This tab appears in the Server Properties dialog and is used to define the range of IP addresses and hosts which represent the machines on a local network.
This is one of the most important settings in Mailtraq as it is used in many places as the default method to control access to services.
The address ranges are used by Mailtraq to determine the need for connection to the Internet (in some cases) and can also be used in the Service Manager dialog to configure access to the services running on Mailtraq.
The LAN tab plays a major role in the control of unauthorised mail relaying in that, by default, the address ranges defined within it determine which machines are regarded as local – all of which are permitted to relay mail unconditionally through Mailtraq.
For that reason, the address ranges used should specify the local network as closely as possible and, ideally, should be non-routable on the Internet. Read more about Mail Relay protection here.
Receiving mail by SMTP from a trusted relay
If you receive messages by SMTP from a trusted relay such as your ISP or another service that provides external virus or spam scanning you may add that service's IP address to this LAN definition. Mailtraq will then treat that IP address as if it was on the LAN. This establishes a trust relationship between Mailtraq and that IP address - no futher checks will be performed.
The host names of local resources may also be entered to ensure that, for example when being accessed via the HTTP Proxy, Mailtraq is not forced to connect to the Internet before it is able to resolve the resource as local for local users.
Specifying LAN and Firewall Settings
The LAN firewall controls access to services by comparing the IP address of the connecting client to the range of IP addresses which are permitted to connect to that service.
A range of addresses is set by using a * (star or asterisk or ALT+042).
For example: 192.168.*.*
Clients with IP addresses outside the permitted range, which may be an inclusive range or an exclusive range, are denied access to the service. Clients with IP addresses inside the permitted range are unaware of the presence of the firewall.
Firewalls in Mailtraq must be specified as IP addresses using full dotted quad notation as shown in the examples given below. Each Service has its own firewall which can be configured in the Access Control tab for that service.
Both LAN and firewall settings are configured by a series of inclusive and exclusive IP address ranges which are always interpreted from top to bottom by Mailtraq when resolving conflicts.
Regular Firewall Example:-
...defines a typical large(ish) firewall, useful for including service machines of an ISP. Connections from clients with IP addresses within those ranges only will be permitted. In contrast:-
Exclusive firewall example:-
...defines a typical exclusive firewall. In this case all clients with IP addresses not falling into the address ranges shown are accepted. Note that exclusive firewalls should commence with the wildcard expression *.*.*.* because firewalls are empty by default and no addresses are accepted.
Host names and machine names (Control Panel, Network) may also be entered to the firewall to prevent dial-ups from taking place when local services are being accessed through Mailtraq proxies.
Detect DNS Servers
(From version 2.15.1.nnnn)
This feature allows you to either use the default DNS server/s for the machine - those used by the Network Interface Card - or other ones that you may wish to specify.
Changes are set next time Mailtraq starts.
1.) Loop-back Address
The IP address 127.0.0.1 is the localhost or loop-back address: it means 'this machine'. If you need to run a service or program on the Mailtraq machine and you want Mailtraq to accept connections from that program, then adding 127.0.0.1 to the LAN definition will ensure that Mailtraq will accept the connection.
2.) You can also enter, for example, "220.127.116.11/20" in memo fields that contain IP address wildcards.
3.) Private Address Space
The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets which are designated non-routable on the Internet:-
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
For further information please refer to RFC 3330.