Netmail Secure 5.2 Administration Guide
Transcription
Netmail Secure 5.2 Administration Guide
Netmail Secure 5.2 Administration Guide Netmail Secure 5.2 Administration Guide Netmail Secure Administration Guide Netmail Secure is a Linux-based self-managed email security solution that can be used with any messaging and collaboration system, including Netmail Server, Novell GroupWise, Microsoft Exchange, IBM Lotus Notes, and Domino. Netmail Secure integrates anti-spam, anti-virus, content filtering, data leak prevention and attachment blocking in a single solution that provides total protection to stop email threats from impacting your organization and compromising security. Table of Contents Introducing Netmail Secure Feature Overview Component Overview Netmail Secure Clustering Scenarios How Netmail Secure Processes Mail Netmail Secure Single Node Deployment Netmail Secure 3 Node Deployment Netmail Secure Multi-Node Cluster Setup Best Practices Storage Considerations Netmail Secure Virtual Messaging Firewall System Information Deploying Netmail Secure VMF Performing the Bootstrapping Sequence Launching the Netmail Secure Setup Wizard Logging in to the Netmail Administration Console Configuring Domains, Groups and Users Creating Domains Administering Domains Assigning Domain-Level Policies Managing Users and Groups Editing Allow and Block Lists Editing Domain-Level DSN Messages Editing Domain-Level DKIM Signatures Editing Domain Configurations SMTP Modules AntiMasking Module DBL Module GreyList Module Limits Module Lists Module NSRL Module Protocol Filter Module RBL Module RDNS Module SPF Module Policy Planning, Configuration and Management Policy Overview Alias Policy Configuration and Management Anti-Spam Policy Configuration and Management Anti-Virus Policy Configuration and Management Attachment Blocking Policy Configuration and Management Content Filter Policy Configuration and Management Executive Reports Lists Policy Configuration and Management Mail Route Outbound Limits Policy Configuration and Management Quarantine Management Quarantine Actions Policy Quarantine Management Policy Quarantine Management Agent Quarantine Reports Policy Quarantine Access Warp Drive Agent Queue Server Advanced System and Agent Configuration Spools Configuring your Netmail Secure Host Cluster IMAP Agent SMTP Agent Alerts Agent Creating Netmail Secure Alerts Sender Verification Agent Rules Agent 2 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide SURBL Agent POP Agent Notifications The Netmail Secure Node Dashboard Using the Node Dashboard System Traffic Policy Engine Logs Message Tracking Troubleshooting License Information Version Information Backup Change Password Diagnostics Search Appendix A - Configuring Netmail Secure with Your Email System GroupWise GWIA Configuration Lotus Domino SMTP Configuration Lotus Domino LDAP Configuration Enabling Internet Passwords for Access to the Quarantine Appendix B - Custom Policies Sample Email Compliance Policy for Financial Institutions Sample Email Compliance Policy for Educational Institutions Sample Email Compliance Policy for Corporate Organizations Sample Email Security Policy Sample Group Policy 3 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Introducing Netmail Secure Netmail Secure’s 100% policy-driven management platform helps organizations create customized rules for enforcing corporate and regulatory compliance with enterprise email security policies. Leveraging Netmail directory services, the web-based Netmail Administration Console provides a single point of administration to facilitate large-scale deployments. Netmail Secure supports clustering and load-balancing to ensure a truly enterprise-level performance and high availability of your messaging system at all times. Designed to increase the overall security of your messaging and collaboration system, Netmail Secure is available as a virtual appliance. The Netmail Secure appliance has an intuitive browser-based interface designed to manage security and network access locally and remotely. Appliance Benefits: Auto-updateable anti-spam signatures and anti-virus definitions. Improved performance due to tighter hardware integration and optimization. Higher security with a hardened operating system. Improved control with enhanced logs and statistics right on your desktop. Higher and quicker ROI due to reduced integration costs and faster deployment. Feature Overview Netmail Secure is a policy-based email firewall solution that is compatible with any SMTP email server and provides you with an intelligent approach to Email Risk Management. It integrates advanced, multi-layered anti-spam with state-of-the-art anti-virus protection, content filtering, attachment blocking and security policies. Netmail Secure is a highly scalable modular solution: its components can be located on a single Netmail Secure server or distributed individually or in groups across multiple servers to provide both fault tolerance and load balancing for the Netmail Secure platform. Netmail Secure’s built-in clustering abilities lets server nodes detect and cluster together for maximum performance and uptime. Within a cluster, a master node will detect if other nodes are overloaded and impacting performance, and then re-distribute the workload between servers in a cluster ensuring better resource utilization. Key Features and Benefits 4 Features Benefits 100% Policy-Based Management Define customizable corporate email security policies that can be applied at the domain, group, or end-user level to allow organizations to define their email security rules centrally. Directory-Enabled Service Stores all policy information in an enterprise class directory, providing a single point of administration for configuring and managing email security policies across the entire organization. Highly Scalable Modular System Architecture for Unmatched Performance and Stability Components can be located on a single server or distributed across multiple servers to provide fault tolerance and load balancing. Built-in Application-Layer Clustering Guarantees superior performance and scalability of the messaging infrastructure with the necessary level of fail-over required. Requires no third-party software, customization or professional services to implement clustering. Zero Administration Translates into a fully automated, auto-updated messaging platform that requires no ongoing configuration, no administration and no fine tuning. Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Advanced Virus Technologies Allows users to choose between multiple dedicated auto-updated virus engines to protect the messaging and collaboration system from email-based threats, such as viruses, worms, Trojans, spyware, phishing and other unwanted email. Multi-Tiered Anti-Spam Defense Provides multiple auto-updated Xtreme Content Filter anti-spam engines that use advanced pattern recognition and SURBL anti-spam technology. All engines detect and block spam in any language and are highly effective against image-based spam, snowshoe spam, and PDF spam. The new XCFSURBL engine scans messages for URI hosts listed on SURBLs. Content Filtering and Deep Content Analysis Supports Deep Content Analysis and the use of Regular Expression Searching (RegEx) which provides a way to search for advanced combinations of characters and prevent data leaks. Enhanced Attachment Blocking The Attachment Blocking feature in Netmail Secure has been enhanced to allow organizations to define and enforce acceptable-use policies to help organizations control the flow of message content and attachments. Netmail Secure can be used to identify and prevent a wide variety of inbound and outbound policy violations—including sensitive and confidential data, offensive language, maximum message size, allowable attachment type and size, and many more. Reputation Protection with Outbound Limits The Outbound Limits feature allows administrators to monitor outgoing mail for any suspicious activity resulting potentially from an email account being compromised. Enhanced Message Tracking The Message Tracking feature allows administrators to quickly determine the status or whereabouts of both inbound and outbound email messages. Allow / Block Host Functionality Allows administrators to dynamically block or allow a range of IP addresses. Name Server Reputation List (NSRL) Name Server Reputation List is an SMTP module that blocks messages at the connection and content levels. The NSRL Module functions similarly to the RBL and GreyList modules, except that it blacklists name servers that are spammer-friendly and marks all the domains hosted by those name servers in email links as spam. Route Objects Through the creation of Delivery and Authentication policies, the Route Objects feature of Netmail Secure allows you to authenticate messages to multiple destinations. More specifically, it allows for multiple relay addresses and multiple authentication addresses. For example, if you have a domain hosted on both Novell GroupWise and Microsoft Exchange, you can create a delivery and authentication route for GroupWise and another delivery and authentication route for Exchange. Greylisting Preserves system resources by temporarily rejecting email from suspicious senders. Network-Level Real-Time Perimeter Protection Specialized Layers to Analyze Message Content, IP Header Information, Envelope Information and Source Domain Blocks DoS, OpenRelay and harvesting attacks. Web-Based Administration Console Allows administrators to plan, configure and implement corporate-wide email security policies using the intuitive, easy-to-use Netmail interface. Web-Based Quarantine A web-based application providing end users with real-time access to quarantined email through the Internet or via IMAP. Netmail Secure Perimeter Protection By using a platform-independent multi-layered anti-spam and anti-virus defense with advanced SMTP security options, Netmail Secure is a complete email firewall that blocks scan attacks and uses authentication to accurately identify recipient email addresses for incoming messages. Netmail Secure also blocks messages based on real-time blacklists (RBL), limits the number of simultaneous connections and rejects connections from specified addresses or IPs. Netmail Secure is compatible with any SMTP-based mail server. The gateway is deployed safely behind the corporate firewall through a single connection, effectively enhancing server security. Netmail Secure provides gateway intelligence that features unique user-aware pre-authentication to identify whether incoming messages are destined for valid users on your system. All incoming messages to invalid users are turned away at the perimeter thus reducing the overhead of processing non-deliverable messages. 5 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide The mail gateway component of Netmail Secure provides the receipt and local delivery of all your Internet mail. The process is transparent to the email server. Understands Simple Mail Transfer Protocol (SMTP) and Extended SMTP (ESMTP). Restriction of incoming messages based on size. Efficient multi-thread worker-pool threading model for high-speed reception. Validation of Sending Host using Reverse DNS, Domain name validation, or Sender Policy Framework. Restriction of Sending Host through Real-Time Black Lists, Name Server Reputation Lists, Internet Domain Name, and IP Restriction Lists. User Pre-Authentication Validates recipient addresses against the destination mail system to reduce receipt of invalid messages. Dynamically creates and maintains a cached user list of all valid users for the destination mail system(s). Block scan attack Limit the maximum number of invalid recipients. Slowdown or block IP addresses. Cache connections by number of entries and lifetime. Administrator-specified list of IP addresses which automatically block mail from these hosts. Component Overview Netmail Secure is modular to provide flexibility without compromising email security and consists of several components that can be implemented depending upon the needs of your organization. SMTP Modules The SMTP Modules feature performs various security functions at the SMTP level. Greylisting Temporarily rejects any email from any sender it does not recognize. Legitimate email servers will attempt to resend the message again after which Netmail Secure will accept the second transmission. Greylisting provides protection against spam scripts that do not attempt to resend messages. Allow Lists Administrator-specified list of IP addresses which automatically bypasses reverse DNS lookup and RBL lookup. Real-Time Blacklists (RBLs) Lookup SMTP hosts in Real-Time Blacklist (RBL) hosts. Administrator-specified RBL hosts. Exclude trusted IP addresses from lookup. Cache RBL lookup results. Name Server Reputation List (NSRL) Blocks messages at the connection and content levels. Blacklists name servers that are spammer-friendly and marks all the domains hosted by those name servers in email links as spam. Reverse DNS Perform reverse DNS lookup for the SMTP host. Cache DNS lookup results. Connection Limits Limit connections by total number of connections to host based on percentage of mail by category. Limit connections by simultaneous connections from single IP. Specify system-wide connection limits. Specify IP addresses for which no limits are applied. Reject all incoming mail from specified hosts or IP addresses. 