Do more with your Hornetsecurity Suite
All minimum settings, additional test options and other tips for onboarding from an European country are available on this page to let you get the best out of your test phase.
Attention: If you are a customer from the US or Canada, you will need different MX records and hosts/relay servers. Please change to this page.
A successful test is impossible without an optimum setup
Are you interested in Hornetsecurity solutions and looking to test them? On this page we have compiled all the essential information you need to completely set up your trial. You will also find additional information showing you further product functions. Try it out! Our support team is also available to advise and assist you if you have any queries.
You have not created a trial yet? Click here for the onboarding form.
Detailled information can be found here.
Configuring the firewall
The first step is to define the accessibility of your mail server. Your firewall should be tested to check whether e-mail delivery is actually possible. A correctly configured firewall also prevents the direct delivery of spam straight from the Internet. The following IP ranges must be approved for mail traffic:
- Range: 83.246.65.0/24 with subnet mask 255.255.255.0, corresponding to addresses between 83.246.65.1 and 83.246.65.255
- Range: 94.100.128.0/20 with subnet mask 255.255.240.0, corresponding to addresses between 94.100.128.1 and 94.100.143.255
- Range: 185.140.204.0/22 with subnetmask 255.255.252.0, corresponding to addresses between 185.140.204.1 and 185.140.207.255
- Range: 173.45.18.0/24 with subnetmask 255.255.255.0, corresponding to addresses between 173.45.18.1 and 173.45.18.255
The standard setting, unless otherwise specified, is port 25. This can of course be modified according to your requirements. Any TLS connections will be unaffected. Port 25 is also used for switching to TLS if this is offered by your mail server. The configuration can be checked using the Hornetsecurity firewall checker.
Attention: Customers from the USA will need other configurations. You can find them here.
Checking the control panel configurations
- Are all your alias domains set up?
- Is your mail server’s IP or hostname correct?
- Has the outgoing mail server IP address been entered and approved?
- Has the Quarantine Report been set up with your chosen delivery times?
- Is the user check set correctly?
For more information about these settings in the Control Panel, click here.
Once all these items have been correctly configured, there is nothing to stop you changing the MX records. For information on creating domains and mailboxes in the Control Panel, click here.
Changing the MX records
With the configurations in point 2 checked and ready for use, we can now focus on the MX record. This controls where the e-mails for a domain are sent. In technical terms, the sender resolves the destination domain according to the MX record and initiates a connection with the relevant host. This is where the Hornetsecurity systems make an appearance. In order for e-mails to be filtered and processed, they are redirected to a new destination via MX record:
MX priority 10 mx01.hornetsecurity.com
MX priority 20 mx02.hornetsecurity.com
MX priority 30 mx03.hornetsecurity.com
MX priority 40 mx04.hornetsecurity.com
If you are unable to carry out the configuration yourself, we recommend contacting the DNS provider concerned. Depending on the DNS system, web service or provider, it may be necessary to end each MX entry with a . (period). If in doubt, please make sure to check first. Otherwise, this may cause serious problems. There is usually a waiting period of up to 24 hours which must be taken into account with any DNS-based changes, as it is possible that, during this period, not all DNS systems worldwide will know the new settings yet.
Attention: Customers from the USA will need other configurations. You can find them here.
Setting the SPF record
Another DNS setting you can configure in addition to the MX record is the SPF record. This is saved as a domain TXT record and specifies which systems are allowed to send e-mail on behalf of the domain. It is analyzed in certain circumstances by external recipients, but also by the Hornetsecurity spam filter service, for purposes that include detecting fraud attempts such as spoofing. It is therefore very useful to modify or expand the TXT entry. The following setting is recommended:
v=spf1 include:spf.hornetsecurity.com ~all
Are there any other services that are allowed to send e-mail on behalf of your particular domain? Examples might include newsletter services or ERP and ticket systems, to name just a few possibilities. This point would be a good opportunity to check them and add them to the SPF. Once again, we recommend contacting the provider concerned if you are unable to configure the settings yourself.
Setting up relaying
IP address to have been entered in the control panel (see section 3). The full range of e-mail services can be used through this additional, automatically integrated service. When relaying, outgoing messages are checked for viruses or content policy compliance before being delivered to the recipient. For relaying, Hornetsecurity uses a hostname cluster with a variety of load balancers connected: relay-cluster-eu01.hornetsecurity.com White label alternative: domain.tld.relay.cloud-security.net; domain.tld should be replaced by the actual domain that is in use. The port used is port 25. A TLS connection is always preferable.