Table of Contents

3. Mail Server Architecture

3.1. Generic Server Configuration

3.1.1. Running Services

3.1.2. Other Generic Server Parameters

3.1.3. DNR Settings

3.2. Services and Modules

3.2.1. SMTP Receiving

3.2.2. Processing

3.2.3. SMTP Sending

3.2.4. POP3

3.2.5. IMAP

3.2.6. Logging

3.2.7. Reporting

3.2.7.1. Reporting Parameters

3.2.8. WebMail

3.2.9. Storage

3.2.10. FTP Backup Service

3.2.11. RPOP Service

3.3. Connectivity and Threading

3.3.1. Listeners

3.3.2. Rules

3.3.3. Threads

3.4. Clustering Support

3.4.1. Cluster Overview

3.4.1.1. LDAP Introduction

3.4.1.1.1. Basic Directory Setup

3.4.1.1.2. LDAP Entry Structure

3.4.1.1.3. LDAP Authentication

3.4.1.2. AXIGEN Mapping System

3.4.1.3. AXIGEN Authentication System

3.4.1.4. AXIGEN Front-End Services Setup

3.4.1.4.1. The SMTP Proxy

3.4.1.4.2. The IMAP and POP3 Proxies

3.4.1.4.3. The WebMail Proxy

3.4.1.4.4. Mapping Setup

3.4.1.5. AXIGEN Back-End Services Setup

3.4.2. LDAP Routing

3.4.2.1. Configuring Mapping Parameters

3.4.2.2. POP3 Proxy Service

3.4.2.3. IMAP Proxy Service

3.4.2.4. Webmail Proxy Service

3.4.3. AXIGEN LDAP Authentication

3.4.4. Integrating Active Directory into a cluster environment

3.4.5. Exotic Cluster Setups

3.5. Groupware and collaboration

3.5.1. Personal Organizer & AXIGEN Outlook Connector

3.5.2. Folders and permissions

Previous | Next | Up | Table of Contents

3.3.2. Rules

Different rules can be associated with listeners, meant to sort connections based on various parameters, and to reject (deny rules) or accept (allow rules) them accordingly. Using deny and allow rules you can automatically accept/deny connections from specific IP addresses.

Allow/Deny Rules

Allow/Deny rules enable you to specify the rules for accepting/rejecting connections when these connections follow the limitations imposed by the listener.

Allow/Deny Rules are defined using the following general attributes:
  • specify a network/mask, IP range or single IP for which the reject/allow rule is applied
  • check or uncheck the 'enable' option to specify if the rule is enabled or not
You can then set priorities for when applying the rules and impose further connection limitations using the flow control parameters described below:
  • max. number of simultaneous connections and max. number of new connections in a defined time interval (seconds/minutes/hours/days) - these parameters impose limitations on the number of connections initiated by any address within the rule IP set
  • max. connections from each remote IP address and max. connections from each remote IP address in a defined time interval (seconds/minutes/hours/days) - these parameters impose limitations on the number of connections initiated by the same address within the rule IP set

Rule Enforcement Policy

The policy for applying accept and deny rules for connections to listeners is described below:
  1. The IP address from which the connection has been initiated is exposed.
  2. AXIGEN verifies if this IP address is part of a set of IP addresses associated to one or more deny rules; if yes, the deny rule with the highest priority (meaning LOWEST value for the priority attribute) is applied.
  3. AXIGEN verifies if this IP address is part of a set of IP addresses associated to one or more accept rules; if yes, the accept rule with the highest priority (meaning LOWEST value for priority attribute) is applied.
  4. If the IP address from which the connection has been initiated is associated only with a deny rule, the connection is denied (closed)
  5. If the IP address from which the connection has been initiated is associated with both a deny AND an allow rule, the rule with the highest priority is applied. If the rule with the highest priority is a deny rule, the connection is denied (closed). If the rule with the highest priority is an allow rule, the limitations (if any) for the specified connections from the allow rule are applied. If the allow rule and the deny rule have the same priority, the connection is accepted.
  6. If the IP address from which the connection has been initiated is associated only with an accept rule, the verifications defined for connections in the accept rule are applied, and if fulfilled, the connection is accepted.
After applying the limitations imposed by the rules, the global limitations defined at listener level are applied. Only then the connection is accepted (and the respective service protocol is applied on the accepted connection).

If no allow rule is defined for the IP address from which the connection has been initiated, then the connection is considered as fulfilling the rules and the verifications defined globally (if any) for the current listener are applied.

For details on how to configure rules using WebAdmin, see Adding and Editing TCP Rules. You can also configure Rules using CLI, for more details see Configuring AXIGEN using CLI.
Top | Previous | Next | Up | Table of Contents