6 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Anti-Phishing/Spoofing Protection (SPF) Checks with the sender’s DNS server to look for IP class or domain name forgery. Sender ID Based on SPF and caller ID, Sender ID rejects emails with a forged or “spoofed” MAIL FROM. Scan Attack Limit the maximum number of invalid recipients. Slowdown or block IP addresses. Protocol Filtering Filter messages at the protocol level. Block messages based on the following header fields: To, From, Subject, Received, Helo/EHLO, Mail From, Rcpt To and X-Advertisement. Mail Relaying Limit mail relaying to trusted hosts or domains. Processes outbound messages from the mail server. Trusted IPs Administrator-specified list of IP addresses which automatically bypass Block scan attack filter, reverse DNS lookup and RBL lookup. Policy Engine The Policy Engine allows organizations to create policies to scan email content to meet both security and compliance requirements. Applicable to both inbound and outbound email, Netmail Secure provides automated enforcement of corporate email policy to protect organizations from litigation or compromise of reputation and integrity. The Policy Engine is the core component of Netmail Secure that creates, manages and enforces email security policies to ensure that the network remains secure, compliant and highly available at all times. The Policy Engine facilitates the implementation of corporate-wide email security by using pre-defined policies that can be specified at the domain, group or end-user level. These policies are customizable to allow organizations to define their email security rules centrally. The web-based Netmail Administration Console facilitates the implementation of these policies with its intuitive, easy-to-use interface. With the Policy Engine, system administrators can create: Comprehensive Anti-Virus and Anti-Spam policies that process messages according to pre-defined specifications, such as quarantine, delete or tag and deliver spam messages. For more information, see “Anti-Virus Policy Configuration and Management” and “Anti-Spam Policy Configuration and Management”. Policies that automatically send customized notification messages to both sender and recipient regarding blocked message content. For more information, see “Notifications”. Executive Report policies that automatically send customized executive reports containing event information to designated individuals inside your organization. Executive Reports can be configured to show how many email messages containing viruses, spam, blocked attachments or other filtered email is being trapped by Netmail Secure. For more information, see “Executive Reports”. Policies that send customized quarantine reports containing event information to designated individuals inside the organization in the form of an administrator-sent email message at regularly scheduled intervals. For more information, see “Quarantine Reports Policy”. Content Filter policies to scan and filter email messages based on specific expressions or keywords. For more information, see “Content Filter Policy Configuration and Management”. Attachment Blocking policies to explicitly block attachments by filename, extension or type. For more information, see “Attachment Blocking Policy Configuration and Management”. Customized Delivery and Authentication policies that can deliver and authenticate messages to multiple destinations using multiple relay and authentication addresses. For more information, see “Mail Route”. Outbound Limits policies to monitor outgoing mail for suspicious activity and suspend mail flow if an email account seems to have been compromised. For more information, see "Outbound Limits Policy Configuration and Management". Quarantine Management policies to automatically clean up quarantined email messages after a specific period of time based on certain criteria. For more information, see “Quarantine Management Policy”. 7 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Customized Lists policies to always block or allow specific email addresses, domain names or IP addresses. For more information, see “L ists Policy Configuration and Management”. Quarantine Actions policies to configure which options will be available to end users through the Quarantine application. For more information, see “Quarantine Actions Policy”. Anti-Virus Agent Through the Netmail Anti-Virus Agent, Netmail Secure offers the use of multiple dedicated, multi-layered auto-updated virus engines to protect your messaging and collaboration system from email-based security threats, such as viruses, worms, Trojans, spyware, phishing and other unwanted email. These engines are integrated to the core of Netmail Secure to provide inbound and outbound message scanning for optimal performance and reliability. The integration of multiple high-performance virus scanning technologies provides system administrators with the flexibility to select which anti-virus engine they want to use. Important: The virus engine you choose must be the engine for which you have received a digitally signed xml license file. Auto-updates Receive automatic virus definition updates directly from Messaging Architects. Performance Cache last positive anti-virus identifications. Specify size and time limit of cache entry retention. Virus Handling Option to scan compressed or zipped files for viruses. Option to specify maximum size for large attachments and choose to delete, quarantine, tag subject line, or return to sender. Option to recursively scan zipped files by number of zip levels. Configurable course of action taken when an unscannable message is detected. Notifications to senders and recipients of detected viruses. Option to specify what action Netmail Secure should take when a message containing a password-protected zipped attachment is detected. Anti-Spam Agent Through the Netmail Anti-Spam Agent, Netmail Secure provides four multi-tiered auto-updated Xtreme Content Filter spam engines: XCFSpam1, XCFSpam2, XCFSpam4, and XCFSURBL. All engines inspect the full range of attributes of incoming email messages, including sender IP addresses, message envelope headers and structure and the unstructured content in the body of messages. Netmail Secure’s proprietary technology tests numerous connection-level data points, including DNS and MX record verification, to deliver unrivalled accuracy with the lowest possible rate of false positives and protect you against the onslaught of image spam. XCFSpam1 Engine Designed as a large-scale learning system where human and autonomous machine elements collaborate to produce and refine the filtering rules. XCFSpam2 Engine Uses Advanced Pattern Detection, which is based on the mass distribution of malware over the Internet, and SURBL anti-spam technology to combat the evolving techniques of spammers. Detects and blocks spam in any language and is highly effective against image-based spam and PDF spam. XCFSpam4 Engine Complements our other spam engines. Uses more than one million reputation queries, pattern matches or rules to identify spam with an incredibly high accuracy rate, and a near-zero false positive rate. XCFSURBL Engine Scans messages for URI hosts listed on SURBLs and uses them to help identify and block unsolicited messages. Four specific lists used by SURBLs can be individually enabled or disabled or disabled. 8 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Large Messages Limit the size of messages. Specify how messages larger than the maximum size are handled by Netmail Secure. Name Server Reputation List (NSRL) Blacklists spammer-friendly name servers and marks all domains listed by those name servers in email links as spam. Auto-updates Receive automatic spam signature updates directly from Messaging Architects. Warp Drive Agent The Netmail Warp Drive Agent provides the Web Quarantine component of Netmail Secure. The Web Quarantine is a web-based application that allows end users to manage their quarantined email from anywhere in the world through the Internet. End users can access the Quarantine application through any standard web browser such as Internet Explorer, Mozilla Firefox and Safari by simply specifying the URL of the server. The quarantine feature provides: End user access to quarantine from anywhere in the world. Access to live quarantine mailbox via IMAP. Actionable quarantine reports for end-user management of contents. 9 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Netmail Secure Clustering Scenarios To provide organizations with a robust solution that is scalable, fault tolerant and highly available, Netmail Secure supports application-layer clustering to enable multiple servers to work together to mitigate any interruptions in the message flow. There are a number of different clustering scenarios available which will largely depend upon the organization, its size, the number of daily messages processed as well as the level of fault tolerance desired for the system. With Netmail Secure’s highly scalable modular system architecture, components can be located on a single Netmail Secure server or distributed individually or in groups across multiple servers to provide both fault tolerance and load balancing for the Netmail Secure platform. How Netmail Secure Processes Mail When mail is received through Netmail Secure, the SMTP Agent places the messages in the Monitored Queue. The Monitored Queue is the message queue that is monitored by various Netmail Secure Agents. Agents retrieve the messages from the Monitored Queue and process the messages in the Message Spool. The Message Spool is located in the Quarantine Store. The Quarantine Store contains a Quarantine repository for each end user and the Message Spool that stores messages in transit. Messages in transit are scanned by the various Netmail Secure Security Agents, and then processed accordingly. For example, if a message is trapped by the Netmail Anti-Spam Agent, the Netmail Anti-Spam Agent may forward the message to the end user quarantine as per the organization’s Anti-Spam policy. If the message contains a virus, the Netmail Anti-Virus Agent may delete the message from the queue as per the organization’s Anti-Virus policy. Messages that are not caught by any of the Security Agents are returned to the Monitored Queue and then transferred to the Delivery Queue. The SMTP Agent retrieves the messages from the Delivery Queue for delivery to the end user’s mail client. Netmail Secure Single Node Deployment The following deployment illustrates an Netmail Secure single node deployment. This deployment scenario is ideal for organizations with up to 1000 email accounts or with total email traffic of 750,000 messages a day. Netmail Secure 3 Node Deployment The following deployment illustrates a Netmail Secure 3 node deployment. This deployment scenario is suitable for organizations with 1000 25,000 email accounts or email traffic of 6,000,000+ messages a day, or for organizations requiring enterprise-class fault tolerance. 10 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Netmail Secure Multi-Node Cluster Setup Best Practices This page lists some of Messaging Architects' best practices for setting up a multi-node cluster for Netmail Secure. Clusters: It is recommended to have all servers in the same Netmail Secure cluster. Quarantine: During the initial setup and installation of Netmail Secure, there is nowhere to differentiate or indicate whether a server is a processing or quarantine node. Once all servers have been added to the cluster, you can then go to the server nodes and specify where each server should store its quarantine objects. This can be done on the Volumes tab of each server. Having a single quarantine ensures that end users only need to log in to one quarantine server and will receive only one quarantine report (if desired).If the quarantine server fails, quarantine access will be unavailable until the server is restored. The other servers will hold items destined for the quarantine in their spool until the failed server is back up, ensuring no items will be lost. Spool: Each server should have its own spool. You should be able to see this on the Volumes tab of each server, but you shouldn't have to change anything. The reason for this is that if one server ever fails, mail will keep flowing through the other server(s). Once the failed server is brought back up, it will deliver any mail that is sitting in its spool. Database: Ideally, you should have one database per mail system. This gives you centralized logging and reporting. You can disable PostgreSQL and set the connection path for the other servers by following the steps in the Post-installation Tasks section of the Launching the Netmail Secure Setup Wizard page. The logging database normally resides on the same server as the quarantine server, but this is not mandatory. If the database fails or the server on which it resides fails, then logging will be unavailable during that time, and the other servers will not 11 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide be able to write their logs. The logs generated by the other servers will not be queued in any fashion, so these logs will be lost during the failure. We do not have High Availability (HA) or Disaster Recovery (DR) in our logging. If you wish, you may set up a database per server to ensure that no logs are lost, however this will require more processing power per server and will not provide you with centralized logging. You will essentially have to check each server's logs. If you have a highly available SQL server on your network, however, you can choose to write the logs to it since it is a standard ODBC query that is being made. Storage Considerations In multi-node deployments, to avoid introducing a single point of failure for your Internet email delivery system and to ensure that your system remains highly available at all times, Messaging Architects recommends that you move the Quarantine Store off to a fibre channel storage area network (SAN). Although the initial cost of deploying a SAN solution may be higher, the long-term total cost of ownership (TCO) may be lower as fibre-channel SANs are highly scalable to accommodate future growth. Network attached storage (NAS) over a gigabit network offers reliable storage as well. If high availability is a requirement, then you should choose a SAN or a NAS solution. Before choosing a storage solution, you should be familiar with storage technologies such as RAID levels, storage area networks (SANs) and network-attached storage (NAS). You should also evaluate your organization’s needs for dependable storage. Some organizations can expect to lose significant revenue if the messaging and collaboration system is unavailable. Finally, the type of storage solution you choose can play an important part in ensuring high availability and the rapid processing of email. You should not plan your Netmail Secure storage solution without considering disaster recovery (DR) strategies. Note: Messaging Architects strongly recommends that you connect any storage system to a redundant UPS system for a highly available source of power. 