication?

There are a number of ways to allow relaying in MailMarshal:

  1. By using a receiver rule to allow relaying from a specific domain
  2. By allowing specific IP addresses to relay

A more flexible and method is to require the remote user to supply a user name and password before relaying is allowed. This can be achieved by creating a single user account on MailMarshal and by then supplying this account information to all remote users. It is also possible to create an individual user account for each remote user.

What is required on the MailMarshal server?

  • In current supported versions of MailMarshal, you can validate SMTP authentication against an AD group. For details, see Knowledgebase article Q16649.
  • In all versions, you can authenticate using locally created Accounts. Use the Configurator or Management Console to create accounts (known as POP3 accounts in earlier versions).
  • If the purpose of the accounts is for relaying authentication only, it is important to enter a false e-mail domain address in the SMTP alias (if the e-mail domain matches a local domain, the MailMarshal Sender will set aside e-mail in a POP3 folder).
    • If you want to use the POP3 function for users to retrieve mail, see Trustwave Knowledgebase article Q10472.
  • Supply the user name(s) and password(s) to the remote users.

Note: For more information about creating accounts, see the User Guide for your version of MailMarshal.

SMTP authentication is disabled by default. To enable this option:

  • 10.0 and above: In the Management Console see System Configuration | Receiver Properties | Advanced
  • 8.X: In the Configurator see Tools | Trustwave SEG Properties | Receiver Properties | Advanced
You can Choose to allow authentication from all locations, or external connections only.

    You must create a Receiver rule, which specifically allows authenticated users to relay. The rule MUST apply to outbound messages and could look something like this:

    When a message arrives
    Where message is outgoing
    Where sender has authenticated
    Accept message

    What is required on the remote client?

    The mail account properties of the remote client need to be changed to indicate that the outgoing mail server requires authentication. 

    Using the service

    When the remote user tries to send an outbound message through MailMarshal the mail client will now prompt for a user name and password. This information is passed to the MailMarshal server, and if it matches an existing account, the remote user is allowed to relay. This process should be transparent to the user if the password is automatically remembered.

    Is this a security risk?

    If you use passwords that you have entered in MailMarshal, the security risk is minimal. This method is simply used to allow users to relay through your system. The user name and password used here corresponds to a MailMarshal account only. It does not grant access to other MailMarshal services, because the services rely on Windows authentication. It does not grant access to any existing internal mail server.

    For further security, MailMarshal supports CRAM-MD5 digesting of the authentication information.

    Note: MailMarshal also allows you to use Windows account passwords (if the password field is blank, a Windows account is assumed.) This option represents a significantly higher security risk, as the Windows account could allow access to other items.

    To use Windows passwords, you must ensure that the account name matches a valid Windows account that can be authenticated on the servers where email processing occurs (standalone server or array processing nodes). The accounts used for MailMarshal services must have administrative permissions. If you are using internal Active Directory accounts, these servers must be in the AD environment. 

    This article was previously published as:
    NETIQKB29207
    Marshal KB139

    To contact Trustwave about this article or to request support:


    Rate this Article:
         

    Related Articles



    Add Your Comments


    Comment submission is disabled for anonymous users.
    Please send feedback to Trustwave Technical Support or the Webmaster
    .