Netmail Secure 5.2 Administration Guide

Transcription

Netmail Secure 5.2
Administration Guide
Netmail Secure Administration Guide
Netmail Secure is a Linux-based self-managed email security solution that can be used with any messaging and collaboration system, including
Netmail Server, Novell GroupWise, Microsoft Exchange, IBM Lotus Notes, and Domino. Netmail Secure integrates anti-spam, anti-virus, content
filtering, data leak prevention and attachment blocking in a single solution that provides total protection to stop email threats from impacting your
organization and compromising security.
Table of Contents
Introducing Netmail Secure
Feature Overview
Component Overview
Netmail Secure Clustering Scenarios
How Netmail Secure Processes Mail
Netmail Secure Single Node Deployment
Netmail Secure 3 Node Deployment
Netmail Secure Multi-Node Cluster Setup Best Practices
Storage Considerations
Netmail Secure Virtual Messaging Firewall
System Information
Deploying Netmail Secure VMF
Performing the Bootstrapping Sequence
Launching the Netmail Secure Setup Wizard
Logging in to the Netmail Administration Console
Configuring Domains, Groups and Users
Creating Domains
Administering Domains
Assigning Domain-Level Policies
Managing Users and Groups
Editing Allow and Block Lists
Editing Domain-Level DSN Messages
Editing Domain-Level DKIM Signatures
Editing Domain Configurations
SMTP Modules
AntiMasking Module
DBL Module
GreyList Module
Limits Module
Lists Module
NSRL Module
Protocol Filter Module
RBL Module
RDNS Module
SPF Module
Policy Planning, Configuration and Management
Policy Overview
Alias Policy Configuration and Management
Anti-Spam Policy Configuration and Management
Anti-Virus Policy Configuration and Management
Attachment Blocking Policy Configuration and Management
Content Filter Policy Configuration and Management
Executive Reports
Lists Policy Configuration and Management
Mail Route
Outbound Limits Policy Configuration and Management
Quarantine Management
Quarantine Actions Policy
Quarantine Management Policy
Quarantine Management Agent
Quarantine Reports Policy
Quarantine Access
Warp Drive Agent
Queue Server
Advanced System and Agent Configuration
Spools
Configuring your Netmail Secure Host Cluster
IMAP Agent
SMTP Agent
Alerts Agent
Creating Netmail Secure Alerts
Sender Verification Agent
Rules Agent
2
Copyright © 2013, Messaging Architects. Updated: 10/05/2013
SURBL Agent
POP Agent
Notifications
The Netmail Secure Node Dashboard
Using the Node Dashboard
System
Traffic
Policy Engine
Logs
Message Tracking
Troubleshooting
License Information
Version Information
Backup
Change Password
Diagnostics
Search
Appendix A - Configuring Netmail Secure with Your Email System
GroupWise GWIA Configuration
Lotus Domino SMTP Configuration
Lotus Domino LDAP Configuration
Enabling Internet Passwords for Access to the Quarantine
Appendix B - Custom Policies
Sample Email Compliance Policy for Financial Institutions
Sample Email Compliance Policy for Educational Institutions
Sample Email Compliance Policy for Corporate Organizations
Sample Email Security Policy
Sample Group Policy
3
Introducing Netmail Secure
Netmail Secure’s 100% policy-driven management platform helps organizations create customized rules for enforcing corporate and regulatory
compliance with enterprise email security policies. Leveraging Netmail directory services, the web-based Netmail Administration Console provides
a single point of administration to facilitate large-scale deployments. Netmail Secure supports clustering and load-balancing to ensure a truly
enterprise-level performance and high availability of your messaging system at all times.
Designed to increase the overall security of your messaging and collaboration system, Netmail Secure is available as a virtual appliance. The
Netmail Secure appliance has an intuitive browser-based interface designed to manage security and network access locally and remotely.
Appliance Benefits:
Auto-updateable anti-spam signatures and anti-virus definitions.
Improved performance due to tighter hardware integration and optimization.
Higher security with a hardened operating system.
Improved control with enhanced logs and statistics right on your desktop.
Higher and quicker ROI due to reduced integration costs and faster deployment.
Feature Overview
Netmail Secure is a policy-based email firewall solution that is compatible with any SMTP email server and provides you with an intelligent
approach to Email Risk Management. It integrates advanced, multi-layered anti-spam with state-of-the-art anti-virus protection, content filtering,
attachment blocking and security policies. Netmail Secure is a highly scalable modular solution: its components can be located on a single
Netmail Secure server or distributed individually or in groups across multiple servers to provide both fault tolerance and load balancing for the
Netmail Secure platform. Netmail Secure’s built-in clustering abilities lets server nodes detect and cluster together for maximum performance and
uptime. Within a cluster, a master node will detect if other nodes are overloaded and impacting performance, and then re-distribute the workload
between servers in a cluster ensuring better resource utilization.
Key Features and Benefits
4
Features
Benefits
100% Policy-Based Management
Define customizable corporate email security policies that can be
applied at the domain, group, or end-user level to allow organizations
to define their email security rules centrally.
Directory-Enabled Service
Stores all policy information in an enterprise class directory, providing
a single point of administration for configuring and managing email
security policies across the entire organization.
Highly Scalable Modular System Architecture for Unmatched
Performance and Stability
Components can be located on a single server or distributed across
multiple servers to provide fault tolerance and load balancing.
Built-in Application-Layer Clustering
Guarantees superior performance and scalability of the messaging
infrastructure with the necessary level of fail-over required. Requires
no third-party software, customization or professional services to
implement clustering.
Zero Administration
Translates into a fully automated, auto-updated messaging platform
that requires no ongoing configuration, no administration and no fine
tuning.
Advanced Virus Technologies
Allows users to choose between multiple dedicated auto-updated virus
engines to protect the messaging and collaboration system from
email-based threats, such as viruses, worms, Trojans, spyware,
phishing and other unwanted email.
Multi-Tiered Anti-Spam Defense
Provides multiple auto-updated Xtreme Content Filter anti-spam
engines that use advanced pattern recognition and SURBL anti-spam
technology. All engines detect and block spam in any language and
are highly effective against image-based spam, snowshoe spam, and
PDF spam. The new XCFSURBL engine scans messages for URI
hosts listed on SURBLs.
Content Filtering and Deep Content Analysis
Supports Deep Content Analysis and the use of Regular Expression
Searching (RegEx) which provides a way to search for advanced
combinations of characters and prevent data leaks.
Enhanced Attachment Blocking
The Attachment Blocking feature in Netmail Secure has been
enhanced to allow organizations to define and enforce acceptable-use
policies to help organizations control the flow of message content and
attachments. Netmail Secure can be used to identify and prevent a
wide variety of inbound and outbound policy violations—including
sensitive and confidential data, offensive language, maximum
message size, allowable attachment type and size, and many more.
Reputation Protection with Outbound Limits
The Outbound Limits feature allows administrators to monitor outgoing
mail for any suspicious activity resulting potentially from an email
account being compromised.
Enhanced Message Tracking
The Message Tracking feature allows administrators to quickly
determine the status or whereabouts of both inbound and outbound
email messages.
Allow / Block Host Functionality
Allows administrators to dynamically block or allow a range of IP
addresses.
Name Server Reputation List (NSRL)
Name Server Reputation List is an SMTP module that blocks
messages at the connection and content levels. The NSRL Module
functions similarly to the RBL and GreyList modules, except that it
blacklists name servers that are spammer-friendly and marks all the
domains hosted by those name servers in email links as spam.
Route Objects
Through the creation of Delivery and Authentication policies, the
Route Objects feature of Netmail Secure allows you to authenticate
messages to multiple destinations. More specifically, it allows for
multiple relay addresses and multiple authentication addresses. For
example, if you have a domain hosted on both Novell GroupWise and
Microsoft Exchange, you can create a delivery and authentication
route for GroupWise and another delivery and authentication route for
Exchange.
Greylisting
Preserves system resources by temporarily rejecting email from
suspicious senders.
Network-Level Real-Time Perimeter Protection Specialized Layers to
Analyze Message Content, IP Header Information, Envelope
Information and Source Domain
Blocks DoS, OpenRelay and harvesting attacks.
Web-Based Administration Console
Allows administrators to plan, configure and implement corporate-wide
email security policies using the intuitive, easy-to-use Netmail
interface.
Web-Based Quarantine
A web-based application providing end users with real-time access to
quarantined email through the Internet or via IMAP.
Netmail Secure Perimeter Protection
By using a platform-independent multi-layered anti-spam and anti-virus defense with advanced SMTP security options, Netmail Secure is a
complete email firewall that blocks scan attacks and uses authentication to accurately identify recipient email addresses for incoming messages.
Netmail Secure also blocks messages based on real-time blacklists (RBL), limits the number of simultaneous connections and rejects connections
from specified addresses or IPs.
Netmail Secure is compatible with any SMTP-based mail server. The gateway is deployed safely behind the corporate firewall through a single
connection, effectively enhancing server security. Netmail Secure provides gateway intelligence that features unique user-aware
pre-authentication to identify whether incoming messages are destined for valid users on your system. All incoming messages to invalid users are
turned away at the perimeter thus reducing the overhead of processing non-deliverable messages.
5
The mail gateway component of Netmail Secure provides the receipt and local delivery of all your Internet mail. The process is transparent to the
email server.
Understands Simple Mail Transfer Protocol (SMTP) and Extended SMTP (ESMTP).
Restriction of incoming messages based on size.
Efficient multi-thread worker-pool threading model for high-speed reception.
Validation of Sending Host using Reverse DNS, Domain name validation, or Sender Policy Framework.
Restriction of Sending Host through Real-Time Black Lists, Name Server Reputation Lists, Internet Domain Name, and IP Restriction
Lists.
User Pre-Authentication
Validates recipient addresses against the destination mail system to reduce receipt of invalid messages.
Dynamically creates and maintains a cached user list of all valid users for the destination mail system(s).
Block scan attack
Limit the maximum number of invalid recipients.
Slowdown or block IP addresses.
Cache connections by number of entries and lifetime.
Administrator-specified list of IP addresses which automatically block mail from these hosts.
Component Overview
Netmail Secure is modular to provide flexibility without compromising email security and consists of several components that can be implemented
depending upon the needs of your organization.
SMTP Modules
The SMTP Modules feature performs various security functions at the SMTP level.
Greylisting
Temporarily rejects any email from any sender it does not recognize. Legitimate email servers will attempt to resend the message again
after which Netmail Secure will accept the second transmission. Greylisting provides protection against spam scripts that do not attempt
to resend messages.
Allow Lists
Administrator-specified list of IP addresses which automatically bypasses reverse DNS lookup and RBL lookup.
Real-Time Blacklists (RBLs)
Lookup SMTP hosts in Real-Time Blacklist (RBL) hosts.
Administrator-specified RBL hosts.
Exclude trusted IP addresses from lookup.
Cache RBL lookup results.
Blocks messages at the connection and content levels.
Blacklists name servers that are spammer-friendly and marks all the domains hosted by those name servers in email links as spam.
Reverse DNS
Perform reverse DNS lookup for the SMTP host.
Cache DNS lookup results.
Connection Limits
Limit connections by total number of connections to host based on percentage of mail by category.
Limit connections by simultaneous connections from single IP.
Specify system-wide connection limits.
Specify IP addresses for which no limits are applied.
Reject all incoming mail from specified hosts or IP addresses.
6
Anti-Phishing/Spoofing Protection (SPF)
Checks with the sender’s DNS server to look for IP class or domain name forgery.
Sender ID
Based on SPF and caller ID, Sender ID rejects emails with a forged or “spoofed” MAIL FROM.
Scan Attack
Limit the maximum number of invalid recipients.
Slowdown or block IP addresses.
Protocol Filtering
Filter messages at the protocol level.
Block messages based on the following header fields: To, From, Subject, Received, Helo/EHLO, Mail From, Rcpt To and
X-Advertisement.
Mail Relaying
Limit mail relaying to trusted hosts or domains.
Processes outbound messages from the mail server.
Trusted IPs
Administrator-specified list of IP addresses which automatically bypass Block scan attack filter, reverse DNS lookup and RBL lookup.
Policy Engine
The Policy Engine allows organizations to create policies to scan email content to meet both security and compliance requirements. Applicable to
both inbound and outbound email, Netmail Secure provides automated enforcement of corporate email policy to protect organizations from
litigation or compromise of reputation and integrity.
The Policy Engine is the core component of Netmail Secure that creates, manages and enforces email security policies to ensure that the network
remains secure, compliant and highly available at all times. The Policy Engine facilitates the implementation of corporate-wide email security by
using pre-defined policies that can be specified at the domain, group or end-user level. These policies are customizable to allow organizations to
define their email security rules centrally. The web-based Netmail Administration Console facilitates the implementation of these policies with its
intuitive, easy-to-use interface.
With the Policy Engine, system administrators can create:
Comprehensive Anti-Virus and Anti-Spam policies that process messages according to pre-defined specifications, such as quarantine,
delete or tag and deliver spam messages. For more information, see “Anti-Virus Policy Configuration and Management” and “Anti-Spam
Policy Configuration and Management”.
Policies that automatically send customized notification messages to both sender and recipient regarding blocked message content. For
more information, see “Notifications”.
Executive Report policies that automatically send customized executive reports containing event information to designated individuals
inside your organization. Executive Reports can be configured to show how many email messages containing viruses, spam, blocked
attachments or other filtered email is being trapped by Netmail Secure. For more information, see “Executive Reports”.
Policies that send customized quarantine reports containing event information to designated individuals inside the organization in the
form of an administrator-sent email message at regularly scheduled intervals. For more information, see “Quarantine Reports Policy”.
Content Filter policies to scan and filter email messages based on specific expressions or keywords. For more information, see “Content
Filter Policy Configuration and Management”.
Attachment Blocking policies to explicitly block attachments by filename, extension or type. For more information, see “Attachment
Blocking Policy Configuration and Management”.
Customized Delivery and Authentication policies that can deliver and authenticate messages to multiple destinations using multiple relay
and authentication addresses. For more information, see “Mail Route”.
Outbound Limits policies to monitor outgoing mail for suspicious activity and suspend mail flow if an email account seems to have been
compromised. For more information, see "Outbound Limits Policy Configuration and Management".
Quarantine Management policies to automatically clean up quarantined email messages after a specific period of time based on certain
criteria. For more information, see “Quarantine Management Policy”.
7
Customized Lists policies to always block or allow specific email addresses, domain names or IP addresses. For more information, see “L
ists Policy Configuration and Management”.
Quarantine Actions policies to configure which options will be available to end users through the Quarantine application. For more
information, see “Quarantine Actions Policy”.
Anti-Virus Agent
Through the Netmail Anti-Virus Agent, Netmail Secure offers the use of multiple dedicated, multi-layered auto-updated virus engines to protect
your messaging and collaboration system from email-based security threats, such as viruses, worms, Trojans, spyware, phishing and other
unwanted email. These engines are integrated to the core of Netmail Secure to provide inbound and outbound message scanning for optimal
performance and reliability. The integration of multiple high-performance virus scanning technologies provides system administrators with the
flexibility to select which anti-virus engine they want to use.
Important: The virus engine you choose must be the engine for which you have received a digitally signed xml license file.
Auto-updates
Receive automatic virus definition updates directly from Messaging Architects.
Performance
Cache last positive anti-virus identifications.
Specify size and time limit of cache entry retention.
Virus Handling
Option to scan compressed or zipped files for viruses.
Option to specify maximum size for large attachments and choose to delete, quarantine, tag subject line, or return to sender.
Option to recursively scan zipped files by number of zip levels.
Configurable course of action taken when an unscannable message is detected.
Notifications to senders and recipients of detected viruses.
Option to specify what action Netmail Secure should take when a message containing a password-protected zipped attachment is
detected.
Anti-Spam Agent
Through the Netmail Anti-Spam Agent, Netmail Secure provides four multi-tiered auto-updated Xtreme Content Filter spam engines: XCFSpam1,
XCFSpam2, XCFSpam4, and XCFSURBL. All engines inspect the full range of attributes of incoming email messages, including sender IP
addresses, message envelope headers and structure and the unstructured content in the body of messages. Netmail Secure’s proprietary
technology tests numerous connection-level data points, including DNS and MX record verification, to deliver unrivalled accuracy with the lowest
possible rate of false positives and protect you against the onslaught of image spam.
XCFSpam1 Engine
Designed as a large-scale learning system where human and autonomous machine elements collaborate to produce and refine the
filtering rules.
XCFSpam2 Engine
Uses Advanced Pattern Detection, which is based on the mass distribution of malware over the Internet, and SURBL anti-spam
technology to combat the evolving techniques of spammers.
Detects and blocks spam in any language and is highly effective against image-based spam and PDF spam.
XCFSpam4 Engine
Complements our other spam engines.
Uses more than one million reputation queries, pattern matches or rules to identify spam with an incredibly high accuracy rate, and a
near-zero false positive rate.
XCFSURBL Engine
Scans messages for URI hosts listed on SURBLs and uses them to help identify and block unsolicited messages.
Four specific lists used by SURBLs can be individually enabled or disabled or disabled.
8
Large Messages
Limit the size of messages.
Specify how messages larger than the maximum size are handled by Netmail Secure.
Blacklists spammer-friendly name servers and marks all domains listed by those name servers in email links as spam.
Auto-updates
Receive automatic spam signature updates directly from Messaging Architects.
Warp Drive Agent
The Netmail Warp Drive Agent provides the Web Quarantine component of Netmail Secure. The Web Quarantine is a web-based application that
allows end users to manage their quarantined email from anywhere in the world through the Internet. End users can access the Quarantine
application through any standard web browser such as Internet Explorer, Mozilla Firefox and Safari by simply specifying the URL of the server.
The quarantine feature provides:
End user access to quarantine from anywhere in the world.
Access to live quarantine mailbox via IMAP.
Actionable quarantine reports for end-user management of contents.
9
Netmail Secure Clustering Scenarios
To provide organizations with a robust solution that is scalable, fault tolerant and highly available, Netmail Secure supports application-layer
clustering to enable multiple servers to work together to mitigate any interruptions in the message flow.
There are a number of different clustering scenarios available which will largely depend upon the organization, its size, the number of daily
messages processed as well as the level of fault tolerance desired for the system. With Netmail Secure’s highly scalable modular system
architecture, components can be located on a single Netmail Secure server or distributed individually or in groups across multiple servers to
provide both fault tolerance and load balancing for the Netmail Secure platform.
How Netmail Secure Processes Mail
When mail is received through Netmail Secure, the SMTP Agent places the messages in the Monitored Queue. The Monitored Queue is the
message queue that is monitored by various Netmail Secure Agents.
Agents retrieve the messages from the Monitored Queue and process the messages in the Message Spool. The Message Spool is located in the
Quarantine Store. The Quarantine Store contains a Quarantine repository for each end user and the Message Spool that stores messages in
transit.
Messages in transit are scanned by the various Netmail Secure Security Agents, and then processed accordingly. For example, if a message is
trapped by the Netmail Anti-Spam Agent, the Netmail Anti-Spam Agent may forward the message to the end user quarantine as per the
organization’s Anti-Spam policy.
If the message contains a virus, the Netmail Anti-Virus Agent may delete the message from the queue as per the organization’s Anti-Virus policy.
Messages that are not caught by any of the Security Agents are returned to the Monitored Queue and then transferred to the Delivery Queue. The
SMTP Agent retrieves the messages from the Delivery Queue for delivery to the end user’s mail client.
Netmail Secure Single Node Deployment
The following deployment illustrates an Netmail Secure single node deployment. This deployment scenario is ideal for organizations with up to
1000 email accounts or with total email traffic of 750,000 messages a day.
Netmail Secure 3 Node Deployment
The following deployment illustrates a Netmail Secure 3 node deployment. This deployment scenario is suitable for organizations with 1000 25,000 email accounts or email traffic of 6,000,000+ messages a day, or for organizations requiring enterprise-class fault tolerance.
10
Netmail Secure Multi-Node Cluster Setup Best Practices
This page lists some of Messaging Architects' best practices for setting up a multi-node cluster for Netmail Secure.
Clusters:
It is recommended to have all servers in the same Netmail Secure cluster.
Quarantine:
During the initial setup and installation of Netmail Secure, there is nowhere to differentiate or indicate whether a server is a processing or
quarantine node.
Once all servers have been added to the cluster, you can then go to the server nodes and specify where each server should store its
quarantine objects. This can be done on the Volumes tab of each server.
Having a single quarantine ensures that end users only need to log in to one quarantine server and will receive only one quarantine
report (if desired).If the quarantine server fails, quarantine access will be unavailable until the server is restored.
The other servers will hold items destined for the quarantine in their spool until the failed server is back up, ensuring no items will be lost.
Spool:
Each server should have its own spool. You should be able to see this on the Volumes tab of each server, but you shouldn't have to
change anything.
The reason for this is that if one server ever fails, mail will keep flowing through the other server(s). Once the failed server is brought back
up, it will deliver any mail that is sitting in its spool.
Database:
Ideally, you should have one database per mail system. This gives you centralized logging and reporting. You can disable PostgreSQL
and set the connection path for the other servers by following the steps in the Post-installation Tasks section of the Launching the
Netmail Secure Setup Wizard page.
The logging database normally resides on the same server as the quarantine server, but this is not mandatory.
If the database fails or the server on which it resides fails, then logging will be unavailable during that time, and the other servers will not
11
be able to write their logs. The logs generated by the other servers will not be queued in any fashion, so these logs will be lost during the
failure. We do not have High Availability (HA) or Disaster Recovery (DR) in our logging.
If you wish, you may set up a database per server to ensure that no logs are lost, however this will require more processing power per
server and will not provide you with centralized logging. You will essentially have to check each server's logs.
If you have a highly available SQL server on your network, however, you can choose to write the logs to it since it is a standard ODBC
query that is being made.
Storage Considerations
In multi-node deployments, to avoid introducing a single point of failure for your Internet email delivery system and to ensure that your system
remains highly available at all times, Messaging Architects recommends that you move the Quarantine Store off to a fibre channel storage area
network (SAN). Although the initial cost of deploying a SAN solution may be higher, the long-term total cost of ownership (TCO) may be lower as
fibre-channel SANs are highly scalable to accommodate future growth. Network attached storage (NAS) over a gigabit network offers reliable
storage as well. If high availability is a requirement, then you should choose a SAN or a NAS solution.
Before choosing a storage solution, you should be familiar with storage technologies such as RAID levels, storage area networks (SANs) and
network-attached storage (NAS). You should also evaluate your organization’s needs for dependable storage. Some organizations can expect to
lose significant revenue if the messaging and collaboration system is unavailable. Finally, the type of storage solution you choose can play an
important part in ensuring high availability and the rapid processing of email.
You should not plan your Netmail Secure storage solution without considering disaster recovery (DR) strategies.
Note: Messaging Architects strongly recommends that you connect any storage system to a redundant UPS system for a highly
available source of power.
12
Netmail Secure Virtual Messaging Firewall
Netmail Secure is deployed on a virtual appliance offering rapid enterprise roll–out and scalability. The Netmail Secure virtual appliance is
delivered as a software download that offers considerable green benefits including reduced HVAC and power consumption, reduced hardware
footprint and elimination of shipping and packaging.
The Netmail Secure Virtual Messaging Firewall (VMF) is a fully configured soft appliance that can be deployed on any x86 hardware, using
VMware's VMware ESXi / ESX 3.x or higher.
Note: Please ensure that VMware Tools is up to date. For more information, see http://kb.vmware.com.
In this section:
System Information
System Information
The Netmail Secure Virtual Messaging Firewall (VMF) is a fully configured soft appliance that can be deployed on any x86 hardware. By using
VMware ESXi or ESX 3.x or higher, organizations can now deploy Netmail Secure as needed. You must install VMware Tools prior to installing
Netmail Secure. Refer to System Requirements for Netmail Secure for detailed information about the minimum requirements for deploying
Netmail Secure.
The following login credentials are required during the installation of Netmail Secure:
User Login: admin
User Password: m3ss4g1ng
Access: “root” access through “sudo su”
Note: Messaging Architects will only support Netmail Secure virtual machines created by Messaging Architects.
