Email Protection Quick Start Guide

Transcription

Email Protection Quick
Start Guide
August 2012
Proprietary and Confidential
Email Protection User Guide
RESTRICTION ON USE, PUBLICATION,
OR DISCLOSURE OF PROPRIETARY
INFORMATION.
Copyright © 2012 McAfee, Inc.
McAfee, Inc.
9781 South Meridian Blvd., Suite 400
Englewood, CO 80112 USA
Direct +1 720-895-5700
This document contains information that is
proprietary and confidential to McAfee. No
part of this document may be reproduced,
stored in a retrieval system, or transmitted, in
Fax +1 720-895-5757
any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise) without prior written permission
from McAfee. All copies of this document
are the sole property of McAfee and must be
returned promptly upon request.
August 2012
Proprietary: Not for use or disclosure outside McAfee without written permission
2
Quick Start Checklist ................................................................................................1
Use Online Help ........................................................................................................5
Set up Your Servers .................................................................................................5
Ensure You Can Receive Email from Your Service Provider ...............................5
Set Your Password from the Sign in Page ...........................................................5
Sign into the Control Console ...............................................................................8
Reset Your Password from the Sign in Page .......................................................9
Confirm Your Primary Domains ............................................................................9
Create a Domain Alias, If Necessary ....................................................................9
Confirm Your Inbound SMTP Server .................................................................. 10
Add IP Address of Outbound Server, If Necessary ............................................ 11
Set up a Smart Host (If Outbound Email Protection is Turned on) .................... 12
Redirect Your MX Records ................................................................................. 12
Confirm the Policies for Your Domains ............................................................... 13
Activate Content Filters ...................................................................................... 14
Check Message Quarantine ............................................................................... 15
Review Reports to Check Policies ...................................................................... 17
Lock Down Your Environment ............................................................................ 17
Administer Users .................................................................................................... 18
Define How Users Log in .................................................................................... 18
Review the Current User List .............................................................................. 19
Disable User Access to the Control Console (Optional) ..................................... 19
Turn on Explicit User Creation (Optional) ........................................................... 20
Create the Remaining Users .............................................................................. 21
Create User Aliases, If Necessary ...................................................................... 24
For Email Continuity Only, Create a Batch File to Add Users and Passwords ... 25
Customize Inbound Mail Filters (Optional) ........................................................... 26
Create a Custom Policy (Optional) ..................................................................... 27
Create a New Content Filter (Optional) .............................................................. 28
Review Quarantined Mail ................................................................................... 29
Create a Group, If Necessary ................................................................................. 30
Determine Who Needs Separate Filtering .......................................................... 30
Add Users to the Group ...................................................................................... 32
Create a Custom Policy for the Group ................................................................ 34
Assign the Group to the Custom Policy .............................................................. 34
August 2012
1
Administer Disaster Recovery Services ............................................................... 34
Set up Spooling for Disaster Recovery ............................................................... 35
Set up Notifications of Disaster Recovery .......................................................... 35
August 2012
2
Quick Start Checklist
The following checklist lists the tasks you would typically perform after your Email
Protection is activated. Each task is described in more detail later in the Quick Start
Guide.
Task
Description
Set up Your Servers
Ensure You Can Receive Email
from Your Service Provider
If you had or still have a different email security or filtering
service and your network is administered so that you can receive
email only from IP addresses associated with that security service,
you must administer your network to allow incoming email from
the Control Console servers.
Sign into the Control Console
You need the URL, sign-in, and password, which you might need
to create yourself or might be provided by your Email Protection
provider in the Service Activation Guide. To set your password,
see Reset Your Password from the Sign in Page.
Confirm Your Primary Domains
•
On the Control Console, click Account Management >
Domains.
Create a Domain Alias, If Necessary
•
On the Control Console, click Account Management >
Domains. Select a domain, then click Edit Aliases.
Confirm Your Inbound SMTP
Server
•
Click Email Protection > Setup. Select a domain from the
Domain drop-down menu.
Add IP Address of Outbound
Server, If Necessary
•
•
Click Email Protection > Setup > Outbound Servers.
You must enter an IP address (for example 100.2.45.107) or a
CIDR address (for example 100.2.45.107/27).
Set up a Smart Host (If Outbound
Email Protection is Turned on)
To ensure that your outbound email is filtered, you must
designate, for each of your outbound mail servers, an Email
Protection server as your Smart Host.
Redirect Your MX Records
The Mail Exchange (MX) record for each of your mail servers is a
