background

Delivery IP management

The SpamExperts outbound filter uses by default the primary interface (IP address) to deliver outbound emails to the destination MX records. It may however be preferred to e.g. separate the outbound delivery IP from the inbound delivery IP. Also to reduce per-IP delivery volume, it's possible to setup a "pool of delivery IPs" which will be randomly selected for delivering the outbound emails. That's generally not recommended though, as recipients may start blocking email based on such activity (in specific cases it can be used to reduce the delivery rate per IP). Finally it's possible to specify different delivery IP addresses for different outbound users.

NOTE: When using the API there is no advanced syntax checking, please ensure to use the correct settings to prevent breaking the mailflows. The call apply to both IPv4 and IPv6 addresses.

Adding IP addresses to the network configuration

To  add additional IPs , you can directly add to /etc/network/interfaces as long as the primary IP does not change. 

Please ensure to NOT list the new IP addresses as part of the server hostnames, those should always resolve only to the primary IP address.

Full documentation on how to add IP addresses in Debian can be found here: https://wiki.debian.org/NetworkConfiguration#Multiple_IP_addresses_on_one_Interface

In most cases to add a new IP to an existing setup, the following can be added directly in the /etc/network/interfaces  section. (replace XXX with the correct values):

auto eth0:1 
iface eth0:1 inet static
 address XXX.XX.XXX.XXX
 netmask 255.255.XXX.XXX

Then apply the new configuration using this command: service networking restart 

Alternatively, you can reboot the server. Please note new IPs that are added may take up to 1 hour to show up in the interface. Please contact support if you need to have this visible faster.

If you are not sure on how to do this change on your side, please contact SpamExperts support and clearly describe which IP address(es) should be added to which system(s).  Please always ensure to send us the full network details ( IP, netmask, gateway ) so our engineers can assist  you with adding the IPs to  the filtering nodes. 

IP Management via the Interface

If you want different users to have their outgoing messages delivered via different IPs, for example to tie the reputation of an IP to a specific set of of users, you should configure the user to use specific IPs here. You may configure an identity to use a specific set of IPs, or all identities for an outgoing user or domain, or all users and domains that belong to a specific admin. You can also set the interfaces that should be used by default, if you haven't chosen a specific set of IPs for a user. If you remove all choices, then one will be automatically selected. You can also disable all delivery over IPv4 (only allowing IPv6) - note that this can result in mail being unable to be delivered. You'll need to ensure that your users know that they need to have the IPs that you have selected for them in their SPF records.

Viewing the current defaults

  1. Login as super administrator
  2. Navigate to Manage outgoing delivery IPs
  3. Click show results

Configure outbound IP

  1. Login as super administrator
  2. Navigate to Manage outgoing delivery IPs
  3. Click Configure outgoing IP
  4. Select your level (Default, Admin, Domain, Domain + Username, Domain + Username +Identity)
  5. Select Hostname
  6. Select IP address to be used
  7. Click Save

Warning - Before configuring any secondary IP, please make sure that the PTR is correct. Do not use underscores (_) in your PTR hostnames as this is not permitted per RFC. If you use a custom HELO this needs to be configured via the API

Warning - If IPv6 is enabled on you Local Cloud servers, then you need to also set these from the IPv6 tab. If you do not set these, then any of the IPs will be used. If you do not wish to use IPv6, you should contact support to have these disabled. 

Edit an existing outbound IP

  1. Login as super administrator
  2. Navigate to Manage outgoing delivery IPs
  3. Click Show Results
  4. Select the entry you wish to edit
  5. Use the drop down menu
  6. Click edit
  7. Adjust settings

Using the Query Rules

The Query rules allows you to filter on specific criteria when showing results. Columns are also customizable.

IP Managenment via the API

Managing outbound delivery IP addresses

To retrieve a list of IP addresses that are currently active, you can use the software API:

https://demo1.spambrand.com/cgi-bin/api?call=api_get_outgoing_interfaces&domain=DOMAIN&username=USERNAME

You can specify the outbound "domain" and "username" for which to retrieve the details. Please ensure these exists as an outbound user in the system. To retrieve the default values for all users please specify as DOMAIN "default" and leave USERNAME blank. The default IP address is 0.0.0.0 for IPv4 and ::0 for IPv6, these refer to the primary interface of the server.

In case you wish to overrule the default delivery address of a filtering node, you can use the software API directly:

https://demo1.spambrand.com/cgi-bin/api?call=api_set_outgoing_interfaces&domain=DOMAIN&filtering_host=FILTERING_HOST&interfaces=INTERFACES&username=USERNAME

To change the default IP for a node, specify as DOMAIN "default" and leave USERNAME empty. The FILTERING_HOST refers to the server hostname you wish to set the IP for, and the INTERFACES variable should contain 1 or more IP addresses separated by a semi-colon (%3B when posting directly via the URL). In case an IP is blacklisted, you could change the IP address used to a new IP which is not blacklisted until the blacklisting issue has been resolved. Please do ensure to first remove spam from the email queues if present, to avoid the new IPs from immediately getting blacklisted.