12 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Netmail Secure Virtual Messaging Firewall Netmail Secure is deployed on a virtual appliance offering rapid enterprise roll–out and scalability. The Netmail Secure virtual appliance is delivered as a software download that offers considerable green benefits including reduced HVAC and power consumption, reduced hardware footprint and elimination of shipping and packaging. The Netmail Secure Virtual Messaging Firewall (VMF) is a fully configured soft appliance that can be deployed on any x86 hardware, using VMware's VMware ESXi / ESX 3.x or higher. Note: Please ensure that VMware Tools is up to date. For more information, see http://kb.vmware.com. In this section: System Information Deploying Netmail Secure VMF Performing the Bootstrapping Sequence Launching the Netmail Secure Setup Wizard Logging in to the Netmail Administration Console System Information The Netmail Secure Virtual Messaging Firewall (VMF) is a fully configured soft appliance that can be deployed on any x86 hardware. By using VMware ESXi or ESX 3.x or higher, organizations can now deploy Netmail Secure as needed. You must install VMware Tools prior to installing Netmail Secure. Refer to System Requirements for Netmail Secure for detailed information about the minimum requirements for deploying Netmail Secure. The following login credentials are required during the installation of Netmail Secure: User Login: admin User Password: m3ss4g1ng Access: “root” access through “sudo su” Note: Messaging Architects will only support Netmail Secure virtual machines created by Messaging Architects. Deploying Netmail Secure VMF This section describes how to deploy the Netmail Secure Virtual Messaging Firewall from a virtual instance of Netmail Secure from a virtual machine image onto a machine running ESX Server or ESXi Server. You must install ESX Server or ESXi Server before performing this procedure. 1. Contact Messaging Architects Support to obtain the link to download the virtual machine. 2. Unpack the compressed .rar file. 3. Using a VMware vCenter or Virtual Infrastructure Client, select File > Deploy OVF Template. 13 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 4. Click Browse to browse to the location of your .ovf file. Click Next to continue. 5. Review the OVF template details onscreen, and then click Next to continue. 14 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 6. Under Name, enter a Name for your virtual appliance, and under Inventory Location, specify where in the inventory you want your virtual appliance to reside. Click Next to continue. 7. Select 32bit as the host for the Netmail Secure virtual appliance, and then click Next to continue. 15 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 8. Select a datastore where you want to store the files for the virtual appliance, and then click Next to continue. 9. Select a format in which you want to store the virtual disks. Thin provisioned format allocates storage space for data on an as-needed basis, while Thick provisioned format immediately allocates all available storage space. Click Next to continue. 16 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 10. Select a network(s) that the deployed OVF template should use, and then click Next to continue. 11. Review the virtual appliance details onscreen, and then click Finish to start the deployment. 17 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide It will take a few minutes to create the virtual machine. Once the virtual machine has been created, power up the machine and go through the bootstrapping sequence. Performing the Bootstrapping Sequence The bootstrapping process allows you to provide the information needed to connect your system to the Netmail Secure virtual machine. 1. In the VMware VCenter or Virtual Infrastructure Client, select your Netmail Secure virtual machine in the tree menu on the left-hand side of the screen, and then start the virtual machine. Use your keyboard to navigate through the bootstrapping sequence. 2. Select Netmail Secure 5.1 RC [VMX], and then press Enter to load the boot sequence. The screen will remain blank for a few moments while the boot sequence loads. 18 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 3. On the Languages screen, choose your preferred language, and then select Next. 19 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 4. On the Network Configuration screen, select Use Following Configuration, and then select Next. 20 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 5. On the Keyboard Configuration screen, select your preferred keyboard layout. Select Next. 21 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 6. On the Hostname and Domain Name screen, enter the Hostname of your Netmail Secure virtual machine and the Domain Name. Select As sign Hostname to Loopback IP (do not select Change Hostname via DHCP). Select Next to continue. 22 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 7. On the Network Settings screen, select the Overview heading, and then choose Edit. 23 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 8. On the Network Card Setup screen, select the Address heading to configure the IP address. Select the Statically assigned IP Address opti on (do not choose to configure a dynamic address). Enter the network IP Address and Subnet Mask, and then choose Next to continue. 24 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 9. Back on the Network Settings screen, select the Hostname/DNS heading. Enter the IP address(es) of your DNS name server(s). 25 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 10. On the Network Settings screen, select the Routing heading. Enter the IP address of the Default Gateway, and then select OK. 26 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 11. On the Network Configuration screen, verify the configuration settings you have entered, and then select Next to continue. 27 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Your network configuration settings will be saved. It will take a few moments for the settings to be saved. 28 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 12. On the Clock and Time Zone screen, choose your Region, Time Zone, and Date and Time. Select Next to continue. 29 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Your system now restarts. Once the system has restarted, the bootstrapping process is complete. You are now ready to launch the Netmail Secure Wizard. Launching the Netmail Secure Setup Wizard On this page: Deploying a Single Node or the First Node of a Cluster Deploying Additional Netmail Secure Nodes Restoring a Node Post-installation Tasks How to Execute Commands at a Prompt Additional Commands With the Netmail Secure Wizard, you can deploy a single Netmail Secure node or the first node of a cluster, deploy additional Netmail Secure nodes, or restore a node. There are two different methods for launching the Netmail Secure Wizard: On the Netmail Secure appliance, double-click the shortcut to Mozilla Firefox located on your taskbar to launch the Netmail Secure Wizard. Configure a machine on your network with access to the newly deployed Netmail Secure Virtual Messaging Firewall by opening a web browser and navigating to https://10.20.30.40/setup. Deploying a Single Node or the First Node of a Cluster 1. On the Welcome screen, agree to the terms and conditions of the End User License Agreement. Select New to deploy a new Netmail Secure 30 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide system. Click Next to continue. 2. On the New Node Setup screen, select New System from the available options. Enter the default administrator password m3ss4g1ng under Current Password, and enter and confirm a New Password of your choice. Click Next to continue. 3. On the New Node Configuration screen, enter a Cluster Name of your choice. 31 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 4. On the Domain Configuration screen, complete the following: Click Browse to navigate to the location of your license file. By default the default license is used, which is limited to 50 users. Under Domain Name, enter a name for your domain. Under Authentication Source, select the authentication type, and enter the required information. You will have a different set of fields to complete depending on your choice. You can use the Test button to verify the validity of the authentication source. Under Relay Address, enter the IP address where you want Netmail Secure to deliver email that it has processed. Use the Test button to verify that the relay address is valid. Under Postmaster Address, enter the email address of the postmaster where notifications should be sent. Under Abuse Address, enter an email address to which abuse reports (filed by end users through the Quarantine application) should be sent. Under Default Time Zone, use the dropdown list to select your preferred time zone. Click Finish to complete the installation and exit the wizard. 32 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide If you did not use the Test buttons to test the authentication source and relay address, you will be warned that you haven't done so. Click OK to complete the configuration or click Cancel to go back and perform the tests. Alternatively, you can click Advanced to configure advanced cluster and policy settings before completing the installation. This step is optional, as cluster and policy settings can be configured later. 5. On the Cluster Configuration screen, select which agents and features you want to enable or disable. These options can also be configured at a later time. Click Next to continue. 33 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 6. On the Storage Configuration screen, enter the Spool, Quarantine, and Log paths in the fields provided. Click Next to continue. 34 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 7. On the Policy Setup screen, select which policies you want to enable. These policies can also be enabled or disabled at a later time. Click Nex t and then Finish to complete the installation and exit the Wizard. 35 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Deploying Additional Netmail Secure Nodes At this stage in the deployment, you should have both your cluster running and an additional node with access to the Netmail Secure Wizard. 1. On the Welcome screen, agree to the terms and conditions of the End User License Agreement. Select New to deploy a new node in your existing Netmail Secure system. Click Next to continue. 2. On the New Node Setup screen, select Add Node to Cluster. Under Current Password, enter the default administrator password m3ss4g1n g, and then enter and confirm a new password of your choice. Click Next to continue. 3. On the New Node Configuration screen, upload a license file or use the default license. Under Existing Node Admin Password, enter the administrator password of the existing node. Under Existing Node IP, enter the IP address of the existing node. If you are not sure of the IP address, use the Detect button to generate a list of existing nodes that you can choose from. If desired, select a data store to migrate. Click Finis h to install the additional node. Restoring a Node It is possible to recover a previously existing node from a backup file. To do so, you must have first run a backup of Netmail Secure. For more information about backing up Netmail Secure and creating a backup file, see "Backup". 36 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 1. On the Welcome screen, agree to the terms and conditions of the End User License Agreement. Select Restore to recover a node. Click Next to continue. 2. On the Restore Node screen, complete the following: Enter your Admin Password. Next to License, click Browse to browse to the location of your Netmail Secure license file. Next to Backup File, click Browse to browse to the location of your Netmail Store backup file. Next to Restore, choose what information you want to restore. Click Finish to start the restoration process. This may take a few moments. Post-installation Tasks If you have installed multiple Netmail Secure nodes, you must perform the following post-installation tasks to disable PostgreSQL on each node, and then connect each node to the PostgreSQL server. To disable PostgreSQL: 1. At the Console login prompt, enter the default username admin and then use the same password that you used on the first and second nodes. Gain super user rights for the admin user for the entire session by typing sudo su, and then press Enter. 2. Type chkconfig postgresql off, and then press Enter. To connect the Netmail Secure nodes to the PostgreSQL server: 1. At the login prompt, enter the default username admin and the default password m3ss4g1ng. Gain super user rights for the admin user for the entire session by typing sudosu, and then press Enter. 2. Type vi /root/.odbc.ini. 3. Navigate to ServerName. 4. Use the arrow keys to move your cursor to the file name to the ServerName line. 5. Type i to enable you to modify the text. 6. Click Delete to delete localhost, and then enter the IP address of node 1. 7. Use Esc, and then type :wq to save and exit the file. 8. Restart the netmail service by typing service netmail restart at the prompt. 9. To access the Netmail Administration Console, open a standard web browser and enter the IP address of the server where you installed Netmail Secure. 10. Choose Domains & Users. Click on the name of your domain. By default, the Details tab is displayed. 