Page 77 - Mercury Manual.book
P. 77
The MercuryS SMTP Server Module 72
Using SSL for secure connections
if you are using a mail client such as Pegasus Mail, which is immune to HTML-based at-
tacks).
Refuse non-MIME messages MIME has been the dominant Internet standard for formatting
Unfortunately, some auto-
mated systems (such as electronic mail since 1992, and there is no longer any justification for mail systems not to use
backup systems) still gen- it. Turning this flag on tells Mercury that only mail with valid MIME signatures should be
erate non-MIME mail: you
may need to whitelist such accepted; it is especially useful when combined with pure HTML refusal (see above).
systems.
Refuse messages that have no 'subject' field We think it's a matter of basic courtesy to include
a subject line in the mail you send. Turning this switch on allows you to enforce that require-
ment, although an empty subject field will still be accepted, provided at least the header is
present.
Refuse messages that have no or empty 'subject' fields This is a more draconian version of
the previous setting: if you turn it on, messages will only be accepted if they contain a subject
field, and that subject field in turn contains non-blank data.
Refuse messages that have no 'date' field The Internet standards governing e-mail require
that all mail must contain a valid date header. In our experience, practically the only mail that
does not meet this requirement is spam.
Exceptions Just like everything else in life, all these compliance conditions are subject to
cases of "yes, but..." - there are always going to be a few exceptions: for instance, you may
have subscribed to a particular newsletter that regrettably only comes out in pure HTML for-
mat, or you may have an automated server somewhere that sends you progress reports that
don't have a "date" field (we know of several backup programs like this). To get around this,
enter a valid local filename in this field, then click the Edit button next to the field, and add
the sender address that should be exempted from the compliance restrictions. You can use *
as a wildcard character anywhere in the address if you want to exempt entire groups or do-
mains - so, for example, entering *@pmail.com would allow mail from any user at the
"pmail.com" domain to pass through even if it failed one or more compliance tests. Excep-
tions only apply to the controls in the Restrictions to apply to message content group, not to
the transaction-related group.
Using SSL for secure connections
The SSL page of the MercuryS configuration dialog allows you to enable and configure sup-
port for secure SSL-based connections. Configuring SSL is covered in the chapter Using SSL
to secure connections - please refer to that chapter for more information.
Note: Using SSL in MercuryS is probably a less good idea than using it in other modules be-
cause of the general unevenness of the quality of SSL implementations in widespread use.
We recommend that you exercise caution when turning on support for SSL in an environment
where you are accepting SMTP connections from the broader Internet.
One extra option is available when using SSL in MercuryS - Disable weak authenticators un-
less SSL-secured. If you check this control, MercuryS will refuse to accept insecure SMTP
authentication methods such as PLAIN and LOGIN unless the connection has first been se-
cured with an SSL connection - only the moderately secure CRAM-MD5 authentication
method will be offered to nonsecured connections. While checking this control will increase
the security of your system somewhat, it may prevent some clients from accessing your
SMTP services: we recommend that you pay careful attention to system usage for a while af-
ter enabling this option to make sure that it does not adversely affect your users.
