SpyderMail Welcome – Setup & Configuration

Welcome to the SpyderMail Email Security Service!

Even though we do most of the work for you, some customers find a little more information to be helpful, so this page will provide some basic information on the proper setup for your mail server.

If you have any questions that aren’t addressed below (or you would just like some assistance) feel free to use the Support Form we have made specially for our clients.

How to Switch Your MX Record

You have to tell the Internet to send e-mail addressed to your domain “yourdomain.com” to the SpyderMail service so we can filter it for you and send the clean e-mail to your mail server. To do this you, or your Internet Service Provider (ISP), will have to make a change to the DNS records for your e-mail domain.

Once this change is made to the DNS records there will be a short lag for this change to reach the entire Internet. This time lag is entirely dependent on your Time to Live (TTL) value on the DNS records for your e-mail domain.

When you log into your administration dashboard, you can look on the top right when you’re in https://login.spydermail.com and you’ll see the “getting started” button.

  • Using that button, you’ll be able to see your appropriate MX addresses.
  • Once you have the correct three addresses for your domain, you can repoint your mx addresses to them.
  • They will be something similar to: example-com.mx1-ca.mailanyone.net (where example.com is replaced by your domain)

Once the MX records have changed you can check that they are correct by using the ‘nslookup’ command from a command prompt as per the example below or use a site like http://www.intodns.com, or http://www.geektools.com/digtool.php to look up the MX record for your domain.

Example – from a DOS or command prompt in windows type the following command:

nslookup -type=mx yourdomain.com

The answer should look similar to the following. (Canadian example shown)

yourdomain.com MX preference = 10, mail exchanger = yourdomain-com.mx1-ca.mailanyone.net
yourdomain.com MX preference = 20, mail exchanger = yourdomain-com.mx2-ca.mailanyone.net
yourdomain.com MX preference = 30, mail exchanger = yourdomain-com.mx3-ca.mailanyone.net

Please contact us once this step has been completed including your Customer ID and Email Domain name. If you have any questions about how to make this change contact us before doing anything that may impact your e-mail.

Protect Your Mail Server from Attack

Recipient filtering is required, because it’s a very good idea. It’s important because it protects your server from various types of dictionary attacks, and improves performance due to the fact that it does not have to handle all of the invalid mail sent to your server. There are several ways it can be achieved including one manual way (List) and two automatic ways (SMTP or LDAP).

Advantages

There are a number of advantages to Recipient Validation like those mentioned above, as well as these important advantages:

  • Reduce the load on your mail server.
  • Reduces the bandwidth load on your mail server
  • Reduce the “Back Scatter” that can get your mail server added to BlockLists.
    ( once you’re on a BlockList(s) it can be time consuming to get off of them. )

Note: Our experts have a lot of experience configuring mail servers, and can provide advice if you get stuck ( for example, see the grey “Microsoft Exchange” bar below ) .

We also are expert in advising you of Black Lists you may be on, and how to get removed from them.

When most clients get activated on SpyderMail, they see an immediate 95%+ drop in spam, and if you activate recipient verification, you help knock it down to practically nothing!

FirewallHow Your Firewall Should Be Configured

Once e-mail is flowing through the SpyderMail service, you need to configure your Firewall to allow inbound access from our IP space.

We will send you the correct IP addresses for our delivery servers (and they are also available for you in the management portal).

Currently blocking inbound SMTP traffic? Configure your firewall to only allow inbound SMTP (Port 25) traffic to your mail server from the SpyderMail primary and backup data centers.

Restricting inbound to our delivery servers will stop Spammers from bypassing the protection of the SpyderMail Service by sending Spam directly to your mail server. Don’t forget, spammers can check MX records as easily as we do!

Please contact us if you need any advice or assistance with this step.

What About My Remote Users?

If you don’t have any remote users or they can connect to your mail server via a VPN, WebMail, Remote Desktop or other technique then you can skip this section. If you have remote users that need to send e-mail through your mail server via SMTP then continue reading.

With the application of spam filtering techniques like Sender Policy Framework (SPF) it is getting more and more critical that all e-mail from your domain flow through your mail server so that it does not get blocked as spam. The standard SMTP port used by SpyderMail(TCP 25) should be locked down or firewalled so that spammers don’t try and do an end run around the spam protection offered by SpyderMail

– so where does this leave your remote users?

One technique that works well with remote users is to use a second SMTP server or service on a different port (465 and 587 are popular) and require that they authenticate before letting them send e-mail. Your users can then talk through your firewall, be authenticated, and send e-mail to both others in your company or to people outside. These e-mail’s will be coming from your mail server and thus pass the SPF record check and not be blocked as spam.

We have seen this technique used very effectively with Microsoft Exchange, IPswitch IMail and others. Check your mail server admin guide or contact the friendly support people at SpyderMail.

Please contact us if you need any advice or assistance with this step.

Protect Your Mail Server from Attack

Sender Policy Framework (SPF), as defined in RFC 4408, is an e-mail validation system designed to prevent e-mail spam by addressing a common vulnerability – source address spoofing.

SPF allows administrators to specify which hosts are allowed to send e-mail from a given domain by creating a specific DNS SPF record in the public DNS. Mail exchangers then use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators.

 

Any Tips on Using Exchange?

Recipient filtering is important as it protects your server from various types of dictionary attacks, and improves performance due to the fact that it does not have to handle all of the invalid mail sent to your server.

If you could enable this feature it would be greatly appreciated and would increase the security of your domain(s) and mail server.

Following are some Microsoft KB articles on Recipient filtering in Exchange 2007

Please contact us if you need any advice or assistance with this step.

Now That You’re Set Up

There are a number of resources that are available to you as new SpyderMail clients:

(* messages from this form reach us immediately. after hours, our support staff receive them via text. )

Allowlists & Blocklists

In order for your users to access their personal Allow ListsBlock Lists and Quarantine lists, they just go to: