Reflexion KBA's
Reflexion Quick Start Configuration Guide
Posted by Robert Mitchell on 15 November 2016 09:36 AM

Overview

The Reflexion Quick Start Configuration Guide (attached below) features setup tips for the Reflexion Total Control (RTC), Archiving (RADAR and RADAR Lite), and Encryption (RTCEncrypt) services.

The guide is also available as a 7.5-minute video:

https://s3.amazonaws.com/net-reflexion-marketing-videos/quick-start-guide.mp4

Basic Configuration Settings

MX Record Values

asp.reflexion.net           [Preference = 0]
mx-100.reflexion.net     [Preference = 100]
mx-110.reflexion.net     [Preference = 200]

Outbound Smart Host

Please modify your SMTP server to route all outbound mail through the following smart host:

asp-submit.reflexion.net

Exchange Access Restriction Procedure

This will lock your server down to only accept SMTP connections from Reflexion IPs. Enforcing IP restrictions is absolutely critical to complete protection of your mail server. Because hackers and spammers can bypass cloud services and target your server directly, mail servers protected by Reflexion should only accept SMTP connections from Reflexion IPs listed below and deny all other traffic:  

208.70.208.0/22 (255.255.252.0)
69.84.129.224/27 (255.255.255.224) 

Office 365 Access Restriction Procedure

For Office 365, you will need to use the following IPs: 

69.84.129.224/27 (255.255.255.224)
208.70.208.0/24 (255.255.252.0)
208.70.209.0/24 (255.255.252.0)
208.70.210.0/24 (255.255.252.0)
208.70.211.0/24 (255.255.252.0)

Subnets for LDAP on Ports 369 and 636

208.70.208.0/22 (255.255.252.0)
69.84.129.224/27 (255.255.255.224)

SPF Record

Although not essential, it can help make email delivery more reliable if you create an SPF record for your domain name. This DNS record is to comply with the Sender Policy Framework (SPF) anti-spam initiative. It identifies Reflexion servers as being approved for sending email from your domain.

 It's a TXT record, which not all DNS servers or ISP control panels can handle. But if yours can, this is the record to add:

v=spf1 mx include:reflexion.net ~all 

This is how it should appear in your DNS zone file.

Subdomains to use for optional encryption product

  1. Create the following sub-domain:
    zixvpm.yourdomain.com

  2. Create the following MX records for the new sub-domain:

    zixvpm.yourdomain.com MX preference = 10, mail exchanger = zixvpm01.reflexion.net
    zixvpm.yourdomain.com MX preference = 10, mail exchanger = zixvpm02.reflexion.net
    zixvpm.yourdomain.com MX preference = 10, mail exchanger = zixvpm03.reflexion.net
    zixvpm.yourdomain.com MX preference = 10, mail exchanger = zixvpm04.reflexion.net

  3. Repeat these steps for all enterprise domains requiring encryption.

(3 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).

Help Desk Software by Reflexion
Copyright 2004-2015 Sophos Limited or one of its affiliates. All rights reserved.