specification within a Domain Name Server (DNS Server)
operated by your Internet Service Provider (ISP). These records
must be changed by your ISP to fully-qualified domain names (for
example, denver.acme.com) within the Email Protection
network.
The exact changes necessary are provided by your Email
Protection provider in the Service Activation Guide.
Confirm the Policies for Your
Domains
August 2012
•
•
Click Email Protection > Policies.
Select the default inbound policy, then browse each tab for
the policy.
1
Task
Description
Activate Content Filters
•
•
•
Click Email Protection > Policies > Content.
Select a default content group, and click Update,
Click the Active checkbox, and click Save.
Check Message Quarantine
•
Click Email Protection > Quarantine. Select All Threats
and All days.
Review Reports to Check Policies
•
Click Email Protection > Reports.
Lock Down Your Environment
Five to seven days after you have redirected your MX record, and
after you have verified that email is being filtered and delivered
appropriately, restrict all IP access to your mail server with the
exception of the Email Protection subnets provided in your
Service Activation Guide.
Add IP Address of Outbound
Server, If Necessary
•
•
•
•
Click Email Protection > Setup.
From the Domain drop-down menu on the Setup page, select
the domain whose SMTP server you want to check.
— The Inbound Servers Setup page is displayed.
— The Server IP Address Range field displays the domain
name(s) or IP address(es) for the domain’s outbound
server.
Make sure the SMTP server(s) listed are valid and correct.
Ensure that all other information on the page is correct, and
select Save.
Administer Users
Define How Users Log in
1
2
3
4
Review the Current User List
1
2
3
4
5
6
Disable User Access to the Control
Console (Optional)
•
•
Turn on Explicit User Creation
(Optional)
August 2012
•
•
Click Account Management > Users > Authentication.
From the Authentication Type drop-down menu, select
Passwords.
Click More Options if you want to use a batch file to set or
change passwords for multiple users all at once.
Click Save.
Click Account Management > Users.
Review the users on the list for any invalid users.
Click Delete. if you see any invalid users.
In the Users List, look for users who are not administered on
your mail server.
Highlight each invalid user and click Add to add the user to
the Delete List.
Click Save.
Click Email Protection > Policies > Anti-Spam >
Reporting.
Select the field Allow non-admin users to login directly to
the Control Console.
Click Email Protection > Setup > User Creation Settings.
Select Explicit.
2
Task
Create the Remaining Users
Description
You can add users with any of three methods:
Manually
• Click Account Management.> Users.> Create.
With a Batch File
• Click Account Management.> Users.> Create.
• Select Batch.
Use Directory Integration
See Account Management Administrator Guide.
Create User Aliases, If Necessary
You can add user aliases with any of three methods:
Add Aliases User-by-User
• Click Account Management > Users.> Create.
• Click a user name from the list.
• Click Aliases.
Add Aliases with a Batch File
Use Directory Integration
For Email Continuity Only, Create a
Batch File to Add Users and
Passwords
If you purchased Email Continuity service at the same time as
Email Protection, you must add users to Email Protection with a
method other than SMTP Discovery. The default SMTP
Discovery method does not add users until they have received
several emails. As a result, some users might not be added for
quite some time, and therefore, those users’ email would not be
immediately available in case of disaster recovery.
See Create the Remaining Users.
Customize Inbound Mail Filters (Optional)
Create a Custom Policy (Optional)
•
Click Email Protection > Policies > New.
Create a New Content Filter
(Optional)
•
•
•
•
Click the policy you want to change.
Click Content.
Click New.
Review Quarantined Mail
•
Click Email Protection > Quarantine. Select All Threats
and All days.
Create a Group, If Necessary
August 2012
3
Task
Description
Determine Who Needs Separate
Filtering
Groups are used when there are users in the organization
whose email should be filtered according to a policy other
than the default policy. To filter email differently for a
specific group of users, you must first determine who should
be in a group.
Create a Group
•
•
Click Account Management > Groups.
Click New.
Add Users to the Group
•
On the Groups screen, select the group to which you want to
add users, then click Users.
Create a Custom Policy for the
Group
See Create a Custom Policy (Enterprise Customer Only).
Assign the Group to the Custom
Policy
•
•
•
Select the custom policy to which you want to assign a group.
Click Group Subscriptions.
Administer Disaster Recovery Services
Set up Spooling for Disaster
Recovery
You can use either Email Continuity or FailSafe for disaster
recovery. In either case, you must set up spooling.
• Click Email Protection > Setup > Disaster Recovery.
• From the Domain drop-down menu, select the domain you
want to set up for Disaster Recovery.
Set up Notifications of Disaster
Recovery
You can specify that notifications are emailed automatically to
designated recipients, typically yourself or other administrators,
when the following Disaster Recovery events occur:
Under the Notifications section of the Disaster Recovery Setup
screen, type, in the Recipient Email Address field, the email
address of a person who should receive notification of a disaster
recovery event.
August 2012
4
Use Online Help
Use Online Help
Use the online help in the Control Console to find details on the administration pages for
the Email Protection. The online help describes the purpose of administration pages, the
fields on the administration pages, and procedures that use the administration pages.
This Quick Start provides only key information on administration pages to help get you
started. The Quick Start does not provide the details on all administration fields. Instead,
you must use the online help for detailed information on administration pages and fields.
Set up Your Servers
Ensure You Can Receive Email from Your
Service Provider
If you had or still have a different email security or filtering service and your network is
administered so that you can receive email only from IP addresses associated with that
security service, you must administer your network to allow incoming email from the
Control Console servers. For example, a port in your company’s firewall may need to be
enabled to receive email from the IP addresses of the Control Console servers.
