SUM Group Postini Support & Startup Information (Postini Enterprise Manual)
Getting Started Essentials
Message Center / Administration Login:
http://login.postini.com/
Administrator Password
Requirements:
Each user will be asked to
change their temporary password upon first login. Users that have
been granted Administrative rights have a higher level of password
requirements as follows -
Contain at least six alphabetical letters
Contain at least five unique alphabetical letters
Not be a dictionary word
Not be sequential letters
Not contain an email address
DNS Settings
Information
Insert the following DNS MX
records at a higher priority than your current DNS MX records for your domain.
(This changes the preferred mail hosts for your domain to the servers of your
new email protection service.)
MX Record Format
| domain.com. |
IN |
MX |
100 |
domain.com.s6a1.psmtp.com. |
| domain.com. |
IN |
MX |
200 |
domain.com.s6a2.psmtp.com. |
| domain.com. |
IN |
MX |
300 |
domain.com.s6b1.psmtp.com. |
| domain.com. |
IN |
MX |
400 |
domain.com.s6b2.psmtp.com. |
|
OPTIONAL |
|
|
|
|
| domain.com. |
IN |
MX |
500 |
old-mail-server.domain.com. |
Notes:
- Important: The time for MX record changes to propagate is based on
your TTL (time to live) setting. For example, if your TTL was
originally set for 24 hours, you must wait the full 24 hours for the
MX record changes to take effect.
- Some DNS services / control panels don't allow prioritization
using the numbers 100-600, and may use a different numbering scheme
(for example, 1-6). You may use any prioritization numbers as long as
the DNS MX entries are in the order described above.
- You should delete your old lower priority
MX records once you verify the email is flowing correctly through your
new email protection service. (This prevents spammers from
sending junk email using older DNS MX entries, thus bypassing your
email protection service.)
Firewall Security
Once you have Postini up and running, we highly recommend that you take
steps to keep unauthorized delivery attempts from reaching your mail
servers. To do this, simply block all SMTP / Port 25 traffic EXCEPT from
the Postini Data Centers. Below, find the IP range for this setting.
Postini Data Center /Server IP Range
Outbound SMTP Server Address (Setting
Up Outbound Filtering)
outbounds6.obsmtp.com
Reverse DNS Entries / Server Name Masquerade
In attempt to block spam many ISPs and mail server configurations are
blocking messages delivered from domains that do not have reverse a DNS
entry corresponding to the public IP address of their mail server. We
recommend that you work with your ISP or service provider to establish
this entry as soon as possible. Certain mail servers may use a
combination of indicators including reverse / forward DNS lookups on your
mail server AND if your domain's MX record matches the same address. In
such situations, your new Postini implementation may trigger false spam
reports from companies you previously sent mail to.
Other servers may more closely inspect the SMTP communication to confirm
that your mail server's "stated name" matches the DNS information. Look
for and implement a feature in your mail server to align its SMTP name
with the Public IP address' DNS name. Example "mail.domain.com".
Mail Server Requirements:
Postini is compatible with virtually every mail server.
Please contact us or your Mail Service Provider if you have
questions regarding compatibility. In a
very limited number of cases - typically when using a "shared"
ISPs configuration - a mail server may be configured to reject
messages it receives for your domain if it is not listed as the
DNS MX record. See notes below on recommended steps to
protect mailboxes on a "Shared" mail server.
Support
Links and Resources
Postini Enterprise Manual
Header Analyzer
/ How to extract headers (Outlook
/
Notes)
How to Interpret Header Tags
Troubleshoot Spam that Gets Through
Frequently Asked Questions
How does the Postini spooling feature trigger?
The spool will initiate if the following conditions are met:
1) Three failed connections within a 60 second period, attempting
delivery every 15 seconds.
2) Zero successful connections during the Spool Delay period.
3) Three more failed connections within the first minute after the delay
period has completed.
One single successful connection during this entire process will reset the
spooling conditions.
What are Non-Delivery Receipts/Reports (NDRs) and how can we filter them
without blocking valid bounced emails?
Spammers use a variety of tricks to reach mailboxes. One such way
is to send out huge volumes of mail where the sender address is "spoofed".
Unfortunately the forged address might be your address. When the
email attempts delivery to a mailbox that no longer exists or bounces the
message it will come back to the forged address in the form of an
Undeliverable or Delayed Message.
Postini has developed specific techniques to combat such attacks.
Please review this tech note for instructions:
Configuring Content Filtering to
Block NDRs / Back Scatter (Tech Note)
Our email is hosted on a shared server.
How can we protect our mailboxes?
Most "shared" mail servers can not be
configured to block messages that attempt to be delivered directly
(i.e. by passing the Postini service) as a result some messages may not be
filtered. You can confirm if a message went through the
Postini service by examining the message header. Since
Postini can direct your mail to any valid host or IP address - if
all possible - we highly recommend that you ask your mail hosting
provider to accept mail for your domain at a server that does NOT
have you domain in it (for example mx01.yourisp.com).
Further - be careful to NOT expose the name of your mail server
host in your MX records as spammers will use and record all MX
records for their use over time. Taking this a step further
ask your ISP to not use standard host names like "mail.yourdomain.com"
or "smtp.yourdomain.com" as these standard names are subject to
attack.
|
