How to enable outbound filtering?

Vade Cloud™ protects you against the inbound email flow your domain receives, but can also filter the outbound email traffic emitted from your domain.

Vade recommends filtering the outbound traffic as well for various reasons:

Precaution
Some of your employees' machines may be infected with malware, botnets, etc. Filtering the outbound email traffic drastically reduces the amount and speed at which these malware propagate.
Responsibility
Vade Cloud™ is a mutualized hosted email platform: This means that it protects other domains' inbound email traffic in addition to yours. If malware-infected or spam messages are emitted from your domain, these messages will probably get filtered by the recipients messaging server.
But depending on the volume your domain emits, these downstream servers will eventually blacklist your whole domain and/or your IP addresses, to protect their users, just like Vade Cloud™ does to protect your domain on inbound traffic.
Security Watch
Once outbound filtering is enabled, the domain administrator has access to the outbound filtering logs, grouped for every user of the domain in the Outbound Quarantine log. These logs allow you to identify if and which machines are infected by spam-sending botnets across your network for instance, and locate their IP addresses. Once you have these IP addresses, you can contact your end-users to remove potential malware, etc.

Prerequisites

Setting up outbound filtering on Vade Cloud™ is completely independent from inbound filtering. Using the platform as outbound relay requires you to:

  • Declare all domains to protect under the Clients > Details > Domains tab of Vade Cloud™ administration console.
  • Draw a full list of all public IP addresses which may emit SMTP traffic from the domains to protect. In order to declare these IP addresses properly, click Add a new relay under Clients > Details > Domains > Details > Outbound > Relays.
  • Activate the outbound relays by clicking the switch button in the Attach column.
  • Modify the outbound connector on your messaging server to route messages to the Vade Cloud™ SMTP relay.
Attention: The outbound connector MUST NOT be changed before the outbound filtering configuration is not complete on Vade Cloud™.

Once the domains and IP addresses are properly declared on the administration console, the platform can accept outbound traffic. In order to switch to production, modify the outbound connector, as described below, to route all messages to the following destination: smtp.cloud.vadesecure.com.

Attention: Do not enable SMTP authentication between the outbound connector and Vade Cloud™ as the platform would not be able to handle this authentication.
Note: The smtp.cloud.vadesecure.com server listens by default on port 25 (standard SMTP port) and also accepts traffic on port 8025.

Configuring the outbound relay

Attention: You cannot use the platform as an open relay. Only the domains that have been declared on the platform will be able to use it for outbound relaying.
  1. Go to Clients > Details > Domains > Details > Outbound > Relays
  2. Click Add a new relay.
  3. Type in the relay name (FQDN) and the relay IP address.
    Note: You must declare the outbound relay for each domain, in case there are multiple ones. All public IP addresses that send outbound email traffic must be declared.
  4. Click Add.

Configuring the outbound connector

Edit the configuration of the outbound connector on your downstream messaging server to add the following routing information:
  • smtp.cloud.vadesecure.com
  • No authentication
  • port 8025 by default (also accepts ports 465 and 8025)
    Attention: Do not edit the outbound connector before declaring the domains and IP addresses on the Vade Cloud™ platform.