This enablement is necessary in order for you and your users to set the initial password for
access to the Control Console.
Set Your Password from the Sign in Page
Note: This capability may not be available if the user authentication method is set to
LDAP, POP3, or IMAP or if the ability to change passwords has been disabled at the
system level.
If you are signing into the Control Console for the first time, you might need to obtain a
password. If so, perform the following steps:
1
On the Sign in page, click the Forgot your password or need to create a password?
link.
The following screen is displayed.
August 2012
5
2
In the Username field, type your email address.
3
Select Email password information to me.
4
Click Next.
Set up Your Servers
You will receive an email momentarily with further instructions. Continue with Step
5.
5
Open the email message. The email subject line says Control Console Login
Information.
The email is similar to the following:
6
August 2012
Click the link in the email. The link is active for only a limited time after the email is
sent (typically, 60 minutes).
6
Set up Your Servers
7
If you previously had selected a security question, the security question is displayed.
If you had not previously selected a security question, select a question from the
Security Question drop-down menu.
8
Type the answer to the question in the Security Answer field.
9
For the Security Question field, click Change if you need to change the security
question or answer. You must answer this question when you forget your password or
need to reset it.
The Security Question and Security Answer fields are displayed. Select a question
from the Security Question drop-down menu, then type an answer.
10 In the Password field, type a password.
•
•
•
•
•
The password must comply with the following rules:
Length must be a minimum of 8 characters.
Alpha, numeric, and special character types are allowed.
There must be at least one character that differs in character type (alpha, numeric,
or special) from the majority of characters. Thus, if the password contains mostly
alpha characters, then at least one character must be either a special character or
numeric. For example, majordude is invalid, but majordude9 is valid.
Allowed special characters are:
left parenthesis ( ( )
ampersand ( & )
right bracket ( ] )
right parenthesis ( ) )
asterisk ( * )
colon ( : )
apostrophe ( `)
hyphen ( - )
semicolon ( ; )
tilde ( ~ )
plus sign ( + )
double quotes ( " )
exclamation ( ! )
equals sign ( = )
single quotes ( ' )
@
bar ( | )
less than sign ( < )
hash ( # )
backslash ( \ )
greater than sign ( > )
dollar sign ( $ )
left curly bracket ( { )
period ( . )
percentage sign ( % )
right curly bracket ( })
question mark ( ? )
caret ( ^ )
left bracket ( [ )
•
•
Spaces are not allowed.
Passwords are case-sensitive (for example, “Password”, “password”, and
“PASSword” would be different passwords).
Make sure you can remember your password, but do not use obvious passwords (for
example, “password”, your name, or a family member’s name). Keep your password
safe and private.
11 Retype your password in the Confirm Password field.
12 Click Save.
August 2012
7
Set up Your Servers
Sign into the Control Console
To administer Email Protection, you must sign into the Control Console with the
following steps:
Note: The first time you sign in, you might need to create your password. If so, see Set
Your Password from the Sign in Page.
1
Open a browser on your computer and enter the URL for the Control Console.
The URL should be identified in the Service Activation Guide you received from your
provisioner. If you don’t have the URL, contact your sales representative or Customer
Support.
2
At the Control Console Sign in page, enter your email address and password.
3
Click Sign in.
If you have not previously entered an answer to a security question, the Security
Question screen pops up.
The answer to the security question is used is used to validate you, the user, if you
forget your password.
You can later change your security question and/or security answer on the Preferences
page of your user account. See “Set User Display Preferences, Including Your Own”
in Account Management Administrator Guide.
4
Select a security question and type the answer. Your answer is not case-sensitive.
Note: If you also use the Email Protection, you can also sign into the Control Console
from a Spam Quarantine Report.
August 2012
8
Set up Your Servers
Reset Your Password from the Sign in
Page
Note: This capability may not be available if the user authentication method is set to
LDAP, POP3, or IMAP or if the ability to change passwords has been disabled at the
system level.
If you forget your password, perform the same steps as in Set Your Password from the
Sign in Page.
Confirm Your Primary Domains
A primary domain is typically, though not always, associated with a single mail server.
Let’s say your company, Acme Company, uses six mail servers, each with its own primary
domain name.
Your provisioners should have already assigned these domains within the Control
Console. You must confirm that these domains, as provisioned, match the actual domain
names within your network.
1
Click Account Management.> Domains.
The Domain Management page is displayed. The page lists the primary domains
assigned in the Control Console.
2
Make sure that the list of domains matches those established in your network. Check
with your network or mail server administrator to verify the domains.
If a domain that Email Protection should serve is missing, you must add it. Click the
Create link in the upper right of the page.
For more information, click Help.
Create a Domain Alias, If Necessary
You company also may use domain aliases. For example, acme.org and acme.net might
be domain aliases for your company’s acme.com domain so that email mistakenly sent to
addresses using acme.org or acme.net actually are sent to acme.com. You must add these
domain aliases in the Control Console to ensure email to these domains are filtered and
delivered.
August 2012
9
Set up Your Servers
1
Click Account Management > Domains.
2
On the Domain Management page, click the domain for which you want to add
aliases. In our example, you would click acme.com.
The Domain Details page is displayed.
3
Click Edit Aliases.
The Domain Aliases page is displayed.
4
Complete the Add field, and click Add.
For more information, click Help.
Confirm Your Inbound SMTP Server
Email Protection checks email destined for your inbound Simple Mail Transfer Protocol
(SMTP) email server or servers. Your provisioner should have already defined one or