11. Select the Quarantine Cluster you configured previously, and then click Save. How to Execute Commands at a Prompt Linux commands such as starting and stopping the Netmail Secure services require additional rights beyond the user rights assigned to the admin user. To grant these additional super user rights to the admin user, use the sudo command. The sudo command is used to run commands with the root user’s privileges and is used at the beginning of each line of commands. For example, to start Netmail Secure, type sudo/etc/init.d/netmail start, and then press Enter. The su command is used to become root (system administrator) user. For example, to gain super user rights for the admin user for the entire session, type sudo su, and then press Enter. Additional Commands Additional Linux commands may also be used with Netmail Secure. To query the status of Netmail Secure, type sudo /etc/init.d/netmail status, and then press Enter. To shut down the Netmail Secure appliance, type init 0, and then press Enter. Once the system shuts down, unplug the power cable. Logging in to the Netmail Administration Console 37 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide To access the Netmail Administration Console, open a standard web browser and enter the IP address of the server where you installed Netmail Secure. The Netmail Administration Console can be accessed from any workstation with access to this IP address. Important: Netmail Secure supports Internet Explorer 8.0 and higher, Mozilla Firefox 3.0 and higher and Safari 3.0 and higher. Messaging Architects recommends Mozilla Firefox for enhanced performance. When you first launch the Netmail Administration Console, you are prompted for your User Name and Password. These authentication credentials are for a Netmail directory service user account which has administrative privileges to the Netmail Secure objects which were created during the installation. You can log in using NDS contextual login, such as admin.netmail. Messaging Architects uses its own dedicated tree to store the Netmail Secure objects and an Netmail Secure Administration user account which has specific administrative privileges to the tree is created automatically for the purposes of administration. In the fields provided, enter your credentials, and then click Log In. The Netmail Administration Console is where system administrators can create and define custom email security rules to proactively address the issues of regulatory compliance, corporate governance and security. System administrators can also configure and manage other solutions of the Netmail platform from this same Administration Console, including Netmail Archive and Netmail Store. The Netmail Administration Console was designed for flexibility and ease of use, and is organized to assist with both day-to-day operations and advanced system configuration. The following tabs are available in the Netmail Administration Console: Welcome, Updates, Backup, Change Password, and Diagnostics. By default, when you log in to the Console as an administrator, you are redirected to the Welcome tab. 38 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 39 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Configuring Domains, Groups and Users Netmail Secure maintains a list of all domains and associated users for which it is configured to process mail. The Domains and Users feature lets system administrators manage these domains and users and define groups of users for whom selected policies can be applied. The intuitive Netmail Administration Console facilitates the granular application of unique policies for each domain, group or user located on the Netmail Secure server or cluster. For more information on policy, see “Policy Planning, Configuration and Management”. During the Netmail Secure configuration procedure, you were prompted to enter configuration settings through our web-based configuration portal. These settings are automatically applied to the Netmail Secure Server; however, you can still modify these settings at any time using the Domains and Users feature in the Netmail Administration Console. This chapter provides step-by-step instructions on how to create and configure additional domains, users and groups. If you have already configured these settings, then you can learn how to apply the Netmail Secure pre-created custom policies and overrides to different levels: per domain, per group or per user. There are three different levels at which email security policies can be applied: Domain-level policies apply to all users in a specified domain. If you create a domain-level policy, it applies to all users in that domain. Group-level policies apply to all users in a specific group. If you create a group-level policy, it overrides a domain-level policy. User-level policies apply only to the selected user. If you create a user-level policy, it will override all other policies. In this section: Creating Domains Administering Domains Assigning Domain-Level Policies Managing Users and Groups Editing Allow and Block Lists Editing Domain-Level DSN Messages Editing Domain-Level DKIM Signatures Editing Domain Configurations Creating Domains This feature allows you to create additional domains, if necessary, and allows you to configure all Internet domains that the server will accept inbound messages for, along with the routing information for delivery of those messages and the routes and methods for pre-authentication and web authentication. With Netmail Secure, you can also create a secure delivery route for your domain. For more information, see “Mail Route”. If you are supporting multiple mail servers, such as GroupWise and Netmail Server, then create a separate Domain entry for each and point to the respective mail system. If you are supporting multiple domain names for a single mail server, then consider making all domain names aliases of a primary domain name. This will allow all email messages to be delivered normally, but will provide a single domain address in the Quarantine 40 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide database, thus reducing the number of quarantine reports that end users receive. Note: If you are running multiple email systems with a single Internet Domain, you should speak directly with a member of our Technical Support Team. Although using a single domain for an entire network has several advantages, you may need to create one or more additional domains for your organization to meet scalability and security requirements. Additional reasons to create more than one domain include: Different password requirements between departments or divisions Massive numbers of objects Decentralized network administration To get started, select Domains in the tree menu on the left-hand side of the Netmail Administration Console. By default, the Default Policies tab is displayed, which is where you can create a new domain. Setting Default System-Level Policies The Default Policies tab allows you to view, edit, or remove default system policies assigned to local or remote domains, and it allows you to assign new policies to those domains. To create a new domain, click Create A Domain. A window in which you can specify the criteria of your new domain opens. 41 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Create A Domain The Domain Name field allows you to specify a new domain name. Quarantine Store The Global Quarantine Volume field contains the name and location of the global Quarantine store. Aliases The Alternate Domain Names option allows you to Add alternate domain names or domain aliases that the Netmail Secure server accepts mail for and delivers to the same mail system. To modify an existing alias, select the alias in the Alternate Domain Names list, and click Advanced E dit. To remove an existing alias from the list, highlight the alias in the list, and then click Remove. Authentication This feature allows you to prioritize route authentication and apply a default Authentication policy or Delivery policy. The Route Priorities option allows you to prioritize route authentication. To add a route, click Select Route. In the window that appears, specify the route Type. Select a Mail Route Object, and then click Edit. 42 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide In the next window, under Authentication or Delivery, click Add Route to add either an Authentication route or a Delivery route. If you are adding an Authentication route, select your authentication protocol Type. Your choices are: SMTP MX Netmail (SMTP) Novell GroupWise 6/7 (LDAP) GroupWise 8 (LDAP) Lotus Domino (SMTP) Microsoft Exchange (LDAP) LDAP (manual) ODBC Route Local Authentication If you are adding a Delivery route, select your delivery protocol Type. Your choices are: 43 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide SMTP MX Route Local Authentication The configuration settings for each authentication and delivery protocol are different. Complete the following fields, if applicable to your chosen authentication or delivery protocol: SMTP Server Host: Enter the host IP address and the port number of the SMTP server. Note: When creating your Authentication policy, ensure that the host IP address is the same as that of the corresponding Delivery policy. Encryption:Select the security protocol you want to apply to the authentication protocol: None: Select this option of you do not want to apply any security protocols. TLS (optional): If you select this option, messages will be delivered to the recipient whether or not they support TLS. If TLS is supported, then the protocol will be applied and the message delivered. If the recipient does not support TLS, the message will be delivered anyway. TLS (required): Select this option if you require that the recipient supports TLS in order for messages to be delivered to them. If the recipient does not support TLS, the message is not delivered. This ensures that all mail is delivered securely. SSL: Select this option if you want to apply the SSL to delivered messages. Domain: Enter the domain name of the SMTP server. SMTP Extensions Select whether you want to Detect, Assume, or Ignore the following SMTP extensions: DSN: An ESMTP command that enables delivery status notifications as defined in Request for Comments (RFC) 1891. PIPELINING: Provides the ability to send a stream of commands without having to wait for a response after each command. 8BITMIME: Indicates that the local SMTP virtual server supports 8-bit Multipurpose Internet Mail Extensions (MIME) messages. CHUNKING: Provides some features for SMTP to transmit very large binary messages (sometimes called BDAT). BINARYMIME: Indicates that the SMTP virtual server accepts messages that contain binary material without transport encoding by using a BODY parameter with a value of "BINARYMIME" with the MAIL command. When the SMTP server accepts a MAIL command with a BODY parameter of BINARYMIME, the server agrees to preserve all bits in each octet passed using the CHUNKING command. The BINARYMIME SMTP extension can only be used with CHUNKING. ETRN: Sent by an SMTP server to request that the local virtual server send any email messages that it has in the queue for the domains indicated in the ETRN command. STARTTLS: Indicates that the SMTP server supports secure SMTP over Transport Layer Security (TLS). AUTH: Signals that the local SMTP virtual server supports the SMTP authentication service extension. SIZE: Provides a mechanism by which the SMTP virtual server can indicate the maximum supported message size. XCLIENT: When an SMTP server announces support for the XCLIENT command, an SMTP client may send information that overrides one or more client-related session attributes. The XCLIENT command targets access control tests, client software that downloads mail from an up-stream mail server and injects it into a local MTA via SMTP, and post-filter access control and logging. User Lookup Authentication: Select this option if you want to include the domain when authenticating messages. LDAP Search: Select this option if you want the LDAP server to search for users recursively. LDAP Server Host: Enter the host IP address and the port number of the LDAP server. 44 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Note: When creating your Authentication policy, ensure that the host IP address is the same as that of the corresponding Delivery policy. Encryption: Select SSL if you want to apply the SSL to delivered messages. LDAP Version: Select either 2 or 3 as your LDAP version. Directory Authentication DN: Enter the authentication DN of the LDAP directory. Password: Enter a password for the LDAP directory. Base DN: Enter the base DN of the LDAP directory. User Class Name: Enter the name of the user class. Naming Attribute: Enter a naming attribute: Naming Prefix: Enter a naming prefix. Mail Attribute: Enter a mail attribute. Disabled Attribute: Enter a disabled attribute. Disabled Value: Enter a disabled value. Attribute Translation This option allows you to apply a field mapping by importing user attributes from a .csv file. ODBC Connection DSN: Enter the Data Source Name (DSN) of the user data source. ODBC User: Enter the name of the ODBC user that you will be authenticating to that database. ODBC Password: Enter the password for the specified ODBC user. Queries Lookup SQL: Specify the query string that will be used to find users. Authentication SQL: Specify the query string that will be used to find passwords. Authentication: Select this option if you want to include the domain when authenticating SQL. Password Encoding: Select the type of password encoding you wan to implement. Route Mail Route Object: Select a mail route object for your Route protocol. 