This section describes how to deploy the Netmail Secure Virtual Messaging Firewall from a virtual instance of Netmail Secure from a virtual
machine image onto a machine running ESX Server or ESXi Server. You must install ESX Server or ESXi Server before performing this
procedure.
1. Contact Messaging Architects Support to obtain the link to download the virtual machine.
2. Unpack the compressed .rar file.
3. Using a VMware vCenter or Virtual Infrastructure Client, select File > Deploy OVF Template.
13
4. Click Browse to browse to the location of your .ovf file. Click Next to continue.
5. Review the OVF template details onscreen, and then click Next to continue.
14
6. Under Name, enter a Name for your virtual appliance, and under Inventory Location, specify where in the inventory you want your virtual
appliance to reside. Click Next to continue.
7. Select 32bit as the host for the Netmail Secure virtual appliance, and then click Next to continue.
15
8. Select a datastore where you want to store the files for the virtual appliance, and then click Next to continue.
9. Select a format in which you want to store the virtual disks. Thin provisioned format allocates storage space for data on an as-needed basis,
while Thick provisioned format immediately allocates all available storage space. Click Next to continue.
16
10. Select a network(s) that the deployed OVF template should use, and then click Next to continue.
11. Review the virtual appliance details onscreen, and then click Finish to start the deployment.
17
It will take a few minutes to create the virtual machine. Once the virtual machine has been created, power up the machine and go through the
bootstrapping sequence.
The bootstrapping process allows you to provide the information needed to connect your system to the Netmail Secure virtual machine.
1. In the VMware VCenter or Virtual Infrastructure Client, select your Netmail Secure virtual machine in the tree menu on the left-hand side of the
screen, and then start the virtual machine. Use your keyboard to navigate through the bootstrapping sequence.
2. Select Netmail Secure 5.1 RC [VMX], and then press Enter to load the boot sequence. The screen will remain blank for a few moments while
the boot sequence loads.
18
3. On the Languages screen, choose your preferred language, and then select Next.
19
4. On the Network Configuration screen, select Use Following Configuration, and then select Next.
20
5. On the Keyboard Configuration screen, select your preferred keyboard layout. Select Next.
21
6. On the Hostname and Domain Name screen, enter the Hostname of your Netmail Secure virtual machine and the Domain Name. Select As
sign Hostname to Loopback IP (do not select Change Hostname via DHCP). Select Next to continue.
22
7. On the Network Settings screen, select the Overview heading, and then choose Edit.
23
8. On the Network Card Setup screen, select the Address heading to configure the IP address. Select the Statically assigned IP Address opti
on (do not choose to configure a dynamic address). Enter the network IP Address and Subnet Mask, and then choose Next to continue.
24
9. Back on the Network Settings screen, select the Hostname/DNS heading. Enter the IP address(es) of your DNS name server(s).
25
10. On the Network Settings screen, select the Routing heading. Enter the IP address of the Default Gateway, and then select OK.
26
11. On the Network Configuration screen, verify the configuration settings you have entered, and then select Next to continue.
27
Your network configuration settings will be saved. It will take a few moments for the settings to be saved.
28
12. On the Clock and Time Zone screen, choose your Region, Time Zone, and Date and Time. Select Next to continue.
29
Your system now restarts. Once the system has restarted, the bootstrapping process is complete. You are now ready to launch the Netmail
Secure Wizard.
On this page:
Deploying a Single Node or the First Node of a Cluster
Deploying Additional Netmail Secure Nodes
Restoring a Node
Post-installation Tasks
How to Execute Commands at a Prompt
Additional Commands
With the Netmail Secure Wizard, you can deploy a single Netmail Secure node or the first node of a cluster, deploy additional Netmail Secure
nodes, or restore a node. There are two different methods for launching the Netmail Secure Wizard:
On the Netmail Secure appliance, double-click the shortcut to Mozilla Firefox located on your taskbar to launch the Netmail Secure
Wizard.
Configure a machine on your network with access to the newly deployed Netmail Secure Virtual Messaging Firewall by opening a web
browser and navigating to https://10.20.30.40/setup.
Deploying a Single Node or the First Node of a Cluster
1. On the Welcome screen, agree to the terms and conditions of the End User License Agreement. Select New to deploy a new Netmail Secure
30
system. Click Next to continue.
2. On the New Node Setup screen, select New System from the available options. Enter the default administrator password m3ss4g1ng under
Current Password, and enter and confirm a New Password of your choice. Click Next to continue.
3. On the New Node Configuration screen, enter a Cluster Name of your choice.
31
4. On the Domain Configuration screen, complete the following:
Click Browse to navigate to the location of your license file. By default the default license is used, which is limited to 50 users.
Under Domain Name, enter a name for your domain.
Under Authentication Source, select the authentication type, and enter the required information. You will have a different set of fields to
complete depending on your choice. You can use the Test button to verify the validity of the authentication source.
Under Relay Address, enter the IP address where you want Netmail Secure to deliver email that it has processed. Use the Test button
to verify that the relay address is valid.
Under Postmaster Address, enter the email address of the postmaster where notifications should be sent.
Under Abuse Address, enter an email address to which abuse reports (filed by end users through the Quarantine application) should be
sent.
Under Default Time Zone, use the dropdown list to select your preferred time zone.
Click Finish to complete the installation and exit the wizard.
32
If you did not use the Test buttons to test the authentication source and relay address, you will be warned that you haven't done so. Click OK to
complete the configuration or click Cancel to go back and perform the tests.
Alternatively, you can click Advanced to configure advanced cluster and policy settings before completing the installation. This step is optional, as
cluster and policy settings can be configured later.
5. On the Cluster Configuration screen, select which agents and features you want to enable or disable. These options can also be configured
at a later time. Click Next to continue.
33
6. On the Storage Configuration screen, enter the Spool, Quarantine, and Log paths in the fields provided. Click Next to continue.
34
7. On the Policy Setup screen, select which policies you want to enable. These policies can also be enabled or disabled at a later time. Click Nex
t and then Finish to complete the installation and exit the Wizard.
35
Deploying Additional Netmail Secure Nodes
At this stage in the deployment, you should have both your cluster running and an additional node with access to the Netmail Secure Wizard.
1. On the Welcome screen, agree to the terms and conditions of the End User License Agreement. Select New to deploy a new node in your
existing Netmail Secure system. Click Next to continue.
2. On the New Node Setup screen, select Add Node to Cluster. Under Current Password, enter the default administrator password m3ss4g1n
g, and then enter and confirm a new password of your choice. Click Next to continue.
3. On the New Node Configuration screen, upload a license file or use the default license. Under Existing Node Admin Password, enter the
administrator password of the existing node. Under Existing Node IP, enter the IP address of the existing node. If you are not sure of the IP
address, use the Detect button to generate a list of existing nodes that you can choose from. If desired, select a data store to migrate. Click Finis
h to install the additional node.
Restoring a Node
It is possible to recover a previously existing node from a backup file. To do so, you must have first run a backup of Netmail Secure. For more
information about backing up Netmail Secure and creating a backup file, see "Backup".
36
1. On the Welcome screen, agree to the terms and conditions of the End User License Agreement. Select Restore to recover a node. Click Next
to continue.
2. On the Restore Node screen, complete the following:
Enter your Admin Password.
Next to License, click Browse to browse to the location of your Netmail Secure license file.
Next to Backup File, click Browse to browse to the location of your Netmail Store backup file.
Next to Restore, choose what information you want to restore.
Click Finish to start the restoration process. This may take a few moments.
Post-installation Tasks
If you have installed multiple Netmail Secure nodes, you must perform the following post-installation tasks to disable PostgreSQL on each node,
and then connect each node to the PostgreSQL server.
To disable PostgreSQL:
1. At the Console login prompt, enter the default username admin and then use the same password that you used on the first and second nodes.
Gain super user rights for the admin user for the entire session by typing sudo su, and then press Enter.
2. Type chkconfig postgresql off, and then press Enter.
To connect the Netmail Secure nodes to the PostgreSQL server:
1. At the login prompt, enter the default username admin and the default password m3ss4g1ng. Gain super user rights for the admin user for the
entire session by typing sudosu, and then press Enter.
2. Type vi /root/.odbc.ini.
3. Navigate to ServerName.
4. Use the arrow keys to move your cursor to the file name to the ServerName line.
5. Type i to enable you to modify the text.
6. Click Delete to delete localhost, and then enter the IP address of node 1.
7. Use Esc, and then type :wq to save and exit the file.
8. Restart the netmail service by typing service netmail restart at the prompt.
9. To access the Netmail Administration Console, open a standard web browser and enter the IP address of the server where you installed
Netmail Secure.
10. Choose Domains & Users. Click on the name of your domain. By default, the Details tab is displayed.
11. Select the Quarantine Cluster you configured previously, and then click Save.
How to Execute Commands at a Prompt
Linux commands such as starting and stopping the Netmail Secure services require additional rights beyond the user rights assigned to the admin
user. To grant these additional super user rights to the admin user, use the sudo command.
The sudo command is used to run commands with the root user’s privileges and is used at the beginning of each line of commands. For
example, to start Netmail Secure, type sudo/etc/init.d/netmail start, and then press Enter.
The su command is used to become root (system administrator) user. For example, to gain super user rights for the admin user for the
entire session, type sudo su, and then press Enter.
Additional Commands
Additional Linux commands may also be used with Netmail Secure.
To query the status of Netmail Secure, type sudo /etc/init.d/netmail status, and then press Enter.
To shut down the Netmail Secure appliance, type init 0, and then press Enter. Once the system shuts down, unplug the power cable.
37
To access the Netmail Administration Console, open a standard web browser and enter the IP address of the server where you installed Netmail
Secure. The Netmail Administration Console can be accessed from any workstation with access to this IP address.
Important: Netmail Secure supports Internet Explorer 8.0 and higher, Mozilla Firefox 3.0 and higher and Safari 3.0 and higher.
Messaging Architects recommends Mozilla Firefox for enhanced performance.
When you first launch the Netmail Administration Console, you are prompted for your User Name and Password. These authentication credentials
are for a Netmail directory service user account which has administrative privileges to the Netmail Secure objects which were created during the
installation. You can log in using NDS contextual login, such as admin.netmail.
Messaging Architects uses its own dedicated tree to store the Netmail Secure objects and an Netmail Secure Administration user account which
has specific administrative privileges to the tree is created automatically for the purposes of administration.
In the fields provided, enter your credentials, and then click Log In.
The Netmail Administration Console is where system administrators can create and define custom email security rules to proactively address the
issues of regulatory compliance, corporate governance and security. System administrators can also configure and manage other solutions of the
Netmail platform from this same Administration Console, including Netmail Archive and Netmail Store. The Netmail Administration Console was
designed for flexibility and ease of use, and is organized to assist with both day-to-day operations and advanced system configuration. The
following tabs are available in the Netmail Administration Console: Welcome, Updates, Backup, Change Password, and Diagnostics. By
default, when you log in to the Console as an administrator, you are redirected to the Welcome tab.
38
39
Configuring Domains, Groups and Users
Netmail Secure maintains a list of all domains and associated users for which it is configured to process mail. The Domains and Users feature lets
system administrators manage these domains and users and define groups of users for whom selected policies can be applied. The intuitive
Netmail Administration Console facilitates the granular application of unique policies for each domain, group or user located on the Netmail
Secure server or cluster. For more information on policy, see “Policy Planning, Configuration and Management”.
During the Netmail Secure configuration procedure, you were prompted to enter configuration settings through our web-based configuration
portal. These settings are automatically applied to the Netmail Secure Server; however, you can still modify these settings at any time using the
Domains and Users feature in the Netmail Administration Console.
This chapter provides step-by-step instructions on how to create and configure additional domains, users and groups. If you have already
configured these settings, then you can learn how to apply the Netmail Secure pre-created custom policies and overrides to different levels: per
domain, per group or per user.
There are three different levels at which email security policies can be applied:
Domain-level policies apply to all users in a specified domain. If you create a domain-level policy, it applies to all users in that domain.
Group-level policies apply to all users in a specific group. If you create a group-level policy, it overrides a domain-level policy.
User-level policies apply only to the selected user. If you create a user-level policy, it will override all other policies.
In this section:
Creating Domains
Creating Domains
This feature allows you to create additional domains, if necessary, and allows you to configure all Internet domains that the server will accept
inbound messages for, along with the routing information for delivery of those messages and the routes and methods for pre-authentication and
web authentication. With Netmail Secure, you can also create a secure delivery route for your domain. For more information, see “Mail Route”.
If you are supporting multiple mail servers, such as GroupWise and Netmail Server, then create a separate Domain entry for each and point to the
respective mail system. If you are supporting multiple domain names for a single mail server, then consider making all domain names aliases of a
primary domain name. This will allow all email messages to be delivered normally, but will provide a single domain address in the Quarantine
40
database, thus reducing the number of quarantine reports that end users receive.
Note: If you are running multiple email systems with a single Internet Domain, you should speak directly with a member of our
Technical Support Team.
Although using a single domain for an entire network has several advantages, you may need to create one or more additional domains for your
organization to meet scalability and security requirements. Additional reasons to create more than one domain include:
Different password requirements between departments or divisions
Massive numbers of objects
Decentralized network administration
To get started, select Domains in the tree menu on the left-hand side of the Netmail Administration Console. By default, the Default Policies tab
is displayed, which is where you can create a new domain.
Setting Default System-Level Policies
The Default Policies tab allows you to view, edit, or remove default system policies assigned to local or remote domains, and it allows you to
assign new policies to those domains. To create a new domain, click Create A Domain.
A window in which you can specify the criteria of your new domain opens.
41
Create A Domain
The Domain Name field allows you to specify a new domain name.
Quarantine Store
The Global Quarantine Volume field contains the name and location of the global Quarantine store.
Aliases
The Alternate Domain Names option allows you to Add alternate domain names or domain aliases that the Netmail Secure server accepts mail
for and delivers to the same mail system. To modify an existing alias, select the alias in the Alternate Domain Names list, and click Advanced E
dit. To remove an existing alias from the list, highlight the alias in the list, and then click Remove.
Authentication
This feature allows you to prioritize route authentication and apply a default Authentication policy or Delivery policy.
The Route Priorities option allows you to prioritize route authentication. To add a route, click Select Route. In the window that appears, specify
the route Type. Select a Mail Route Object, and then click Edit.
42
In the next window, under Authentication or Delivery, click Add Route to add either an Authentication route or a Delivery route.
If you are adding an Authentication route, select your authentication protocol Type. Your choices are:
SMTP
MX
Netmail (SMTP)
Novell GroupWise 6/7 (LDAP)
GroupWise 8 (LDAP)
Lotus Domino (SMTP)
Microsoft Exchange (LDAP)
LDAP (manual)
ODBC
Route
Local Authentication
If you are adding a Delivery route, select your delivery protocol Type. Your choices are:
43
SMTP
MX
Route
Local Authentication
The configuration settings for each authentication and delivery protocol are different. Complete the following fields, if applicable to your chosen
authentication or delivery protocol:
SMTP Server
Host: Enter the host IP address and the port number of the SMTP server.
Note: When creating your Authentication policy, ensure that the host IP address is the same as that of the corresponding
Delivery policy.
Encryption:Select the security protocol you want to apply to the authentication protocol:
None: Select this option of you do not want to apply any security protocols.
TLS (optional): If you select this option, messages will be delivered to the recipient whether or not they support TLS. If TLS is
supported, then the protocol will be applied and the message delivered. If the recipient does not support TLS, the message will
be delivered anyway.
TLS (required): Select this option if you require that the recipient supports TLS in order for messages to be delivered to them. If
the recipient does not support TLS, the message is not delivered. This ensures that all mail is delivered securely.
SSL: Select this option if you want to apply the SSL to delivered messages.
Domain: Enter the domain name of the SMTP server.
SMTP Extensions
Select whether you want to Detect, Assume, or Ignore the following SMTP extensions:
DSN: An ESMTP command that enables delivery status notifications as defined in Request for Comments (RFC) 1891.
PIPELINING: Provides the ability to send a stream of commands without having to wait for a response after each command.
8BITMIME: Indicates that the local SMTP virtual server supports 8-bit Multipurpose Internet Mail Extensions (MIME) messages.
CHUNKING: Provides some features for SMTP to transmit very large binary messages (sometimes called BDAT).
BINARYMIME: Indicates that the SMTP virtual server accepts messages that contain binary material without transport encoding by using
a BODY parameter with a value of "BINARYMIME" with the MAIL command. When the SMTP server accepts a MAIL command with a
BODY parameter of BINARYMIME, the server agrees to preserve all bits in each octet passed using the CHUNKING command. The
BINARYMIME SMTP extension can only be used with CHUNKING.
ETRN: Sent by an SMTP server to request that the local virtual server send any email messages that it has in the queue for the domains
indicated in the ETRN command.
STARTTLS: Indicates that the SMTP server supports secure SMTP over Transport Layer Security (TLS).
AUTH: Signals that the local SMTP virtual server supports the SMTP authentication service extension.
SIZE: Provides a mechanism by which the SMTP virtual server can indicate the maximum supported message size.
XCLIENT: When an SMTP server announces support for the XCLIENT command, an SMTP client may send information that overrides
one or more client-related session attributes. The XCLIENT command targets access control tests, client software that downloads mail
from an up-stream mail server and injects it into a local MTA via SMTP, and post-filter access control and logging.
User Lookup
Authentication: Select this option if you want to include the domain when authenticating messages.
LDAP Search: Select this option if you want the LDAP server to search for users recursively.
LDAP Server
Host: Enter the host IP address and the port number of the LDAP server.
44
Delivery policy.
Encryption: Select SSL if you want to apply the SSL to delivered messages.
LDAP Version: Select either 2 or 3 as your LDAP version.
Directory
Authentication DN: Enter the authentication DN of the LDAP directory.
Password: Enter a password for the LDAP directory.
Base DN: Enter the base DN of the LDAP directory.
User Class Name: Enter the name of the user class.
Naming Attribute: Enter a naming attribute:
Naming Prefix: Enter a naming prefix.
Mail Attribute: Enter a mail attribute.
Disabled Attribute: Enter a disabled attribute.
Disabled Value: Enter a disabled value.
Attribute Translation
This option allows you to apply a field mapping by importing user attributes from a .csv file.
ODBC Connection
DSN: Enter the Data Source Name (DSN) of the user data source.
ODBC User: Enter the name of the ODBC user that you will be authenticating to that database.
ODBC Password: Enter the password for the specified ODBC user.
Queries
Lookup SQL: Specify the query string that will be used to find users.
Authentication SQL: Specify the query string that will be used to find passwords.
Authentication: Select this option if you want to include the domain when authenticating SQL.
Password Encoding: Select the type of password encoding you wan to implement.
Route
Mail Route Object: Select a mail route object for your Route protocol.
45
When adding a route, you can choose to test the route you are creating by clicking Test. In the window that appears, enter an existing user’s
email address and password, and enter an email address of a user that does not exist on the target system. Click Test Authentication. This
troubleshooting tool will inform you of the user’s status on the target system. When you are finished testing, click Done.
When prioritizing route authentication, you can add as many routes as you wish. If you have two or more routes, you can change the route
priorities by using the up and down arrows next to the routes. You can also choose to delete a route by clicking the x next to the route.
The Cache Passwords option allows you to enable password caching. Disabling this option may increase the load on the server to which you are
46
authenticating.
The Default Delivery Policy option allows you to select the default Delivery policy you would like to use for message delivery. If no Delivery
policy appears in the dropdown list, you need to create one. For information about creating a Delivery policy, see “Delivery”.
Postmaster Information
Postmaster Address: This option allows you to specify a postmaster email address. In the available textbox, enter the email address of
the postmaster where notifications should be sent.
Abuse Address: This option allows you to specify an abuse address. The abuse address is the email address to which the system
sends emails when end users click Report in their Quarantine. In the available textbox, enter an email address to which abuse reports
should be sent.
When you are done specifying the criteria for your new domain, click Create Domain.
Setting System-Level DKIM
The DKIM tab allows you to include a system-level DKIM (DomainKeys Identified Mail) signature to messages.
DKIM provides a method for validating the identity of a domain name that is associated with a message through cryptographic authentication. It
allows an organization to take responsibility for a message while the message is in transit. The organization can handle the message as the
message creator or as an intermediary. In either case, it is ultimately the organization’s reputation that dictates whether the message should be
trusted for delivery. To learn more about DKIM, visit http://www.dkim.org/.
By default, the Signature field is set to None. To apply a domain-level DKIM signature, select a signature from the Signature dropdown list. A
new set of fields appears in the DKIM tab. Complete the following fields:
Timestamp: This option allows you to include the time when a message is sent.
Expiration Age: This option allows you to specify the number of hours, days, or weeks for which your DKIM signature is valid.
Sign Body: This option allows you to sign the entire body of the message or a specific number of bytes of the message.
Sign Header: This option allows you to select the fields you want to include in the signature header. By default, all header fields are
selected. To manually select specific fields, simply hold down the Ctrl key, and click the fields you want to include in the signature
header. You can also opt to add custom fields in the header.
Click Save Changes to save your changes.
Adding a DKIM Signature
47
If no DKIM signature exists, you need to create one. To create a DKIM signature, click Add. In the window that appears, provide a name for the
DKIM signature you want to add, and enter a public key and a private key. Click Save to save your new DKIM signature.
Note: A DKIM signature can be created only on the DKIM tab of the Netmail Secure Domains object.
Searching for a Matching DNS Record
The DNS Record button is a troubleshooting tool that allows you to test a domain for a matching DNS (Domain Name Service) record. Complete
the following fields before testing:
Domain: Select the domain you want to test.
Include Hash Algorithm: Select this option if you want to include the hash algorithm in the DNS text record.
Include Key Type: Select this option if you want to include the key type in the DNS text record.
Service Type: Specify the service type you want to include in the DNS text record. You can choose from unspecified, email, and service
types.
Testing Mode: Specify the testing mode you want to include in the DNS text record. You can choose from unspecified, testing, and
subdomain testing types.
(Optional) Notes: Type in any notes you want to include with your search.
Click Test to search for a matching DNS record. The search tool specifies whether a matching DNS record was successfully found or if it failed to
find a matching DNS record. Click Close to return to the DKIM tab.
Setting System-Level DSN Messages
The DSN tab allows you to customize the system-level DSN (Delivery Status Notification) that is sent to the sender if the recipient’s email server
is unavailable. You can apply a different DSN to email messages sent within local domains and those sent to remote domains. By default, the
DSN settings that you apply to this tab are applied to the entire system (i.e., to all the domains you have created). However, it is possible to edit
and apply custom DSN settings for each individual domain.
To edit the settings for the domain DSN, select Domains > <domain name> (the name of the domain you are administering), and then click the
DSN tab.
The following information can be edited for both Local Domains and Remote Domains:
Header
This section allows you to add new header fields, remove existing header fields, or edit existing header fields in the DSN. Use the dropdown lists
next to Fields to select a header. You can choose from the following headers: Received, Subject, From, To, CC, Reply-To, X-Sender, and
Custom. Use the textboxes provided to enter specific keywords that you want to apply to the headers to filter out messages.
48
Message
This section allows you to add a customized Plain Text Message or HTML Message to include with the DSN. You can manually type in your own
text or click Browse to upload a file. The Download button allows you to download a copy of either the Plain Text Message or HTML Message i
n .txt file format. The Attach original message field allows you to specify how much of the original message you want appended to the DSN.
Retry Schedule
This section allows you to customize the retry schedule for sent email messages that are not delivered successfully. After each failure, the
message can be bounced back to the sender or rescheduled to be sent [x] seconds, minutes, hours, or days later with or without the DSN. You
can also choose to inherit the system retry schedule.
When you are done, click Save Changes.
It is possible to configure the settings of existing domains, including specifying alternate domain names or aliases. To administer an existing
domain, use the arrow icon to expand the Domains object in the tree menu, and select the name of the domain you want to manage. For each
domain you create, you can apply unique Policies, manage Users, manage Allow/Block Lists, configure a DSN (Delivery Status Notification),
configure a DKIM signature, and manage the overall domain Configuration. By default, the Policies tab is displayed.
49
When you click on the name of domain you want to administer, the Policies tab is displayed by default. The Policies tab allows you to manage
authentication priorities, policies, and quarantine reports of an existing domain.
