Email routing

Use this information to help you plan and set up the mail flow configuration for operation with GFI OneConnect.

Inbound Mail Routing Requirements

Configure your email domain's MX records to point to GFI OneConnect. This enables all inbound emailEmail to be received. to get filtered by the SecurityA service provided by GFI OneConnect that protects your inbound email from viruses, filters out spam and provides mail monitoring features. service, and when your mail system is down, redirect emails automatically to the ContinuityA feature provided by GFI OneConnect that queues the emails sent and received in a Data Center and ensures that your organization can keep the mail flow even when the email infrastructure is down. service.

To do this, replace your current MX records with the following records:

MX Record MX Preference

mx1.oneconnect.gfi.com

5

mx2.oneconnect.gfi.com

10

This ensures that all inbound emails get routed and processed by GFI OneConnect before reaching your infrastructure.

NOTE

Secondary or other MX records are not usually required. Be aware that spammers sometimes target secondary or lower priority MX records which may not be protected by spam/virus filtering.

NOTE

GFI Software Ltd does not configure or maintain your MX records. Ensure that your MX records are correctly configured as described above. If your MX records are incorrectly configured, mail could be delayed, spam or malicious emails may get routed to your email infrastructure, or email may be lost during a Continuity activation.

After emails are processed by GFI OneConnect, emails are routed to the respective domain destination mail servers. Destination mail servers can be set directly in the GFI OneConnect web interface from Settings > DomainAddress or URL of a particular network.. For more information refer to Email domains.

Ensure that your mail server accepts inbound messages from the GFI OneConnect Data CenterA remote location on a GFI OneConnect Server through which the email traffic is santized and then routed to the Exchange Server. It is also used for queuing emails during outage and for storing archives and synchronized calender and contact information.. If your gateway server blocks inbound messages that use your domains in the From: field, add an exception to this rule to accept messages originating from GFI OneConnect. For example, if your domain is mydomain.com and you block all inbound mail with an SMTPSimple Mail Transfer Protocol (SMTP) is an Internet standard used by GFI OneGuard for electronic mail (email) transmission. SMTP by default uses TCP port 25. address of *@mydomain.com as spam, modify this policy to exclude the GFI OneConnect Data Center. GFI OneConnect sends emails from:

  • mx1.oneconnect.gfi.com (IP: 52.208.1.91 - Security service)
  • mx2.oneconnect.gfi.com (IP: 52.58.249.172 - Security service)
  • oneconnect-mtas2-1.gfi.com (IP: 52.18.79.254 - Continuity service)
  • oneconnect-mtas2-2.gfi.com (IP: 52.31.67.15 - Continuity service)

Firewall configuration

Configure your firewall to accept inbound SMTP traffic (port 25) from GFI OneConnect. Also, configure GFI OneConnect IP addresses to be a trusted forwarder, but not safe-listed.

GFI OneConnect sends emails from:

  • mx1.oneconnect.gfi.com (IP: 52.208.1.91 - Security service)
  • mx2.oneconnect.gfi.com (IP: 52.58.249.172 - Security service)
  • oneconnect-mtas2-1.gfi.com (IP: 52.18.79.254 - Continuity service)
  • oneconnect-mtas2-2.gfi.com (IP: 52.31.67.15 - Continuity service)

Mail Routing Inbound - Store & Forward

If the destination mail servers configured in GFI OneConnect are not accessible, the Security service routes inbound emails to the Continuity service.

The Continuity service queues inbound emails until your email system is back online OR until you activate Continuity.