Sections on this page:

anchor link Domain

Field

Description

anchor link Domain

Select the domain for which settings are to be edited.

anchor link Overall

Field

Description

anchor link SEPPmail Domain Encryption

Activate or Deactivate the domain encryption.

Before fully converting the E-mail flow, enabling the SEPPmail Domain Encryption may result in undecipherable E-mails. Therefore, the activation is not done automatically, but only after checking by SEPPmail support.

anchor link Enable Delivery

This option is inactive for new domains and must be activated after the switchover of the mailflow according to the workflow E-mails so that mails are delivered.

The delivery to the target server can be stopped here during regular operation, for example if maintenance work is pending on the target server.

By default, the messages are stored temporarily at SEPPmail. If there are major problems with the target server that cannot be resolved during this time, the holding period can be extended on request.

When delivery is restarted, messages are delivered in stages so that the target server is not overloaded.

anchor link Enable Subject External Tag

(only available in inline mode, see Integration / Architecture)

Possible settings:

  • "disabled" - default: external tag is never added
  • "enabled for all mails" - external tag is added for all external messages
  • "enabled only if sender's equals recipient's domain" - external tag is only added in this special case

anchor link Subject External Tag

(only available in inline mode, see Integration / Architecture)

Here you can enter the text to be inserted at the beginning of the subject line for messages sent by users outside your own organisation.

The default is "[EXTERN]".

anchor link DNS Cache Clear

Via Execute the DNS Cache can be flushed.

 

anchor link Domain encryption

Field

Description

anchor link S/MIME
PGP
 

List of available encryption certificates with fingerprint (SHA1), issue date, expiration date and an information regarding "managed by" (if applicable).

Possible types are S/MIME, PGP.

Via the Download button empty, the respective certificate can be downloaded.

Via the Copy button empty, the respective fingerprint can be copied to the clipboard.

anchor link inbound

Field

Description

anchor link Current MX entries

Shows the MX records currently visible in the DNS. Via Recheck the latest MX records for the currently selected domain will be fetched.

anchor link Forward Server

Incoming messages (in case of SC-MS365 also outgoing messages) are delivered to this server / IP address. Via Test this setting can be checked.

anchor link Maximum message size

Offers information about the maximum message size for the forward server.

The value "default" is the maximum message size of seppmail.cloud. seppmail.cloud by default accepts messages of up to 150 MB. However, due to Base64 encoding of the mail content, the effectively usable maximum size is at around 99 MB (depending on the exact nature of the mail content).

For incoming mail, seppmail.cloud learns the maximum supported message size of the forward server based on the rejection of a large message. After a rejection, the display changes to the mail size in MB of the rejected mail. Any mail larger will automatically be rejected by seppmail.cloud.

empty

If the customer admin increases the supported message size of their forward server, the Reset button can be used to reset the value to "default", which will again be adjusted based on every message rejected due to a size limit.

anchor link Port for Recipient Verification

The existence of recipients is checked on this port via an SMTP request. The default is port 25.

For onpremise Exchange systems, port 2525 (Exchange backend) can be specified. For more information, see Recipient Filtering. However, the actual mail delivery always takes place on port 25.

anchor link Fallback Queue

Shows the number of messages still waiting to be delivered. Mail Queue Flush can be used to force immediate delivery once the target server is available again. Please note that redelivery is automatically attempted at regular intervals.

anchor link Spam threshold

Only for inline domains: Allows to change the threshold above which a mail is classified as spam. The lower limit is 3, the upper limit is the high spam threshold of 10.

warning

anchor link Note:

The spam filter is optimized for a value of 5. If you deviate from this value, we cannot provide support for incorrect categorisations.

  • The lower the value set, the more mail is placed in quarantine. You run the risk of legitimate mails being categorised as spam.
  • The higher the value set, the less mail is quarantined. You risk receiving spam in your inbox. In this case, please do not report missed spam.

The threshold value has no influence on rejections and malware protection.

anchor link Enable Tag&Send

Setting relevant for the spam filtering.

hint

Notes:

  • Only enable Tag&Send if recipient filtering is active on the target server.
  • Make sure that autoresponders do not send replies to messages marked as spam.
  • If too many bounces are sent to senders of recognised spam, Tag&Send may be deactivated again by SEPPmail Support without notification.

Options:

  • "disabled" - default: all mail recognised as spam (depending on the spam threshold defined above) is put in quarantine
  • "enable for low spam" - mail recognised as spam (depending on the spam threshold defined above) but with a score lower than 10 ("low spam") is marked with the tag defined by field "Tag&Send Subject" and delivered to the recipient. Spam with a score higher than 10 ("high spam") is put in quarantine.
  • "enable for low spam and high spam" - mail recognised as spam (depending on the spam threshold as defined above) is marked with the tag defined by field "Tag&Send Subject" and delivered to the recipient.

