Do more with your Hornetsecurity Suite
All minimum settings, additional test options and other tips for onboarding from North America are available on this page. Adjusting these settings will allow to let you get the most out of your test phase.
Attention: If you are a European customer, you will need different MX records and hosts/relay servers. Please change to this page.
A successful test is impossible without an optimum setup
Are you interested in Hornetsecurity solutions and looking to test them? On this page we have compiled all the essential information you need to completely set up your trial. You will also find additional information showing you further product functions. Try it out! Our support team is also available to advise and assist you if you have any queries.
Detailled information can be found here.
Configuring the firewall
The first step is to define the accessibility of your mail server. Your firewall should be tested to check whether email delivery is actually possible. A correctly configured firewall also prevents the direct delivery of spam straight from the Internet. The following IP ranges must be approved for mail traffic:
- Range: 83.246.65.0/24 with subnet mask 255.255.255.0, corresponding to addresses between 83.246.65.1 and 83.246.65.255
- Range: 94.100.128.0/20 with subnet mask 255.255.240.0, corresponding to addresses between 94.100.128.1 and 94.100.143.255
- Range: 185.140.204.0/22 with subnet mask 255.255.252.0, corresponding to addresses between 185.140.204.1 and 185.140.207.255
- Range: 173.45.18.0/24 with subnetmask 255.255.255.0, corresponding to addresses between 173.45.18.1 and 173.45.18.255
The standard setting, unless otherwise specified, is port 25. This can be modified according to your requirements. Any TLS connections will be unaffected. Port 25 is also used for switching to TLS if this is offered by your mail server. The configuration can be checked using the Hornetsecurity firewall checker.
Attention: Customers from Europe will need other configurations. You can find them here.
Checking the control panel configurations
Once the firewall is configured to allow your mail server to receive all e-mails from Hornetsecurity, the next step is to change the MX records. Before you can do this, however, you must check the most important settings in the control panel. You have already received access credentials for the control panel in a previous e-mail. If you would like to change your password, you can reset this on the control panel login page. Solutions can be configured in the control panel. where the following points must be checked before the next step:
- Are all your alias domains set up?
- Is your mail server’s IP or hostname correct?
- Has the outgoing mail server IP address been entered and approved?
- Has the spam report been set up with your chosen delivery times?
- Is the user check set correctly?
For more information about these settings in the Control Panel, click here.
Once all these items have been correctly configured, there is nothing to stop you changing the MX records. For information on creating domains and mailboxes in the Control Panel, click here.
Additional IP Ranges for Canada
IP range | IP address | Subnet mask |
108.163.133.224 to 108.163.133.255 | 108.163.133.224 | 255.255.255.224 |
199.27.221.64 to 199.27.221.95 | 199.27.221.64 | 199.27.221.64 |
209.172.38.64 to 209.172.38.95 | 209.172.38.64 | 255.255.255.224 |
216.46.2.48 to 216.46.2.55 | 216.46.2.48 | 255.255.255.248 |
216.46.11.224 to 216.46.11.255 | 216.46.11.224 | 255.255.255.224 |
Changing the MX records
With the configurations in point 2 checked and ready for use, we can now focus on the MX record. This controls where the emails for a domain are sent. In technical terms, the sender resolves the destination domain according to the MX record and initiates a connection with the relevant host. This is where the Hornetsecurity systems make an appearance. In order for emails to be filtered and processed, they are redirected to a new destination via MX record.
For your personal setup in accordance with local data protection regulations, we offer you several options.
You can choose between different server locations for your MX setup:
USA
- MX 10 mx-cluster-usa01.hornetsecurity.com.
- MX 20 mx-cluster-usa02.hornetsecurity.com.
- MX 30 mx-cluster-usa03.hornetsecurity.com.
- MX 40 mx-cluster-usa04.hornetsecurity.com.
Canada (french version)
- mx-cluster-ca01.hornetsecurity.com.
- mx-cluster-ca02.hornetsecurity.com.
- mx-cluster-ca03.hornetsecurity.com.
Please visit this Page for european settings.
If you are unable to carry out the configuration yourself, we recommend contacting the DNS provider concerned. Depending on the DNS system, web service or provider, it may be necessary to end each MX entry with a . (period). If in doubt, please make sure to check first. Otherwise, this may cause serious problems. There is usually a waiting period of up to 24 hours which must be taken into account with any DNS-based changes, as it is possible that, during this period, not all DNS systems worldwide will know the new settings yet.
Attention: Customers from Europe will need other configurations. You can find them here.
Setting the SPF record
Another DNS setting you can configure in addition to the MX record is the SPF record. This is saved as a domain TXT record and specifies which systems are allowed to send email on behalf of the domain. It is analyzed in certain circumstances by external recipients, but also by the Hornetsecurity spam filter service, for purposes that include detecting fraud attempts such as spoofing. It is therefore very useful to modify or expand the TXT entry. The following setting is recommended:
“v=spf1 include:spf.hornetsecurity.com ~all”
Are there any other services that are allowed to send email on behalf of your particular domain? Examples might include newsletter services or ERP and ticket systems, to name just a few. This point would be a good opportunity to check them and add them to the SPF. Once again, we recommend contacting the provider concerned if you are unable to configure the settings yourself.
Setting up relaying
Relaying (email sending) completes the connection phase. This requires the external IP address to have been entered in the control panel (see section 3). The full range of email services can be used through this additional, automatically integrated service. When relaying, outgoing messages are checked for viruses or content policy compliance before being delivered to the recipient.
For relaying, Hornetsecurity uses a hostname cluster with a variety of load balancers connected: relay-cluster-usa01.hornetsecurity.com
Any questions?
Just take a look at the FAQ, where you will find many questions already answered. In the online manual you will find many explanations and setup instructions for the various services. If you still have any questions, you can contact us by email (support@hornetsecurity.com) or telephone 408-416-2585. The telephone core business hours are between 8 am and 6:30 pm.