more SMTP servers in the Control Console. To confirm that these servers are defined,
perform the following steps:
August 2012
1
Click Email Protection > Setup.
2
From the Domain drop-down menu on the Setup page, select the domain whose
SMTP server you want to check.
10
Set up Your Servers
The SMTP Host Address field displays the domain name(s) or IP address(es) for the
domain’s SMTP server. In our example, domain denver.acme.com has an SMTP
server with a domain name of mail1.denver.acme.com.
The Inbound Servers Setup page is displayed.
3
Make sure the SMTP server(s) listed are valid and correct.
4
Ensure that all other information on the page is correct, and select Save.
5
Repeat steps 2 through 4 for any other domains in your network.
For more information on this page, click Help.
Add IP Address of Outbound Server, If
Necessary
If your service includes Outbound Message filtering, you must identify one or more
outbound mail servers through which your users send outgoing mail. While your outbound
server might use a Domain Name Server (DNS) name within your network (for example,
lewisoutbound.acme.com), you identify the outbound sever within Email Protection with
an IP address (for example, 111.222.111.0). Alternatively, you can specify a Classless
Inter-domain Routing (CIDR) address for a range of outbound servers (for example,
111.222.111.0/27) only.
The address must be a public address.
1
Click Email Protection > Setup> Outbound Servers.
The Outbound Server Setup page is displayed.
August 2012
11
2
Set up Your Servers
Click Add New Address, and add the address of the outbound server.
Important: You or your network administrator should also do the following before or
immediately after adding your outbound server(s):
• Update Sender Policy Framework (SPF) records on your mail server(s) to ensure
only authorized sources are sending outbound email.
• Scan your network for open relays, viruses and malware.
• Refer to the Accepted Use Policy (AUP) at http://www.mxlogic.com/terms/aup/
index.cfm for information on bulk mail.
Set up a Smart Host (If Outbound Email
Protection is Turned on)
To ensure that your outbound email is filtered, you must designate, for each of your
outbound mail servers, an Email Protection server as your Smart Host. Your outbound
email is then relayed through Email Protection before continuing to its final destinations.
See your Service Activation Guide for more details.
Note: This task is performed on your outbound email server or servers, on your network
router, or on some other server, depending on your network’s configuration.
Redirect Your MX Records
The Mail Exchange (MX) record for each of your mail servers is a specification within a
Domain Name Server (DNS Server) operated by your Internet Service Provider (ISP).
Each MX record specifies a host name and preference that determines where and how
your ISP routes your company’s email.
Your MX record or records at your ISP must be changed to fully-qualified domain names
(for example, denver.acme.com) within the Email Protection network. These changes
allow Email Protection to filter your email before it arrives at your company’s mail
servers.
Your Network Administrator or Domain Registrar is typically the individual responsible
for making these changes.
August 2012
12
Set up Your Servers
The information necessary for your company to make these changes is provided in your
Email Protection Activation Guide, which you receive when you first sign up for service.
Confirm the Policies for Your Domains
Email Protection has default inbound and outbound mail filters. These filters are called
policies. The default policies are automatically assigned to each of your domains after the
domain is defined. For many companies, the default policy filters email effectively and
doesn’t require changes. However, it is strongly recommended that you review the default
policy to make sure the policy meets your needs. If the policy does not meet your needs,
you can customize the policy. For information on customizing policies, see Customize
Inbound Mail Filters.
To confirm your policies, perform the following steps
1
The list of policies is displayed. Because the same default policy applies to all
domains, you do not need to select a domain to see the default policy.
2
Click Default Inbound.
3
Click the Edit button.
4
Click each of the following tabs and review the options that are selected and those that
are available:
For information on what the all options mean, see the online help.
• Virus — Look at both the Action and Notifications tabs.
August 2012
13
•
•
•
•
•
•
Set up Your Servers
Spam — Look at all three tabs — Classification, Content Groups, and Reporting.
Content — Look at all four tabs — Content Groups, Notifications, HTML Shield,
and ClickProtect.
Attachments — Look at the following three tabs — File Types, Filename
Policies, and Notifications.
Allow/Deny — Look at the following three tabs —Sender Allow, Sender Deny
and Recipient Shield. a
Notifications — Look at all three tabs — Virus, Content, and Attachments.
Group Subscriptions
Activate Content Filters
By default, the Profanity, Racial Insensitivity, and Sexual Overtones email content filters
within the default inbound policy are inactive. If you choose not to customize your
inbound policy (see Customize Inbound Mail Filters (Optional), you should activate these
content filters in the default Inbound Policy.
1
2
Click Default Inbound.
3
Click Content.
The Content Groups screen is displayed.
4
Select Profanity, and click Edit.
The Edit Content Group Policy section is displayed.
August 2012
14
5
Set up Your Servers
Click the Enable checkbox, then click Save.
Check Message Quarantine
To ensure Email Protection is filtering email messages in a way that is acceptable, check
the email messages that appear in the Message Quarantine areas.
To check the quarantine, perform the following steps:
1
August 2012
Click Email Protection > Quarantine.
15
Set up Your Servers
2
From the Threat drop-down menu, select All Threats.
3
From the Day drop-down menu, select All Days.
4
From the Direction drop-down menu, select Inbound or Inbound and Outbound if
you also use outbound email filtering.
5
Click Search.
The list of quarantined messages is displayed at the bottom of the screen.
6
Review the type of threat of each message, as well as the sender, recipient, and
subject.
7
To view more detail about a message, hover your cursor over the From column of the
message.
Different information is displayed depending on the type of violation incurred.
• For a SPAM violation, you see the SPAM score.