Authentication Priorities
This option allows you to view and prioritize route authentication. If you have two or more routes, you can change the route priorities by using the
up and down arrows next to the routes. You can also choose to delete a route by clicking the x next to the route. Click Select Route to add a new
Authentication route to the list. If no Authentication route exists, you need to create new one. For more information about creating an
Authentication route, see “Authentication”.
50
Policies in Effect
This option allows you to view and manage domain policies that are currently in effect as well as assign new domain policies. The following
actions can be taken:
Remove: Click Remove if you want to unassign a policy that is in effect.
Edit: Click Edit to assign a different policy. Select the type of policy, the direction of mail flow to which you want to apply the policy (if
applicable), and the name of the actual policy you want to assign.
Allow Override: Select this option of you want the policy to override objects that inherit from this policy.
If no policies have been assigned or if you want to assign additional policies, click Assign Policy. In the window that appears, select the Type of
policy you want to apply, the Direction of mail flow to which you want to apply the policy (if applicable), and the name of the Policy you want to
apply. If you have not created any policies, only the default policies will be available. For more information about creating a policy, see “Policy
Planning, Configuration and Management”.
User-Selectable Policies
This option allows you to view and configure policies for which users can set preferences in their personal quarantine. Just as for domain policies,
it is possible to assign, remove, edit, and override user-selectable policies to a domain. For more information about the quarantine feature, see “Q
uarantine Management”.
Quarantine Reports
This option allows you to send quarantine reports to all users and groups in the selected domain. Click Send Quarantine Report to send a
quarantine report of only new items in quarantine. Click Send Full Quarantine Report to send a quarantine report of all items in quarantine.
Important: After specifying your options, make sure you click Save Changes to save your work.
51
Netmail Secure automatically creates users and populates your user list when mail traffic first begins moving through your SMTP mail server. This
is true for every domain you create. The user list can be found by selecting Domains > <domain name> (the name of the domain you are
administering) and then clicking the Users tab. You can search this list for a specific user by typing in the first few letters of the user’s name in the
search textbox and then pressing Enter.
It is also possible to manually create users, groups, and distribution lists, as well as import users. Existing users can be edited, assigned to a
group, moved to another domain, or deleted.
Creating Users
To create a new user, click Create A User on the Users tab. Complete the following in the window that appears:
Create A User: Enter a user name for the new user.
Identity: Enter the new user’s first and last name.
Authentication: Enter and confirm a password for the new user.
Importing Users
To import users from an existing CSV list, click Import Users. In the CSV User Import window that appears, type or paste comma separated
user information into the text box provided. The information that you input should correspond to the column values you define in the top part of the
window (i.e., the first comma separated value should correspond to the valued in Column 1, the second comma separated value should
correspond to the value in Column 2, etc.). Click Add field to add more columns, if needed. When you are finished defining your users, click Start
Import.
52
Once the import is complete, the CSV User Import window will show the results of the import. Click Close to close the window. The users you
have imported should now appear in the user list on the Users tab.
Creating Groups
To create a user group within the domain, click Create a Group on the Users tab. Enter a name for the group, and then click Create Group. The
new group you have just created appears in the tree menu on the left-hand side of the screen, under the name of the domain in which the group
was created.
53
Creating Distribution Lists
To create a distribution list, click Create a Distribution List on the Users tab. In the window that appears, complete the following:
Create a Distribution List: Enter a name for your new distribution list.
Details: Enter an external or internal email address you want to add to the distribution list, and click Add. To edit an existing email
address, highlight the email address in the list, and click Advanced Edit. To delete an existing email address from the list, highlight the
email address and click Remove.
When you are done, click Create List.
Editing User Details and Policies
It is possible edit existing user details and policies. To do so, on the Users tab, select a user you want to modify, and then click Edit. The
following tabs can be modified:
Identification Tab
54
The Identification tab allows you to edit the following user information:
Details: This section allows you to modify the user’s first name, last name, full name, preferred name, group, and aliases.
Security: This section allows you to edit the user’s password and user rights.
Contact: This section allows you to edit the user’s contact information, such as their title, department, company, photo URL, birthday,
and description.
Work Address: This section allows you to edit the user’s work address and contact details.
Home Address: This section allows you to edit the user’s home address and contact details.
The User Enabled option allows you to either enable or disable the user. When you are done, click Save changes.
Policies Tab
The Policies tab allows you to view and manage policies that are currently in effect for the selected user, as well as assign new policies. The
following actions can be taken:
Disable: Click Disable if you want to cancel the policy that is in effect.
Override: Click Override if you want to override the policy with another policy of the same type.
If no policies have been assigned or if you want to assign additional policies, click Assign Policy. In the window that appears, select the Type of
policy you want to apply, the Direction of mail flow to which you want to apply the policy (if applicable), and the name of the Policy you want to
apply. If you have not created any policies, only the default policies will be available. For more information about creating a policy, see Policy
Planning, Configuration and Management“Policy Planning, Configuration and Management”.
The Quarantine Reports option allows you to send quarantine reports to the selected user. Click Send Quarantine Report to send a quarantine
report of only new items in quarantine. Click Send Full Quarantine Report to send a quarantine report of all items in quarantine.
55
Important: After specifying your options, make sure you click Save Changes to save your work.
Allow/Block Lists Tab
The Allow/Block Lists tab allows you to add, edit, or remove the selected user’s allow and block lists. These lists can contain email addresses,
domain names, or IP addresses.
56
It is also possible to select multiple users at once for editing. This will allow you to make modifications to the policies that are applied to the
selected users. You will not, however, be able to edit personal user information, send quarantine reports, or edit allow/block lists.
To edit the policies of multiple users, select the users you want to edit, and then click Edit. In the window that appears, you can choose to edit Ge
neral policies (such as Delivery Route policy), Sender Policies, Recipient Policies, and User-Selectable policies. The dropdown lists allow you
to select different policies, and you can choose to add or cancel policies. When you are done, click Save to save your changes.
To view or modify a domain’s Allow and Block lists, select Domains > <domain name> (the name of the domain you are administering), and then
click the Allow/Block Lists tab. Enter a specific email address, domain name, or IP address that you want to add to your Allow or Block list, and
then click Add. To modify an existing allowed or blocked address, select the address in the list, and then click Advanced Edit. To remove a
selected allowed or blocked address from the list, click Remove. When you are done, be sure to click Save Changes.
57
Note: It is possible to use wildcards when adding domain names to your Allow or Block list. For example, name@*.netmail.com
will match [email protected].
Netmail Secure allows for custom DSN (Delivery Status Notification) messages for each domain. To edit the DSN for a domain, select Domains >
<domain name> (the name of the domain you are administering), and then click the DSN tab. The DSN tab allows you to modify the DNS
message header, message, and retry schedule.
Header
This section allows you to modify header fields, remove existing header fields, or add new header fields to the DSN. Use the dropdown lists next
to Fields to select a header. You can choose from the following headers: Received, Subject, From, To, CC, Reply-To, X-Sender, and Custom.
You can also choose to remove an existing header field. Use the textboxes provided to enter specific keywords that you want to apply to the
headers to filter out messages.
Message
This section allows you to modify the Plain Text Message or HTML Message that is included in the DSN. You can type in your own text or
upload a file. The Download button allows you to download a text document of either the Plain Text Message or HTML Message. See below for
more information about adding custom DSN messages.
Retry Schedule
This section allows you to modify the retry schedule for sent email messages that do not get delivered successfully. After each failure, the
message can be bounced back to the sender or rescheduled to be sent [x] seconds, minutes, hours, or days later with or without the DSN. You
can also choose to inherit the system retry schedule.
When you are done, click Save Changes.
58
Using Customized DSN Messages
When using a customized DSN message, variables can be used to allow for the inclusion of the required information. The following variables can
be used:
recipients
Enumerate through all the recipients, or recipients with a specific status. The status argument may be: processing, delivered, relayed, expanded,
delayed, retry, failed
Example:
%if recipients(failed)%
Message delivery failed for the following recipients:
%while recipients(failed)%
%recipient%
%end%
%end%
%if recipients(delivered)%
Message delivery was successful for the following recipients:
%recipient%
%end%
%end%
All Recipients:
59
%while recipients%
%recipient%
%end%
recipient
Return the address of the current recipient while enumerating with the recipients variable.
Example:
%while recipients%
%recipient%
%end%
status
Return the status of the current recipient while enumerating with the recipients variable.
Possible values are:
processing, delivered, relayed, expanded, delayed, retry, failed
Example:
%while recipients%
The status of %recipient% is: %status%
%end%
postmaster
The postmaster email address
sender
The original sender's email address
dsn summary
Return a description of the status of the message. This uses the same logic that is used when generating the default DSN subject.
If the status is the same for all recipients then the description will be specific. If the status is not the same for all recipients then the status will give
a more generic description such as "Message failure".
If the template does not include a subject field then this summary will be used automatically.
Example output:
"Message delivery failed"
"Message delivered successfully"
"Message delivery has been delayed"
The default DSN message can be generated using this template:
header:
From: Netmail Extreme Email Engine <%postmaster%>
To: %sender%
Subject: %dsn summary%
plain text:
%if recipients(delivered)%
Your message was delivered successfully to the following recipients:
%while recipients(delivered)%
<%recipient%>
%end%
%end%
%if recipients(relayed)%
Your message was relayed successfully to the following recipients:
%while recipients(relayed)%
<%recipient%>
%end%
%end%
%if recipients(expanded)%
Your message to the following lists where successfully forwarded to the list's members:
%while recipients(expanded)%
<%recipient%>
%end%
%end%
%if recipients(delayed)%
The following recipients had delivery errors and will be retried:
%while recipients(delayed)%
<%recipient%>
%end%
60
%end%
%if recipients(failed)%
The following recipients had permanent delivery errors and will not be retried:
<%recipient%>
%end%
%end%
Netmail Secure allows you to modify a single domain’s DKIM (DomainKeys Identified Mail) signatures. To do so, select Domains > <domain
name> (the name of the domain you are administering), and then click the DKIM tab. For more information about DKIM, see “Setting
System-Level DKIM.
By default, the Signature field is set to None. To apply a domain-level DKIM signature, select a signature from the Signature dropdown list. A
new set of fields appears in the DKIM tab. Complete the following fields:
Timestamp: This option allows you to include the time when a message is sent.
Expiration Age: This option allows you to specify the number of hours, days, or weeks for which your DKIM signature is valid.
Sign Body: This option allows you to sign the entire body of the message or a specific number of bytes of the message.
Sign Header: This option allows you to select the fields you want to include in the signature header. By default, all header fields are
selected. To manually select specific fields, simply hold down the Ctrl key, and click the fields you want to include in the signature
header. You can also opt to add custom fields in the header.
Note: If no DKIM signature exists, you need to create one. To create a DKIM signature, see "Adding a DKIM Signature".
Searching for a Matching DNS Record
The DNS Record button is a troubleshooting tool that allows you to test a domain for a matching DNS (Domain Name Service) record. Complete
the following fields before testing:
Domain: Select the domain you want to test.
Include Hash Algorithm: Select this option if you want to include the hash algorithm in the DNS text record.
Include Key Type: Select this option if you want to include the key type in the DNS text record.
Service Type: Specify the service type you want to include in the DNS text record. You can choose from unspecified, email, and *
service types.
Testing Mode: Specify the testing mode you want to include in the DNS text record. You can choose from unspecified, testing, and
subdomain testing types.
(Optional) Notes: Type in any notes you want to include with your search.
Click Test to search for a matching DNS record. The search tool specifies whether a matching DNS record was successfully found or if it failed to
find a matching DNS record. Click Close to return to the DKIM tab.
It is possible to modify a domain’s configuration at any time. To do so, select Domains > <domain name> (the name of the domain you are
administering), and then click the Configuration tab. The Configuration tab allows you to edit the domain’s stores, aliases, mail route
authentication, and postmaster information.
Stores
The Global Quarantine Volume field contains the name and location of the global Quarantine store.
Aliases
61
The Valid Domain Names option allows you to Add alternate domain names or domain aliases that the Netmail Secure server accepts mail for
and delivers to the same mail system. To modify an existing alias, select the alias in the Alternate Domain Names list, and click Advanced Edit.
To remove an existing alias from the list, highlight the alias in the list, and then click Remove.
Mail Routes Authentication
Select Cache Passwords if you want to enable password caching. Disabling this option may increase the load on the server to which you are
authenticating.
Postmaster Information
The Postmaster Address option allows you to specify a postmaster email address. In the available textbox, enter the email address of the
postmaster where notifications should be sent. The Abuse Address option allows you to specify an abuse address. The abuse address is the
email address to which the system sends emails when end users click Report in their Quarantine. In the available textbox, enter an email address
to which abuse reports should be sent.
Important: Be sure to click Save Changes to save your settings.
62
SMTP Modules
The SMTP Modules feature allows the SMTP server that is routing SMTP Inbound traffic to restrict unwanted messages from being sent to
recipients while allowing acceptable messages to be delivered. SMTP Modules transparently scan all email traffic passing through the Internet
gateway using SMTP protocols like RBL, greylisting, SPF, RDNS, and Protocol Filtering thus preventing all unwanted email from reaching the
network to help keep your messaging and collaboration system running efficiently.
Video: How to reduce spam, viruses and unwanted content with Netmail Secure's SMTP modules
AntiMasking Module
The AntiMasking Module allows system administrators to enable enhanced anti-spam features of Netmail Secure. AntiMasking is an email
authentication protocol that verifies that the mail from address matches the data from address. If these two addresses do not match, the mail
from address overwrites the data from address.
63
In order to use the AntiMasking Module, the Agent Enabled option must be selected.
Ignored Addresses
This option allows you to ignore an IP address or a range of IP addresses that would otherwise be verified by the AntiMasking Module. To add an
ignored address, enter the IP address or range of IP addresses in the Ignored Addresses field, and then click Add. To edit an existing ignored
address, highlight the address in the list box, and click Advanced Edit. To delete an ignored address from the list, highlight the address in the list
box, and click Remove.
DBL Module
The DBL Module feature allows you to perform lookups on the Domain Block List (DBL). The DBL is a real-time database of domains (typically
web site domains) found in spam messages. As is it scans email message body contents for URIs, Netmail Search uses the DBL to identify,
classify, or reject spam containing DBL-listed domains.
The DBL is queriable in real-time, allowing administrators to identify, tag or block incoming email containing domains which are deemed to be
involved in the sending, hosting or origination of spam. The DBL is both a domain URI Blocklist and RHSBL. It is intended primarily for message
body URI checks, but it can also be used for connection checks at the SMTP level and header domain checks. The DBL also includes URIs
(domains/hostnames) which are used in spam, including phishing, fraud/"419" or domains sending or hosting malware/viruses.
64
To perform lookups on the Domain Block List (DBL), the Agent Enabled option must be selected.
RBL Zones
This option allows you to create an RBL/DBL zone lis. To add a zone, enter the IP address or host name of the RBL or DBL list server in the RBL
Zones field, then click Add. Enter one IP address or host name per line, such as 192.168.1.123 or xbl.spamcop.net. To edit an existing zone,
highlight the zone in the list box, and click Advanced Edit. To delete an existing zone from the list, highlight the zone in the list box, and click Re
move.
Ignored Addresses
This option allows you to ignore an IP address or a range of IP addresses that would otherwise be flagged as spam by the DBL Module. To add
an ignored address, enter the IP address or range of IP addresses in the Ignored Addresses field, and then click Add. To edit an existing
ignored address, highlight the address in the list box, and click Advanced Edit. To delete an ignored address from the list, highlight the address
in the list box, and click Remove.
GreyList Module
This option allows you to enable greylisting support. Greylisting is a method of defending against spam by temporarily rejecting any email sent to
a specific recipient from a specific sender it does not recognize. Legitimate email servers will attempt to resend the message again after which
Netmail Secure will accept the second transmission. Greylisting provides protection against spam scripts that do not attempt to resend messages.
Important: Some legitimate email servers do not support greylisting on their own mail servers and may translate the temporary
rejection as a permanent bounce and not deliver the email, which may lead to legitimate email being bounced. Therefore, you
should be aware that enabling this feature may lead to some rejection of valid messages.
65
In order to use the GreyList Module, the Agent Enabled option must be selected.
Ignored Addresses
This option allows you to ignore an IP address or a range of IP addresses that would otherwise be rejected by the GreyList Module. To add an
Greylisting Options
By default, greylisting support is disabled in Netmail Secure. You can still make changes to these settings at any time by choosing SMTP
Modules > GreyList.
Delay: Specify how long you want to delay the mail message before the originating server may try again. You can specify time intervals
of 5, 15 or 30 minutes, or 1, 3, 6, 9, 12, or 24 hours.
Incomplete Address Exchange Timeout: Specify how long you want to allow a specific IP address to be able to try resending mail
messages before timing out. You can specify time intervals of 5, 15 or 30 minutes, or 1, 3, 6, 9, 12, or 24 hours.
Allowed Addresses Timeout: Specify how long you want to keep allowed IP addresses in the cache before greylisting the address
again, and thereby restarting the entire greylisting process. You can specify time intervals between 1 - 30 days, 180 days or 365 days.
Limits Module
The Limits Module allows you to limit the number of simultaneous SMTP connections made to your server on a system-wide basis or per source
IP address. Netmail Secure comes pre-configured with default connection limits that should be suitable for most organizations. The Slow
Connections Percentages and Blocked Connections Percentages are based on the number of times an infraction is committed by an IP
address multiplied by 300 seconds. You can make changes to these default connection settings at any time by choosing SMTP Modules >
Limits.
66
In order to use the Limits Module, the Agent Enabled option must be selected.
Minimum Sample Size
In the minimum sample size field, enter the minimum number of messages received through the system every 15 minutes before Netmail Secure
begins slowing or blocking connections. For example, if you enter a minimum sample size of 30, and you specify that you want to start slowing
connections when 50% of mail from a specific IP address is addressed to invalid recipients, then the system will start slowing connections after
receiving 15 messages addressed to invalid recipients.
Slow Connections Percentages
This option allows you to specify what percentage of mail must be considered abuse before the system will begin slowing connections from the
offending IP address. Specify limits for the following categories:
Rejected Recipients
Spam
Virus
Attachments
Protocol Filter
Blocked Connections Percentages
This option allows you to specify what percentage of mail must be considered abuse before the system will begin blocking connections from the
offending IP address. Specify limits for the following categories:
67
Rejected Recipients
Spam
Virus
Attachments
Protocol Filter
System-wide SMTP Connection Limits
This option allows you to specify system-wide connection limits. These connection limits apply to all connections.
Connection Limit: Specify the number of simultaneous connections to the server. Connections exceeding this limit will be blocked.
Connection Rate Limit: Specify how many connections per second are allowed. Connections exceeding this limit will be blocked.
Per IP Address SMTP Connection Limits
This option allows you to specify connection limits for each IP address. Specify limits for the following categories:
Connection Limit: Specify the maximum number of simultaneous connections to the server permitted from a single IP address.
Connections exceeding this limit will be blocked.
Connection Rate Limit: Specify how many connections per second per IP address are allowed. Connections exceeding this limit will be
blocked.
Message Rate Limit: Specify how many messages per second per IP address are allowed. Messages exceeding this limit will be
blocked.
Bounce Rate Limit: Specify how many messages per second per IP address are allowed to bounce. Messages exceeding this limit will
be blocked.
Unlimited Addresses
This option allows you to enter IP addresses for which no limits are applied. To add an address, enter the IP address in the Unlimited Addresses
field, then click Add. Enter one IP address per line, such as 192.168.1.123. To edit an existing address, highlight the address in the list box, and
click Advanced Edit. To delete an address from the list, highlight the address in the list box, and click Remove.
Important: As of Netmail Secure build 5.1.1, Limits modules between Secure nodes now use port 26 for internal
communications. Previous versions use port 25.
Lists Module
The Lists Module feature allows you to configure IP address ranges that will always be designated as Blocked Hosts and Allowed Hosts by the
SMTP Modules at the protocol level. Addresses entered under the Lists Module only apply to the SMTP Modules.
68
To enable the Lists Module, select the Agent Enabled option.
Blocked Hosts
This option restricts access to the Netmail Secure server. If enabled, Netmail Secure refuses connections from any mail host with an IP address
specified in the Blocked Hosts list. Using the available fields, create a custom list of blocked IP address ranges. Listing ranges of registered IP
addresses blocks specific external hosts from sending mail to or relaying mail through your server.
To add a blocked host, enter an IP address or a range of IP addresses in the Blocked Hosts field, and then click Add. Enter one blocked host
per line, such as 192.168.1.123-192.168.1.150. To edit an existing blocked host, highlight the blocked host in the list box, and click Advanced
Edit. To delete a blocked host from the list, highlight the blocked host in the list box, and click Remove.
Allowed Hosts
This option allows an Administrator-specified list of IP addresses which automatically bypass reverse DNS lookup and RBL lookup. Netmail
Secure ensures connections from any mail hosts with an IP address specified in the Allowed Hosts list bypass these security checks. Using the
available fields, create a custom list of allowed IP address ranges. List individual or ranges of registered IP addresses to increase the efficiency
for specific hosts to send mail to or relay mail through your server.
To add an allowed host, enter an IP address or a range of IP addresses in the Allowed Hosts field, then click Add. Enter one allowed host per
line, such as 192.163.1.123-192.168.1.150. To edit an existing allowed host, highlight the allowed host in the list box, and click Advanced Edit.
To delete an allowed host from the list, highlight the allowed host in the list box, and click Remove.
Note: Allowed Hosts do not bypass any addresses specified on the Netmail Limits Module.
NSRL Module
The NSRL (Name Server Reputation List) Module is an SMTP module that blocks messages at the connection and content levels. NSRL
identifies authoritative DNS servers known to host malicious domains. NSRL will stop malicious email connections at the gateway by rejecting
domains found in MAIL FROM, HELO and PTR that are served by authoritative name servers listed on the NSRL. It will also scan message
bodies for domains with authoritative name servers listed on the NSRL to protect users from messages with malicious URIs leading to phishing &
malware. Ultimately NSRL tracks back unwanted content to very root of where it comes from. Having identified these malicious authoritative DNS
servers Netmail Secure strikes back & blocks "hackers" efficiently & effectively at the very connection of SMTP, saving processing cycles &
bandwidth. NSRL engages mail flow within the SMTP protocol, just as RBLs do. The NSRL Module has no impact on Domains.
69
In order to use the NSRL Module, the Agent Enabled option must be selected. If you enable this agent, it will be enabled system wide whether
the agent is to be used for SMTP connections or not.
Protocol Filter Module
The Protocol Filter Module allows system administrators to fine tune the available security features. By using the available Netmail Secure
security tools, you can achieve high security of your email infrastructure without limitations on its flexibility and functionality. Some security
features of Netmail Secure can be quite processor-intensive. For example, Netmail Secure provides very high levels of anti-spam detection which
can sometimes result in higher false positives for certain organizations. Adjust your settings accordingly to achieve acceptable levels.
Before experimenting with the security features of Netmail Secure, it is strongly recommended that you familiarize yourself with Simple Mail
Transport Protocol (SMTP), which is at the heart of anti-spam security. To learn more about SMTP, visit: http://www.ietf.org/rfc/rfc2821.txt & http://
www.ietf.org/rfc/rfc1123.txt.
In order to use the Protocol Filter, this agent must be enabled by selecting the Agent Enabled option. The Protocol Filter is enabled by default.
Using the Protocol Filter, you can create protocol filters to block email messages based on message and/or envelope header information.
Ignored Addresses
70
This option allows you to ignore an IP address or a range of IP addresses that would otherwise be blocked by the Protocol Filter Module. To add
Forbidden Header Fields
This option allows you to configure Netmail Secure to block email messages based on
the message header information. In the available fields, you can specify a list of text
strings (including wildcards) that represent the header content you wish to reject.
Netmail Secure will scan down the filter file until it has either parsed all the strings or
found a cause to reject the email message. It is a good practice to include wildcards at
the beginning and end of your text strings, for example, *money fast*. Spammers often
include random characters before and after the subject line to trick and bypass
anti-spam filters.
