Important: In preparation for the Postini Transition to Google Apps, Postini customers must ensure that their firewall allows both Google and Postini IP address ranges. See How your firewall should be configured for more details.
Some spammers can potentially bypass security service filters by directly connecting to your mail server, and delivering junk and virus messages to your users. Malicious senders target mail servers using low-priority DNS MX records or by directly looking up a server using an common naming scheme, mail.yourdomain.com.
To prevent this from happening, configure your mail server or firewall to accept traffic only from the security service’s data center.
For each server you add to the service:
- Add all of the server’s domains to the service (see Add a Domain).
WARNING: If any domain on your server is not added to the service (and therefore not routed through the data center), the following steps will cause all mail to that domain, to bounce.
- Configure your email server or firewall to refuse port 25 traffic except from the following IP ranges of the email security service. For the IP ranges, see What’s My IP Range?.
If you haven’t added all your domains to the email security service and therefore cannot secure your firewall, you may consider these options:
- Remove the DNS MX records—only for the domains routing to the email security service—that point directly to your email server. In the event that servers are down, sending email servers will queue up messages for later delivery.
- Do not point the DNS records for mail.yourdomain.com and yourdomain.com at your email server. Use another machine name for these records. This way, the only way your email server can be discovered by spammers is through port scanning.
WARNING: These recommended steps only obfuscate your mail server. They do not fully protect against malicious senders directly targeting your server.