Do more with your Hornetsecurity Suite

All minimum settings, additional test options and other tips for on-boarding from North America are available on this page. Adjusting these settings will allow to let you get the most out of your 14 day test phase.


Attention: If you are a European customer, you will need different MX records and hosts/relay servers. Please change to this page.

A successful test is impossible without an optimum setup

Are you interested in Hornetsecurity solutions and looking to test them? On this page we have compiled all the essential information you need to completely set up your trial. You will also find additional information showing you further product functions. Try it out! Our support team is also available to advise and assist you if you have any queries.

Configuring the firewall

The first step is to define the accessibility of your mail server. Your firewall should be tested to check whether email delivery is actually possible. A correctly configured firewall also prevents the direct delivery of spam straight from the Internet. The following IP ranges must be approved for mail traffic:

  1. Range: with subnet mask, corresponding to addresses between and
  2. Range: with subnet mask, corresponding to addresses between and
  3. Range:  with subnet mask, corresponding to addresses between and
  4. Range: with subnetmask, corresponding to addresses between and

The standard setting, unless otherwise specified, is port 25. This can be modified according to your requirements. Any TLS connections will be unaffected. Port 25 is also used for switching to TLS if this is offered by your mail server. The configuration can be checked using the Hornetsecurity firewall checker.


Attention: Customers from Europe will need other configurations. You can find them here.

Checking the control panel configurations

Once the firewall is configured to allow your mail server to receive all emails from Hornetsecurity, the next step is to change the MX records. Before you can do this, you must check the most important settings in the control panel. You have already received access credentials for the control panel in a previous email. If you would like to change your password, you can reset it on the homepage. Solutions can be configured in the control panel “Management” pane, where the following points must be checked before the next step:

  • Are all your alias domains set up?
  • Is your mail server’s IP or hostname correct?
  • Has the outgoing mail server IP address been entered and approved?
  • Has the spam report been set up with your chosen delivery times?

Once all these items have been correctly configured, there is nothing to stop you changing the MX records.

Changing the MX records

With the configurations in point 2 checked and ready for use, we can now focus on the MX record. This controls where the emails for a domain are sent. In technical terms, the sender resolves the destination domain according to the MX record and initiates a connection with the relevant host. This is where the Hornetsecurity systems make an appearance. In order for emails to be filtered and processed, they are redirected to a new destination via MX record:

MX 10

MX 20

MX 30

MX 40


If you are unable to carry out the configuration yourself, we recommend contacting the DNS provider concerned. Depending on the DNS system, web service or provider, it may be necessary to end each MX entry with a . (period). If in doubt, please make sure to check first. Otherwise, this may cause serious problems. There is usually a waiting period of up to 24 hours which must be taken into account with any DNS-based changes, as it is possible that, during this period, not all DNS systems worldwide will know the new settings yet.

Attention: Customers from Europe will need other configurations. You can find them here.

Setting the SPF record

Another DNS setting you can configure in addition to the MX record is the SPF record. This is saved as a domain TXT record and specifies which systems are allowed to send email on behalf of the domain. It is analyzed in certain circumstances by external recipients, but also by the Hornetsecurity spam filter service, for purposes that include detecting fraud attempts such as spoofing. It is therefore very useful to modify or expand the TXT entry. The following setting is recommended:

“v=spf1 ~all”

Important: By activating the SPF filter, the responsible support must be contacted email, since a second activation have to carried out by the provider. If there is no contact with the support, the SPF filter won’t be effective for the customer.

Are there any other services that are allowed to send email on behalf of your particular domain? Examples might include newsletter services or ERP and ticket systems, to name just a few. This point would be a good opportunity to check them and add them to the SPF. Once again, we recommend contacting the provider concerned if you are unable to configure the settings yourself.

Setting up relaying

Relaying (email sending) completes the connection phase. This requires the external IP address to have been entered in the control panel (see section 3). The full range of email services can be used through this additional, automatically integrated service. When relaying, outgoing messages are checked for viruses or content policy compliance before being delivered to the recipient.

For relaying, Hornetsecurity uses a hostname cluster with a variety of load balancers connected:


Any questions?

Just take a look at the FAQ, where you will find many questions already answered.

In the online manual you will find many explanations and setup instructions for the various services. If you still have any questions, you can contact us by email ( or telephone +1 850 600 4121. The telephone core business hours are between 8 am and 6:30 pm.