Do more with your Hornetsecurity Suite

All minimum settings, additional test options and other tips for onboarding from an European country are available on this page to let you get the best out of your test phase.

 

Attention: If you are a US customer, you will need different MX records and hosts/relay servers. Please change to this page.

A successful test is impossible without an optimum setup

Are you interested in Hornetsecurity solutions and looking to test them? On this page we have compiled all the essential information you need to completely set up your trial. You will also find additional information showing you further product functions. Try it out! Our support team is also available to advise and assist you if you have any queries.

You have not created a trial yet? Click here for the onboarding form.

Detailled information can be found here.

Configuring the firewall

The first step is to define the accessibility of your mail server. Your firewall should be tested to check whether e-mail delivery is actually possible. A correctly configured firewall also prevents the direct delivery of spam straight from the Internet. The following IP ranges must be approved for mail traffic:

  1. Range: 83.246.65.0/24 with subnet mask 255.255.255.0, corresponding to addresses between 83.246.65.1 and 83.246.65.255
  2. Range: 94.100.128.0/20 with subnet mask 255.255.240.0, corresponding to addresses between 94.100.128.1 and 94.100.143.255
  3. Range: 173.45.18.0/24 with subnetmask 255.255.255.0, corresponding to addresses between 173.45.18.1 and 173.45.18.255

The standard setting, unless otherwise specified, is port 25. This can of course be modified according to your requirements. Any TLS connections will be unaffected. Port 25 is also used for switching to TLS if this is offered by your mail server. The configuration can be checked using the Hornetsecurity firewall checker.

Attention: Customers from the USA will need other configurations. You can find them here.

Checking the control panel configurations

Once the firewall is configured to allow your mail server to receive all e-mails from Hornetsecurity, the next step is to change the MX records. Before you can do this, however, you must check the most important settings in the control panel. You have already received access credentials for the control panel in a previous e-mail. If you would like to change your password, you can reset this on the control panel login page. Solutions can be configured in the control panel. where the following points must be checked before the next step:
  • Are all your alias domains set up?
  • Is your mail server’s IP or hostname correct?
  • Has the outgoing mail server IP address been entered and approved?
  • Has the Quarantine Report been set up with your chosen delivery times?
  • Is the user check set correctly?

For more information about these settings in the Control Panel, click here.

Once all these items have been correctly configured, there is nothing to stop you changing the MX records. For information on creating domains and mailboxes in the Control Panel, click here.

Changing the MX records

With the configurations in point 2 checked and ready for use, we can now focus on the MX record. This controls where the e-mails for a domain are sent. In technical terms, the sender resolves the destination domain according to the MX record and initiates a connection with the relevant host. This is where the Hornetsecurity systems make an appearance. In order for e-mails to be filtered and processed, they are redirected to a new destination via MX record:

MX priority 10 mx01.hornetsecurity.com 

MX priority 20 mx02.hornetsecurity.com 

MX priority 30 mx03.hornetsecurity.com 

MX priority 40 mx04.hornetsecurity.com

If you are unable to carry out the configuration yourself, we recommend contacting the DNS provider concerned. Depending on the DNS system, web service or provider, it may be necessary to end each MX entry with a . (period). If in doubt, please make sure to check first. Otherwise, this may cause serious problems. There is usually a waiting period of up to 24 hours which must be taken into account with any DNS-based changes, as it is possible that, during this period, not all DNS systems worldwide will know the new settings yet.

Attention: Customers from the USA will need other configurations. You can find them here.

Setting the SPF record

Another DNS setting you can configure in addition to the MX record is the SPF record. This is saved as a domain TXT record and specifies which systems are allowed to send e-mail on behalf of the domain. It is analyzed in certain circumstances by external recipients, but also by the Hornetsecurity spam filter service, for purposes that include detecting fraud attempts such as spoofing. It is therefore very useful to modify or expand the TXT entry. The following setting is recommended:

v=spf1 include:spf.hornetsecurity.com ~all

Important: After updating your TXT record a second activation needs to be carried out by our technical support. Once you have set the record, please make sure to contact our technical support via e-mail asking them to enable SPF for your domain. More details regarding SPF and its setup options can be found in our support article.

Are there any other services that are allowed to send e-mail on behalf of your particular domain? Examples might include newsletter services or ERP and ticket systems, to name just a few possibilities. This point would be a good opportunity to check them and add them to the SPF. Once again, we recommend contacting the provider concerned if you are unable to configure the settings yourself.

Setting up relaying

IP address to have been entered in the control panel (see section 3). The full range of e-mail services can be used through this additional, automatically integrated service. When relaying, outgoing messages are checked for viruses or content policy compliance before being delivered to the recipient. For relaying, Hornetsecurity uses a hostname cluster with a variety of load balancers connected: relay-cluster-eu01.hornetsecurity.com White label alternative: domain.tld.relay.cloud-security.net; domain.tld should be replaced by the actual domain that is in use. The port used is port 25. A TLS connection is always preferable.

 

u

Any questions?

Just take a look at the FAQ, where you will find many questions already answered. In the online manual you will find many explanations and setup instructions for the various services. If you still have any questions, you can contact us by e-mail (support@hornetsecurity.com) or telephone +44 203 0869 833. The telephone core business hours are between 8 and 18:30 o’clock.