Home
Services
Consulting
Solutions
Resource Center
Support
Demo Center
Partners

The Firewall Test

The Firewall tests attempts to connect directly to your mail server from an outside IP address. Malicious spammers sometimes connect directly to your server to bypass spam filtering; the Firewall Test simulates this to see if your server is vulnerable to this technique.

We recommend you configure your email server or firewall to accept traffic only from the email security service. Be sure to add all of your domains to the email security service before locking down your firewall to accept only email traffic from the service IP range.

To run the Firewall Test:

  1. Click the logo at the top of any Administration Console page to go to the Home page.

  2. Click the Firewall Test link in the lower left-hand corner of the page.

  3. On the Firewall Test page, enter the email address of a user to be used as the message recipient. You can also enter a user alias, but not a domain alias.

  4. Click Test. The results appear on the bottom of the page.

A successful test will look like this: "Checking firewall from 12.158.34.71...passed (did not accept connection)".

If your server is blocking connections from outside IP addresses, you will see a message saying that the test passed. This is a desirable result, since this keeps malicious senders from bypassing the email security service. No further action is needed.

A failed test will look like this: "Checking firewall from 12.158.34.71...failed (accepted connection)".

If your server is accepting connections from outside IP addresses, you will see a message saying that the connection was accepted. This may cause problems, since malicious senders may be able to bypass the email security service. If this test shows a successful connection, we recommend that you lock down your firewall to block messages from outside IP addresses. Once you have changed your firewall settings, run the Firewall Test again to confirm that the change is successful.

Note that some firewalls and mail servers, such as Lotus Domino, accept the initial test connection to port 25 but force a disconnection before mail is sent. This can cause the Firewall test to fail. If you are using a firewall or mail server that accepts port 25 connections initially, verify that port 25 is protected by manually connecting to port 25 and attempting to send a test message.

If the Firewall Test shows accepted connections from an outside IP address, we recommend you change your firewall settings to block connections to port 25 which do not come from the email security service. When you have made these changes, run the Firewall Test again to be sure that outside IP addresses are being blocked.

For more information, see Firewall Test in the Email Security Service Administration Guide.