• For an attachment violation, you see the attachment name that invoked the
violation.
• For a virus violation, you see the Virus name that invoked the violation.
• For a content violation, you see the Content Keyword that invoked the violation.
August 2012
8
Ensure that messages from senders of “desired” organizations are not being
quarantined unnecessarily. Those sender addresses may be added to the Policy-level
Allow List.
9
Ensure that senders from “undesired” organizations can also be determined by
Message Quarantine monitoring, and those senders can be added to the Policy-level
Deny List.
16
Set up Your Servers
Review Reports to Check Policies
To ensure Email Protection is filtering email messages in a way that is acceptable, review
the various service mail flow statistical reports.
To review reports, perform the following steps:
1
Click Email Protection > Reports.
2
From the Report drop-down menu, select a report.
3
From the Period calendar, select the month whose data you want to view.
4
Check the reports for data such as the following:
•
•
•
Threats encountered
Messages released from the Quarantine
Inbound server connections
If you want to customize your policies, see “Customer Mail Filters” in Email Protection
Administrator Guide.
Lock Down Your Environment
Five to seven days after you have redirected your MX record, and after you have verified
that email is being filtered and delivered appropriately, restrict all IP access to your mail
server with the exception of the Email Protection subnets provided in your Service
Activation Guide. This action ensures that no mail is presented to your mail server without
filtering. See your Service Activation Guide for more details.
Note: This task is performed on your inbound email server or servers or on your network
firewall server.
August 2012
17
Administer Users
Administer Users
Define How Users Log in
You can use one of four methods for authenticating users when they log in:
•
•
•
•
Passwords
LDAP
POP3
IMAP
The latter three methods cause the Account Management software to query a server for
user credentials. If you select one of these latter three authentication methods, see “Define
How a User Logs in” in Account Management Administrator Guide.
Note: If you plan to use the User Synchronization process to add users, it is
recommended that you use LDAP User Authentication since this method allows you
to take advantage of Active Directory and can save you a lot of time.
Passwords Authentication means that users log into the Control Console with the standard
user name and password method.
If this authentication method is selected, each user must have a defined user account with
a non-null password in the Control Console.
Note: This feature does not affect users logging in by clicking a hyperlink in the
Email Protection Spam Quarantine Report.
August 2012
1
Click Account Management > Users > Authentication.
2
From the Authentication Type drop-down menu, select Passwords.
3
Click More Options if you want to use a batch file to set or change passwords for
multiple users all at once.
18
Administer Users
Only passwords for users in the domain currently being viewed can be changed. Only
passwords for users who have a role less than or equal to your own can be changed.
Note: Depending on your role, this area may or may not be accessible.
4
See the online help for more information.
Review the Current User List
The default method for adding users to Email Protection is SMTP Discovery. SMTP
Discovery is a method in which Email Protection checks incoming messages for
recipients, and if multiple messages are addressed to the same recipient, that recipient is
added to the system as an Email Protection user. As a result, there may be user accounts
initially added in the Control Console that do not actually exist on your mail server.
Administrators are encouraged to delete these invalid User Accounts.
To delete invalid users, perform the following steps:
1
2
In the Users List, look for users who are not administered on your mail server.
3
Highlight each invalid user and click Delete.
Note: Each selected user stays selected and is added to the Delete List when you click
Delete.
4
Click Delete when the confirmation window is displayed.
Disable User Access to the Control
Console (Optional)
Users can access quarantined email by clicking on the links within the Spam Quarantine
Reports that they receive. By default, users also can log into the Control Console to create
Allow or Deny lists or customize their Email Protection notifications and displays. To
prevent Control Console access to users, you must disable this access.
To disable user access to the Control Console, perform the following steps:
1
August 2012
Click Email Protection > Policies > Spam > Reporting.
19
Administer Users
2
Unselect the field Allow non-admin users to login directly to the Control Console.
3
Click Save.
Turn on Explicit User Creation (Optional)
The default method for populating users in Email Protection is SMTP Discovery. SMTP
Discovery automatically adds a user within Email Protection after Email Protection
receives several incoming emails for that user.
At times, email incorrectly addressed to a user that does not exist in your email system can
cause invalid users to be added to Email Protection. Therefore, it is strongly recommended
that you set the User Creation option to Explicit, which you can do at any time. Explicit
requires you to add email users using one of the methods provided within Account
Management, including:
August 2012
•
•
•
Batch file
Directory Integration
Manual user creation.
1
Click Email Protection > Setup > User Creation Settings.
20
Administer Users
2
Select Explicit.
3
Under When a recipient is invalid, select an option to handle messages when the
recipient is not a valid user.
4
Click Save.
Create the Remaining Users
You can add users with any of three methods:
•
•
•
Use Directory Integration — This is the recommended method if your email server
uses Active Directory. You cannot add passwords with this method.
For more information on Directory Integration, see “Add Users with Directory
Integration” in Account Management Administrator Guide.
Add Users Manually — This is the simplest, but most time-consuming, method. You
can also add passwords with this method.
Add Users with a Batch File — This method requires you to create a text file with user
addresses. You cannot add passwords with this method.
Add Users Manually
Note: Email addresses might already exist if your service already includes Email
Protection or Web Protection.
1
August 2012