The header fields available to filter on include:
Video: How to Block Foreign Language Spam with
the Protocol Filter Module
Received
Subject
From
To
CC
Reply To
X-Sender
Custom
Forbidden Envelope Fields
This option allows you to configure Netmail Secure to reject mail messages that do not contain the proper email address format in either of the
following envelope fields:
Mail From
Rcpt To
Custom
Tip: If you have multiple forbidden header or envelope fields and want to delete a field, use the dropdown menu of the field you
want to delete, and select Remove.
RBL Module
The RBL Module feature allows you to perform lookups on the Real-Time Blacklist (RBL) to verify if the sender of an email message is blacklisted.
An RBL is a list of IP addresses of spam sources. Netmail Secure verifies incoming mail against these RBLs. If a sender is listed on an RBL that
Netmail Secure uses to perform lookups, then the sender will be prevented from sending email to your server.
71
Both RBL/DNSRL checks and Reverse DNS look-up use DNS to resolve the addresses (either using your own DNS or the blacklisting group’s
DNS server). This means that if you handle a large quantity of mail traffic, this can generate a large number of DNS resolutions which can slow
down the processing of inbound SMTP traffic.
To obtain additional RBL servers, visit http://www.declude.com/junkmail/support/ip4r.htm. Please note that this website has no affiliation to
Messaging Architects nor does Messaging Architects have any control over the content of this website.
Note: Both RBL and DNS services are included on all Netmail Secure appliances.
To perform lookups on the Real-Time Blacklist (RBL), this module must be enabled.
Perform Recursive Lookups
This option allows you to perform recursive lookups on the Real-Time Blacklist (RBL) to verify if the sending server of an email message is
blacklisted. In some instances, spammers use open proxies and open relays through which to send email. Recursive lookups traces the email
message back to the original server to verify if the sending server is blacklisted.
RBL Zones
To add an RBL zone, enter the IP address or host name of the RBL list server in the RBL Zones field, then click Add. Enter one IP address or
host name per line, such as 192.168.1.123 or xbl.spamcop.net. To edit an existing RBL zone, highlight the RBL zone in the list box, and click Adv
anced Edit. To delete a RBL zone from the list, highlight the RBL zone in the list box, and click Remove.
Ignored Addresses
This option allows you to ignore an IP address or a range of IP addresses that would otherwise be flagged as spam by the RBL Module. To add
Use Spamhaus
In an effort to mitigate the rising number of unsolicited bulk and commercial email messages (spam) on the Internet, Messaging Architects
subscribes to sbl-xbl.messagingarchitects.com. This zone is the combination of all Spamhaus DNSRLs into one single powerful and
72
comprehensive blocklist. It is a realtime database of IP addresses of verified spam sources and spam operations (including spammers, spam
gangs and spam support services), maintained by the Spamhaus Project team and supplied as a free option in Netmail Secure to help system
administrators better manage incoming email streams.
By default, the Use Spamhaus option is enabled on Netmail Secure. Messaging Architects recommends that you keep this option enabled. You
can, however, manually enable or disable individual Spamhaus realtime spam-blocking databases in the Spamhaus Block List (SBL). The
following Spamhaus databases can be enabled or disabled:
SBL (Spamhaus Block List): Contains IP addresses from which Spamhaus does not recommend accepting email.
CSS (Composite Snowshoe): Contains IP addresses that are emitting snowshoe spam. Snowshoe spamming spreads spam output
across many IPs and domains thus “spreading its weight” so it does not trigger automated filters. Snowshoe spam is particularly tricky,
because it appears to come from seemingly legitimate, uncompromised IP addresses.
XBL (Exploits Block List): Contains IP addresses of hijacked PCs infected by illegal third-party exploits, including open proxies,
worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
PBL (Policy Block Lists): Contains end-user IP address ranges which should not be delivering unauthenticated SMTP email to any
Internet mail server except those provided for specifically by an ISP for that customer’s use.
RDNS Module
The RDNS Module feature allows you to perform forward-confirmed reverse DNS (FCrDNS) lookups. When receiving messages from an external
mail server, the SMTP Modules verify that the host’s IP address has forward (name-to-address) and reverse (address-to-name) DNS entries that
match each other. If they do not match, the connection is refused.
With FCrDNS, a reverse DNS lookup (PTR query) is first performed on the IP address. Then, for each domain name returned in the PTR query
results, a forward DNS lookup (type A) is performed on that domain name. Finally, any A record returned by the second query is compared
against the original IP address, and if there is a match, the FCrDNS check passes. In other words, if Netmail Secure resolves the IP address of a
specific mail server to mail.yourdomain.com, and it resolves mail.yourdomain.com to the same IP address of that specific mail server, then the
CFrDNS check is successful. In many instances, spammers use open proxies, open relays, or spam directly from IP addresses that do not have
valid reverse PTR records defined. The RDNS module allows Netmail Secure to block these spammers.
Warning: Unfortunately, there are large numbers of valid mail servers on the Internet which do not have RDNS properly
configured on their own mail servers. Therefore, you should be aware that enabling this feature may lead to some rejection of
valid messages. However, spam has become such a problem that even very large mail service providers have begun using
RDNS lookups to prevent spammers from hitting them.
73
In order to perform forward-confirmed reverse DNS lookups, the Agent Enabled option must be selected.
Ignored Addresses
This option allows you to ignore an IP address or a range of IP addresses that would otherwise be verified by the RDNS Module. To add an
SPF Module
Sender Policy Framework (SPF) is an initiative aimed at preventing address spoofing which is often used by spammers or virus writers. When
enabled, it verifies the SPF records in DNS of the alleged sender to establish whether the IP address of the sending host is an authorized email
sender for that domain. If it is not, then the email is rejected; if it is, then the email is accepted.
Unlike RDNS, the SPF method does not assume the message is being spoofed if it does not find an SPF record in the DNS for that domain.
Therefore, SPF is not a restrictive checking method and does not generate a high number of false positives.
Adding SPF records to your DNS assists other mail servers that have SPF checking enabled to validate your sending domain, therefore
preventing other individuals from spoofing your email addresses. It is, therefore, in your best interest to ensure that your SPF records are
maintained in the DNS and to encourage your clients, suppliers, and other organizations that you communicate with to do the same. SPF support
only works for those domains that put SPF definitions in their DNS. For more information on this initiative, visit http://www.openspf.org.
In order to use the SPF Module, the Agent Enabled option must be selected.
Ignored Addresses
This option allows you to ignore an IP address or a range of IP addresses that would otherwise be flagged as spam by the SPF Module. To add
74
Policy Planning, Configuration and Management
The web-based Netmail Administration Console enables organizations to plan, configure and implement corporate-wide email security policies to
protect their messaging and collaboration systems. Policies created using the Netmail Administration Console contain settings which are then
applied to selected domains, groups or users. Netmail Secure supports an unlimited number of policies that enable system administrators to apply
unique email security rules at three different levels: per domain, per group or per user. These email security policies are run as a server-side
process that is transparent to end users. This chapter provides instructions on how to create policies to suit the needs of your individual
organization. Basic sample policies are included throughout the guide. For step-by-step instructions on how to create customized policies to meet
specific criteria, see "Custom Policies".
In this section:
Policy Overview
Executive Reports
Mail Route
Policy Overview
Netmail Secure includes several custom policies to help system administrators get started as soon as possible. The custom policies are available
in the Netmail Administration Console and are provided to you as recommended best practices. You can use these policies to begin controlling
inbound and outbound email immediately, or you create new customized policies to better suit the epolicy requirements of your organization.
Policy objects are displayed on the right-hand side of the Netmail Administration Console under the Policies category. To view detailed criteria
assigned to these custom policies, click the name of the policy to open it.
Netmail Secure also includes several pre-created custom policies available in the Netmail Administration Console under Policy Templates. For
example, a Policy Template entitled Profanity has been created for you under the Content Filter category. This policy looks for offensive words
within the body of email messages and then performs the associated action on the message.
Important: Keep in mind that the names of policies and their associated actions created in the Netmail Administration Console
may appear to end users in the Quarantine application under Preferences. Therefore, it is important to create policies and actions
that are easy to interpret, such as Tag Subject and Deliver Message.
75
There are several categories of email security policies that you can create. Within each category, the number of policies you can create is
limitless. The categories of policies include:
Anti-Spam
Anti-Virus
Attachment Blocking
Content Filter
Executive Reports
Lists
Mail Route
Notifications
Outbound Limits
Quarantine Actions
Quarantine Reports
To start using Netmail Secure, you must create, apply, and deploy policies. If you want to get your system up and running right away, the
pre-created Policy Templates may be used. The following sections describe how to create and configure custom policies with Netmail Secure
through the Netmail Administration Console.
Netmail Secure’s Alias policy allows administrators to specify email aliases for their users. When an email is sent to a user’s email alias, the
message is simply forwarded to the user’s actual email account. Email aliases are often used to conveniently replace long or hard-to-remember
email addresses. Alias policies can be applied to entire domains, groups, or individual users.
From the Netmail Administration Console, choose Policies > Aliases to create your Alias policy. By default, the Details tab is displayed. Click Cr
eate Alias Policy, enter a name for your new Alias policy, and then click Create. Your new policy now appears in the tree menu on the left-hand
side of the Netmail Administration Console. Click the name of the Alias policy you have just created to configure it.
76
Allowed Patterns
Allowed Patterns features a number of different email aliases that can be selected and used for forwarding mail to end user mailboxes. The
available aliases are made up of different combinations of a user’s first name, last name, and initials. Select the email alias(es) you want to
include in your Alias policy. When you are done, click Save Changes.
To delete an existing Alias policy, simply select the name of the policy in the tree menu, and click Delete <Policy Name> Policy.
Anti-Spam policies can be configured to deliver the message to a mailbox, append a line of text to the subject line of the message and deliver it,
add X-Spam header line and deliver it, delete the message or send the message to quarantine. System administrators call also choose to notify a
designated individual about a violation in epolicy without notifying the sender of the message.
From the Netmail Administration Console, choose Policies > Anti Spam to create your Anti-Spam policy. By default, the Default tab is displayed.
Click Create Anti Spam Policy, enter a name for your new Anti-Spam policy, and then click Create. Your new policy now appears in the tree
menu on the left-hand side of the Netmail Administration Console. Click the name of the Anti-Spam policy you have just created to configure it. By
default, the Actions tab is displayed.
77
Actions
The Actions tab allows you to specify what you want to do when a message containing spam is detected by Netmail Secure. The following Messa
ge Actions are available:
Deliver to Mailbox
This option delivers the message containing spam to the recipient’s mailbox.
Tag Subject & Deliver to Mailbox
This option adds custom text to the subject line and delivers the message containing spam to the recipient’s mailbox.
Tip: The Tag Subject & Deliver to Mailbox option can be used in conjunction with your mail client by creating a rule to act on
messages tagged with a specific subject line. For example, create an automatic sorting rule in your mail client to move all
incoming mail tagged with a “Spam” subject line to a “Junk” folder.
Add X-Spam Header Line & Deliver to Mailbox
This option modifies the Mime header of the message with an X-Spam Header line and delivers the message containing spam to the recipient’s
mailbox.
Tip: If supported by your mail client, the Add X-Spam Header Line & Deliver to Mailbox option can also be used in conjunction
with your mail client by creating a rule to flag messages for handling by the mail client’s Junk Mail Handling feature if messages
contain X-Spam Headers.
Delete the Message
This option deletes the message containing the spam.
Send to Quarantine
This option sends the message to the recipient’s quarantine for review and deletion.
BCC to
78
The BCC to option will send a blind carbon copy of the message, including the attachment, to the address specified in organizations where a full
digest of all received mail is required by a specific individual or department.
Allow Delivery Status Notifications
This option will send a delivery status notification to the sender if the recipient’s email server is unavailable. This option also allows Read Receipts
if enabled on the recipient’s email client.
Criteria
The Criteria tab allows organizations to finetune their blocking rules to address the unique requirements of their business and industry. This
allows pharmaceutical companies, for example, to set up different rules than financial institutions for defining what is legitimate email versus what
is not. Up to 19 different scanning categories can be set up to handle exceptions.
By default, all scanning categories are set to Normal, which represents 90 on the Global Spam Sensitivity scale, but you can change this setting
to a Less Sensitive setting or Disable it for any category at any time. Use the Global Spam Sensitivity slider to adjust Netmail Secure’s sensitivity
to spam globally for all categories. The Global Spam Sensitivity scale can be set for the following scanning categories:
URL
Stocks
Porn
Drugs
Loans
Degrees
Software
Dating
Free Stuff
Adv Free Fraud
Marketing
Lottery
Internet Business
IP Reputation
URL Reputation
Email Obfuscation
Image Spam
Phishing
Bulk Spam
Note: If you lower the Global Spam Sensitivity scale to below 80, you may increase the number of false positives.
79
Netmail Anti-Spam Agent
The Netmail Secure Anti-Spam Agent integrates with the XCFSpam1, XCFSpam2, XCFSpam4, and XCFSURBL engines to perform high quality
spam scanning on all messages handled by Netmail Secure. This allows you to scan all inbound and outbound messages travelling through your
Netmail Secure server for spam. Enabled by default, the anti-spam engines provide enterprise-class organizations with the exact level of
protection required.
The Netmail Secure anti-spam engines use multiple technologies to achieve high quality anti-spam filtering and improved catch rates as well as
perform advanced metrics analysis on email messages to first determine the presence of spam content and then to filter and categorize it. The
engines use broad categories based on the type of content and are also capable of performing scanning on multilingual text. From the Netmail
Administration Console, you can then determine the course of action taken by Netmail Secure when spam is detected by creating intelligent
Anti-Spam policies.
From the Netmail Administration Console, choose Clusters > <Cluster Name> > Agents > Anti Spam to configure the Netmail Anti-Spam
Agent. By default, the Configuration tab is displayed.
Configuration
The Configuration tab allows you to apply basic configuration changes to the Netmail Anti-Spam Agent.
Status
The Netmail Anti-Spam Agent should be Enabled at all times. Disabling the agent prevents the Netmail Secure server from launching the Netmail
Anti-Spam Agent.
Proxy
This option lets you configure whether your Netmail Secure server requires a proxy to gain access to anti-spam updates. If your Netmail Secure
server does not have direct FTP- and HTTP-based Internet Access, then you must select Use Proxy when updating definitions in order to
access anti-spam updates from Messaging Architects. For more information about configuring Proxy Access, see “Details”.
80
Note: If you wish to manually update your XCFSpam1 virus definition immediately, log in to the operating system via SSH
(Secure Socket Shell) by opening an SSH client. Open a terminal window as the admin user, and when prompted enter your pas
sword. At the prompt, enter the following command: /opt/ma/netmail/var/netmail/work/mantispam/xcfspam1/updatespam_xcfspa
m1_data
XCFSpam1
The XCFSpam1 engine is designed as a large-scale learning system where human and autonomous machine elements collaborate to produce
and refine the filtering rules.
Note: The XCFSpam1 engine sends connection information regarding catch rates and the IP addresses from which is receives
email back to Messaging Architects’ servers over SMTP. This feature helps track the reputation service of XCFSpam1.
XCFSpam2
The XCFSpam2 engine uses Advanced Pattern Detection, which is based on the mass distribution of malware over the Internet. It detects and
blocks spam in any language and is highly effective against image-based spam and PDF spam.
XCF Spam4
The XCFSpam4 engine complements our other spam engines. It utilizes more than one million reputation queries, pattern matches or rules to
identify spam with an incredibly high accuracy rate, and a near-zero false positive rate.
XCFSURBL
The XCFSURBL spam engine uses SURBLs to help identify unsolicited messages. SURBLs are lists of URIs that have appeared in unsolicited
messages. SURBLs search the message body of incoming mail for similar sites to help check whether the messages are unsolicited. This is
similar to how RBLs function, only RBLs check IP addresses rather than URIs. Used as a second-stage filter, SURBLs help identify a large
majority of difficult, remaining unsolicited messages that were not filtered out in a first-stage filter. For more information about SURBLs, visit http://
www.surbl.org/.
To enable the XCFSURBL spam engine, select Use the XCFSURBL Engine.
You also have the option of enabling or disabling the following specific lists used by SURBLs:
sc.surbl.org: SpamCop websites
ws.surbl.org: sa-blacklist websites
ob.surbl.org: Outblaze URI blacklist
ab.surbl.org: AbuseButler websites
XCFNSRL
Select Use the NSRL Engine if you want to enable the NSRL Engine.
DBL
The DBL (Domain Block List) is a real-time database of domains that are found in spam messages. It can be used to help identify, filter, and
manage spam that contains DBL-listed domains. The DBL is both a domain URI Blocklist and RHSBL. It can be used for both message body URI
checks and for connection checks at the SMTP level and header domain checks and other checks involving domains.
Select DBL Enabled if you want enable the Domain Block List.
DBL Zones
This option allows you to add your own DBL zones that you want flagged by Netmail Secure.
Advanced
The Advanced tab allows you to apply advanced configuration changes to the Netmail Anti Spam Agent.
81
Large Messages
This option allows you to specify a maximum size for large messages in KB. You can then determine the course of action taken by Netmail
Secure when a message over the maximum allowable size is detected by the Netmail Anti-Spam Agent.
Deliver to Mailbox: This option delivers the message over the maximum allowable size to the recipient’s mailbox.
Tag Subject & Deliver to Mailbox: This option adds custom text to the subject line and delivers the message to the recipient’s mailbox.
Apply User Policy: This option applies the domain, group, or user-level policy to large messages.
Send to Quarantine: This option sends the message to the recipient’s Quarantine for review and deletion.
BCC to: The BCC to option will send a blind carbon copy of the message, including the attachment, to the address specified in
organizations where a full digest of all received mail is required by a specific individual or department.
Advanced Settings
The following advanced options are available to you:
Do not allow whitelisted senders to bypass this scan engine: When enabled, this option prevents senders who appear on your
custom Allowed Hosts from bypassing the anti-spam engine.
Tip: You can create custom lists of IP addresses that will always be designated as trusted or blocked addresses by choosing Co
nnection Manager > Lists Module in the Netmail Administration Console. Use the available fields to create custom lists of
Blocked and Allowed Hosts.
Parse HTML Messages: When enabled, the spam engine rasterizes and extracts URIs from HTML-based messages.
The Diagnostics: Enable Reference ID and Diagnostics: Enable X-Tag options are troubleshooting tools. They should only be
selected if Support has approved so.
Anti-Virus policies apply to any message which is flagged as containing a virus. Anti-Virus policies can be configured to deliver the message to a
mailbox, append a line of text to the subject line of the message, delete the message, clean the message or send the message to quarantine.
System administrators can also choose to notify a designated individual when a policy action is triggered, with or without notifying the sender
82
and/or recipient of the message by configuring an Anti-Virus policies in conjunction with a Notifications policy.
This section provides step-by-step instructions on how to create an Anti-Virus policy. If you have already created your Anti-Virus policy or are
using a custom policy, then see “Configuring Domains, Groups and Users” to learn how to apply policies and overrides to different levels: per
domain, per group or per user.
Warning: Messaging Architects does not recommend granting Anti-Virus policy overrides to end users.
From the Netmail Administration Console, choose Policies > Anti Virus to create your Anti-Virus policy. By default, the Default tab is displayed.
Click Create Anti Virus Policy, enter a name for your new Anti-Virus policy, and then click Create. Your new policy now appears in the tree
menu on the left-hand side of the Netmail Administration Console. Click the name of the Anti-Virus policy you have just created to configure it. By
default, the Actions tab is displayed.
Action
From the list of available Message Actions, specify what you want to do when a message containing a virus is detected by Netmail Secure.
Deliver to Mailbox
This option delivers the message containing the virus to the recipient’s mailbox.
This option appends custom text to the subject line and delivers the message containing the virus to the recipient’s mailbox.
Warning: If you choose to enable this option, messages containing viruses may be delivered to recipients, unless blocked by
another policy. Messaging Architects strongly recommends that you do not create an Anti-Virus policy using these options.
Delete the Message
This option deletes the message containing the virus.
Send to Quarantine
This option sends the message to the recipient’s quarantine for review and deletion. This option allows the recipient to review the message in the
quarantine.
83
Warning: If you choose to enable this option, messages containing viruses may be delivered to the quarantine, unless blocked
by another policy. Messaging Architects strongly recommends that you do not create an Anti-Virus policy using this option.
BCC to
The BCC to option will send a blind carbon copy of the message, including a copy of the virus, to the address specified in organizations where a
full digest of all received mail is required by a specific individual or department.
Send Notification
This option allows you to choose a Notification policy. Notification policies can be configured to automatically send email notifications to recipients,
senders and/or administrators when messages containing blocked file content or attachments, viruses or spam are detected in the system.
Notification Policies are created by choosing Policies > Notifications. For more information, see “Notifications”.
Sample Anti-Virus Policy
This policy ensures that email messages containing viruses are not delivered to end user mailboxes.
1. Choose Policies > Anti Virus > Create Anti Virus Policy.
2. Enter a name for your policy, such as Delete, and then click Create.
3. Select your new Delete policy from the list of policies that appear on the left-hand side of the Netmail Administration Console.
4. Under Action, select Delete the Message. This option deletes the message containing the virus.
5. Click Save Changes to save your policy.
6. Select Domains. Highlight the name of your domain. The Policies tab is displayed by default.
7. Under Policies in Effect, click Assign Policy.
8. In the window that appears, select Virus as the policy Type, select Incoming as the Direction, and select the name of the Policy you have
just created.
9. To apply the policy to all users in the organization, do not select Allow this policy to be overridden.
10. Click Assign to assign your Anti-Virus policy to the domain.
Netmail Anti-Virus Agent
The Netmail Anti-Virus Agent integrates with multiple engines to perform virus scanning on all messages handled by Netmail Secure. This allows
you to scan all inbound and outbound messages travelling through your Netmail Secure server for viruses. From the Netmail Administration
Console, you can then determine the course of action taken by Netmail Secure when a virus is detected by creating intelligent Anti-Virus policies.
From the Netmail Administration Console, choose Clusters > <Cluster Name> > Agents > Anti Virus to configure the Netmail Anti-Virus Agent.
By default, the Configuration tab is displayed.
84
Configuration
The Details tab allows you to apply basic configuration changes to the Netmail Anti-Virus Agent.
Status
The Netmail Anti-Virus Agent should be Enabled at all times. Disabling the agent prevents the Netmail Secure server from launching the Netmail
Anti-Virus Agent.
Options
The Scan Compressed Files option allows you to select that messages with zipped file attachments will also be scanned for viruses.
If your Netmail Secure server does not have direct FTP- and HTTP-based Internet Access, then you must select Use Proxy when updating
definitions in order to access anti-virus updates from Messaging Architects. For more information about configuring Proxy Access, see “Details”.
Note: If you wish to manually update your virus definitions immediately, log in to the operating system via SSH (Secure Socket
Shell) by opening an SSH client. Open a terminal window as the admin user, and when prompted enter your password. Dependin
g on your selected Anti-Virus Engine, at the prompt, enter one of the following commands:
Eset:/opt/ma/netmail/var/netmail/work/mantivirus/xcfantivirus1/updatevirus_xcfantivirus1_data
McAfee:/opt/ma/netmail/var/netmail/work/mantivirus/xcfantivirus2/updatevirus_xcfantivirus2_data
Zero Hour AV:/opt/ma/netmail/var/netmail/work/mantivirus/xcfantivirus3/updatevirus_xcfantivirus3_data
Engines
Use the XCFAntiVirus1 Engine: Select this option if you want to enable the Eset anti-virus engine. This anti-virus engine should be
enabled at all times.
Use the XCFAntiVirus3 Engine: Select this option if you want to enable the Zero Hour AV engine. This anti-virus engine adds an
additional security layer to Netmail Secure to identify viruses in real time based on their unique distribution patterns without the need to
update virus signatures. The Zero Hour AV engine should be enabled at all times.
Cache
This Number of Entries field lets you specify how many messages containing viruses you want to keep in the cache before they are removed
and for how long. When an identical copy of the message arrives, Netmail Secure will treat the message in the exact same way as the original. If
85
the message contains a virus, it will identified as such without requiring the anti-virus engine to run.
The Minutes field allows you to specify how long you want messages containing viruses to remain in the cache. Enter the time frame in minutes.
For example, if you want messages to remain in the cache for 2 hours, enter 120 minutes in the field.