45 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide When adding a route, you can choose to test the route you are creating by clicking Test. In the window that appears, enter an existing user’s email address and password, and enter an email address of a user that does not exist on the target system. Click Test Authentication. This troubleshooting tool will inform you of the user’s status on the target system. When you are finished testing, click Done. When prioritizing route authentication, you can add as many routes as you wish. If you have two or more routes, you can change the route priorities by using the up and down arrows next to the routes. You can also choose to delete a route by clicking the x next to the route. The Cache Passwords option allows you to enable password caching. Disabling this option may increase the load on the server to which you are 46 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide authenticating. The Default Delivery Policy option allows you to select the default Delivery policy you would like to use for message delivery. If no Delivery policy appears in the dropdown list, you need to create one. For information about creating a Delivery policy, see “Delivery”. Postmaster Information Postmaster Address: This option allows you to specify a postmaster email address. In the available textbox, enter the email address of the postmaster where notifications should be sent. Abuse Address: This option allows you to specify an abuse address. The abuse address is the email address to which the system sends emails when end users click Report in their Quarantine. In the available textbox, enter an email address to which abuse reports should be sent. When you are done specifying the criteria for your new domain, click Create Domain. Setting System-Level DKIM The DKIM tab allows you to include a system-level DKIM (DomainKeys Identified Mail) signature to messages. DKIM provides a method for validating the identity of a domain name that is associated with a message through cryptographic authentication. It allows an organization to take responsibility for a message while the message is in transit. The organization can handle the message as the message creator or as an intermediary. In either case, it is ultimately the organization’s reputation that dictates whether the message should be trusted for delivery. To learn more about DKIM, visit http://www.dkim.org/. By default, the Signature field is set to None. To apply a domain-level DKIM signature, select a signature from the Signature dropdown list. A new set of fields appears in the DKIM tab. Complete the following fields: Timestamp: This option allows you to include the time when a message is sent. Expiration Age: This option allows you to specify the number of hours, days, or weeks for which your DKIM signature is valid. Sign Body: This option allows you to sign the entire body of the message or a specific number of bytes of the message. Sign Header: This option allows you to select the fields you want to include in the signature header. By default, all header fields are selected. To manually select specific fields, simply hold down the Ctrl key, and click the fields you want to include in the signature header. You can also opt to add custom fields in the header. Click Save Changes to save your changes. Adding a DKIM Signature 47 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide If no DKIM signature exists, you need to create one. To create a DKIM signature, click Add. In the window that appears, provide a name for the DKIM signature you want to add, and enter a public key and a private key. Click Save to save your new DKIM signature. Note: A DKIM signature can be created only on the DKIM tab of the Netmail Secure Domains object. Searching for a Matching DNS Record The DNS Record button is a troubleshooting tool that allows you to test a domain for a matching DNS (Domain Name Service) record. Complete the following fields before testing: Domain: Select the domain you want to test. Include Hash Algorithm: Select this option if you want to include the hash algorithm in the DNS text record. Include Key Type: Select this option if you want to include the key type in the DNS text record. Service Type: Specify the service type you want to include in the DNS text record. You can choose from unspecified, email, and service types. Testing Mode: Specify the testing mode you want to include in the DNS text record. You can choose from unspecified, testing, and subdomain testing types. (Optional) Notes: Type in any notes you want to include with your search. Click Test to search for a matching DNS record. The search tool specifies whether a matching DNS record was successfully found or if it failed to find a matching DNS record. Click Close to return to the DKIM tab. Setting System-Level DSN Messages The DSN tab allows you to customize the system-level DSN (Delivery Status Notification) that is sent to the sender if the recipient’s email server is unavailable. You can apply a different DSN to email messages sent within local domains and those sent to remote domains. By default, the DSN settings that you apply to this tab are applied to the entire system (i.e., to all the domains you have created). However, it is possible to edit and apply custom DSN settings for each individual domain. To edit the settings for the domain DSN, select Domains > <domain name> (the name of the domain you are administering), and then click the DSN tab. The following information can be edited for both Local Domains and Remote Domains: Header This section allows you to add new header fields, remove existing header fields, or edit existing header fields in the DSN. Use the dropdown lists next to Fields to select a header. You can choose from the following headers: Received, Subject, From, To, CC, Reply-To, X-Sender, and Custom. Use the textboxes provided to enter specific keywords that you want to apply to the headers to filter out messages. 48 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Message This section allows you to add a customized Plain Text Message or HTML Message to include with the DSN. You can manually type in your own text or click Browse to upload a file. The Download button allows you to download a copy of either the Plain Text Message or HTML Message i n .txt file format. The Attach original message field allows you to specify how much of the original message you want appended to the DSN. Retry Schedule This section allows you to customize the retry schedule for sent email messages that are not delivered successfully. After each failure, the message can be bounced back to the sender or rescheduled to be sent [x] seconds, minutes, hours, or days later with or without the DSN. You can also choose to inherit the system retry schedule. When you are done, click Save Changes. Administering Domains It is possible to configure the settings of existing domains, including specifying alternate domain names or aliases. To administer an existing domain, use the arrow icon to expand the Domains object in the tree menu, and select the name of the domain you want to manage. For each domain you create, you can apply unique Policies, manage Users, manage Allow/Block Lists, configure a DSN (Delivery Status Notification), configure a DKIM signature, and manage the overall domain Configuration. By default, the Policies tab is displayed. 49 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Assigning Domain-Level Policies When you click on the name of domain you want to administer, the Policies tab is displayed by default. The Policies tab allows you to manage authentication priorities, policies, and quarantine reports of an existing domain. Authentication Priorities This option allows you to view and prioritize route authentication. If you have two or more routes, you can change the route priorities by using the up and down arrows next to the routes. You can also choose to delete a route by clicking the x next to the route. Click Select Route to add a new Authentication route to the list. If no Authentication route exists, you need to create new one. For more information about creating an Authentication route, see “Authentication”. 50 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Policies in Effect This option allows you to view and manage domain policies that are currently in effect as well as assign new domain policies. The following actions can be taken: Remove: Click Remove if you want to unassign a policy that is in effect. Edit: Click Edit to assign a different policy. Select the type of policy, the direction of mail flow to which you want to apply the policy (if applicable), and the name of the actual policy you want to assign. Allow Override: Select this option of you want the policy to override objects that inherit from this policy. If no policies have been assigned or if you want to assign additional policies, click Assign Policy. In the window that appears, select the Type of policy you want to apply, the Direction of mail flow to which you want to apply the policy (if applicable), and the name of the Policy you want to apply. If you have not created any policies, only the default policies will be available. For more information about creating a policy, see “Policy Planning, Configuration and Management”. User-Selectable Policies This option allows you to view and configure policies for which users can set preferences in their personal quarantine. Just as for domain policies, it is possible to assign, remove, edit, and override user-selectable policies to a domain. For more information about the quarantine feature, see “Q uarantine Management”. Quarantine Reports This option allows you to send quarantine reports to all users and groups in the selected domain. Click Send Quarantine Report to send a quarantine report of only new items in quarantine. Click Send Full Quarantine Report to send a quarantine report of all items in quarantine. Important: After specifying your options, make sure you click Save Changes to save your work. Managing Users and Groups 51 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Netmail Secure automatically creates users and populates your user list when mail traffic first begins moving through your SMTP mail server. This is true for every domain you create. The user list can be found by selecting Domains > <domain name> (the name of the domain you are administering) and then clicking the Users tab. You can search this list for a specific user by typing in the first few letters of the user’s name in the search textbox and then pressing Enter. It is also possible to manually create users, groups, and distribution lists, as well as import users. Existing users can be edited, assigned to a group, moved to another domain, or deleted. Creating Users To create a new user, click Create A User on the Users tab. Complete the following in the window that appears: Create A User: Enter a user name for the new user. Identity: Enter the new user’s first and last name. Authentication: Enter and confirm a password for the new user. Importing Users To import users from an existing CSV list, click Import Users. In the CSV User Import window that appears, type or paste comma separated user information into the text box provided. The information that you input should correspond to the column values you define in the top part of the window (i.e., the first comma separated value should correspond to the valued in Column 1, the second comma separated value should correspond to the value in Column 2, etc.). Click Add field to add more columns, if needed. When you are finished defining your users, click Start Import. 52 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Once the import is complete, the CSV User Import window will show the results of the import. Click Close to close the window. The users you have imported should now appear in the user list on the Users tab. Creating Groups To create a user group within the domain, click Create a Group on the Users tab. Enter a name for the group, and then click Create Group. The new group you have just created appears in the tree menu on the left-hand side of the screen, under the name of the domain in which the group was created. 53 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Creating Distribution Lists To create a distribution list, click Create a Distribution List on the Users tab. In the window that appears, complete the following: Create a Distribution List: Enter a name for your new distribution list. Details: Enter an external or internal email address you want to add to the distribution list, and click Add. To edit an existing email address, highlight the email address in the list, and click Advanced Edit. To delete an existing email address from the list, highlight the email address and click Remove. When you are done, click Create List. Editing User Details and Policies It is possible edit existing user details and policies. To do so, on the Users tab, select a user you want to modify, and then click Edit. The following tabs can be modified: Identification Tab 54 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide The Identification tab allows you to edit the following user information: Details: This section allows you to modify the user’s first name, last name, full name, preferred name, group, and aliases. Security: This section allows you to edit the user’s password and user rights. Contact: This section allows you to edit the user’s contact information, such as their title, department, company, photo URL, birthday, and description. Work Address: This section allows you to edit the user’s work address and contact details. Home Address: This section allows you to edit the user’s home address and contact details. The User Enabled option allows you to either enable or disable the user. When you are done, click Save changes. Policies Tab The Policies tab allows you to view and manage policies that are currently in effect for the selected user, as well as assign new policies. The following actions can be taken: Disable: Click Disable if you want to cancel the policy that is in effect. Override: Click Override if you want to override the policy with another policy of the same type. If no policies have been assigned or if you want to assign additional policies, click Assign Policy. In the window that appears, select the Type of policy you want to apply, the Direction of mail flow to which you want to apply the policy (if applicable), and the name of the Policy you want to apply. If you have not created any policies, only the default policies will be available. For more information about creating a policy, see Policy Planning, Configuration and Management“Policy Planning, Configuration and Management”. The Quarantine Reports option allows you to send quarantine reports to the selected user. Click Send Quarantine Report to send a quarantine report of only new items in quarantine. Click Send Full Quarantine Report to send a quarantine report of all items in quarantine. 55 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Important: After specifying your options, make sure you click Save Changes to save your work. Allow/Block Lists Tab The Allow/Block Lists tab allows you to add, edit, or remove the selected user’s allow and block lists. These lists can contain email addresses, domain names, or IP addresses. 56 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide It is also possible to select multiple users at once for editing. This will allow you to make modifications to the policies that are applied to the selected users. You will not, however, be able to edit personal user information, send quarantine reports, or edit allow/block lists. To edit the policies of multiple users, select the users you want to edit, and then click Edit. In the window that appears, you can choose to edit Ge neral policies (such as Delivery Route policy), Sender Policies, Recipient Policies, and User-Selectable policies. The dropdown lists allow you to select different policies, and you can choose to add or cancel policies. When you are done, click Save to save your changes. Editing Allow and Block Lists To view or modify a domain’s Allow and Block lists, select Domains > <domain name> (the name of the domain you are administering), and then click the Allow/Block Lists tab. Enter a specific email address, domain name, or IP address that you want to add to your Allow or Block list, and then click Add. To modify an existing allowed or blocked address, select the address in the list, and then click Advanced Edit. To remove a selected allowed or blocked address from the list, click Remove. When you are done, be sure to click Save Changes. 