The following X headers are set by seppmail.cloud when Tag&Send is activated:

  • X-SEPP-HighSpam: yes
  • X-SEPP-Spam: yes
  • X-SEPP-Welcomelisted: yes

Independent of the setting, mail marked as virus/malware or blocked due to potentially harmful attachment or potentially dangerous macro is always kept in quarantine. This setting has also no influence on rejected messages.

anchor link Tag&Send Subject

Here you can enter the text to be inserted at the beginning of the subject line for spam messages processed by the Tag&Send mechanism.

The default is "[SPAM]".

anchor link Block encrypted archives

If on: attached, encrypted archive files (e.g. password-protected ZIP files) are blocked by placing the containing message in quarantine.

anchor link outbound

Field

Description

anchor link Allowed IP addresses

IP addresses for which the relaying is allowed.

For SC-MS365, no entry is required at this point, as the IP addresses are recorded globally and the identification is done via the tenant ID (see next line).

anchor link MS365 Tenant ID

Microsoft 365 Tenant ID.

This is - as far as possible - already automatically recognised and pre-entered during onboarding.

anchor link Originator Orgs

This information supplements the MS365 Tenant ID and is used to authenticate messages from customers using MS365.

Usually, the managed domain itself is listed here, but alias domains can also be entered.

anchor link DKIM Key

Enable / disable and enter the DomainKeys Identified Mail (DKIM) Keys.
The specified DKIM key must be correctly entered in the DNS. Otherwise, no checking is possible on the receiver side.

Via the Copy button empty, the DKIM key can be copied to the clipboard.

empty

Warning:

The DKIM signature at the mail system (for example M365) must be switched off, as messages from seppmail.cloud are changed in content by signature and encryption.

anchor link Outbound mails sig.

This option is active by default.

anchor link Subject tags signature (keywords)

seppmail.cloud uses the following default subject tags:

Subject Tags

Explanation

[plain]

Suppress any cryptographic handling for the outgoing E-mail

[sign]

Sign the outgoing E-mail

[nosign]

Suppress the signing of the outgoing E-mail

[confidential]

Encrypt the outgoing E-mail

[noenc]

Suppress the encrypting of the outgoing E-mail

[priv]

Enforce encryption of the outgoing E-mail with GINA technology

[lft]

Enforce usage of Large File Transfer (LFT)

[nolft]

Suppress Large File Transfer

[secure]

Indicator for a decrypted E-mail

[signed OK]

Indicator for a valid S/MIME signature of an incoming E-mail

[signed INVALID]

Indicator for a valid S/MIME signature of an incoming E-mail

anchor link Delivery

This option is prefilled with "seppmail.cloud Outbound".
Messages are sent according to the ordered services (SC-F-OUTBOUND or SC-MS365).

anchor link Outbound forward server

BETA

expert mode only

When a domain with parallel integration is selected, this option is available to define an outbound forward server distinct from the inbound forward server.

If left empty, the same forward server is used for inbound and outbound traffic.

anchor link Mail processing rules

Field

Description

anchor link Always use S/MIME or OpenPGP if user keys are available

for outgoing mails

Outgoing E-mails are always encrypted if a public key - whether S/MIME or OpenPGP - is available from the communication partner (recipient).

If this option is active, the sender of the E-mail has to be registered as a user if they send an E-mail to a corresponding communication partner.  Otherwise the E-mail will be rejected.

anchor link Always use GINA encryption if account exists and no S/MIME or OpenPGP key is known

for outgoing mails

anchor link Avoid RSA-OAEP for S/MIME encryption

expert mode only

for outgoing mails

anchor link Always encrypt mails with Outlook "confidential" flag set

expert mode only

for outgoing mails

anchor link Always use GINA technology for mails with Outlook "private" flag set

expert mode only

for outgoing mails

anchor link Use Incamail instead of GINA

expert mode only

for outgoing mails

anchor link Forward messages with Incamail Subject: Tags (<c> etc) directly to Incamail

expert mode only

for incoming mails

anchor link Use triple wrapping

expert mode only

for outgoing mails

anchor link Remove S/MIME signature added by sender on outgoing messages

expert mode only

for outgoing mails

anchor link Remove Outlook "confidential/private"/"private" flag on incoming messages

for incoming mails

anchor link Set Outlook "confidential" flag after decryption

for incoming mails

anchor link Remove signature if S/MIME signature check succeeds

expert mode only

for incoming mails

anchor link Remove the Disposition-Notification-To header on incoming messages

for incoming mails

anchor link Do not tag incoming messages after successful decryption

for incoming mails

anchor link Do not tag incoming messages after successful signature verification

for incoming mails

anchor link Reject incoming messages if decryption fails

for incoming mails