Advanced
The Advanced tab allows you to apply advanced configuration settings to the Netmail Anti-Virus Agent.
Large Messages
This option allows you to specify a maximum size for large messages in MB. You can then determine the specific course of action taken by
Netmail Secure when a message over the maximum allowable size is detected by the Netmail Anti-Virus Agent.
Return Message to Sender: This option returns the message over the maximum allowable size to the sender.
86
Compressed Archives
This option allows you to specify how many scanning levels deep you wish to apply to files that have been recursively zipped.
Note: Enabling this option slows down processing because a file that has been zipped an inordinate number of times will take
longer to scan.
Password Protected Archives
This option allows you to specify the course of action taken by Netmail Secure when a message containing a password-protected zipped
attachment is detected.
Deliver to Mailbox: This option delivers the message to the recipient’s mailbox.
Apply User Policy: This option applies the domain, group, or user-level policy to password-protected attachments.
Return Message to Sender: This option returns the message to the sender.
BCC to: This option will send a blind carbon copy of the message, including the attachment, to the address specified in organizations
where a full digest of all received mail is required by a specific individual or department.
Unscannable Messages
This option allows you to specify the course of action taken by Netmail Secure when an unscannable message is detected. An unscannable
message may be a fragmented file, a file that has been tampered with or a file that was created on an unrecognizable operating system.
Deliver to Mailbox: This option delivers the unscannable message to the recipient’s mailbox.
Apply User Policy: This option applies the domain, group, or user-level policy to unscannable messages.
The Attachment Blocking feature of Netmail Secure allows system administrators to configure policies to block attachments by filename or Mime
type, preventing new types of viruses or unwanted email from entering the messaging and collaboration system. Typically, an organization
implements an Attachment Blocking policy because attachments are at a higher risk of containing viruses and can be blocked regardless of
whether the anti-virus pattern file is capable of detecting a virus. This speeds up the processing as files can be blocked strictly on their attachment
content without Netmail Secure having to scan them. You may also want to implement separate policies for different categories of attachments.
For example, you may want to create an audio attachment blocking policy that prevents all attachments with *.mp3, *.wav, and *.wma file
extensions from entering the system.
Attachment Blocking policies can be configured to deliver the message to a mailbox, append a line of text to the subject line of the message,
delete the message, strip the attachment from the message or send the message to quarantine. System administrators can also choose to notify
a designated individual about a violation in epolicy without notifying the sender of the message. Attachment Blocking policies can also be
configured in conjunction with a Notifications policy.
This section provides step-by-step instructions on how to create an Attachment Blocking policy. If you have already created your Attachment
Blocking policy or are using a custom policy, then see "Configuring Domains, Groups and Users" to learn how to apply policies and overrides to
different levels: per domain, per group or per user.
Attachment Blocking policies should address your organization’s needs and regulations with respect to content and email. Several custom
Attachment Blocking policies have been created and included with Netmail Secure. These custom policies address a wide variety of known
attachment types and are grouped in to easily selectable policy categories such as Executables and Scripts, Audio and Disk Images. The custom
policies are located under Policies > Attachment Blocking and are included to provide protection from known dangerous attachment types.
From the Netmail Administration Console, choose Policies > Attachment Blocking to create your Attachment Blocking policy. By default, the De
87
tails tab is displayed. Click Create Attachment Policy, enter a name for your new Attachment Blocking policy, and then click Create. Your new
policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Attachment Blocking
policy you have just created to configure it. By default, the Actions tab is displayed.
Actions
The Details tab allows you to specify basic configuration details for your Attachment Blocking policy.
Enable Fingerprinting
This option enables fingerprinting. Fingerprinting is a method by which the real attachment type of a specified file is detected without relying on its
file extension. Viruses are often disguised as other file types. Fingerprinting prevents files from being sent through the system when their
extension is renamed. This allows you to protect your messaging and collaboration system from viruses that use a known file format. For
example, if fingerprinting is enabled and *.doc files are listed as blocked attachments, the attachment scanner will block all *.doc files even if the
file is renamed suspicious_file.txt.
Scan Compressed Files
This option allows you to scan for blocked attachments within compressed files, so that zipped messages will be scanned for forbidden file
attachments.
Limit Total Message Size
88
This option allows you to limit the total message size.
Attachment Size Limit
This option allows you to specify an attachment size limit for incoming messages. You can select if you want the attachment size limit to be either
less than or greater than a specified attachment size in MB.
If the Limit Total Message Size option is selected, the attachment size limit will be applied to the total size of all attachments appended to a
message (i.e., if you limit the size to 200 MB, all attachments added together cannot exceed 200 MB in size). If the Limit Total Message Size opt
ion is not selected, the attachment size limit will be applied to the individual attachments (i.e., if you limit the size to 200 MB, each attachment can
be up to 200 MB in size).
Forbidden Filenames
In the list box, enter the forbidden filename extensions you wish to include in your Attachment Blocking policy.
Forbidden Mime Types
In the list box, enter the forbidden Mime Types you wish to include in your Attachment Blocking policy. Mime Types are similar to file extensions,
but more universally accepted. Mime Types are typically used to identify the type of information that a file contains.
Here are some example of common Mime Types:
Common File Extension
text/html
.html
image/png
.png
image/jpeg
.jpg
audio/mpeg
.mp3
application/x-executable
.exe
Action
From the list of available Message Actions, specify what you want to do when a message containing a blocked attachment is detected by
Netmail Secure.
Deliver to Mailbox: This option delivers the message containing the blocked attachment to the recipient’s mailbox.
Warning: If you choose to enable this option, messages containing blocked attachments may be delivered to recipients, unless
blocked by another policy. Messaging Architects strongly recommends that you do not create an attachment blocking policy using
this option.
Tag Subject & Deliver to Mailbox: This option adds custom text to the subject line and delivers the message containing the blocked file
attachment to the recipient’s mailbox.
Warning: If you choose to enable this option, messages containing blocked attachments may be delivered to recipients, unless
blocked by another policy. Messaging Architects strongly recommends that you do not create an attachment blocking policy using
this option.
Delete the Message: This option deletes the message containing the blocked attachment.
Strip the Attachment: This option strips the message attachment from the email message before sending the rest of the message to the
recipient without providing file information and links to the attachment.
89
Store the Attachment for [x] days: This option copies the message attachment and stores the attachment on Netmail Store for the
number of days specified before sending the rest of the message to the recipient. When the number of days specified is reached, Netmail
Store deletes the attachment, thereby freeing up storage space.
Strip and Store the Attachment for [x] days: This option strips the message attachment from the email message and stores the
attachment on Netmail Store for the number of days specified before sending the rest of the message to the recipient including file
information and links to the attachment within the body of the email. When the number of days specified is reached, Netmail Store
deletes the attachment, thereby freeing up storage space. For more information, see "Custom Policies".
Send to Quarantine: This option sends the message to your quarantine in the event that an email message containing a blocked
attachment is detected in the system.
Warning: If you choose to enable this option, messages containing blocked attachments may be delivered to quarantine.
Messaging Architects strongly recommends that you do not create an attachment blocking policy using this option.
Send Notification: This option allows you to choose a Notification policy. Notification policies can be configured to automatically send
email notifications to recipients, senders, and/or administrators when messages containing blocked file content or attachments, viruses,
or spam are detected in the system. Notification Policies are created by choosing Policies > Notifications. For more information, see "N
otifications".
Allow Delivery Status Notifications: This option will send a delivery status notification to the sender if the recipient’s email server is
unavailable. This option also allows Read Receipts if enabled on the recipient’s email client.
Conflict Notification
This option allows you to specify a email address to which a notification will be sent if a conflict prevents the policy from being applied.
Exceptions
The Exceptions tab allows you to apply exception rules to your Attachment Blocking policy.
Bypass Keyword
This option allows you to specify a keyword which, if included in a message’s subject heading, will allow the message to bypass the Attachment
Blocking policy.
Allowed Filenames
90
This option allows you to enter any filename extensions you wish to exclude from the Forbidden Filenames list. All messages containing filename
extensions listed in the Allowed Filenames list box will bypass the Attachment Blocking policy.
Allowed Mime Types
This option allows you to enter any Mime Types you wish to exclude from the Forbidden Mime Types list. All messages containing Mime Types
listed in the Allowed Mime Types list box will bypass the Attachment Blocking policy.
Sample Attachment Blocking Policy
The following Attachment Blocking policy can be created to ensure that file attachments with renamed extensions do not bypass the Attachment
Blocking engine:
1. Choose Policies > Attachment Blocking > Create Attachment Policy.
2. Enter a name for your policy, and then click Create.
3. Select your new policy from the list of policies that appear on the left-hand side of the Netmail Administration Console.
4. Select Enable Fingerprinting. Fingerprinting prevents files from being sent through the system when their extension is renamed. This allows
you to protect your messaging and collaboration system from viruses that use a known file format. For example, if fingerprinting is enabled and *.d
oc files are listed as blocked attachments, the attachment scanner will block all *.doc files even if the file is renamed suspicious_file.txt.
5. Under Forbidden Filenames, enter the forbidden filenames you wish to include in your Attachment Blocking policy, such as *.doc.
6. Under Action, select Delete the Message.
8. Select Domains. Highlight the name of your domain. The Policies tab is displayed by default.
10. In the window that appears, select Attachment as the policy Type, select either Incoming or Outcoming for the Direction, and select the
name of the Policy you have just created.
11. To apply the policy to all users in the organization, do not select Allow this policy to be overridden.
12. Click Assign to assign your Attachment Blocking policy.
The Content Filter feature of Netmail Secure lets system administrators create custom filters and apply a corporate footer to outbound messages
to enforce company-wide email usage policies by using specific keywords and regular expressions (RegEx). Netmail Secure supports the use of
Regular Expression Searching (RegEx) which provides a way to search for advanced combinations of characters. Netmail Secure also uses
Advanced Keyword Syntax for Deep Content Analysis.
Content Filter policies can be configured to deliver the message to a mailbox, append a line of text to the subject line of the message, delete the
message or send the message to quarantine. System administrators can also choose to notify a designated individual about a violation in epolicy
without notifying the sender of the message. Content Filter policies can also be configured in conjunction with a Notifications policy.
This section provides step-by-step instructions on how to create a Content Filter policy. If you have already created your Content Filter policy,
then see "Configuring Domains, Groups and Users" to learn how to apply policies and overrides to different levels: per domain, per group or per
user.
The following table contains several RegEx examples:
91
Character
Meaning
Example
^
matches the start of a line
^the finds “the” at the beginning of a line
$
matches the end of a line
end$ finds “end” at the end of a line
\
treats next character literally
\$100 matches “$100,” not “100$” which is
useful when the next character is reserved,
such as % or ?
[abc]
indicates set of characters, one of which must
be present
sampl[ae] matches “sample” or “sampla,” but
not “samplx”
[a-z]
indicates a range of characters
[a-z] matches any single lower-case letter
[^a-z]
indicates any character, except the ones in
the bracketed range
the bracketed range
.*
the bracketed range
the bracketed range
.+
indicates 1 or more of something
[a-z]+
The following table contains several Advanced Keyword Syntax examples:
Character
Meaning
Example
()
groups rules or criteria together
(account)(balance summary) matches all
instances when the word "account" is followed
by "balance" or "summary"
{}
exception group - used to group several
individual exceptions
{aa bb cc} can be used to replace !aa !bb !cc
!{}
exception - if !{n} is matched, the rule fails
(credit)(card)[4](!{expiration}) matches "credit
card" except if followed within 4 words by
"expiration"
%
any numerical digit can occupy the
corresponding position in the matched word
% matches ‘7’, %%% matches ‘558’, etc.
*
specifies a match for zero or more
occurrences of the preceding expression
lo*t matches “lot”, “loot”, “looot”, “loooooot”,
etc.
Grouping Variables
Wild Card Variables
*aa* matches any token containing the
substring ‘aa’
?
matches any single character
? matches ‘t’ or ‘3’, etc.
~
following a word, it uses the root value of that
word and any other iteration or version as part
of the rule
(terminate~) matches “terminated”,
“termination”, “terminator”, “terminating”, etc.
Note: Do not insert spaces between the wild card indicators and the word to which they apply.
Range Variables
/S
indicates the range is equal to a sentence
/S(2010) matches ‘2010’ found within a
sentence
/P
indicates the range is equal to a paragraph
/P(salary) matches “salary” found within a
paragraph
/T
indicates the range is equal to the entire text
or message
/T(present~) matches “present”, “presented”,
“presenting”, etc. found within an entire text
Note: If not specified, the default range is /S or within a sentence.
Note: When creating rules and filters it is important to note that particular strings can be delimited either between "( )" or by
placing them on separate lines within the filter rule itself.
From the Netmail Administration Console, choose Policies > Content Filter to create your Content Filter policy. By default, the Default tab is
displayed. Click Create Content Filter Policy, enter a name for your new Content Filter policy, and then click Create. Your new policy now
appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Content Filter policy you have just
created to configure it. By default, the Actions tab is displayed.
92
Actions
From the list of available Message Actions, specify what you want to do when a message is detected by Netmail Secure that violates the
corporate email policy and contains content that should not be sent in an email is detected by Netmail Secure.
Deliver to Mailbox
This option delivers the message containing filtered content to the recipient’s mailbox.
This option adds custom text to the subject line and delivers the message containing filtered content to the recipient’s mailbox.
Delete the Message
This option deletes the message containing filtered content.
Relay through Secure Route
This option allows you to forward the message containing filtered content to a relay host, such as an encryption server.
Send to Quarantine
This option sends the message to the recipient’s quarantine for review and deletion.
Return Message to Sender
This option returns the message over the maximum allowable size to the sender.
93
BCC to
The BCC to option will send a blind carbon copy of the message containing filtered content, to the address specified in organizations where a full
digest of all received mail is required by a specific individual or department.
Subject
This option allows you to append a line of text to the subject line of the BCCed message.
Send Notification
This option allows you to choose a Notification policy. Notification policies can be configured to automatically send email notifications to recipients,
senders, and/or administrators when messages containing filtered content or attachments, viruses, or spam are detected in the system.
Notification Policies are created by choosing Policies > Notifications. For more information, see “Notifications”.
Description
This option allows you to add a description of the delivery result.
Conflict Notification
This option allows you to specify a email address to which a notification will be sent if a conflict prevents the policy from being applied.
Criteria
Ignore Messages
The Ignore Messages option further enhances Netmail Secure’s performance by allowing organizations to create a Content Filter policy that will
only act on messages which were not caught by the other scanning engines.
From the list of available options, choose one or all of the following:
Ignore Spam: Select this option if you want to ignore messages containing spam that were trapped by the scanning engines.
Ignore Virus: Select this option if you want to ignore messages containing viruses that were trapped by the scanning engines.
Ignore Blocked Attachment: Select this option if you want to ignore messages containing blocked attachments that were trapped by the
scanning engines.
Filter Values
Under Filter Values, specify how you want message content to be filtered.
Language: This option allows you to choose the language you want to filter. By default, the language is English, but you can choose
other languages as well. In addition to English, Netmail Secure supports Chinese, Dutch, French, German, Italian, Japanese, and
Spanish.
Filter Type: This option allows you to select what type of content you would like to filter. In the textbox, enter specific keywords or regular
expressions to search.
Keywords: This option allows you to enter specific words or phrases to search for. For example, if you want to filter out email messages
that contain objectionable content, enter those keywords in the list box.
Header Keywords: This option allows you to enter header keywords to search for at the protocol level. For example, if you want to filter
out email messages that contain certain words in the header fields, enter those keywords in the list box.
Regular Expressions: This option allows you to enter regular expressions to search for.
Filter Value: This option allows you to filter content by specific words or word variants. To add a new entry to the list, simply click inside
the textbox and enter a filter value. Ensure that each filter value is entered on a new line.
Non-Matching Messages
From the list of available options, specify what you want to do if Netmail Secure finds a message that does not match the criteria entered above.
94
For example, if you want to create a Corporate policy to add a corporate footer to all outbound messages from your organization, leave the Filter
Type and Value fields blank, select Footer and enter appropriate text in the list box.
Footer: This option adds a footer to messages that do not match the content filter criteria specified above.
Add Recipients: This option allows you to add recipients.
Netmail Content Filter Agent
The Netmail Content Filter Agent allows system administrators to use the advanced content filtering capabilities of Netmail Secure to address
corporate epolicy, compliance and security.
From the Netmail Administration Console, choose Clusters > <Cluster Name> > Agents > Content Filter to configure the Netmail Anti-Virus
Agent. By default, the Details tab is displayed.
95
Details
The Netmail Content Filter Agent should be Enabled at all times. Disabling the agent prevents the Netmail Secure server from launching the
Content Filter Agent.
Advanced
The Advanced tab allows you to apply advanced configuration changes to the Netmail Content Filter Agent.
96
Large Messages
This option allows you to specify a maximum size (in MB) for large messages in megabytes. You can then determine the specific course of action
taken by Netmail Secure when a message over the maximum allowable size is detected by the Netmail Content Filter Agent. Netmail Secure’s
Deep Content Analysis feature uses Open Office. Open Office is installed and running with Netmail Secure, so you can leave this option blank.
Should you require a more powerful installation of Open Office, however, you can install Open Office on a more powerful server and point Netmail
Secure to it.
97
Return Message to Sender: This option returns the message over the maximum allowable size to the sender.
Tag Subject & Return Message to Sender: This option adds custom text to the subject line and returns the message to the sender.
Deep Content Analysis
This option allows you to filter messages and attachments using Netmail Secure’s Deep Content Analysis feature.
Compressed Archives
This option allows you to specify how many scanning levels deep you wish to apply to files that have been recursively zipped.
Note: Enabling this option slows down processing because a file that has been zipped an inordinate number of times will take
longer to scan.
Password Protected Archives
This option allows you to specify the course of action taken by Netmail Secure when a message containing a password-protected zipped
attachment is detected.
Deliver to Mailbox: This option delivers the message to the recipient’s mailbox.
Apply User Policy: This option applies the domain, group, or user-level policy to password-protected attachments.
Unscannable Messages
This option allows you to specify the course of action taken by Netmail Secure when an unscannable message is detected. An unscannable
message may be a fragmented file, a file that has been tampered with or a file that was created on an unrecognizable operating system.
Deliver to Mailbox: This option delivers the unscannable message to the recipient’s mailbox.
Apply User Policy: This option applies the domain, group, or user-level policy to unscannable messages.
Executive Reports
The Executive Reports feature of Netmail Secure allows you to create a policy that will automatically send customized executive reports
containing event information to designated individuals inside your organization. The Executive Reports feature allows corporate executives to see
how many email messages containing viruses, spam, blocked attachments, or other filtered email is being trapped by Netmail Secure, and how
effective Netmail Secure is at protecting the organization’s messaging and collaboration system. Executive Reports provide tangible proof of
Netmail Secure’s effectiveness.
Single Day Executive Reports can be generated to report daily statistics for incoming and outgoing messages, a top 10 list of spam recipients and
98
a top 10 list of spam sender IP addresses. Multi-Day Executive Reports provide statistics for both incoming and outgoing messages, message
queues, system usage information, and user quarantine actions for today and yesterday, and averages for the last 7 days and the last 30 days.
Executive Reports can be customized with specific header information. You can also specify the type of information you want to include in the
executive reports you send.
This section provides step-by-step instructions on how to create an Executive Report policy. If you have already created your Executive Report
policy or are using a custom policy, then see "Configuring Domains, Groups and Users" to learn how to apply policies and overrides to different
levels: per domain, per group or per user.
From the Netmail Administration Console, choose Policies > Executive Reports to create your Executive Reports policy. By default, the Details
tab is displayed. Click Create Executive Report Policy, enter a name for your new Executive Report policy, and then click Create. Your new
policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Executive Report policy
you have just created to configure it. By default, the Executive Report tab is displayed.
99
Delivery
When selected, the Deliver to local addresses only option sends notifications only to internal addresses within the organization.
Header
From the list of available header fields, specify what fields you want to include in the header of executive reports sent to designated individuals.
Received: This option lets you specify the text string that will be used to display a list of mail servers that the message passed through
before being delivered.
Subject: This option lets you specify a text string that will be included in the Subject field of the message.
From: This option lets you specify the display name and/or email address of the sender of the executive report, such as System
Administrator or [email protected].
To: This option lets you specify the email address of the message recipient.
CC: This option lets you specify the email address of the recipient to whom a carbon copy of the message was sent.
Reply-To: This option lets you specify an email address where recipients of executive reports may reply to the message.
X-Sender: Allows you to specify additional information about the sender of the email.
Custom: This option lets you customize a header field included in executive reports.
Remove: This option lets you remove an existing header field.
Add new: This option lets you add a new header field.
Message
Use the available fields to customize the type of information you want to include in executive reports you want to send. You can specify whether
the executive reports should be in plain text or HTML. If you enter an HTML message, make sure to enter the HTML code in the message body.
100
Netmail Secure includes a custom Executive Report that contains variables used to query the logging database.
The following variables are used to generate Executive Reports:
%OpenReport(reportname, condition string)%: This variable opens a query string.
%BindVar(name, type, flag)%: This variable binds a field to be returned from the query.
%record%: This variable can be used in conditions to determine if there are any records to display. This variable must be called after the
OpenReport and one or more BindVar calls.
%value(name)%: This variable displays a field that was previously bound. This variable must be called after the OpenReport and one or
more BindVar calls.
The Lists policy feature of Netmail Secure allows you to create an email security policy with specific email addresses, domain names or IP
addresses that will always be blocked or allowed by Netmail Secure. The use of wildcards is supported, however email addresses, domain names
and IP addresses are read and matched from right to left, so that *[email protected] has the same effect as [email protected] and will match both
[email protected] and [email protected]. Proper configuration of the Lists policy can improve Netmail Secure performance by always bypassing
the scanning of blocked or allowed addresses.
Tip: To add a domain name to your Allowed or Blocked Addresses, the use of wildcards is supported. For example,
user@*.messagingarchitects.com will match [email protected].
This section provides instructions on how to create a Lists policy. If you have already created your Lists policy, then see "Configuring Domains,
Groups and Users" to learn how to apply policies and overrides to different levels: per domain, per group or per user.
From the Netmail Administration Console, choose Policies > Lists to create your Lists policy. By default, the Details tab is displayed. Click Creat
e List Report Policy, enter a name for your new Lists policy, and then click Create. Your new policy now appears in the tree menu on the
left-hand side of the Netmail Administration Console. Click the name of the Lists policy you have just created to configure it. By default, the Action
s tab is displayed.
Addresses
Allowed Addresses
101
Use the available text box to add email addresses, domain names, and IP addresses to the list of Allowed Addresses from which Netmail
Secure should always accept email. To edit an existing allowed address, highlight the address in the list, and click Advanced Edit. To delete an
address from the list, highlight the address, and click Remove.
Blocked Addresses
Use the available text box to add email addresses, domain names and IP addresses to the list of Blocked Addresses from which Netmail Secure
should always reject email. To edit an existing blocked address, highlight the address in the list, and click Advanced Edit. To delete an address
from the list, highlight the address, and click Remove.
Tip: After creating your Allowed and Blocked Addresses lists, click Save Changes to save your settings.
Mail Route
Through the creation of Delivery and Authentication policies, the Mail Route feature allows you to deliver and authenticate messages to multiple
destinations. More specifically, it allows for multiple relay addresses and multiple authentication addresses. For example, if you have a domain
hosted on both GroupWise and Exchange, you can create a delivery and authentication route for GroupWise and another delivery and
authentication route for Exchange.
Route objects are assigned to the domain and can also be assigned to content filters for secure delivery. Routes must be created before the
domain is created.
Note: You must first create a Delivery policy before creating an Authentication policy having the same domain as the Delivery
policy.
To get started, from the Netmail Administration Console, choose Policies > Mail Route to create your Mail Route policy. By default, the Details t
ab is displayed. Click Create Mail Route Policy, enter a name for your new Mail Route policy, and then click Create. Your new policy now
appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Mail Route policy you have just
created to configure it. By default, the Details tab is displayed.
102
Authentication
This option allows you to prioritize route authentication. To add an Authentication route to your Mail Route policy, click Add Route.