Click Account Management > Users > New.
21
Administer Users
2
In the Creation Modes drop-down list, select Individual.
3
See the online help for how to complete the remaining fields for adding users.
Note: Group administration currently applies only to Email Protection and Web
Protection. If you are using Message Archiving as a standalone application, ignore the
Group Membership field.
Add Users with a Batch File
You can upload a text file that is a batch file of email addresses, aliases, and usernames.
Note: If you are also adding alias email addresses, you can include them in the batch file.
If you add users with a batch file, but do not add aliases at the same time, and later you
want to add aliases with a batch file, you must re-add the users along with the aliases. See
Create User Aliases, If Necessary.
August 2012
1
Open a text editor, for example Notepad, to create your file of addresses.
2
On the first line of the file, type the primary domain address for a user, followed by a
username separated by commas, and any other alias addresses desired separated by
commas. See the following example:
22
Administer Users
•
The username can include a domain name with the format
<domain>\<username>, for example: acme\joesmith,en_US. The domain
portion can contain 1-15 alphanumeric characters as well as the following
symbols (no spaces): ! @ # $ % ^ & ( ) - _ ' { } . ~
• If the local name, or handle, portion of an email address contains commas, you
must enclose that portion of the address in double-double quotes ("" "").
Example: ""smith,j""@acme.com,joesmith,[email protected],
[email protected], [email protected]
• If you do not include a username for a user, you must still include the commas to
specify that there is no username.
Example: [email protected],,[email protected]
• Up to five aliases can be created per user, depending on your company’s
configuration.
Note: If your company is using Intelligent Routing, you can also enter public domain
addresses. See Intelligent Routing User Guide for more information.
3
Press the Enter key or an equivalent key to create a hard return and start a new line in
the file.
4
Create one line of addresses per user. Email addresses must be unique.
5
Save the file to your computer’s hard drive with a filename of your choice. The file
size can be up to 100 KB.
6
Click Account Management > Users > New.
7
From the Creation Mode drop-down list under Create Users, select Batch.
The New Users window changes to show batch creation fields.
August 2012
23
8
Administer Users
See the online help for how to complete the remaining fields for batch creation.
The alias recipient names are automatically added as alias addresses with the primary
domain.
Create User Aliases, If Necessary
User aliases might be administered on your email server to provide alternative email
addresses for your users. For example, Joe Smith might have a primary email address of
[email protected] and alias addresses of [email protected] and
[email protected]. If your users have aliases on your mail server, it is
recommended that you add these aliases to the Control Console. By adding aliases, you
ensure that:
•
•
•
Email Protection can consolidate emails received for multiple addresses into a single
set of quarantine areas (Virus, Spam, Content, and Attachments).
Email Protection sends a single Spam Quarantine Report to the user for all
quarantined spam emails. The Spam Quarantine Report and any emails released from
any quarantine are sent to the primary email address.
Email Protection can filter the emails received for the alias addresses with the same
policies defined for the primary email address.
You can add aliases in one of three ways:
•
•
August 2012
Add Aliases User-by-User — Use the Alias Addresses screen.
Add Aliases with a Batch File — See Add Users with a Batch File.
24
•
Administer Users
Use Directory Integration — This is the recommended method if your email server
uses Active Directory. You cannot add passwords with this method.
For more information on Directory Integration, see “Add Users with Directory
Integration” in Account Management Administrator Guide.
Add Aliases User-by-User
1
2
Click a user name from the list.
3
Click Aliases.
The screen lists all existing alias email addresses.
4
Type an alias prefix into the Alias Address field.
5
In the drop-down list that follows the “@” sign, select the domain of the user address.
For example, if the email address you want to enter is [email protected],
you would only need to type joesmith in the field, then select denver.acme.com in
the drop-down list.
Caution: When a domain is deleted from the Control Console, users in that domain,
including users’ alias addresses, are deleted. These deletions occur even for alias
addresses that have a different domain name.
6
Click New.
The Date Created column displays the word Pending. The user must access that email
and access a link provided in the email in order for the alias to become active in the
Control Console.
7
Click Apply.
8
Notify the user to access the email labeled Alias Email Address Authorization that
was sent to the alias address. The user must click the link embedded in that email.
For Email Continuity Only, Create a Batch
File to Add Users and Passwords
If you purchased Email Continuity service at the same time as Email Protection, you must
add users to Email Protection with a method other than SMTP Discovery. The default
SMTP Discovery method does not add users until they have received several emails. As a
result, some users might not be added for quite some time, and therefore, those users’
email would not be immediately available in case of disaster recovery.
See Create the Remaining Users.
August 2012
25
Customize Inbound Mail Filters
(Optional)
You can customize the default inbound policy for groups of users to fit your business
needs.
To create and use custom policies, you must create a group or groups of users, and for each
group, you can create a custom policy. A group can be created according to domain
membership (see Figure 6) or according to any other user characteristics that may apply
across multiple domains (see Figure 7). For procedures, see Create a Group (Enterprise
Customer Only)).
Note: Because a group defined can contain users from different domains, a group policy
does not necessarily apply to a domain, but rather to the group of users to which it is
defined. A custom group policy supersedes the default policy that is assigned to all
domains.
Figure 9: Enterprise Custom Policy Assignment (Groups by Domain)
Figure 10: Enterprise Custom Policy Assignment (Groups by Other Attributes)
