SMTP Relay

Prerequisite: Step 1, Domain & DNS Setup is complete and all four DNS checks are green.

What happens here: The MTA (Postfix, Sendmail, Zimbra, Kerio or similar) is configured to use Conbool as its smart host. Inbound connections from Conbool are allowed. Loop protection and spam classification are added in the MTA's own rule language. In the Setup Assistant, the Manual configuration mode is chosen.

Effort: 30 to 60 minutes.

Step A. Outbound Smart Host

In the MTA, set the following routing:

The typical knobs per MTA:

• Postfix: relayhost = [mail.conbool.com]:25, smtp_tls_security_level = encrypt, smtp_tls_secure_cert_match = nexthop
• Sendmail: define(\SMART_HOST', `mail.conbool.com')with activeSTARTTLS` and certificate validation
• Zimbra: Global Outbound SMTP settings → smart host mail.conbool.com, TLS = Required
• Kerio Connect: SMTP server → Relay SMTP server → mail.conbool.com, Use SSL/TLS

Step B. Allow Inbound Connections from Conbool

1. Allow port 25 for SMTP only from the Conbool IP addresses, i.e. firewall plus MTA restrictions.
2. Set the recipient whitelist to the hosted domains.
3. Require TLS for inbound connections, accept the certificate name mail.conbool.com.

Step C. Loop Protection and Spam Classification

In the MTA's rule language (header check, routing rule, filter plugin), implement:

• Messages with X-Conbool-<YourDomain>: true are not sent through the smart host but delivered directly.
• Messages with X-Conbool-Flag: YES go to the Spam folder, e.g. set an SCL equivalent or add X-Spam-Flag: YES.
• Calendaring messages and messages with Return-Path: <> are excluded from smart-host routing.

Done When

Back in the Setup Assistant at the Mail Server step. Enter the relay host of the inbound MTA, for example mx-internal.yourcompany.com, then click Test Connection. Status "SMTP reachable" means the connection is established.

Continue with the connection test and completion.