In the window that appears, select the Type of protocol you want to use for authentication. Your choices are: SMTP, MX, NetMail (SMTP), Novell
GroupWise 6/7 (LDAP), Novell GroupWise 8 (LDAP), Lotus Domino (SMTP), Microsoft Exchange (LDAP), LDAP (manual), ODBC, Route, and
Local Authentication.
The configuration settings for each authentication protocol are different. Complete the following fields, if applicable to your chosen authentication
protocol:
SMTP Server
103
Delivery policy.
SMTP Extensions
DSN
PIPELINING
8BITMIME
CHUNKING
BINARYMIME
ETRN
STARTTLS
AUTH
SIZE
XCLIENT
For more information about these SMTP extensions, refer to “Authentication”.
User Lookup
LDAP Search: Select this option if you want the LDAP server to search for users recursively.
LDAP Server
Host: Enter the host IP address and the port number of the LDAP server.
Delivery policy.
Encryption: Select SSL if you want to apply the SSL to delivered messages.
LDAP Version: Select either 2 or 3 as your LDAP version.
Directory
Authentication DN: Enter the authentication DN of the LDAP directory.
Password: Enter a password for the LDAP directory.
Base DN: Enter the base DN of the LDAP directory.
User Class Name: Enter the name of the user class.
Naming Attribute: Enter a naming attribute.
Naming Prefix: Enter a naming prefix.
Mail Attribute: Enter a mail attribute.
Disabled Attribute: Enter a disabled attribute.
104
Disabled Value: Enter a disabled value.
Attribute Translation
This option allows you to apply a field mapping by importing user attributes from a .csv file.
ODBC Connection
DSN: Enter the Data Source Name (DSN) of the user data source.
ODBC User: Enter the name of the ODBC user that you will be authenticating to that database.
ODBC Password: Enter the password for the specified ODBC user.
Queries
Lookup SQL: Specify the query string that will be used to find users.
Authentication SQL: Specify the query string that will be used to find passwords.
Authentication: Select this option if you want to include the domain when authenticating SQL.
Password Encoding: Select the type of password encoding you wan to implement.
Route
Route Testing
troubleshooting tool will inform you of the user’s status on the target system.
When creating your Authentication policy, you can add as many routes as you wish. If you have two or more routes, you can change the route
priorities by using the up and down arrows next to the routes. You can also choose to delete a route by clicking the x next to the route.
105
Delivery
This option allows you to prioritize route delivery. To add a Delivery route to your Mail Route policy, click Add Route.
In the window that appears, select the Type of protocol you want to use for authentication. Your choices are: SMTP, MX, Route, and Local
Delivery.
The configuration settings for each delivery protocol are different. Complete the following fields, if applicable to your chosen delivery protocol:
SMTP Server
Delivery policy.
Resolve Aliases: Select which aliases you would like resolved for your delivery route. You can choose to resolve user aliases, domain
aliases, both user and domain aliases, or neither.
Signature: This option allows you to add a DKIM signature to delivered messages.
106
User Lookup
SMTP Extensions
DSN
PIPELINING
8BITMIME
CHUNKING
BINARYMIME
ETRN
STARTTLS
AUTH
SIZE
XCLIENT
For more information about these SMTP extensions, refer to “Authentication”.
Route
Route Testing
troubleshooting tool will inform you of the user’s status on the target system.
When creating your Delivery policy, you can add as many routes as you wish. If you have two or more routes, you can change the route priorities
by using the up and down arrows next to the routes. You can also choose to delete a route by clicking the x next to the route.
107
Important: You must create a Delivery policy before creating a corresponding Authentication policy. The Authentication policy
and the Delivery policy must have the same Domain.
Click Save Changes to create and save your Delivery policy.
New in Netmail 5.2
An Outbound Limits policy can detect if any user accounts in your mail system are showing atypical behavior with respect to sending out email
messages. In other words, this type of policy can help identify whether an account has been compromised, based on changes in its sending
patterns. As such, having an Outbound Limits policy can, for example, help prevent your organization from unknowingly sending out spam and
ending up on black lists.
Netmail Secure does not offer a default Outbound Limits policy. Not all users have the same sending habits, such as the quantity of messages
they send and the frequency at which they send them, so there is no standard baseline that can be used to create a default policy. Every
organization has its own unique baselines, or rather, different baselines for different users within the organization.
To create an Outbound Limits policy, choose Policies > Outbound Limits in the Netmail Administration Console. By default, the Default tab is
displayed. Click Create Outbound Limits Policy, enter a name for your new Outbound Limits policy, and then click Create. Your new policy now
appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Outbound Limits policy you have just
created to configure it. By default, the Details tab is displayed.
Details
The Details tab allows you to specify volume-based pattern settings.
Blocking
Under Blocking, enter the maximum number of email Messages and Recipients allowed per minute before mail flow is blocked for a user.
These two limits are independent of one another, therefore mail flow will be blocked if only one of them is reached.
Throttling
Under Throttling, specify the percentage of the numbers you entered under Blocking (i.e., maximum number of messages and recipients) that, if
met, will cause mail flow to be throttled back.
Notification Address
108
Under Notification Address, enter an email address to which you want notifications to be sent if the limits you specified are exceeded.
Advanced
The Advanced tab allows you to specify quality-based pattern settings.
Blocking
Under Blocking, specify the percentage of mail that must be considered abuse before the system begins blocking mail from the offending sender.
Specify limits for the following categories:
Rejected Recipients
Virus
Spam
Attachments
Protocol Filter
Throttling
Under Throttling, specify the percentage of the numbers you entered under Blocking (i.e., rejected recipients, virus, spam, attachments, and
protocol filter) that, if met, will cause mail flow to be throttled back.
109
Quarantining email is a safeguard that allows for examination of questionable messages prior to accepting or rejecting the mail messages. In
Netmail Secure, the Global Quarantine feature all quarantined email to a centralized mailbox where administrators can access and perform action
on any email trapped by Netmail Secure. Netmail Secure also notifies users periodically of their quarantined email. For more information on the
Quarantine application, see "Quarantine Access". A component of Netmail Secure, the Quarantine application allows end users to see how many
email messages containing viruses, spam, blocked attachments or other filtered email are being trapped by Netmail Secure. To access their
quarantined email, end users simply click the URL link contained in the body of an administrator-sent email message to automatically launch the
Quarantine application. End users can also perform actions directly from the Quarantine Report. The Warp Drive Agent is the back-end
component responsible for the Quarantine application. In order for end users to access and manage their quarantine, the Warp Drive Agent must
be enabled at all times. To configure the Warp Drive Agent, see "Warp Drive Agent".
Through the Netmail Administration Console, system administrators can create policies that will automatically send out customized quarantine
reports containing event information to designated individuals inside the organization in the form of an administrator-sent email message. When
new mail is quarantined by Netmail Secure, system administrators can use the Netmail Administration Console to automatically notify end users
that there is mail in their quarantine for review.
End users can also access their live quarantine mailboxes by creating a new IMAP account in their mail client and pointing the mail client to the
Netmail Secure server. For more information on how to create IMAP accounts, see Appendix A - Accessing Live Quarantine via IMAP in the Netm
ail Secure Quarantine User Guide.
Quarantine Actions Policy
Quarantine Actions Policies allow you to configure which options will be available to end users through the Quarantine application. Quarantine
Actions policies can be configured for both incoming and outgoing spam, viruses, forbidden content, and blocked attachments.
You can also indicate how you want end users to view their quarantined messages:
Sanitized: Allows users to view quarantined messages in text format only (i.e., images are not displayed).
Original: Allows users to view quarantined messages in their original format, including both text and HTML format, if applicable.
Both: Allows users to choose how they view their quarantined messages. When they open a message, they get the choice of viewing in
its original format or in text format only.
110
From the Netmail Administration Console, choose Policies > Quarantine > Quarantine Actions to create your Quarantine Actions policy. By
default, the Details tab is displayed. Click Create Quarantine Actions Policy, enter a name for your new Quarantine Actions policy, and then
click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the
Quarantine Actions policy you have just created to configure it. The Details tab is displayed.
example, a Policy Template entitled Full Incoming Privileges has been created for you under the Quarantine Actions category. This policy grants
full incoming privileges to end users in the Quarantine application allowing end users to Delete, Release, Report, Allow User, Allow Domain, Block
User and Block Domain for all Incoming Spam, Viruses, Filtered Content, and Blocked Attachments.
The other options will still appear in the Quarantine application, but will be disabled to end users.
Quarantine Management Policy
The Quarantine Management Policy feature of Netmail Secure allows system administrators to create and configure a Quarantine Management
policy to automatically clean up quarantined email messages after a specific period of time based on certain criteria. The system can be
configured to delete blocked file attachments, viruses, spam, and other filtered email content based on the age of the file (in days) or the size of
the quarantine (in bytes). Items will be deleted starting with the oldest items until the sizes are below the threshold value. You must have an entry
in each section in order to generate quarantine reports.
example, both size-based and time-based policy templates have been created for you under the Quarantine Actions category.
From the Netmail Administration Console, choose Policies > Quarantine > Quarantine Management to create your Quarantine Actions policy.
By default, the Details tab is displayed. Click Create Quarantine Management Policy, enter a name for your new Quarantine Management
policy, and then click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the
name of the Quarantine Management policy you have just created to configure it. The Details tab is displayed.
Sample Quarantine Management Policy
The following Quarantine Management policy can be created to ensure that the server is not filled up with quarantined messages:
Note: This policy will delete messages that are older than 14 days from the Netmail Secure server and from the end user
quarantine at the same time every day.
1. Choose Policies > Quarantine > Quarantine Management > Create Quarantine Management Policy.
111
3. Select your new policy from the tree menu on the left-hand side of the Netmail Administration Console.
4. Under Virus Cleanup, enter the following value:
File Age: 14
5. Under Spam Cleanup, enter the following value:
File Age: 14
6. Under Blocked Attachment Cleanup, enter the following value:
File Age: 14
7. Under Content FIlter, enter the following value:
File Age: 14
9. Choose Domains. Highlight the name of your domain, and select the Policies tab.
11. In the window that appears, select Quarantine Management as the policy Type, and then click the name of the Quarantine Management Pol
icy you have created. Click Assign.
12. Click Save Changes to save your changes.
Quarantine Management Agent
The Quarantine Management Agent allows you to specify the time at which Quarantine Cleanup will occur and the time(s) at which User
Quarantine Reports will be sent. During Management, the Quarantine Management Agent checks and updates information about your license and
applies the size and date criteria that you have configured as part of your Quarantine Management Policy.
By default, the Quarantine Management Agent will run Quarantine Cleanup at 1 a.m., but you can change the default to any time that is
convenient for your organization. At this time, Netmail Secure’s Executive and Quarantine Reports will be sent. You can, however, select a
different time or times at which the User Quarantine Reports are sent.
Quarantine Reports Policy
The Quarantine Reports feature of Netmail Secure allows system administrators to create policies that automatically send customized quarantine
112
reports containing event information to designated individuals inside the organization in the form of an administrator-sent email message. Netmail
Secure can be configured to automatically send these notification email messages to end users on a scheduled basis when new mail is
quarantined. To access their quarantined email, end users can simply click the URL link contained in the body of the email message to
automatically launch the Quarantine application. End users can also perform actions directly from the quarantine reports such as to release
quarantined mail to their inboxes, report an email message to the system administrator, add email addresses and domains to their personal Allow
Lists and more. For more information on how to use the Quarantine, see the Netmail Secure Quarantine User Guide.
The Quarantine is a web-based application that allows end users to access and manage their quarantined email from anywhere in the world over
the Internet. Quarantine allows end users to see how many email messages containing viruses, spam, blocked file attachments, or other filtered
mail is trapped by Netmail Secure.
From the Netmail Administration Console, choose Policies > Quarantine > Quarantine Reports to create your Quarantine Reports policy. By
default, the Details tab is displayed. Click Create Quarantine Report Policy, enter a name for your new Quarantine Reports policy, and then
click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the
Quarantine Reports policy you have just created to configure it. The Quarantine Report tab is displayed.
Netmail Secure also includes several pre-created custom policies available in the Netmail Administration Console. For example, a Detailed
Multi-Day policy has been created for you under the Quarantine Reports category. This policy sends a detailed quarantine report containing the
last 5000 items received in an end user’s quarantine, and could be used to send a full quarantine report to an end user who has been away for a
prolonged period of time.
113
Delivery
Enable
When selected, this option automatically sends quarantine reports to end users.
Deliver to local addresses only
When selected, this option sends quarantine reports only to internal addresses within the organization.
Action Host
This option allows you to override the %actionurl% and %url% variables in the quarantine report, which default to the IP address of the Netmail
Secure system, with a hostname or IP address of your choice, such as quarantine.netmail.com.
Header
From the list of available header fields, specify what fields you want to include in the header of quarantine reports sent to users.
From: This option lets you specify the display name of the sender, such as System Administrator, and/or a return email address if
recipients of quarantine reports want to reply to the message, such as [email protected].
114
Reply-To: This option lets you specify an email address where recipients of quarantine reports may reply to the message.
Custom: This option lets you customize a header field included in quarantine reports.
Remove: This option allows you to remove an existing header field.
Message
Use the available fields to customize the type of information you want to include in the quarantine reports you send. You can specify whether the
quarantine reports should be in plain text or HTML. If you enter an HTML message, make sure to enter the HTML code in the message body.
Netmail Secure includes a default Quarantine Report that contains the number of new messages in quarantine by type, the total number of
messages in quarantine by type, and the number of messages by type in quarantine that were cleaned.
The following variables are used to generate quarantine reports.
%new%: This variable indicates the number of new messages since the previous quarantine report was generated.
%before%: This variable indicates the number of messages before the quarantine cleanup.
%after%: This variable indicates the number of messages remaining after the quarantine cleanup.
%cleaned%: This variable indicates the number of messages that were removed during quarantine cleanup.
%total ()%: This variable indicates the total number of messages of a specific type (spam, virus, filtered content or blocked attachment)
in quarantine.
%spam ()%: This variable indicates the total number of spam messages in quarantine.
%virus ()%: This variable indicates the total number of viruses in quarantine.
%content ()%: This variable indicates the total number of content filtered messages in quarantine.
%attach ()%: This variable indicates the total number of forbidden attachments in quarantine.
%url%: This variable contains the URL address of the Quarantine application.
Quarantine Access
Netmail Secure provides both Global Quarantine and End User Access to administrators. With Global Quarantine, administrators have access to
a mailbox on the mail server specifically created to receive all quarantined mail. Through the Quarantine application, system administrators have
system-wide access to any end user quarantine through the Switch User option. The Switch User option is a completely transparent process that
allows administrators to review the contents of any end user quarantine within the organization as well as review the Allow and Block lists
configured by the end user. This option also lets administrators view or modify the rights and permissions granted to each end user directly from
the Quarantine application. Simple and Advanced Filter options are also available to allow administrators and end users to filter items in
quarantine by subject, body contents, date range, sender, recipient, attachment name, and message type (spam, virus, content, and attachment).
Tip: System administrators who use single sign-on can automatically log in to the Quarantine application by passing a user’s
credentials using a form POST. The required form fields are the following:
action = http(s)://ip_or_hostname_of_your_netmail (http://ip_or_hostname_of_your_netmail__)/login/
user = (user's full e-mail address)
pass = (user's password)
Once logged in, a cookie will be set in the user’s browser to preserve the authenticated “session.”
115
Global Quarantine
Global Quarantine gives Administrators access to a mailbox on the mail server specifically created to receive all quarantined mail. The mailbox is
created automatically by the Netmail Secure software when the very first item is delivered to quarantine. The mailbox name is the same as that of
the corresponding domain to which quarantined mail is delivered. If multiple domains receiving quarantined mail, then multiple Global Quarantine
mailboxes will exist.
Global Quarantine mailboxes are listed in the table on the left-hand side of the Quarantine tab. When a mailbox is selected, its name is
highlighted in green and the messages in that mailbox are displayed. To toggle from one Global Quarantine mailbox to another, click the names of
the mailboxes.
Reviewing or Modifying User-Selectable Policies in Quarantine
User Selectable policies are configured through the Domains feature of the Netmail Administration Console. With the Switch User option in the
Quarantine application, system administrators can review or modify any policy that has been granted to any end user within the organization.
To review or modify policies associated with end users:
1. To access the Quarantine application in the Netmail Administration Console, click the Quarantine tab.
2. Under Switch User, type the first few letters of the name of an end user whose policies you want to view or modify.
3. From the dropdown list, use the arrow keys to select the end user, or double-click on the name of the end user you want to select.
4. Click the Preferences link. The Preferences link allows you to view what User-Selectable policies have been assigned to the selected end
user. For each option available, use the dropdown list to view the policies available to the end user for managing and reviewing their own
quarantine.
Important: Keep in mind that the names of policies and their associated actions created in the Netmail Administration Console
appear to end users in the Netmail Quarantine application under the Preferences link, therefore it is important to create policies
and actions that are easy to interpret, such as Tag Subject and Deliver Message.
5. If required, you can modify the actions associated with policies for the selected end user, and then click Save. Changes made in the
Quarantine application are automatically updated in the Netmail Administration Console.
116
Reviewing or Modifying Allow or Block Lists in Quarantine
System administrators can also review or modify the Allow and Block Lists associated with end users within the organization.
To review or modify Allow or Block Lists associated with end users:
1. Type the first few letters of the name of an end user whose Allow and Block Lists you want to view or modify.
2. From the dropdown list, select the end user.
3. Click the Preferences link, then choose the Allow List or Block List tab.
4. If required, you can modify the Allowed and Blocked Domains and/or the Allowed and Blocked Addresses for the selected end user, and then
click Save. Changes made in the Quarantine application are automatically updated in the Netmail Administration Console.
117
Warp Drive Agent
The Warp Drive Agent is the agent responsible for the new and improved Quarantine application. Powered by a faster, more robust web engine,
the Quarantine allows end users access to their quarantined mail from anywhere over the Internet. For more information on the Quarantine, see "
Quarantine Management".
Options
HTTP Port
This option allows you to specify the port the Warp Drive Agent uses for HTTP connections. The default HTTP port number is port 80. Use the
default port number unless that port number is already in use by another program on your Netmail Secure server.
HTTPS Port
This option allows you to specify the port the Warp Drive Agent uses for secure HTTPS connections. The default HTTPS port number is port 443.
Use the default port number unless that port number is already in use by another program on your Netmail Secure server.
Require SSL
This option allows you to specify whether you require a SSL for secure HTTPS connections.
Action Host
This option allows you to specify a hostname or IP address to be used for actions in the message.
Delivery Queue
Messages are transferred from the Monitored Queue to the Delivery Queue. The SMTP Agent retrieves messages from the Delivery Queue for
delivery to the end user’s mail client.
Queue Server
The Queue Server must be enabled at all times.
118
Status
The Queue Server cannot be disabled.
Options
Spool Volume
From the dropdown list, select the location of your desired message spool.
Maximum Connections Per Delivery Route
Specify the maximum number of messages you want sent concurrently to a single destination.
119
Advanced System and Agent Configuration
The Secure object allows system administrators to apply advanced configuration setting changes to Netmail Secure at any time. During the
Netmail Secure configuration procedure, you provided configuration settings for your system. These settings are automatically applied and
updated to the Netmail Administration Console. However, you can still make changes to these settings at any time by choosing Secure on the
left-hand side of the Netmail Administration Console.
System
From the Netmail Administration Console, choose Secure. By default, the System tab is displayed.
Postmaster
During the configuration procedure, you were prompted to specify a System-wide Postmaster Email Address and the name of your Netmail
Secure Host Cluster. To change the System-wide Postmaster Address, enter the new address in the available textbox.
SMTP Log Retention
This option allows you to specify the number of days for which the SMTP log should be kept. The longer the retention period, the slower the log
will be. A retention period of no longer than 5 days is recommended.
Store
The Netmail Store URI option allows you to enter the IP address of your Netmail Store cluster.
SNMP Community
This option allows you to specify an SNMP community string. SNMP community strings function as embedded SNMP passwords. Netmail Secure
supports Read-only SNMP communities. Read-only gives read access to all objects in the MIB, but does not allow write access.
SNMP Trap Receivers
This option allows you to add a Trap Receiver. SNMP Trap Receivers are used to notify a network management system which communicates with
agents to get statistics and alerts from managed devices that a significant event has occurred. When a trap condition occurs, the SNMP Agent
sends an SNMP trap message to any network management systems specified as the trap receiver.
120
To add a SNMP Trap Receiver, use the dropdown box next to Version to select a trap object. Then, enter the SNMP Community, the Host nam
e or IP address of the remote SNMP trap receiver and the Port number. Click Add.
The list box displays a list of currently configured SNMP Trap Receivers that were added using the Add option. To modify an existing Trap
Receiver, select the Trap Receiver in the list, and click Advanced Edit. To remove an existing Trap Receiver from the list, highlight the Trap
Receiver in the list, and then click Remove.
Important: Click Save Changes to save your changes.
Spools
The Spools application of Netmail Secure provides system administrators with real-time information about what is occurring in the Message
Spool. The Message Spool stores messages in transit, allowing the messages to be retrieved for processing at a later point in time. This process
of spooling is particularly useful when there is a large number of messages coming in to the system at once.
When mail is received through Netmail Secure, the SMTP Agent places the messages in the Monitored Queue, which is the message queue that
is monitored by various Netmail Secure Agents. Agents retrieve the messages from the Monitored Queue and process the messages in the
Message Spool. The Message Spool is located in the Quarantine Store, which contains a Quarantine repository for each end user and the
Message Spool that stores messages in transit.
To access the Spools application, click the Secure > Spools tab in the Netmail Administration Console.
Searching for Messages in the Spool
The Spools application allows you to search for messages currently in the spool. To search for messages in the spool, select the cluster in which
you want to search. You can also choose to narrow your search by one or more of the following options:
Sender
Sender IP
Recipient
Header
It is also possible to narrow your search even further by choosing to view messages in specific phases of the spool. To narrow your search, select
one, several, or all of the following spooling phases:
Attachment Blocking
Sender Verification
Anti Virus
Anti Spam
121
Content Filter
SURBL
Sieve
Delivery
Once you have specified your search options, click Search to populate the message table.
Viewing and Managing Messages in the Spool
Message Table
The Spools application allows you to view messages currently in the spool. The message table displays basic message information in five
different columns:
Sender: Displays the email address of the sender.
IP: Displays the IP address of the domain from which the message originates.
Subject: Displays the subject heading of the message.
Queue: Displays which phase of the Mail Spool the message is in.
Date: Displays the date and time at which the message was sent.
To rearrange the order of the displayed data, simply click on the column headings to sort the messages in either ascending or descending order.
Regulating Message Flow in the Cluster
The Spools field displays the name and IP address of the cluster you have selected for your search. To control whether or not you want
messages to continue entering the cluster, toggle between Start Accepting and Stop Accepting.
To control whether or not you want messages to continue being processed in further phases of the spooling process, toggle between Pause
Processing and Resume Processing.
Creating a New Spool
The Spools field also displays two default spools running in the cluster: spool and bad. The numbers in parentheses next to each spool indicate
the number of messages in each spool.
To add a new spool to the list, click Create a new spool. When prompted, enter a name for the new spool, and click Confirm. By default, new
spools are displayed as being offline. To activate a spool, click Bring Online. To deactivate a spool, click Bring Offline.
Toggling Between Spools
It is possible to toggle between the different spools listed in the Spools field. Each time you select a different spool, you must click Search in
order to update the message table.
Performing Actions on Messages
Once you have populated the message table with you selected list of messages in the Message Spool, it is possible for you to perform certain
actions on the messages.
Moving Messages
It is possible to move messages to different spools. Select one or several messages, and click Move. When prompted, select the spool to which
you want to move the message(s), and click Confirm.
Viewing the Message Journal
The Message Journal allows you to view information about messages queued in the Message Spool. To view a message’s journal, select the
message, and click View Journal. The Message Journal displays information about the message as it is processed in different phases of the
Message Spool. Each time the message is processed, a new Revision section is documented in the Message Journal.
To return to the Spools tab, click anywhere in the Spools tab to close the Message Journal.
122
Deleting Messages
It is possible to delete messages from the Message Spool. To delete one or several messages, select the messages you want to delete, and click
Delete.