Configuring IP addresses via the API

Please note that the IP address should have a valid PTR and forward hostname, which are NOT a sub-domain of the server hostnames. When adding an IP address, it's important to ensure the PTR of the IP address resolves to that IP address and is also used in the HELO. By default, the system will use the PTR hostname as HELO. To overrule the automatic system and set a custom HELO for the IP address you can use:

https://demo1.spambrand.com/cgi-bin/api?call=api_set_outgoing_ehlo&ip=IP&ehlo=EHLO

Example

For example, I have a 2 node cluster:

I'd like to configure node2.example.com to deliver all outbound emails randomly via both 1.1.1.1 and 2.2.2.2.

  1. Open a ticket with SpamExperts support to add 1.1.1.1 and 2.2.2.2 as additional IPs to node2.example.com (or add it directly to /etc/network/interfaces yourself)
  2. Create A-records in your DNS for both IPs (e.g. out1.example.com for 1.1.1.1 and out2.example.com for 2.2.2.2)
  3. Set the PTR of both IPs to the A records (e.g. out1.example.com for 1.1.1.1 and out2.example.com for 2.2.2.2)
  4. Set the HELO of both IPs:
    https://node1.example.com/cgi-bin/api?call=api_set_outgoing_ehlo&ip=1.1.1.1&ehlo=out1.example.com
    https://node1.example.com/cgi-bin/api?call=api_set_outgoing_ehlo&ip=2.2.2.2&ehlo=out2.example.com
  5. Set the default of node2.example to use both IPs randomly for delivery:
    https://node1.example.com/cgi-bin/api?call=api_set_outgoing_interfaces&domain=default&filtering_host=node2.example.com&interfaces=1.1.1.1%3B2.2.2.2&username=
  6. To revert back to the default primary interface, you can execute:
  7. https://node1.example.com/cgi-bin/api?call=api_set_outgoing_interfaces&domain=default&filtering_host=node2.example.com&interfaces=&username=

Please note, step 4 is not needed is the correct PTR is set, as by default the HELO is set to the PTR. You only need to ue this if it's not possible to set a correct PTR

Warning - Do not use underscores (_) in your hostnames if you are using the PTR as the HELO, as this is not permitted per RFC.

Warming up new IPs

Many destination server will by default ratelimit traffic from IPs they have not seen traffic from before. To prevent newly added IPs to get immediately ratelimited, it is recommended to periodically activate them using the IP so they "warm up" and destination servers get familiar with their traffic. This will prevent a queue build-up. It's generally recommended to take at least 7 days to warm up new IPs, starting with delivering just an hour per day and increasing that to 24 hours over time.

Outgoing delivery IP reputation check

In the  Manage outgoing delivery IPs section, you will see the Reputation check and the Configure Reputation Check tabs. 

Configure Reputation Check

This section already comes populated with a list of DNSBLs that will be checked. To view these, you need to go to the Configure reputation check tab and click show

From this section you can also remove any of the existing DNSBLs one by one or several at once. 

To take action on one of the DNSBLs, you need to use the drop down arrow to the left of it and choose from: 

  • Edit

  • Remove

  • Export to CSV

To take action on multiple DNSBLs from the list, you will need to select several or all DNSBLs and use the drop down list at the bottom of the page and select: 

  • Remove

  • Export to CSV 

Depending on what you need to do

Once the action is selected, you need to click on the Apply button. 

Adding DNSBLs

You can add DNSBLs one by one or several at once. 

To add a single DNSBL, you need to click the Add New DNSBL button. In the pop-up screen add: 

  • Valid name

  • DNSBL link

  • Click Save

To add multiple DNSBLs, you can use the: Import From CSV option. To import this, you need to use the select file button, and then the import one. 


The CSV file structure needs to be: rbl_hostname,rbl_name. Example CSV file content

  • rbl_domain,rbl
  • bl.spamcop.net,SpamCop
  • dnsbl.sorbs.net,SORBS

If you wish to export the current list of DNSBLs, you can do that by using the Export to CSV option. 

In order to search for a certain DNSBL added to the list, you will need to: 

  • Click on Add new rule

  • Select from DNSBL name / DNSBL domain / Both

  • Enter the query details

  • Click Show Results


Once this list is populated you will be able to use the Reputation Check.

Reputation Check

The “Reputation Check” tab allows you to select one or more of your outgoing delivery IPs, and then check those IPs against a set of DNSBL. You may check one IP against one DNSBL (click the ‘load’ icon in the cell), check one IP against all DNSBL (select the row and use the “check” action), check all IPs against one DNSBL (click the ‘load’ icon in the column heading), or check all IPs against all DNSBL (select all rows and use the “check” action).


Was this article helpful?

Related articles

Search result for :