57 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Note: It is possible to use wildcards when adding domain names to your Allow or Block list. For example, name@*.netmail.com will match [email protected]. Editing Domain-Level DSN Messages Netmail Secure allows for custom DSN (Delivery Status Notification) messages for each domain. To edit the DSN for a domain, select Domains > <domain name> (the name of the domain you are administering), and then click the DSN tab. The DSN tab allows you to modify the DNS message header, message, and retry schedule. Header This section allows you to modify header fields, remove existing header fields, or add new header fields to the DSN. Use the dropdown lists next to Fields to select a header. You can choose from the following headers: Received, Subject, From, To, CC, Reply-To, X-Sender, and Custom. You can also choose to remove an existing header field. Use the textboxes provided to enter specific keywords that you want to apply to the headers to filter out messages. Message This section allows you to modify the Plain Text Message or HTML Message that is included in the DSN. You can type in your own text or upload a file. The Download button allows you to download a text document of either the Plain Text Message or HTML Message. See below for more information about adding custom DSN messages. Retry Schedule This section allows you to modify the retry schedule for sent email messages that do not get delivered successfully. After each failure, the message can be bounced back to the sender or rescheduled to be sent [x] seconds, minutes, hours, or days later with or without the DSN. You can also choose to inherit the system retry schedule. When you are done, click Save Changes. 58 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Using Customized DSN Messages When using a customized DSN message, variables can be used to allow for the inclusion of the required information. The following variables can be used: recipients Enumerate through all the recipients, or recipients with a specific status. The status argument may be: processing, delivered, relayed, expanded, delayed, retry, failed Example: %if recipients(failed)% Message delivery failed for the following recipients: %while recipients(failed)% %recipient% %end% %end% %if recipients(delivered)% Message delivery was successful for the following recipients: %while recipients(failed)% %recipient% %end% %end% All Recipients: 59 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide %while recipients% %recipient% %end% recipient Return the address of the current recipient while enumerating with the recipients variable. Example: %while recipients% %recipient% %end% status Return the status of the current recipient while enumerating with the recipients variable. Possible values are: processing, delivered, relayed, expanded, delayed, retry, failed Example: %while recipients% The status of %recipient% is: %status% %end% postmaster The postmaster email address sender The original sender's email address dsn summary Return a description of the status of the message. This uses the same logic that is used when generating the default DSN subject. If the status is the same for all recipients then the description will be specific. If the status is not the same for all recipients then the status will give a more generic description such as "Message failure". If the template does not include a subject field then this summary will be used automatically. Example output: "Message delivery failed" "Message delivered successfully" "Message delivery has been delayed" The default DSN message can be generated using this template: header: From: Netmail Extreme Email Engine <%postmaster%> To: %sender% Subject: %dsn summary% plain text: %if recipients(delivered)% Your message was delivered successfully to the following recipients: %while recipients(delivered)% <%recipient%> %end% %end% %if recipients(relayed)% Your message was relayed successfully to the following recipients: %while recipients(relayed)% <%recipient%> %end% %end% %if recipients(expanded)% Your message to the following lists where successfully forwarded to the list's members: %while recipients(expanded)% <%recipient%> %end% %end% %if recipients(delayed)% The following recipients had delivery errors and will be retried: %while recipients(delayed)% <%recipient%> %end% 60 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide %end% %if recipients(failed)% The following recipients had permanent delivery errors and will not be retried: %while recipients(failed)% <%recipient%> %end% %end% Editing Domain-Level DKIM Signatures Netmail Secure allows you to modify a single domain’s DKIM (DomainKeys Identified Mail) signatures. To do so, select Domains > <domain name> (the name of the domain you are administering), and then click the DKIM tab. For more information about DKIM, see “Setting System-Level DKIM. By default, the Signature field is set to None. To apply a domain-level DKIM signature, select a signature from the Signature dropdown list. A new set of fields appears in the DKIM tab. Complete the following fields: Timestamp: This option allows you to include the time when a message is sent. Expiration Age: This option allows you to specify the number of hours, days, or weeks for which your DKIM signature is valid. Sign Body: This option allows you to sign the entire body of the message or a specific number of bytes of the message. Sign Header: This option allows you to select the fields you want to include in the signature header. By default, all header fields are selected. To manually select specific fields, simply hold down the Ctrl key, and click the fields you want to include in the signature header. You can also opt to add custom fields in the header. Click Save Changes to save your changes. Note: If no DKIM signature exists, you need to create one. To create a DKIM signature, see "Adding a DKIM Signature". Searching for a Matching DNS Record The DNS Record button is a troubleshooting tool that allows you to test a domain for a matching DNS (Domain Name Service) record. Complete the following fields before testing: Domain: Select the domain you want to test. Include Hash Algorithm: Select this option if you want to include the hash algorithm in the DNS text record. Include Key Type: Select this option if you want to include the key type in the DNS text record. Service Type: Specify the service type you want to include in the DNS text record. You can choose from unspecified, email, and * service types. Testing Mode: Specify the testing mode you want to include in the DNS text record. You can choose from unspecified, testing, and subdomain testing types. (Optional) Notes: Type in any notes you want to include with your search. Click Test to search for a matching DNS record. The search tool specifies whether a matching DNS record was successfully found or if it failed to find a matching DNS record. Click Close to return to the DKIM tab. Editing Domain Configurations It is possible to modify a domain’s configuration at any time. To do so, select Domains > <domain name> (the name of the domain you are administering), and then click the Configuration tab. The Configuration tab allows you to edit the domain’s stores, aliases, mail route authentication, and postmaster information. Stores The Global Quarantine Volume field contains the name and location of the global Quarantine store. Aliases 61 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide The Valid Domain Names option allows you to Add alternate domain names or domain aliases that the Netmail Secure server accepts mail for and delivers to the same mail system. To modify an existing alias, select the alias in the Alternate Domain Names list, and click Advanced Edit. To remove an existing alias from the list, highlight the alias in the list, and then click Remove. Mail Routes Authentication Select Cache Passwords if you want to enable password caching. Disabling this option may increase the load on the server to which you are authenticating. Postmaster Information The Postmaster Address option allows you to specify a postmaster email address. In the available textbox, enter the email address of the postmaster where notifications should be sent. The Abuse Address option allows you to specify an abuse address. The abuse address is the email address to which the system sends emails when end users click Report in their Quarantine. In the available textbox, enter an email address to which abuse reports should be sent. Important: Be sure to click Save Changes to save your settings. 62 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide SMTP Modules The SMTP Modules feature allows the SMTP server that is routing SMTP Inbound traffic to restrict unwanted messages from being sent to recipients while allowing acceptable messages to be delivered. SMTP Modules transparently scan all email traffic passing through the Internet gateway using SMTP protocols like RBL, greylisting, SPF, RDNS, and Protocol Filtering thus preventing all unwanted email from reaching the network to help keep your messaging and collaboration system running efficiently. Video: How to reduce spam, viruses and unwanted content with Netmail Secure's SMTP modules AntiMasking Module The AntiMasking Module allows system administrators to enable enhanced anti-spam features of Netmail Secure. AntiMasking is an email authentication protocol that verifies that the mail from address matches the data from address. If these two addresses do not match, the mail from address overwrites the data from address. 63 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide In order to use the AntiMasking Module, the Agent Enabled option must be selected. Ignored Addresses This option allows you to ignore an IP address or a range of IP addresses that would otherwise be verified by the AntiMasking Module. To add an ignored address, enter the IP address or range of IP addresses in the Ignored Addresses field, and then click Add. To edit an existing ignored address, highlight the address in the list box, and click Advanced Edit. To delete an ignored address from the list, highlight the address in the list box, and click Remove. DBL Module The DBL Module feature allows you to perform lookups on the Domain Block List (DBL). The DBL is a real-time database of domains (typically web site domains) found in spam messages. As is it scans email message body contents for URIs, Netmail Search uses the DBL to identify, classify, or reject spam containing DBL-listed domains. The DBL is queriable in real-time, allowing administrators to identify, tag or block incoming email containing domains which are deemed to be involved in the sending, hosting or origination of spam. The DBL is both a domain URI Blocklist and RHSBL. It is intended primarily for message body URI checks, but it can also be used for connection checks at the SMTP level and header domain checks. The DBL also includes URIs (domains/hostnames) which are used in spam, including phishing, fraud/"419" or domains sending or hosting malware/viruses. 64 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide To perform lookups on the Domain Block List (DBL), the Agent Enabled option must be selected. RBL Zones This option allows you to create an RBL/DBL zone lis. To add a zone, enter the IP address or host name of the RBL or DBL list server in the RBL Zones field, then click Add. Enter one IP address or host name per line, such as 192.168.1.123 or xbl.spamcop.net. To edit an existing zone, highlight the zone in the list box, and click Advanced Edit. To delete an existing zone from the list, highlight the zone in the list box, and click Re move. Ignored Addresses This option allows you to ignore an IP address or a range of IP addresses that would otherwise be flagged as spam by the DBL Module. To add an ignored address, enter the IP address or range of IP addresses in the Ignored Addresses field, and then click Add. To edit an existing ignored address, highlight the address in the list box, and click Advanced Edit. To delete an ignored address from the list, highlight the address in the list box, and click Remove. Click Save Changes to save your changes. GreyList Module This option allows you to enable greylisting support. Greylisting is a method of defending against spam by temporarily rejecting any email sent to a specific recipient from a specific sender it does not recognize. Legitimate email servers will attempt to resend the message again after which Netmail Secure will accept the second transmission. Greylisting provides protection against spam scripts that do not attempt to resend messages. Important: Some legitimate email servers do not support greylisting on their own mail servers and may translate the temporary rejection as a permanent bounce and not deliver the email, which may lead to legitimate email being bounced. Therefore, you should be aware that enabling this feature may lead to some rejection of valid messages. 