Configuring your Netmail Secure Host Cluster
The name of your Netmail Secure Host Cluster appears under Clusters in the Netmail Administration Console. To make advanced configuration
changes, use the arrow icon to expand the tree and choose the name of your Netmail Secure cluster. Even if you have deployed only a single
Netmail Secure server, your server will appear as a cluster by default to facilitate the deployment of additional servers.
Details
From the Netmail Administration Console, choose Clusters, and then use the arrow icon to expand the tree and choose the name of your server.
By default, the Details tab is displayed. The Details tab allows you to make basic configuration setting changes to the Netmail Secure server.
123
Options
The Enable SSL & TLS option enables SSL & TLS, which allows mail clients to connect to the Netmail Secure server over an SSL or TLS
connection by creating encrypted links between the server and the mail client. Transport Layer Security provides SSL encryption between two
email hosts. If both hosts have implemented TLS, the transmission will be encrypted; otherwise, it will be sent in clear text. TLS is not a guarantee
of encrypted transmission.
Important: By default, Netmail Secure uses a self-signed certificate for securing client communication. For various reasons,
some organizations may require the use of a certificate validated by a public Certificate Authority (CA). Netmail Secure uses
OpenSSL to generate Certificate Signing Requests (CSRs) as well as private keys. For more information on how to locate the
certificate files, how to generate a CSR for submission to a CA, and how to replace the default certificate file with the one
returned from the CA, see the Updating SSL Certificates in M+Guardian or Netmail Secure knowledge base article.
The Default Domain field displays the name of your domain. The name of your default domain appears in the SMTP banner as well as in all
headers of email messages.
HTTP Proxy
This section lets you configure access to the Internet through an HTTP proxy server. In the available fields, enter the hostname or IP address and
port of the proxy server you wish to use. If required, you must also enter the username and password used to access the proxy server. This
information is necessary to access anti-spam and anti-virus updates from Messaging Architects when your Netmail Secure server does not have
Internet Access.
FTP Proxy
This section lets you configure access to the Internet through an FTP proxy server. From the dropdown box, choose the Proxy type from the
available options. In the available fields, enter the hostname or IP address and port of the proxy server you wish to use. If required, you must also
enter the username and password you use to access the proxy server. This information is necessary to access anti-spam and anti-virus updates
from Messaging Architects when your Netmail Secure server does not have Internet Access.
Volumes
The Volumes tab allows you to specify different volumes for the message spool and the message store. You can also add additional stores and
spools as required.
124
Spool Path
This field contains the directory path where you want the message queue to reside.
Message Store Path
This field contains the directory path where end user mailboxes and messages are located.
Physical Hosts
The Physical Hosts tab displays the name and IP address of each node that exists in the selected cluster, as configured during the Netmail
Secure configuration procedure. From here, you can choose to Stop, Restart, Reboot, or Power off your existing nodes.
Agent Ordering
Depending on the email security requirements of your organization, the Agent Ordering tab can play a key role. The Agent Ordering tab allows
you to change the queue order of the Agents simply by clicking and dragging. For example, if policy enforcement is your major concern, then you
should place Content Filter first. If the processing speed of Netmail Secure is your major concern, then you should place Attachment Blocking first
to enable scanning at the protocol level which will reduce the total number of invalid messages that require scanning by the Anti-Virus and
Anti-Spam Agents. If you place the Anti-Spam Agent before the Anti-Virus Agent, you will similarly lower the processing requirements because the
Anti-Virus Agent will not be required to scan spam for viruses.
125
Firewall
The Firewall tab allows displays a list of firewall services that are open. You can toggle the check boxes to indicate which firewall services should
or should not be enabled.
IMAP Agent
The IMAP Agent enables access to the Quarantine functionality in Netmail Secure via IMAP clients. The IMAP Agent allows IMAP clients to
download mail from the server. The mail client connects to the IMAP Agent and sends the username and password. In an eDirectory
configuration, the IMAP Agent looks up the user in eDirectory and authenticates the user. With the IMAP Agent, end users can access their
quarantine though their email account in lieu of accessing it through a separate web portal. For more information on this feature, see the Netmail
Secure Quarantine User Guide.
The IMAP Agent option should be enabled at all times. Disabling the agent prevents Netmail Secure from launching the IMAP Agent.
126
SMTP Agent
The SMTP Agent is the gateway between your Netmail Secure server and the Internet. Its primary function is to transfer messages to and from
the Internet. This agent must be running on at least one server for users to send local messages from POP or IMAP clients or to send messages
over the Internet.
Status
The SMTP Agent option should be enabled at all times. Disabling the agent prevents the Netmail Secure server from launching the SMTP Agent.
SMTP port: This option allows you to specify the port the SMTP Agent uses for HTTP connections. The default SMTP port number is
port 25. Use the default port number unless that port number is already in use by another program on your Netmail Secure server.
SMTPS port: This option allows you to specify the port the SMTP Agent uses for secure SMTP connections. The default SMTP port
127
number is port 465. Use the default port number unless that port number is already in use by another program on your Netmail Secure
server.
SMTP Submission port: This option allows you to specify the port the SMTP Agent uses for HTTP connections, but requires
authentication. The default SMTP port is 587.
Options
Enable Verify Command
The VRFY command allows external clients to verify that a user exists in your messaging system.
Tip: If enabled, VRFY can pose a security risk because it allows external users to anonymously request verification of
usernames. For example, if spammers want to find out the usernames in your company, they could query the system with a serie
s of usernames until the system verified a valid username.
Verify Recipients
By default, the SMTP Agent accepts all incoming messages and places them in a queue where their email addresses are verified. There are three
options available:
Enabled: If enabled, Netmail Secure verifies that a user exists in the messaging system. If the user is not listed, then the email message
is rejected. When verifying that a user exists in the messaging system, the SMTP Agent looks up the username to verify that a user exists
in the messaging system. If the user is not listed, it returns a "User Not Found" message.
Disabled: If disabled, Netmail Secure will not verify that a user exists in the messaging system before sending email.
Stealth: If selected, Netmail Secure verifies that a user exists in the messaging system before sending email.
Relay Host
This option allows you to relay all mail to non-hosted domains. In the available textbox, enter the host name, domain name, or IP address of the
server being used, followed by the port number.
Message Size Limit
The maximum message size the SMTP Agent can accept. Because the SMTP Agent handles all Internet traffic, the message size limit applies to
both incoming and outgoing email messages.
Trusted Senders
This option allows you to manage your Blocked and Allowed Hosts Lists of IP address ranges that will always be designated as Blocked Hosts
and Allowed Hosts by the Connection Manager at the protocol level.
Banner
This option allows you to enter a custom banner to be used by the SMTP server.
Alerts Agent
The Alerts Agent allows system administrators access to the Alerts feature of Netmail Secure. The Alerts feature of Netmail Secure allows system
administrators to send out messages when specific thresholds have been reached in Netmail Secure. For example, you can create an Alert that
will automatically notify IT staff when available disk space reaches a certain threshold. If you want to be able to send out alerts based on selected
criteria, the Alerts Agent should be enabled at all times. For more information on the Alerts feature of Netmail Secure, see "Creating Netmail
Secure Alerts".
128
Tip: Messaging Architects recommends that you monitor the Netmail Secure system activity for normal values in order to
establish a baseline prior to creating Alerts.
Creating Netmail Secure Alerts
The Netmail Administration Console can be configured to self-monitor the performance of Netmail Secure. Using the Alerts feature, system
administrators can create an Alerts policy to automatically send out alerts based on selective criteria. For example, you can create an Alerts policy
that will notify an administrator when the number of connections exceeds normal values which may indicate a DoS attack or a Directory Harvest
attack. Or you can create an Alerts policy to monitor Quarantine database size. If the size of the Quarantine database reaches a certain threshold,
then an alert will automatically be sent out. Administrators may then choose to create a Quarantine Management policy to clean the Quarantine
database more frequently.
Triggers
The Triggers tab allows you to create Time-based or Static Triggers based on a wide variety of selected criteria. You can also specify multiple
recipients of alerts.
129
Enabling Alerts
By default, the Alerts Agent is enabled. Disabling this feature prevents Netmail Secure from sending out Alerts. The Send SNMP Trap option
allows you to send SMTP Traps.
Time-based Triggers
You can create an Alerts policy to automatically send out alerts to specific recipients within your organization at regularly scheduled intervals. You
can select what kind of alert should be sent out and what specific criteria triggers the alert. You can also specify at what interval these alerts
should be sent out.
To create a time-based Alerts Policy:
1. From the dropdown menu, choose what type of alert you want to create from the following options:
Messages received
Spam messages received
Viruses detected
Attachments blocked
Content blocked
Number of Connections
2. After selecting what type of alert you wish to send out, the is greater than/is less than field appears. Enter the appropriate criteria in the is
greater than/is less than field.
3. Enter the time interval in minutes in the appropriate field. For example, if you want to specify 2 hours as the time interval, enter 120 minutes in
the field.
Tip: If you have multiple alerts and want to delete an alert, use the dropdown menu of the alert you want to delete, and select Re
move.
Static Triggers
You can also create an Alerts policy based on a static trigger that will automatically send out alerts to specific recipients within your organization.
You can select what kind of alert should be sent out and specify what criteria triggers the alert.
To create a static Alerts Policy:
130
1. From the dropdown menu, choose what type of alert you want to create from the following options:
Number of queued messages
Quarantine database size
Free disk space
Free memory
2. After selecting what type of alert you wish to send out, the is greater than/is less than field appears. Enter the appropriate criteria in the is
greater than/is less than field.
Tip: If you have multiple alerts and want to delete an alert, use the dropdown menu of the alert you want to delete, and click Rem
ove.
Message
The Message tab allows you to create custom messages to accompany your Alerts.
Delivery
Enable: When selected, this option automatically sends alerts to selected recipients.
Deliver to local addresses only: When selected, this option sends alerts only to internal addresses within the organization.
131
Header
The Email Recipients field allows you to create a list of recipients to whom you want to send alerts. To add a recipient to the list, simply enter
their email address in the available text box, and click Add. To modify an existing email address, select the email address in the list, and click Ad
vanced Edit. To remove an existing email address from the list, highlight the email address in the list, and then click Remove.
From the list of available header fields, specify what fields you want to include in the header of alerts sent to recipients when your Netmail Secure
server meets the criteria specified by a time-based or static trigger.
From: This option lets you specify the display name and/or email address of the sender of the alert, such as System Administrator
or [email protected].
Reply-To: This option lets you specify an email address where recipients of alerts may reply to the message.
Custom: This option lets you customize a header field included in alerts.
Message
Use the available fields to customize the text of messages sent to recipients. You can specify whether the message should be in plain text or
HTML. If you enter an HTML message, make sure to enter the HTML code in the message body. Netmail Secure includes a default Alert
message. The following is the plain text message of the default alert:
Alert!
%countername% has exceeded %countermax% %if (counterperiod)% per %counterperiod% %end%. The current value is
%countervalue%.
The following variables are used in the Alert Message:
%countername%: This variable contains the name of the trigger that initiated the alert.
%countermax%: This variable contains the number in the is greater than/is less than field.
%counterperiod%: This variable contains the time field.
%countervalue%: This variable contains the current value.
It is also possible to upload a file with containing a HTML or plain text message by clicking Browse. The Download button allows you to
download a copy of either the plain text message or HTML message in .txt file format.
Sender Verification Agent
The Sender Verification Agent verifies the identity of the sender. In order to use the Sender Verification Agent, this agent must be enabled. The
Sender Verification Agent is enabled by default.
132
Rules Agent
The Rules Agent is the agent responsible for processing rules defined in the Netmail email server. For legacy purposes the Rules Agent is still
configurable through Netmail Administration Console if you are still using the Netmail email server. The Rules Agent must be enabled at all times.
SURBL Agent
The SURBL Agent blocks email messages based on any URLs found within the message body that are deemed malicious. Select Agent
Enabled to enable the SURBL Agent.
133
POP Agent
The POP Agent provides POP3 services. The ports must be enabled for services to be provided.
Notifications
The Notifications feature of Netmail Secure allows you to create and configure a policy that will automatically send notifications to recipients,
senders, and/or administrators when email messages containing blocked file content or attachments, or viruses are detected in the system.
Notifications can be customized to add corporate identity and encoded in plain text or HTML.
From the Netmail Administration Console, choose Policies > Notifications to create your Notifications policy. By default, the Details tab is
displayed. Click Create Notification Policy, enter a name for your new Notifications policy, and then click Create. Your new policy now appears
in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Notifications policy you have just created to
134
configure it. By default, the Recipient Notification tab is displayed.
Recipient Notification
The Recipient Notification tab lets you specify if and how the recipient of a message containing a blocked attachment, virus or other unwanted
email should be notified.
Delivery
Enable: When selected, this option automatically sends notifications to recipients.
Deliver to local addresses only: When selected, this option sends notifications only to internal addresses within the organization.
Action Host: This option allows you to replace the %url% variable in the notification with an address, such as http://quarantine.netmail.c
om, instead of an IP address.
Header
The Email Recipients field allows you to create a list of recipients to whom you want to send notifications. To add a recipient to the list, simply
enter their email address in the available text box, and click Add. To modify an existing email address, select the email address in the list, and
click Advanced Edit. To remove an existing email address from the list, highlight the email address in the list, and then click Remove.
From the list of available header Fields, specify what fields you want to include in the header of notifications sent to recipients of messages
containing blocked attachments, viruses, or other unwanted email. The following options are available:
135
From: This option lets you specify the display name and/or email address of the sender of the notification, such as System Administrator
Reply-To: This option lets you specify an email address where recipients of notifications may reply to the message.
Custom: This option lets you customize a header field included in notifications sent to recipients.
Message
Use the available fields to customize the text of messages sent to recipients. You can specify whether the message should be in HTML or plain
text. If you enter an HTML message, make sure to enter the HTML code in the message body. Netmail Secure includes a default Recipient
Notification message that contains the email address of the original sender and the name and the type of file that was blocked. The following is
the plain text message of the default recipient notification:
A message addressed to you was not delivered
%if(sender)%
%sender% attempted to send you a message that was not accepted.
%end%
%if(blocked filename)%
The message contained an attachment named "%blocked filename%" that was deemed unsafe. Please contact %sender% and ask them
to send the message again with the unsafe attachment removed.
%end%
%if(infected filename)%
The message was infected with a virus named "%infected filename%.
%end%
%if(content filter )%
The message was blocked due to content.
%end%
The following variables are used to generate the Recipient Notifications:
%sender%: This variable contains the email address of the original sender.
%blocked filename%: This variable contains the name of the file that was blocked. The filename will only be provided if a forbidden file
attachment is blocked.
%infected filename%: This variable contains the name of the file containing the virus. The filename will only be provided if an
attachment is infected with a virus.
%content filter %: This variable contains the type of content that was caught. This information will only be provided if the message is
caught by the content filter.
It is also possible to upload a file with containing a HTML or plain text message by clicking Browse. The Download button allows you to
download a copy of either the plain text message or HTML message in .txt file format.
Sender Notification
Click the Sender Notification tab. This tab lets you specify if and how the sender of a message containing a blocked attachment, virus, or other
unwanted email should be notified.
136
Delivery
Enable: When selected, this option automatically sends notifications to senders.
Deliver to local addresses only: When selected, this option sends notifications only to internal addresses within the organization.
Header
From the list of available header fields, specify what fields you want to include in the header of notifications sent to senders of messages
containing blocked attachments, viruses, or other unwanted email.
From: This option lets you specify the display name and/or email address of the sender of the notification, such as System Administrator
Custom: This option lets you customize a header field included in notifications sent to recipients.
137
Message
Use the available fields to customize the text of messages sent to senders. You can specify whether the message should be in plain text or
HTML. If you enter an HTML message, make sure to enter the HTML code in the message body. Netmail Secure includes a default Sender
Notification message that contains the email address of the original recipient(s) and the name and type of file that was blocked. The following is
the plain text message of the default sender notification:
Your message was not delivered
%if(recipients)%
Your message to %while(recipients)% %recipient% %end% was not delivered.
%else%
Your message was not delivered.
%end%
Your message contained an attachment named "%blocked filename%" that was deemed unsafe. Please try sending your message
again without the offending attachment.
%end%
Your message was infected with a virus named "%infected filename%.
%end%
%if(content filter )%
Your message was blocked due to content.
%end%
The following variables are used to generate the Sender Notifications:
%recipients%: This variable contains the name(s) of the original recipients. Recipient names will only be provided if there are valid
recipients of the message.
%blocked filename%: This variable contains the name of the file that was blocked. The filename will only be provided if a forbidden
Admin Notification
This feature lets you specify if and how administrators should notified when messages containing blocked file attachments, viruses, or other
unwanted email are detected in the system.
138
Delivery
When selected, the Enable option automatically sends notifications to administrators.
Header
From the list of available header fields, specify what fields you want to include in the header of notifications sent to administrators of messages
containing blocked attachments, viruses, or other unwanted email.
From: This option lets you specify the display name and/or email address of the sender of the notification.
To: This option lets you specify the display name and/or email address of the administrator to whom the notification is sent.
Custom: This option lets you customize a header field included in notifications sent to administrators.
Message
Use the available fields to customize the text of messages sent to administrators. You can specify whether the message should be in plain text or
HTML. If you enter an HTML message, make sure to enter the HTML code in the message body. Netmail Secure includes a default Admin
139
Notification message that contains the email address of the original sender, the name of the policy that was violated, the name and the type of file
that was blocked, and the recipients. The following is the plain text message of the default admin notification:
%sender% attempted to violate policy %policy%
The message contained an attachment named %blocked filename% that was forbidden by the %policy% policy.
%end%
The message was infected with a virus named "%infected filename%.
%end%
%if(content filter)%
The message was blocked due to content.
%end%
These users would have been effected:
%while(recipients)%
%recipient%
%end%
The following variables are used to generate the Admin Notifications:
%sender%: This variable contains the name of the original sender.
%policy%: This variable contains the name of the policy that was violated.
%blocked filename%: This variable contains the name of the file that was blocked. The filename will only be provided if a forbidden
%recipients%: This variable contains the name(s) of the intended recipients of the blocked message.
%recipient%: This variable contains the intended recipient’s email address.
Sample Notification Policy
The following Notification policy can be created to inform the system administrator and a sender inside the organization that a message was
trapped by Netmail Secure:
1. Choose Policies > Notifications > Create Notification Policy.
3. Select your new policy.
4. Click the Sender Notification tab, and then click Enable.
5. Select Deliver to local addresses only.
6. Create your notification message, or use the default message.
7. Click Save Changes to save your settings.
8. Click the Admin Notification tab, and under Delivery, click Enable.
9. Customize Header information, and then create your notification message, or use the default message.
140
The Netmail Secure Node Dashboard
The Node Dashboard feature of Netmail Secure provides system administrators with real-time onscreen information about the performance
capabilities of the Netmail Secure system as well as the ability to generate comprehensive log reports. From the Netmail Secure Node
Dashboard, you can choose to view daily, hourly, or live statistics onscreen at any time. To use the Netmail Secure Dashboard, choose Secure >
Clusters > <Cluster Name> > Nodes > <Node Name> in the Netmail Administration Console. By default, the Node Dashboard tab is displayed.
Using the Node Dashboard
The Netmail Secure Node Dashboard provides onscreen summary information about the performance of your Netmail Secure system, detailed
statistics for mail traffic and the policy engine. For more detailed statistics on any of these features, click Details.
System Status
One or more System Status lights appears at the bottom of the Node Dashboard. A System Status light is available for each of your Netmail
Secure nodes. A green status light means that the node is enabled whereas a red status light means that the node is disabled and may require
attention. An orange status light also indicates that the system needs attention. To view which agents are associated with a particular node, click
the name of the node.
141
To return to the Node Dashboard, click anywhere on the Node Dashboard to close the status information screen.
System
The System feature provides detailed information about the performance of your Netmail Secure system. To view detailed system statistics, click
Details. These statistics are available for the last hour, the last 24 hours and the last 30 days. Use the dropdown box next to View to toggle
between time periods.
System Information
System Information provides you with detailed information about the performance of your system, such as version information and system uptime
in days, hours and minutes. With percentages available for both CPU usage and memory usage, you can monitor if your Netmail Secure system
meets the requirements for mail flow through your organization. For example, if both CPU and RAM utilization are high, you may need to add
142
another node to the system.
The System Information section displays the following information:
System Uptime
Version
CPU Usage
Memory Usage
Invalid Login Attempts
Engine Updates
This section provides you with the most recent date and time of your anti-virus and anti-spam engine updates.
Free Disk Space
This section indicates the amount of free disk space you have within your Spool and Store.
Traffic
The Traffic feature provides summary information about your Netmail Secure server. For more detailed information about the volume of mail
traffic moving through your Netmail Secure system, click Details. These statistics are available for the last hour, the last 24 hours and the last 30
days. Use the dropdown box next to View to toggle between time periods.
Message Queue
The Message Queue provides statistics on the average number of queued messages in your Netmail Secure system.
Connections
This section provides you with statistics on the total number of incoming, outgoing and relayed connections made through your Netmail Secure
system, as well as the number connections made per second.
Connections In
Connections Out
143
Connections Relayed
Message Handling
This section provides readings for the number of inbound and outbound messages, as well as the number connections made per second.
Messages In
Messages Out
Messages Relayed
Bandwidth
This section provides you with statistics on how much bandwidth (in KB) was used for incoming, outgoing and relayed traffic through your Netmail
Secure system, as well as the number of connections made per second.
Traffic In
Traffic Out
Traffic Relayed
Policy Engine
The Policy Engine feature provides statistics on how much traffic is moving through the Netmail Secure server, and how much of that traffic
contains Spam, Viruses, Blocked File Attachments and Filtered Content. You can also review what policies filtered the messages, as well as what
actions end users took on those messages. These statistics are available for the last hour, the last 24 hours and the last 30 days. Use the
dropdown box next to View to toggle between time periods.
Overview
This section provides you with statistics on the volume of mail moving through your Netmail Secure system.
Total: The total number of messages.
Good: The number of good messages.
Bad: The number of bad messages.
Threat Ratio: The ratio of bad messages to total messages.
144
Connections
This section provides you with statistics on how many incoming messages were filtered by the Connection Manager. As the first layer of defense,
the Connection Manager transparently scans all email traffic passing through the Internet gateway before it reaches your network. For more
information, see "SMTP Modules". If enabled in the Netmail Administration Console, statistics on messages filtered by the following security
features are available:
Greylisting
SPF
RBL
RDNS
Connection Limits
Block List
Filtered Messages
This section provides you with precise statistics on how many incoming and outgoing messages were filtered by Netmail Secure. The statistics
are available for the following types of messages:
Spam Messages
Virus Messages
Content Filter
Attachment Blocking
Message Processing Time
This section provides you with how much time (in seconds) Netmail Secure spent processing the following types of messages.
Spam
Viruses
Content Filter
Attachment Blocking
Quarantine Actions
This section provides you with the number of actions performed by end users directly from the quarantine report or through the Quarantine
web-based application.
Release: Releases the message from quarantine to the end user Inbox.
Report: Forwards a copy of the email message to the system administrator in the event that a message may have been inadvertently
identified as spam.
Delete: Deletes the message from quarantine.
Allow: Allows end users to add an email address to a personal Allow List. Email from senders on Allow Lists are always sent to the end
user Inbox.
Block: Allows end users to add an email address to a personal Block List. Email from senders on Block Lists are never sent to the end
user Inbox.
Policies
This section provides you with the number of messages in your Netmail Secure system that were filtered by specific policies. These policies are
customized through the Netmail Administration Console.
Logs
Netmail Secure logs message traffic information observed by the system in a PostgreSQL database. Incoming connection parameters, sender
and recipient lists along with message scanning results are time-stamped and inserted in the database for every message processed by Netmail
Secure. To access the logs, click Live Logs on the Node Dashboard tab.
145
Creating Reports
Select one of the menu options to generate the desired log report. In the available fields, enter the search criteria, and when you are finished, click
Apply to view the log report onscreen. You can search logs by Sender or Recipients.
Incoming Traffic
The Incoming Traffic report will produce a list of all incoming messages processed by Netmail Secure.
Choose from the following fields to generate your report:
Timestamp: The date and time when the message entered the system.
ID: The ID of the message.