August 2012
26
Create a Custom Policy (Optional)
1
2
Click New.
The New Policy Set fields are displayed.
3
See the online help for more information on completing the fields.
4
Click Save.
The Policy Sets list is updated with the new policy. You can now modify the new
policy to meet your business needs. See Create a New Content Filter, which is a
typical portion of a policy that is customized. For all other aspects of customizing your
policies, see online help or Email Protection Administrator Guide.
August 2012
27
Create a New Content Filter (Optional)
A policy component that is typically customized is the content filter. The content filter
does the following:
•
•
•
•
Blocks or quarantines the email that contains prohibited keywords.
Notifies the sender or recipient when an email has been quarantined or blocked.
Blocks HTML malicious tags or prohibited images.
Manages the ability for users to click on links in email.
To create a new policy content filter, perform the following steps:
1
2
3
Click Content.
4
Click New.
The New Content Group Policy fields are displayed.
5
In the Group Name field, type the name of your content group.
6
In the Keywords field, type words for which you want Email Protection to filter
email.
Note: Each keyword or phrase you want to filter must be followed by a hard return.
See the online help for more keyword formatting information.
7
August 2012
From the Action drop-down menu, select an action to take on the emails that are in
violation. See the online help for more information.
28
8
If desired, select a silent copy option. You can choose None or a previouslyconfigured distribution list to which to send a copy of any email that violates the
content restrictions. Distribution lists for this option are configured from Account
Management > Customers > Distribution Lists.
9
Select Enable to turn on filtering for this content group.
To customize a policy’s content filter, perform the following steps:
1
2
3
Click Content.
4
Click on a default content category you want change and click Edit.
The Edit fields are displayed.
Note: You cannot change keywords in a default content group.
5
From the Action drop-down menu, select an action to take on the emails that are in
violation. See the online help for more information.
6
If desired, select a silent copy option. You can choose None or a previouslyconfigured distribution list to which to send a copy of any email that violates the
content restrictions. Distribution lists for this option are configured from Account
Management > Customers > Distribution Lists.
7
Select Active to turn on filtering for this content group.
Review Quarantined Mail
Review quarantined email of your users to ensure the following:
•
•
Messages from senders of desired organizations are not quarantined unnecessarily.
These sender addresses may be added to the Policy-level Allow List.
Senders from undesired organizations are quarantined. These sender addresses can be
added to the Policy-level Deny List.
As a customer administrator, you can view quarantined mail from all users. Personnel with
domain administrator and quarantine manager permission can also review all user
quarantine messages.
To review quarantined mail, perform the following steps:
August 2012
1
Click Email Protection > Quarantine.
2
From the Threat drop-down menu, select All Threats.
3
From the Day drop-down menu, select All Days.
4
From the Direction drop-down menu, select Inbound or Inbound and Outbound if
you also use outbound email filtering.
5
Click Search.
29
The list of matching messages is displayed.
6
Review the type of threat of each message, as well as the sender, recipient, and
subject.
7
To view more detail about a message, hover your cursor over the From column of the
message.
Different information is displayed depending on the type of violation incurred.
• For a SPAM violation, you see the SPAM score.
• For an attachment violation, you see the attachment name that invoked the
violation.
• For a virus violation, you see the Virus name that invoked the violation.
• For a content violation, you see the Content Keyword that invoked the violation.
Note: From this screen, you can also release mail from quarantine so the email returns to
the users inbox, or you can delete quarantined mail. For more information, see the online
help or Email Protection Administrator Guide.
Determine Who Needs Separate Filtering
Groups are used when there are users in the organization whose email should be filtered
according to a policy other than the default policy. For example, you might have a support
group that needs to receive email from a wide variety of customers, some of whom might
send many advertisements via email. In this case, email from those customers might be
blocked periodically by the default policy. In this case, you can create a group within
Email Protection for Support, then create a new policy just for Support.
Creating and applying groups is a three step process:
1
Create a new group.
2
Assign individual User Accounts to the group.
3
Create a new policy with special email filtering rules and associate the group to the
policy.
Once completed, the users in the group will have their email filtered according to the
newly created policy, instead of the email filtering rules in the default policy.
Note: All users who are not assigned a group continue to receive email according to the
default Email Protection policy. Also, users from up to three different domains can be
assigned to the same group. Finally, a user can belong to only one group.
To create a group, perform the following steps:
Note: You must be a Customer Administrator to create a group.
1
Click Account Management > Groups.
The Groups List window is displayed.
August 2012
30
2
Click New.
3
In the Group Name field, type a unique name for the group.
In our example, type Sales.
The following rules apply for the group name:
• The group name is not case sensitive, so Sales and sales would be considered the
same name.
• All characters are allowed.
• The name must contain at least 1 character and no more than 255 characters.
• Each group for a customer must have a unique name.
August 2012
31
4
In the Description field, type the purpose of the group and a high-level description of
who is in it.
For example, type Extensive allow list for customers. Includes all support
associates.
5
Click Save.
The group is added to the Group list.
Note: You can change the group name or description later by selecting the group from
the Group Management window and clicking Edit. Even though you change the name
of the group, the group’s policy assignment stays the same.
