Configuration & set-up advice

Download as PDFDownload as PDF

Expected behaviour

Internal means two different things, each of which is important when describing the action of a mail system.

  • An internal mail address is an e-mail address in a domain which the mail system is intended to support. Your mailer will be close to the point at which mail is delivered to such addresses; it will recognise who the messages are for and will relay them as necessary to complete delivery.
  • An internal IP address is one in the networks under your management. When users of your service send messages, the mailer will be close to the origin of the messages; it will recognise where they come from and will relay these too to to the rest of the Internet as necessary.

In general the relaying behaviour expected of a mailer is as follows.

  • internal IP address to internal mail address, permitted.
    A local policy matter, provided that it does not leave a chain of relays in your network which can result in relaying you would otherwise prevent.
  • internal IP address to external, permitted.
    Note that you MUST NOT permit relaying solely on the basis of the originator mail address either in the SMTP MAIL FROM: or in the From:, Sender: or any other header lines. Indeed, you MAY reject outbound mail if the originator mail address is not a local one, although this may cause inconvenience similar to that mentioned in Router blocking below.
  • external to internal mail address, permitted.
    You SHOULD accept mail for valid addresses in domains for which your mailer is responsible, which will normally include your organisation's main domain, any sub-domains visible for mail and possibly some others too.
    Some local addresses will result in mail later being delivered to some different domain; this is correct and acceptable (for instance, a seconded lecturer or student on placement may have their mail forwarded).
    Naturally, your mailer will report failures for any mail addresses which appear internal (they have the right domain) but are invalid. This is a separate matter.
  • external to external, FORBIDDEN.