EuropeanMX

FAQ - Frequently Asked Questions

FAQ Installation
Setup and configuration
Email filter technology
Technical details
General

If you have multiple domains, you can make use of the free domain aliasing option. Domain aliases can be added to your main domain directly in your customer account within the domain details. Any email sent to the domain alias will be delivered to the same user of the main domain.

Example:
Let's assume you have the main domain example.com, with destination mail server mail.example.com, and the alias domain example.org. Email sent to myemail@example.org will be delivered to the SMTP server mail.example.com with the recipient myemail@example.com. The email "To:" headers will still show the original recipient as myemail@example.org, however.

Control panel:
Alias domains don't have separate access to the control panel, so you must continue to log in as you normally do. Since all SMTP traffic to the domain alias is rewritten to the main domain automatically, any changes/lookups on the main domain, will simply include the alias domain traffic as if it was sent directly to the main domain. Consequently, If you are searching for a specific email sent to a domain alias using the log search, the recipient will therefore show as user@maindomain.

With this option you can enable periodic protection reports based on users. You can add users, either individually or via the .csv upload function for multiple users.

HTML Report
The HTML report contains a summary of the caught spam messages that the filtering service has protected for the specific email user from receiving. The report allows you to release any messages directly from the report without having to log in to the interface or IMAP.

PDF Report
The PDF report outlines a summary of the spam and viruses that the filtering service has protected the domain (or address) from receiving, and also includes information about the total volume of mail processed for the said user.
The report also includes a detailed table (for auditing purposes) of messages that were rejected but not quarantined; A similar table is also included of messages that were quarantined, including links to release each message directly.

Auto-Enable Reports
The option "Automatically activate for all recipient" means that when spam is delivered to new users not yet known to our systems, they will automatically be added to the Periodic User Report. When this happens, first the end user will receive a "welcome" email, announcing that their personal quarantine has been enabled. Then 24 hours later they will start to receive the daily (or weekly) user reports containing a list of all blocked messages from the previous 24 hours.
In the welcome email and reports there will be a login link, when users if necessary, can click, login and create themselves a password for their own personal account, and then have the option to log directly into the interface or via IMAP and manage their own log search and quarantined messages. Once this has been done, the user will be added to the "Manage Email Users" page of the interface.

**Please note; If your domain has "Catch-All" enabled, then this option will not be able to be enabled directly from the interface, as this will cause many non-existant entries.**

If you are unable to disable the "Catch-All" status of the mailserver for any reason, then it would still be possible to enable the "auto-enable" feature, however for this to work you will need to use the "Local Recipients" option from the interface and add the specific individual users to be used as local recipients. This will mean that any emails to anyone that is not added to this list will be immediately rejected.

Periodic Domain Reports
The Periodic domain report allows you to configure one address to receive a daily or weekly PDF or HTML report for the whole domain.

To avoid spammers being able to directly deliver the spam to your mailservers without being scanned first, you have to make sure your mailserver only accepts email that originate from the EuropeanMX Cloud filtering systems.

For redundancy reasons, our EuropeanMX Cloud nodes are located in many different networks/datacenters. You can find a list of all IP's on our website https://europeanmx.eu/en/mxstatus. Since the EuropeanMX Cloud is regularly expanded, new IPs may be added at any time. To only accept email from the Hosted Cloud filtering nodes you should allow email based on the delivery hostname "delivery.antispamcloud.com". This hostname contains all active delivery IPs and is used as reverse DNS for the delivery IPs.

Please make sure your firewall does not block port 53 TCP

Alternatively if allowing email based on hostname is not an option, you could change your destination mailserver to listen on an alternative port (for example 2525 instead of the default 25). The special port can be set for delivery when editing the destination route for your domain.

If you want to use our IMAP quarantine & training system in your mailclient, you have to configure this.

As IMAP server you have to use "quarantine.europeanmx.eu", use username "mydomainname.com" (replace with your own domain name), and use the password you have set for the domain user.

Please note, that in Outlook 2013 there are issues when using the IMAP quarantine. We have contacted them about this, however as yet a fix has not been provided.

What are ARF reports?
An ARF (Abuse Reporting Format) report is an email format abuse report which is generated every time an outgoing sender's message gets blocked.


How do I set this?
This can be set by adding the email address you wish to use at the domain's settings page of each domain under the 'Administrator contact', or by setting the Clusters default Administrator contact.


Why should I use this?
Using these reports are extremely useful for closing down spammers in your network, giving you an alert each time a spam message is sent. Each report contains the message that was blocked as an attachment, as well as information regarding the outbound sender account that was used and a time stamp.


What else should I know?
We recommend adding the email address you are using to the recipient whitelist, as the AFR reports contains a copy of the spam message that was blocked, and this can cause the reports to be blocked by the incoming filter. Alternatively you an use an email address especially designed for this, that does not have any filtering on this address.

Spammers may abuse a script on your servers to send out spam directly to port 25 destination email addresses, thereby bypassing the EuropeanMX smarthost filtering. There should be no legitimate reason for scripts to communicate to port 25 on external servers, all email should be handled locally on port 25.

You can simply use the iptables firewall to block port 25 outgoing connections, thereby forcing all traffic to pass the EuropeanMX filtering:

- IPv4:
To add:
iptables -A OUTPUT -p tcp --dport 25 -j DROP

To remove:
iptables -D OUTPUT -p tcp --dport 25 -j DROP


- IPv6:
To add:
ip6tables -A OUTPUT -p tcp --dport 25 -j DROP

To remove:
ip6tables -D OUTPUT -p tcp --dport 25 -j DROP

Please ensure the rules are applied automatically after a reboot again.

What is a SPF record?
A SPF (Sender Policy Framework) is a way to allow you to restrict which mail servers are allowed to send email for your domain name.

An example of an SPF would be : example.com. TXT "v=spf1 -all"

SPF records are TXT records placed into a domains DNS.


How should I set it up?
To set up a SPF record please go to the DNS of your domain. Create a TXT record for the outgoing sending domain with the following details:

v=spf1 include:spf.europeanmx.eu -all

The adress of our smart host is relay.europeanmx.eu. Please ensure to use the outgoing filtering service port 587.

First of all you've to setup a user for outgoing emails. This can be done in the webinterface at the domain dashboard using the " Manage users " option in the outgoing section on the dashboard. You can have either have per-username authentication or IP based users.

This is depending on which domain hoster you are using. In generell the following MX records have to be used:

- 10 mx1.europeanmx.eu.
- 20 mx2.europeanmx.eu.
- 30 mx3.europeanmx.eu.
- 40 mx4.europeanmx.eu.

Backupserver can't be used. The numbers 10 - 40 are used to decribe the priority. Please take care about the point(s) at the end of the destination. Depending on which hoster you are using you will have to add a point at the end.

Here you can find an overview of the most important hosters and their explanation how to setup a MX record in their system:

- 1&1: http://hilfe-center.1und1.de/hosting/server-c10082640/dedicated-server-linux-c10082668/verwaltung-im-control-center-c10082776/eintrag-eigener-mailserver-mx-record-a10783832.html

- Hosteurope: https://faq.hosteurope.de/index.php?cpid=10809

- All-inkl: http://all-inkl.com/wichtig/anleitungen/kas/tools/dns-werkzeuge/mx-record-mit-host-aendern_154.html?suche=mx-record&textsuche=ja

- one.com: https://www.one.com/en/support/guide/manage-your-dns-settings#mx

- strato: https://www.strato.com/faq/en_us/article/1831/What-settings-can-I-configure-in-the-MX-Record-configuration-dialog.html

- United Domains: https://help.united-domains.de/faq-article/wie-kann-ich-einen-mx-eintrag-fuer-meine-domain-hinterlegen

- alfahosting: http://alfahosting.de/antworten-auf-ihre-fragen/?cid=78&id=248#a248

- DomainFactory: unter Konfigurationsbeispiele https://www2.df.eu/de/support/df-faq/domains/nameserver/

- united-hoster: https://support.united-hoster.de/index.php?/Knowledgebase/Article/View/211/0/domain-konfigurieren-und-in-plesk-anlegen

There are 2 options in order to use the outgoing filter:

- Via SMTP user:
The easiest way to use our outgoing server is per user-authentification. First you'll have to configure a outgoing user in our spampanel. Go to Outgoing/Manage Users and create an user (for example user@yourdomain.com) and a password. At the details you can choose in which way you want to authenticate the user. We recommend to use the method "Authentication user". Additionally you should activate the option "Automatic lock" to avoid any abuse.

Please use the following information to configure the outgoing server in your mailclient:

Hostname: smtp.europeanmx.eu
User: Your_mailadress (Mailadress of the outgoing user configured at the panel)
Password: Your_password (Password of the outgoing user configured at the panel)
Port: 587

- Via smarthost:
You can add a single outgoing user account (with a username/password or IP) on the filtering server and redirect all outgoing traffic of your email infrastructure using the filtering cluster as smarthost. Most email servers have a "smarthost setting" to accomplish this. You're likely to prefer to set the "automatic lock" option to disable to avoid one end-user getting the full server account locked for sending out spam. If you do disable this, doing this continues to block messages detected as spam and reported to the administrator for further evaluation.

When using the smart-host setup you'll need to make sure that you correctly set the limits per-user (based on the server).

Please note that our servers will accept a maximum of 10 concurrent connections from your servers. This ensures optimal delivery speeds. To prevent your server from getting temporary rejects "421 Too many concurrent SMTP connections from this IP address; please try again later." and queuing the messages, please ensure to configure your MTA to open a maximum of 10 connections concurrently. This will prevent a backlog building up on your server(s).

The hostname of our smart host is relay.europeanmx.eu. Please ensure that the messages were sent via port 587. Otherwise you'll receive the error "550 Relay not permitted!" and the messages could not be sent.

Further you'll have to change the SPF record if you're using our outgoing filter. Please change the record to:

v=spf1 include:spf.europeanmx.eu -all

If you are using a cPanel server, please make sure that when manually changing your domain MX records, the cPanel Email Routing settings are always set to "Local Mail Exchanger" instead of "Automatically Detect Configuration".