65 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide In order to use the GreyList Module, the Agent Enabled option must be selected. Ignored Addresses This option allows you to ignore an IP address or a range of IP addresses that would otherwise be rejected by the GreyList Module. To add an ignored address, enter the IP address or range of IP addresses in the Ignored Addresses field, and then click Add. To edit an existing ignored address, highlight the address in the list box, and click Advanced Edit. To delete an ignored address from the list, highlight the address in the list box, and click Remove. Greylisting Options By default, greylisting support is disabled in Netmail Secure. You can still make changes to these settings at any time by choosing SMTP Modules > GreyList. Delay: Specify how long you want to delay the mail message before the originating server may try again. You can specify time intervals of 5, 15 or 30 minutes, or 1, 3, 6, 9, 12, or 24 hours. Incomplete Address Exchange Timeout: Specify how long you want to allow a specific IP address to be able to try resending mail messages before timing out. You can specify time intervals of 5, 15 or 30 minutes, or 1, 3, 6, 9, 12, or 24 hours. Allowed Addresses Timeout: Specify how long you want to keep allowed IP addresses in the cache before greylisting the address again, and thereby restarting the entire greylisting process. You can specify time intervals between 1 - 30 days, 180 days or 365 days. Limits Module The Limits Module allows you to limit the number of simultaneous SMTP connections made to your server on a system-wide basis or per source IP address. Netmail Secure comes pre-configured with default connection limits that should be suitable for most organizations. The Slow Connections Percentages and Blocked Connections Percentages are based on the number of times an infraction is committed by an IP address multiplied by 300 seconds. You can make changes to these default connection settings at any time by choosing SMTP Modules > Limits. 66 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide In order to use the Limits Module, the Agent Enabled option must be selected. Minimum Sample Size In the minimum sample size field, enter the minimum number of messages received through the system every 15 minutes before Netmail Secure begins slowing or blocking connections. For example, if you enter a minimum sample size of 30, and you specify that you want to start slowing connections when 50% of mail from a specific IP address is addressed to invalid recipients, then the system will start slowing connections after receiving 15 messages addressed to invalid recipients. Slow Connections Percentages This option allows you to specify what percentage of mail must be considered abuse before the system will begin slowing connections from the offending IP address. Specify limits for the following categories: Rejected Recipients Spam Virus Attachments Protocol Filter Blocked Connections Percentages This option allows you to specify what percentage of mail must be considered abuse before the system will begin blocking connections from the offending IP address. Specify limits for the following categories: 67 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Rejected Recipients Spam Virus Attachments Protocol Filter System-wide SMTP Connection Limits This option allows you to specify system-wide connection limits. These connection limits apply to all connections. Connection Limit: Specify the number of simultaneous connections to the server. Connections exceeding this limit will be blocked. Connection Rate Limit: Specify how many connections per second are allowed. Connections exceeding this limit will be blocked. Per IP Address SMTP Connection Limits This option allows you to specify connection limits for each IP address. Specify limits for the following categories: Connection Limit: Specify the maximum number of simultaneous connections to the server permitted from a single IP address. Connections exceeding this limit will be blocked. Connection Rate Limit: Specify how many connections per second per IP address are allowed. Connections exceeding this limit will be blocked. Message Rate Limit: Specify how many messages per second per IP address are allowed. Messages exceeding this limit will be blocked. Bounce Rate Limit: Specify how many messages per second per IP address are allowed to bounce. Messages exceeding this limit will be blocked. Unlimited Addresses This option allows you to enter IP addresses for which no limits are applied. To add an address, enter the IP address in the Unlimited Addresses field, then click Add. Enter one IP address per line, such as 192.168.1.123. To edit an existing address, highlight the address in the list box, and click Advanced Edit. To delete an address from the list, highlight the address in the list box, and click Remove. Important: As of Netmail Secure build 5.1.1, Limits modules between Secure nodes now use port 26 for internal communications. Previous versions use port 25. Lists Module The Lists Module feature allows you to configure IP address ranges that will always be designated as Blocked Hosts and Allowed Hosts by the SMTP Modules at the protocol level. Addresses entered under the Lists Module only apply to the SMTP Modules. 68 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide To enable the Lists Module, select the Agent Enabled option. Blocked Hosts This option restricts access to the Netmail Secure server. If enabled, Netmail Secure refuses connections from any mail host with an IP address specified in the Blocked Hosts list. Using the available fields, create a custom list of blocked IP address ranges. Listing ranges of registered IP addresses blocks specific external hosts from sending mail to or relaying mail through your server. To add a blocked host, enter an IP address or a range of IP addresses in the Blocked Hosts field, and then click Add. Enter one blocked host per line, such as 192.168.1.123-192.168.1.150. To edit an existing blocked host, highlight the blocked host in the list box, and click Advanced Edit. To delete a blocked host from the list, highlight the blocked host in the list box, and click Remove. Allowed Hosts This option allows an Administrator-specified list of IP addresses which automatically bypass reverse DNS lookup and RBL lookup. Netmail Secure ensures connections from any mail hosts with an IP address specified in the Allowed Hosts list bypass these security checks. Using the available fields, create a custom list of allowed IP address ranges. List individual or ranges of registered IP addresses to increase the efficiency for specific hosts to send mail to or relay mail through your server. To add an allowed host, enter an IP address or a range of IP addresses in the Allowed Hosts field, then click Add. Enter one allowed host per line, such as 192.163.1.123-192.168.1.150. To edit an existing allowed host, highlight the allowed host in the list box, and click Advanced Edit. To delete an allowed host from the list, highlight the allowed host in the list box, and click Remove. Note: Allowed Hosts do not bypass any addresses specified on the Netmail Limits Module. NSRL Module The NSRL (Name Server Reputation List) Module is an SMTP module that blocks messages at the connection and content levels. NSRL identifies authoritative DNS servers known to host malicious domains. NSRL will stop malicious email connections at the gateway by rejecting domains found in MAIL FROM, HELO and PTR that are served by authoritative name servers listed on the NSRL. It will also scan message bodies for domains with authoritative name servers listed on the NSRL to protect users from messages with malicious URIs leading to phishing & malware. Ultimately NSRL tracks back unwanted content to very root of where it comes from. Having identified these malicious authoritative DNS servers Netmail Secure strikes back & blocks "hackers" efficiently & effectively at the very connection of SMTP, saving processing cycles & bandwidth. NSRL engages mail flow within the SMTP protocol, just as RBLs do. The NSRL Module has no impact on Domains. 69 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide In order to use the NSRL Module, the Agent Enabled option must be selected. If you enable this agent, it will be enabled system wide whether the agent is to be used for SMTP connections or not. Protocol Filter Module The Protocol Filter Module allows system administrators to fine tune the available security features. By using the available Netmail Secure security tools, you can achieve high security of your email infrastructure without limitations on its flexibility and functionality. Some security features of Netmail Secure can be quite processor-intensive. For example, Netmail Secure provides very high levels of anti-spam detection which can sometimes result in higher false positives for certain organizations. Adjust your settings accordingly to achieve acceptable levels. Before experimenting with the security features of Netmail Secure, it is strongly recommended that you familiarize yourself with Simple Mail Transport Protocol (SMTP), which is at the heart of anti-spam security. To learn more about SMTP, visit: http://www.ietf.org/rfc/rfc2821.txt & http:// www.ietf.org/rfc/rfc1123.txt. In order to use the Protocol Filter, this agent must be enabled by selecting the Agent Enabled option. The Protocol Filter is enabled by default. Using the Protocol Filter, you can create protocol filters to block email messages based on message and/or envelope header information. Ignored Addresses 70 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide This option allows you to ignore an IP address or a range of IP addresses that would otherwise be blocked by the Protocol Filter Module. To add an ignored address, enter the IP address or range of IP addresses in the Ignored Addresses field, and then click Add. To edit an existing ignored address, highlight the address in the list box, and click Advanced Edit. To delete an ignored address from the list, highlight the address in the list box, and click Remove. Forbidden Header Fields This option allows you to configure Netmail Secure to block email messages based on the message header information. In the available fields, you can specify a list of text strings (including wildcards) that represent the header content you wish to reject. Netmail Secure will scan down the filter file until it has either parsed all the strings or found a cause to reject the email message. It is a good practice to include wildcards at the beginning and end of your text strings, for example, *money fast*. Spammers often include random characters before and after the subject line to trick and bypass anti-spam filters. The header fields available to filter on include: Video: How to Block Foreign Language Spam with the Protocol Filter Module Received Subject From To CC Reply To X-Sender Custom Forbidden Envelope Fields This option allows you to configure Netmail Secure to reject mail messages that do not contain the proper email address format in either of the following envelope fields: Mail From Rcpt To Custom Tip: If you have multiple forbidden header or envelope fields and want to delete a field, use the dropdown menu of the field you want to delete, and select Remove. RBL Module The RBL Module feature allows you to perform lookups on the Real-Time Blacklist (RBL) to verify if the sender of an email message is blacklisted. An RBL is a list of IP addresses of spam sources. Netmail Secure verifies incoming mail against these RBLs. If a sender is listed on an RBL that Netmail Secure uses to perform lookups, then the sender will be prevented from sending email to your server. 71 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Both RBL/DNSRL checks and Reverse DNS look-up use DNS to resolve the addresses (either using your own DNS or the blacklisting group’s DNS server). This means that if you handle a large quantity of mail traffic, this can generate a large number of DNS resolutions which can slow down the processing of inbound SMTP traffic. To obtain additional RBL servers, visit http://www.declude.com/junkmail/support/ip4r.htm. Please note that this website has no affiliation to Messaging Architects nor does Messaging Architects have any control over the content of this website. Note: Both RBL and DNS services are included on all Netmail Secure appliances. To perform lookups on the Real-Time Blacklist (RBL), this module must be enabled. Perform Recursive Lookups This option allows you to perform recursive lookups on the Real-Time Blacklist (RBL) to verify if the sending server of an email message is blacklisted. In some instances, spammers use open proxies and open relays through which to send email. Recursive lookups traces the email message back to the original server to verify if the sending server is blacklisted. RBL Zones To add an RBL zone, enter the IP address or host name of the RBL list server in the RBL Zones field, then click Add. Enter one IP address or host name per line, such as 192.168.1.123 or xbl.spamcop.net. To edit an existing RBL zone, highlight the RBL zone in the list box, and click Adv anced Edit. To delete a RBL zone from the list, highlight the RBL zone in the list box, and click Remove. Ignored Addresses This option allows you to ignore an IP address or a range of IP addresses that would otherwise be flagged as spam by the RBL Module. To add an ignored address, enter the IP address or range of IP addresses in the Ignored Addresses field, and then click Add. To edit an existing ignored address, highlight the address in the list box, and click Advanced Edit. To delete an ignored address from the list, highlight the address in the list box, and click Remove. Use Spamhaus In an effort to mitigate the rising number of unsolicited bulk and commercial email messages (spam) on the Internet, Messaging Architects subscribes to sbl-xbl.messagingarchitects.com. This zone is the combination of all Spamhaus DNSRLs into one single powerful and 72 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide comprehensive blocklist. It is a realtime database of IP addresses of verified spam sources and spam operations (including spammers, spam gangs and spam support services), maintained by the Spamhaus Project team and supplied as a free option in Netmail Secure to help system administrators better manage incoming email streams. By default, the Use Spamhaus option is enabled on Netmail Secure. Messaging Architects recommends that you keep this option enabled. You can, however, manually enable or disable individual Spamhaus realtime spam-blocking databases in the Spamhaus Block List (SBL). The following Spamhaus databases can be enabled or disabled: SBL (Spamhaus Block List): Contains IP addresses from which Spamhaus does not recommend accepting email. CSS (Composite Snowshoe): Contains IP addresses that are emitting snowshoe spam. Snowshoe spamming spreads spam output across many IPs and domains thus “spreading its weight” so it does not trigger automated filters. Snowshoe spam is particularly tricky, because it appears to come from seemingly legitimate, uncompromised IP