Note: You can remove a group by selecting the group from the Group list, clicking
Delete, and then clicking Delete again. The group is also removed from assignment to
the policy it was assigned to. Users in the group immediately begin having their email
processed by the default policy for domains.
Add Users to the Group
1
From the Group list window, click the group to which you want to add users, then
click Edit.
The Group Details window is displayed.
The Group ID is a system internal identification automatically assigned to the group.
2
Click Members.
A list of users available for the group is displayed. If there are multiple pages of users
available, the page number of the user list, along with page forward and page
backward buttons, are shown.
August 2012
32
3
If the list is large, filter the list in either or both of two ways:
•
•
4
From the drop-down menu next to the Filter field, select one of the following:
—Users not in a group — Only users that are not already assigned to a group
are listed. This is the default filter.
—All Users — All users in the domain are listed.
—Users not in this group — Users that are assigned to a different group than
the one you are setting up, as well as users that are not assigned to any
group, are listed.
With the Filter search filter, perform the following steps:
i In the Filter field, type the text you want to search for.
ii Type a string of one or more characters that appear somewhere within the user
or users’ names. For this search, you can also use the percentage sign (%) for
a wildcard search. For example, s%p could find skip, sample, soap, or supply.
iii Click Filter.
The list of users is displayed.
Select the name of a user you want to add to the group. You can also do either of the
following:
•
•
5
Press the Ctrl key on your keyboard and select multiple users to add at one time.
Select Available Users to add all users listed on the page at once.
Click Add to add the users you selected on the page or click Add All to add all users
on all pages of your filtered search.
The users you selected are added to the Selected Users list.
6
August 2012
Repeat steps 3 through 5 for all users you want to add to the group.
33
7
Click Apply.
Create a Custom Policy for the Group
See Create a Custom Policy (Optional).
Assign the Group to the Custom Policy
1
2
Select the custom policy to which you want to assign a group.
3
Click Group Subscriptions.
The Policy Configuration Groups screen is displayed.
4
Select the group you want to assign.
5
Click Add.
For more options regarding groups, see the Account Management Administrator Guide.
Administer Disaster Recovery
Services
Disaster Recovery Services consists of one of two services:
•
August 2012
Fail Safe — Fail Safe saves messages for later delivery if your mail server becomes
unavailable. When your mail server becomes available, Fail Safe delivers the
messages. Users cannot access their messages while messages are in Fail Safe only.
34
•
Fail Safe has an unlimited amount of storage capacity but removes messages that have
been in Fail Safe storage for more than 5 days.
Email Continuity — Email Continuity saves messages for later delivery if your mail
server becomes unavailable. When your mail server becomes available, Email
Continuity delivers the messages. Users can access their messages through a Webbased interface while messages are in Email Continuity only.
Email Continuity also has unlimited storage capacity and removes messages that have
been in Email Continuity storage for more than 60 days.
Either of these services are optional and available at additional cost. Contact your sales
person for more information.
Set up Spooling for Disaster Recovery
1
Click Email Protection > Setup > Disaster Recovery.
2
From the Domain drop-down menu, select the domain you want to set up for Disaster
Recovery.
3
In the Configuration Settings section, select one of the following options:
•
•
Automatic — This option automatically spools all incoming email when Email
Protection detects a loss of connectivity with your email server(s). With this
option, you must also specify how long Email Protection should wait after
connectivity is lost to begin spooling.
Note: It may take several minutes to determine that your inbound server is
unavailable. During this time, and during the time delay, received emails can be
temporarily failed if your inbound server is unavailable
Manual — This option allows you to start and stop Disaster Recovery spooling
manually for planned email server outages such as server maintenance.
When necessary, you then select Start Spooling to initiate manual spooling; and
select Stop Spooling to stop it.
Note: It may take a few minutes for manual spooling of incoming mail to start and
stop.
4
If you selected the Manual option, check the Deliver spooled email when
connectivity is available box to deliver spooled email when connectivity to the email
server(s) is restored.
5
If your service includes Email Continuity, check the checkbox Allow users to use
Email Continuity to set the default permission for users to get messages through
Email Continuity. This setting applies to the domain. You can override this setting on
the Disaster Recovery screen under Policies if you have some groups that you don’t
want to allow access.
Set up Notifications of Disaster Recovery
You can specify that notifications are emailed automatically to designated recipients,
typically yourself or other administrators, when the following Disaster Recovery events
occur:
August 2012
35
•
•
•
Automatic spooling has started
Automatic unspooling has started
Automatic or manual unspooling has completed.
1
Under the Notifications section of the Disaster Recovery Setup screen, type, in the
Recipient Email Address field, the email address of a person who should receive
notification of a disaster recovery event.
Note: In order to minimize the possibility that Disaster Recovery notifications cannot
be delivered to listed recipients, it is recommended that notifications be sent to email
addresses associated with cell phones or pagers.
August 2012
2
Click Add.
3
Repeat steps 1 and 2 for up to three more notification recipients.
36

Email Protection Quick Start Guide

Transcription

Similar documents

brochure

iPhone Instructions - New Albany Schools website

FS 1000 Owners Manual

ordering instructions mail order

Silego Technology - Globalpress Electronics Summit

Service Request - MEDI

has royalty free clip art images to use for business cards or brochures.

Cybex Trazer

We`ll help you get rid of junk mail! Please place unwanted catalogs

OWA Mail Overview