Event: The system event tag generated by the content scanning engine(s) indicating the message category (spam, virus, whitelist, etc.).
Sender: The email address of the sender.
Recipients: A list of recipients along with their corresponding SMTP protocol server response.
The following filtering options are also available for narrowing down the scope of the query and report size:
Email: Filters out records which do not contain the email address in the sender or the recipient list.
Start: Filters out records with a timestamp value older than the input start date.
Duration: Filters out records with a timestamp value earlier than the input end date.
Note: Using an empty filter field value will result in all records being selected and no filter will be applied against the
corresponding field (sender, recipient or timestamp).
Incoming Connection Errors
The Incoming Connection Errors report will produce a list of all incoming SMTP connections which encountered errors during processing.
146
Event: Error number followed by a short description of the error.
IP: Filters for IP addresses.
Deliveries
The Deliveries report will produce a list of all outgoing messages being relayed by Netmail Secure.
Error: Error number (if applicable).
Description: Sender Recipient pair or a description of the delivery result. The following filtering options are also available for narrowing
down the scope of the query and report size.
Delivery Errors
The Delivery Errors report will produce a list of all outgoing SMTP connections which encountered failures during processing. For each delivery
failure, a group of records with identical message ID(s) is displayed to include the original sender/recipients information, the erroneous connection
attempt(s) along with their corresponding error numbers and descriptions.
Error: Error number (if applicable).
Description: Sender Recipient pair or a description of the delivery result.
147
Message Tracking
New in Netmail 5.2
Netmail Secure tracks inbound and outbound message traffic. To access the tracking information, select the Message Tracking tab. It is possible
to search using the sender, recipient, host, message ID, and date range criteria.
Once you have obtained your search results, you can click View Selected next to individual messages to view detailed message tracking
information.
148
Troubleshooting
The Updates feature of Netmail Secure allows system administrators to update their Netmail Secure license as well as update their Netmail
Secure software at any time to ensure that they are using the most recent version of the Netmail Secure software. To use the Netmail Secure
Updates feature, choose the Netmail Platform > Updates tab in the Netmail Administration Console.
In this section:
License Information
Version Information
Backup
Change Password
Diagnostics
Search
License Information
The License section displays up-to-date information for the following items onscreen:
Maximum number of users.
Number of enabled users.
Days remaining before your license expires.
Expiry date of your license.
Warning: When your number of enabled users exceeds the maximum number of users allowed by your license, Netmail Secure
will continue to run for one week, and then shutdown. To avoid a shutdown, please contact Messaging Architects regarding your
license.
149
Note: After a new installation of Netmail Secure, license information will not be displayed until Netmail Secure’s Quarantine
Management Agent runs. By default, it runs at 1 a.m. To change the default run time, navigate to Servers > <Cluster Name> >
Quarantine Management Agent.
Updating Your License
The Update License feature of Netmail Secure allows you to manually update your license information onscreen. Your license count is updated
each time the Quarantine Management runs. To update your license, click Update License.
Version Information
The Version Information section displays up-to-date version information for your Netmail Secure software onscreen. If a new version of the
Netmail Secure software is available, this information will be displayed onscreen.
Updating Your Software
To update your Netmail Secure software, click Update Netmail Secure.
Backup
The Backup feature of Netmail Secure allows system administrators to create a Netmail Secure backup file as well as manage their existing
Netmail Secure backup files. To use the Netmail Secure Backup feature, choose the Netmail Platform > Backup tab from the Netmail
Administration Console.
To create a new backup file:
1. Enter the name of your new file in the Create Backup field.
2. Select which objects you want to back up.
3. Click Create Backup.
To manage your backup files:
1. If you want to upload a backup file from your computer, next to Backup File, click Browse to browse to the location of your backup file. Your
backup file will now appear in the backup repository dropdown list.
2. Select which option you want from the available options: Restore, Download, or Delete.
150
Restore: If you want to restore a file that you have previously backed up, select the backup file in the backup repository dropdown list,
and click Restore.
Download: If you want to download a backup file from the backup repository list, select the backup file in the backup repository
dropdown list, and click Download.
Change Password
The Change Password feature allows system administrators to change their password for logging in to the Netmail Administration Console. To do
so, select the Netmail Platform > Change Password tab. In the Password field, enter your current password. Then enter and confirm your new
password, and click Change Password.
Diagnostics
New in Netmail 5.2
The Diagnostics tab allows you to test your Netmail Secure system to verify that it is handling mail correctly, as per the policies you have
defined.
151
After the initial setup of Netmail Secure, select the Trial of functionality option, enter an email address (mailbox) that you want to use for the
test, and then click Test. Netmail Secure will create the user and then apply all the policies you have created to the email address you have
specified. This version of the diagnostic test was built mainly for prospective customers who wish to have an overview of the capabilities of
Netmail Secure. The Basic diagnostic option performs essentially the same test as the Trial of functionality option, except that the user is not
created; you need to use a real user of your email system. This version of the diagnostic test can verify that all expected policies are in effect.
Once you have launched the test, a Job Status window opens, displaying the test progress and results.
Once the test is complete, you can log in to the test user's mailbox and quarantine to view the results. You (the administrator) should also receive
a Quarantine Report, an Executive Report, and an email with information about your Netmail Secure system.
152
Search
The Search feature allows system administrators to search Netmail Secure for domain names, groups, users, policies and containers, servers,
and alerts. To do so, select the Secure object and then the Search tab. Next to Search Type, use the dropdown list to select the type of item you
want to search for, and then specify a Search Value (or leave this field blank). Click Search. The search results will appear on the left-hand side
of the Netmail Administration Console.
153
154
Appendix A - Configuring Netmail Secure with Your Email System
Netmail Secure can be configured with the following email systems:
GroupWise - GWIA
Lotus Domino - SMTP
Lotus Domino - LDAP
GroupWise GWIA Configuration
Before you can send messages to the GroupWise system, a few configuration modifications to the GroupWise GWIA need to be made. From
ConsoleOne, open the Properties of GWIA (Internet Gateway) dialog box.
Receive Threads
Netmail Secure uses temporary SMTP connections to perform pre-authentication for incoming users. The Netmail Secure server will use up to 4
SMTP receive threads on the GWIA gateway for each processor in the Netmail Secure server. This means that a hyper-threaded dual processor
Netmail Secure system could potentially use up to 16 receive threads on the GWIA. To compensate for this and the increased delivery rate, you
will need to increase your GWIA receive threads accordingly.
Note: Messaging Architects recommends a minimum of 20 receive threads and higher if there are multiple processors in your
server.
To increase your GWIA receive threads, specify the number of receive threads under SMTP/MIME > Settings in the Properties of GWIA dialog
box.
Mail Forwarding
155
Should you wish to have Netmail Secure scan and handle all outbound GroupWise messages, you can specify Netmail Secure as the mail
forward host within GWIA. This will force GWIA to forward all messages to Netmail Secure for delivery. The advantages of having Netmail Secure
control outbound delivery include: outbound virus scanning and content filtering of messages, inclusion of corporate footer on all outbound
messages, centralized control of all inbound and outbound messages, and the benefits of the granular delivery retry and warning message
capabilities of Netmail Secure.
To configure GWIA to relay outbound mail through Netmail Secure, specify the IP address of the Netmail Secure server under SMTP/MIME
Settings in the Properties of GWIA dialog box.
Security Settings
When receiving messages from Netmail Secure, GWIA security settings should be disabled because Netmail Secure is performing these tasks.
These include de-activating any mailbomb protection and sender validation checking under SMTP/MIME > Security Settings in the Properties
of GWIA dialog box. Blacklists should also be disabled.
Undeliverable Mail
Netmail Secure utilizes a mechanism to validate recipient email addresses by querying the GWIA. The GWIA setting to Forward Undeliverable
Inbound Messages to Host (/fut switch in GWIA.CFG) can interfere with this mechanism and should not be used in conjunction with Netmail
Secure. Undeliverable messages will be rejected by Netmail Secure with the proper SMTP response being provided to the sending host.
Ensure that the Forward Undeliverable Inbound Messages to Host setting is cleared under SMTP/MIME > Undeliverables in the Properties
of GWIA dialog box.
156
Rule Generated Mail
When a GroupWise rule sends a mail to the Internet, the address it is sent from can cause problems (see Novell TID 10100683). The mail may be
sent from [email protected] or [email protected] for example. This can cause the mail to be rejected by Netmail
Secure as it is not for a valid user or domain. To avoid this, you should configure your GroupWise system to send rule generated mail with the
user's email address by selecting Use GroupWise user address as Mail From: for rule generated messages under SMTP/MIME > Address
Handling in the Properties of GWIA dialog box.
157
Netmail Secure Authentication Settings
Within the domain configuration of Netmail Secure, you can specify the Authentication Settings to be used by Netmail Secure for this domain.
When the domain is being handle by a GroupWise system, you should select SMTP as the Authentication Type. In the SMTP Authentication
Settings, the Hostname or IP address setting should point to your GroupWise GWIA.
Note: GroupWise offers considerable flexibility in the possible email addresses which are valid for incoming mail, such as
[email protected], [email protected], etc. One side effect of this flexibility is that it is possible to end up with
addresses which cannot uniquely be resolved to a single mailbox. In such scenarios, GWIA will reject the address as
undeliverable, and in turn Netmail Secure would reply with an SMTP 550 Mailbox Not Found message. GroupWise provides
mechanisms to avoid such conflicts by allowing overrides on Internet Addressing. At the user level, these overrides can set that
incoming mail recipients are known exclusively by a specific email domain. In such a way it would be possible to have two users
named John Smith on your system but each have a unique email address, such as [email protected] and john.smith@d
omainb.com. In this type of scenario, the domain is a critical part in guaranteeing uniqueness and so Netmail Secure must be set
to Include Domain in the Authentication Settings to avoid email being rejected by GWIA.
Lotus Domino SMTP Configuration
Before you can send messages to the Lotus Domino system, you must make a few configuration modifications to the Lotus Domino Administrator.
Enabling a server to receive mail sent over SMTP routing
To set up a server to receive SMTP-routed messages, you must enable the SMTP Listener. Then the server can "listen" for SMTP traffic over the
TCP/IP port (usually port 25) and receive SMTP messages in the MAIL.BOX database(s). Enabling the SMTP listener causes the server SMTP
task to start up automatically every time the server starts.
To enable the SMTP Listener:
1. From the Lotus Domino Administrator, click the Configuration tab and then expand the Server section.
2. Select the Server document to be edited and then click Edit Server.
158
3. On the Basics tab, enable the SMTP Listener Task so that the server can receive messages routed via SMTP routing.
Verifying that Local Domain Recipients Exist in the Domino Directory
After you enable the SMTP Listener Task, you must enable the Verify that local domain recipients exist in the Domino Directory option on
the SMTP server that is routing SMTP Inbound traffic. Enabling this option specifies that the SMTP Listener checks recipient names specified in
RCPT TO commands against entries in the Domino Directory. If the domain part of the recipient’s address specified in an SMTP RCPT TO
command matches one of the local Internet domains, the SMTP Listener checks all configured directories to determine whether the specified
recipient is a valid user. If all lookups complete successfully and no matching username is found, the SMTP server returns a 550 permanent
failure response indicating that the user is unknown.
To enable the Verify option:
1. Make sure you already have a Configuration Settings document for the server(s) to be configured.
2. From the Domino Administrator, click the Configuration tab and then expand the Messaging section.
3. Choose Configurations.
4. Select the Configuration Settings document and then click Edit Configuration.
5. Click the Router/SMTP - Basics tab.
6. Select Restrictions and Controls tab.
7. Select SMTP Inbound Controls tab.
8. Enable Verify Local Domain Recipients Exist, so that messages addressed to local recipients that can not be resolved are not accepted.
Supporting Inbound SMTP Extensions
Lotus Domino supports a number of extended SMTP (ESMTP) functions. These include the ability to combine commands, set the server to check
message size before accepting transfer, create a secure SSL connection with another server, and create delivery status notifications in MIME
format.
To enable or disable each of these options in the Configuration Settings document for the server or servers for which
you want to use these extensions:
2. From the Domino Administrator, click the Configuration tab and expand the Messaging section.
3. Click Configurations.
4. Select the Configuration Settings document for the mail server or servers you want to administer, and click Edit Configuration.
5. Click the Router/SMTP >Advanced >Commands and Extensions tab.
6. Enable VRFY command to ensure that Domino accepts inbound requests to verify user names.
7. Select SSL Negotiated over TCPIP Port, and choose one of the following options:
Enabled: Domino supports the STARTTLS command, allowing it to create an encrypted SSL channel over the SMTP TCP/IP port.
Required: Domino accepts inbound SMTP connections over the TCP/IP port only from hosts that issue the STARTTLS command.
8. Click Save and Close.
SMTP Authentication
To enable name and password authentication for SMTP inbound mail:
3. Select the Ports tab.
4. Select the Internet Ports tab.
159
5. Select the Mail tab.
6. Under Authentication options, change SMTP Inbound Name & Password to Yes.
Enable Full Name Lookup
Address lookup specifies how the Router searches the Domino Directory to determine the Notes recipient of an inbound Internet message.
Choose one:
Fullname then Local Part (default): The Router first searches the Domino Directory for a match for the full Internet address
([email protected]). If no match is found, it searches the directory again, looking for a match for the local part of the address only.
Fullname only: The Router searches the Domino Directory for full Internet addresses only. For example, it searches for
'[email protected]' but not for 'user.' If an exact match is not found and the domain suffix is equivalent to an Internet domain alias
defined in the Global domain document, a secondary search is performed using the domain suffix of the primary Internet domain.
Local Part only: The Router searches the Domino Directory for a match of the local part of the Internet address, that is, the part before
the @ symbol. Local part matching matches periods and underscores in the address with spaces in the directory.
Note: Messaging Architects recommends that you choose Fullname then Local Part.
Lotus Domino Outbound SMTP Configuration
To configure Lotus Domino to send mail through Netmail Secure, you must specify the IP address or host name of Netmail Secure in the
Configuration Settings document.
Note: Each SMTP mail server has its own Configuration Settings document, so you must specify the IP address or host name of
Netmail Secure on all server documents.
To set up a relay host:
2. From the Domino Administrator, click the Configuration tab and then expand the Messaging section.
3. Choose Configurations.
4. Select the Configuration Settings document and then click Edit Configuration.
5. Click the Router/SMTP - Basics tab.
6. Under Relay host for messages leaving the local Internet domain, enter the following information:
The host name, domain name, or IP address of the server being used.
A domain name is a valid entry only if the internal DNS contains an MX record for that domain and can resolve it to a host name.
When entering an IP address, enclose it within square brackets; for example, [127.0.0.1].
7. Click Save & Close.
Lotus Domino LDAP Configuration
You can do Authenticated or Anonymous queries against the Domino LDAP server. Each domino server should have a replica of the address
book on it, so you can point Netmail Secure to the server doing the SMTP Internet routing.
Aliases that are defined in the Global Domain Document, are NOT available via LDAP. So if the users are aliased via this method, they will not
authenticate.
Aliases that are defined in the User Name attribute in the Person Document display in LDAP as a CN.
The Short Name attribute in the Person Document display in LDAP as a UID.
160
Note: If the Address Lookup attribute is set to Full Name then Local Part when you verify a user, if may validate a portion of the
username. A good practice would be to add the full internet name for the user in the User Name field. If Only Full Name is set in
the Address Lookup field, you MUST specify the entire Internet name in the User Name field to receive outside mail.
LDAP Authentication
You can set the Domino server to allow User and Password and/or Anonymous access. Then which data fields you allow visible are controlled via
an ACL (Access Control List) document. The Access method is set per server. So you need to make sure you are checking the settings for the
server which you are attempting to authenticate against.
To check or change the LDAP access settings:
3. Select the Ports tab.
4. Select the Internet Ports tab.
5. Select the Directory tab.
6. Check Authentication options Settings.
Name and Password: Yes/No
Anonymous: Yes/No
Enabling Internet Passwords for Access to the Quarantine
In order for end users to be able to use or access the quarantine application, end users MUST have an Internet Password set on their account.
This password, if selected, can sync with the Lotus Notes password, but it must be enabled. If an end user does not have an Internet password,
inbound and outbound mail will filter properly, but end users will not have access to the quarantine.
161
Appendix B - Custom Policies
This section includes general guidelines about security policies and compliance considerations that should be addressed by enterprise level
organizations as part of the overall Risk Management strategy of the IT department, as well as several sample email compliance policies. Inbound
policies are used to protect the messaging and collaboration system from email-based security threats such as viruses, worms, Trojans, spyware,
phishing and other unwanted email whereas outbound policies are implemented to control the content leaving the organization. Netmail Secure
facilitates the implementation of email security policies on all inbound and outbound messages to pro-actively filter message content, enforce
corporate epolicy and identify policy violations.
In this section:
Sample Group Policy
The following sample email compliance policy for financial institutions can be created to identify SSN (Social Security numbers) in outbound email
messages.
1. Choose Policies > Content Filter > Create Content Filter Policy.
2. Under Name for new object, enter a name for your policy, and then click Create.
4. Under Action on the Actions tab, select which message action you wish to take on a message which meets this criteria. Depending on your
corporate epolicy, you may wish to select from the following options:
Delete the Message: This option deletes the message containing the SSN. Use this option alone or use this option in conjunction with
the BCC to or the Send Notification option.
BCC to: This option allows you to specify where a blind carbon copy of the message should be sent. Use this option notify a designated
individual about a violation in corporate epolicy without notifying the sender of the message.
email notifications to the sender and/or administrators when a message containing an SSN is detected in the system. Notification Policies
are created by choosing Policies > Notifications. For more information, see "Notifications".
5. Click Save Changes, and then click the Criteria tab.
6. Under Filter Type, choose Regular Expressions.
7. In the Filter Value text box, enter the following number sequence: [0-9][0-9][0-9].[0-9][0-9][0-9].[0-9][0-9][0-9][0-9].
9. Choose Domains. Highlight the name of your domain, and click Assign Policy.
10. In the dialog box that appears, select Content Filter as the policy Type, Outgoing as the Direction of mail flow, and then select the name of
the Policy you have just created. Click Assign.
11. To apply the policy to all users in the organization, do not select Allow Override.
The following sample email compliance policy for educational and government institutions can be created to look for specific language content in
both inbound and outbound email messages.
162
4. Under Action on the Actions tab, select which message action you wish to take on a message which meets this criteria. Depending on your
epolicy, you may wish to select from the following options:
Tag Subject & Deliver to Mailbox: This option allows you to add a disclaimer such as “Warning: Contains Inappropriate Content” to
the subject line and deliver the message containing the objectionable language to the recipient’s mailbox.
Delete the Message: This option deletes the message containing the objectionable language. Use this option alone or use this option in
conjunction with the BCC to or the Send Notification option.
BCC to: This option allows you to specify where a blind carbon copy of the message should be sent. Use this option notify a designated
individual about a violation in epolicy without notifying the sender of the message.
email notifications to the sender and/or administrators when a message containing objectionable content is detected in the system.
Notification Policies are created by choosing Policies > Notifications. For more information, see "Notifications".
6. Under Ignore Messages, select Ignore SPAM, Ignore Virus, and Ignore Blocked Attachment so that the policy will only act on messages
which were not caught by the Anti-Spam, Anti-Virus, or Attachment Blocking engines.
7. Under Filter Type, choose Keywords.
8. In the Filter Value dialog box, enter keywords that fall under the objectionable content category for which you want to filter. For example, if you
want identify messages containing inappropriate language content for students in an educational setting, enter those keywords in the list box.
the Policy you have just created. Click Assign. This will apply your policy to all outbound mail.
14. To apply your policy to inbound mail, click Assign Policy.
15. In the dialog box that appears, select Content Filter as the policy Type, Incoming as the Direction of mail flow, and then select the name of
the Policy you have just created. Click Assign.
The following sample email compliance policy for corporate institutions can be created to append a custom footer, such as a message disclaimer,
to all outbound email messages.
4. Under Action on the Actions tab, select which message action you wish to take on a message which meets this criteria. To append the footer
to all outbound messages, choose the following option:
Deliver to Mailbox: This option appends the disclaimer to the bottom of all outbound email messages and delivers the message to the
recipient’s mailbox.
6. Under Non-Matching Messages, select Footer.
7. Enter the text of your footer in the available list box, such as a message disclaimer. The disclaimer text is usually a notice used to protect
companies from any legal ramifications. When deciding on the text of the disclaimer text, you should consider all possible interpretations of the
text and make sure that it complies with the corporate epolicy. This disclaimer text will be appended to the bottom of all outbound email
163
messages.
the Policy you have just created. Click Assign. This will apply your policy to all outbound mail.
The following sample email security policy should be created if end users are allowed to create IMAP folders to receive their Anti-Spam
quarantine in their mail client. This policy ensures that email messages containing viruses are not delivered to end user mailboxes.
1. Choose Policies > Anti Virus > Create Anti Virus Policy.
2. Under Name for new object, enter a name for your policy, such as Delete, and then click Create.
3. Select your new Delete policy from the tree menu on the left-hand side of the Netmail Administration Console.
4. Under Action, select Delete the Message. This option deletes the message containing the virus.
7. In the dialog box that appears, select Virus as the policy Type, Incoming as the Direction of mail flow, and then select the name of the Policy
you have just created. Click Assign. This will apply your policy to inbound mail.
Sample Group Policy
The Sample Group policy can be implemented when you want apply unique policy settings to a group of selected users within an organization, but
not to the entire organization. The following scenario describes how to override an Attachment Blocking policy for members of the Marketing
group.
1. To create a Marketing group, choose Domains. Highlight the name of your domain, and then click the Users tab.
2. Click Create a Group.
3. Under Group Name, enter a name for the group, such as Marketing. Click Create Group.
4. Highlight the Marketing group you just created, and then click the Users tab.
5. To add users to the group, you can either click Create a User to create a new user or Import Users to import an existing list of users from a .c
sv file.
6. Click Save Changes to save your settings.
7. By default, the Images Attachment Blocking Policy Templates come pre-configured with a list of image file attachments, such as *.gif, *.jpg and
*.jpeg files, that are forbidden from entering your messaging and collaboration system. You may, however, wish to override these policies for
members of the Marketing group who need to access image files for marketing collateral. To do so, you can create a custom Attachment Blocking
policy for the Marketing group: Choose Policies > Attachment Blocking > Policy Templates > Images > CreateAttachment Policy.
10. On the Actions tab, you can specify any Forbidden Filenames or Forbidden Mime Types you want to apply to your Marketing group, and
then select the Message Action you want the policy to take. Click Save Changes. On the Exceptions tab, specify any Allowed Filenames or Al
lowed Mime Types you want to apply to your Marketing group. Click Save Changes to save your policy.
11. Select Domain, and highlight the Marketing group you created.
164
12. Click the Policies tab.
13. Under Policies in Effect, click Assign Policy to assign the new Attachment Blocking policy you just created to the group.
14. In the dialog box that appears, select Attachment as the policy Type, Incoming or Outgoing as the Direction of mail flow, and then select
the name of the Attachment Blocking Policy you created. Select the Overwrite existing assignments of this type option. Your new Attachment
Blocking policy will overwrite any existing Attachment Blocking policies that have been inherited from the Domain to which the group belongs.
Click Assign.
Note: Alternatively, you can choose to first Disable all Attachment Blocking policies that have been inherited from the Domain
before assigning a new policy to the group. In this case, you would not need to choose the Overwrite existing assignments of
this type option, and any disabled policies could be re-enabled in the future.
The Allow Override option for the Attachment Blocking policy at the Domain level must be selected in order for the Disable butto
n to appear next to the Attachment Blocking policy at the Group level. If this option is not selected, you will not be able to disable
the policy at the Group level.
15. Click Save Changes to save the changes you made to the group.
165

Netmail Secure 5.2 Administration Guide

Transcription

Similar documents

DIDDE FUHR PEDERSEN

iPhone Instructions - New Albany Schools website

Mashrabiya

A "Quick Start" Guide to Novell NetMail 3.1

Thrislington Cubicles - design management europe award

Management of Parvovirus in Animal Shelters

FS 1000 Owners Manual

Setup Microsoft Office 2003 -2010 Step 1 For Office

ordering instructions mail order