addresses. XBL (Exploits Block List): Contains IP addresses of hijacked PCs infected by illegal third-party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits. PBL (Policy Block Lists): Contains end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer’s use. Click Save Changes to save your changes. RDNS Module The RDNS Module feature allows you to perform forward-confirmed reverse DNS (FCrDNS) lookups. When receiving messages from an external mail server, the SMTP Modules verify that the host’s IP address has forward (name-to-address) and reverse (address-to-name) DNS entries that match each other. If they do not match, the connection is refused. With FCrDNS, a reverse DNS lookup (PTR query) is first performed on the IP address. Then, for each domain name returned in the PTR query results, a forward DNS lookup (type A) is performed on that domain name. Finally, any A record returned by the second query is compared against the original IP address, and if there is a match, the FCrDNS check passes. In other words, if Netmail Secure resolves the IP address of a specific mail server to mail.yourdomain.com, and it resolves mail.yourdomain.com to the same IP address of that specific mail server, then the CFrDNS check is successful. In many instances, spammers use open proxies, open relays, or spam directly from IP addresses that do not have valid reverse PTR records defined. The RDNS module allows Netmail Secure to block these spammers. Warning: Unfortunately, there are large numbers of valid mail servers on the Internet which do not have RDNS properly configured on their own mail servers. Therefore, you should be aware that enabling this feature may lead to some rejection of valid messages. However, spam has become such a problem that even very large mail service providers have begun using RDNS lookups to prevent spammers from hitting them. 73 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide In order to perform forward-confirmed reverse DNS lookups, the Agent Enabled option must be selected. Ignored Addresses This option allows you to ignore an IP address or a range of IP addresses that would otherwise be verified by the RDNS Module. To add an ignored address, enter the IP address or range of IP addresses in the Ignored Addresses field, and then click Add. To edit an existing ignored address, highlight the address in the list box, and click Advanced Edit. To delete an ignored address from the list, highlight the address in the list box, and click Remove. SPF Module Sender Policy Framework (SPF) is an initiative aimed at preventing address spoofing which is often used by spammers or virus writers. When enabled, it verifies the SPF records in DNS of the alleged sender to establish whether the IP address of the sending host is an authorized email sender for that domain. If it is not, then the email is rejected; if it is, then the email is accepted. Unlike RDNS, the SPF method does not assume the message is being spoofed if it does not find an SPF record in the DNS for that domain. Therefore, SPF is not a restrictive checking method and does not generate a high number of false positives. Adding SPF records to your DNS assists other mail servers that have SPF checking enabled to validate your sending domain, therefore preventing other individuals from spoofing your email addresses. It is, therefore, in your best interest to ensure that your SPF records are maintained in the DNS and to encourage your clients, suppliers, and other organizations that you communicate with to do the same. SPF support only works for those domains that put SPF definitions in their DNS. For more information on this initiative, visit http://www.openspf.org. In order to use the SPF Module, the Agent Enabled option must be selected. Ignored Addresses This option allows you to ignore an IP address or a range of IP addresses that would otherwise be flagged as spam by the SPF Module. To add an ignored address, enter the IP address or range of IP addresses in the Ignored Addresses field, and then click Add. To edit an existing ignored address, highlight the address in the list box, and click Advanced Edit. To delete an ignored address from the list, highlight the address in the list box, and click Remove. 74 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Policy Planning, Configuration and Management The web-based Netmail Administration Console enables organizations to plan, configure and implement corporate-wide email security policies to protect their messaging and collaboration systems. Policies created using the Netmail Administration Console contain settings which are then applied to selected domains, groups or users. Netmail Secure supports an unlimited number of policies that enable system administrators to apply unique email security rules at three different levels: per domain, per group or per user. These email security policies are run as a server-side process that is transparent to end users. This chapter provides instructions on how to create policies to suit the needs of your individual organization. Basic sample policies are included throughout the guide. For step-by-step instructions on how to create customized policies to meet specific criteria, see "Custom Policies". In this section: Policy Overview Alias Policy Configuration and Management Anti-Spam Policy Configuration and Management Anti-Virus Policy Configuration and Management Attachment Blocking Policy Configuration and Management Content Filter Policy Configuration and Management Executive Reports Lists Policy Configuration and Management Mail Route Outbound Limits Policy Configuration and Management Policy Overview Netmail Secure includes several custom policies to help system administrators get started as soon as possible. The custom policies are available in the Netmail Administration Console and are provided to you as recommended best practices. You can use these policies to begin controlling inbound and outbound email immediately, or you create new customized policies to better suit the epolicy requirements of your organization. Policy objects are displayed on the right-hand side of the Netmail Administration Console under the Policies category. To view detailed criteria assigned to these custom policies, click the name of the policy to open it. Netmail Secure also includes several pre-created custom policies available in the Netmail Administration Console under Policy Templates. For example, a Policy Template entitled Profanity has been created for you under the Content Filter category. This policy looks for offensive words within the body of email messages and then performs the associated action on the message. Important: Keep in mind that the names of policies and their associated actions created in the Netmail Administration Console may appear to end users in the Quarantine application under Preferences. Therefore, it is important to create policies and actions that are easy to interpret, such as Tag Subject and Deliver Message. 75 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide There are several categories of email security policies that you can create. Within each category, the number of policies you can create is limitless. The categories of policies include: Anti-Spam Anti-Virus Attachment Blocking Content Filter Executive Reports Lists Mail Route Notifications Outbound Limits Quarantine Actions Quarantine Management Quarantine Reports To start using Netmail Secure, you must create, apply, and deploy policies. If you want to get your system up and running right away, the pre-created Policy Templates may be used. The following sections describe how to create and configure custom policies with Netmail Secure through the Netmail Administration Console. Alias Policy Configuration and Management Netmail Secure’s Alias policy allows administrators to specify email aliases for their users. When an email is sent to a user’s email alias, the message is simply forwarded to the user’s actual email account. Email aliases are often used to conveniently replace long or hard-to-remember email addresses. Alias policies can be applied to entire domains, groups, or individual users. From the Netmail Administration Console, choose Policies > Aliases to create your Alias policy. By default, the Details tab is displayed. Click Cr eate Alias Policy, enter a name for your new Alias policy, and then click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Alias policy you have just created to configure it. 76 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Allowed Patterns Allowed Patterns features a number of different email aliases that can be selected and used for forwarding mail to end user mailboxes. The available aliases are made up of different combinations of a user’s first name, last name, and initials. Select the email alias(es) you want to include in your Alias policy. When you are done, click Save Changes. To delete an existing Alias policy, simply select the name of the policy in the tree menu, and click Delete <Policy Name> Policy. Anti-Spam Policy Configuration and Management Anti-Spam policies can be configured to deliver the message to a mailbox, append a line of text to the subject line of the message and deliver it, add X-Spam header line and deliver it, delete the message or send the message to quarantine. System administrators call also choose to notify a designated individual about a violation in epolicy without notifying the sender of the message. From the Netmail Administration Console, choose Policies > Anti Spam to create your Anti-Spam policy. By default, the Default tab is displayed. Click Create Anti Spam Policy, enter a name for your new Anti-Spam policy, and then click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Anti-Spam policy you have just created to configure it. By default, the Actions tab is displayed. 77 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Actions The Actions tab allows you to specify what you want to do when a message containing spam is detected by Netmail Secure. The following Messa ge Actions are available: Deliver to Mailbox This option delivers the message containing spam to the recipient’s mailbox. Tag Subject & Deliver to Mailbox This option adds custom text to the subject line and delivers the message containing spam to the recipient’s mailbox. Tip: The Tag Subject & Deliver to Mailbox option can be used in conjunction with your mail client by creating a rule to act on messages tagged with a specific subject line. For example, create an automatic sorting rule in your mail client to move all incoming mail tagged with a “Spam” subject line to a “Junk” folder. Add X-Spam Header Line & Deliver to Mailbox This option modifies the Mime header of the message with an X-Spam Header line and delivers the message containing spam to the recipient’s mailbox. Tip: If supported by your mail client, the Add X-Spam Header Line & Deliver to Mailbox option can also be used in conjunction with your mail client by creating a rule to flag messages for handling by the mail client’s Junk Mail Handling feature if messages contain X-Spam Headers. Delete the Message This option deletes the message containing the spam. Send to Quarantine This option sends the message to the recipient’s quarantine for review and deletion. BCC to 78 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide The BCC to option will send a blind carbon copy of the message, including the attachment, to the address specified in organizations where a full digest of all received mail is required by a specific individual or department. Allow Delivery Status Notifications This option will send a delivery status notification to the sender if the recipient’s email server is unavailable. This option also allows Read Receipts if enabled on the recipient’s email client. Criteria The Criteria tab allows organizations to finetune their blocking rules to address the unique requirements of their business and industry. This allows pharmaceutical companies, for example, to set up different rules than financial institutions for defining what is legitimate email versus what is not. Up to 19 different scanning categories can be set up to handle exceptions. By default, all scanning categories are set to Normal, which represents 90 on the Global Spam Sensitivity scale, but you can change this setting to a Less Sensitive setting or Disable it for any category at any time. Use the Global Spam Sensitivity slider to adjust Netmail Secure’s sensitivity to spam globally for all categories. The Global Spam Sensitivity scale can be set for the following scanning categories: URL Stocks Porn Drugs Loans Degrees Software Dating Free Stuff Adv Free Fraud Marketing Lottery Internet Business IP Reputation URL Reputation Email Obfuscation Image Spam Phishing Bulk Spam Note: If you lower the Global Spam Sensitivity scale to below 80, you may increase the number of false positives. 79 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Netmail Anti-Spam Agent The Netmail Secure Anti-Spam Agent integrates with the XCFSpam1, XCFSpam2, XCFSpam4, and XCFSURBL engines to perform high quality spam scanning on all messages handled by Netmail Secure. This allows you to scan all inbound and outbound messages travelling through your Netmail Secure server for spam. Enabled by default, the anti-spam engines provide enterprise-class organizations with the exact level of protection required. The Netmail Secure anti-spam engines use multiple technologies to achieve high quality anti-spam filtering and improved catch rates as well as perform advanced metrics analysis on email messages to first determine the presence of spam content and then to filter and categorize it. The engines use broad categories based on the type of content and are also capable of performing scanning on multilingual text. From the Netmail Administration Console, you can then determine the course of action taken by Netmail Secure when spam is detected by creating intelligent Anti-Spam policies. From the Netmail Administration Console, choose Clusters > <Cluster Name> > Agents > Anti Spam to configure the Netmail Anti-Spam Agent. By default, the Configuration tab is displayed. Configuration The Configuration tab allows you to apply basic configuration changes to the Netmail Anti-Spam Agent. Status The Netmail Anti-Spam Agent should be Enabled at all times. Disabling the agent prevents the Netmail Secure server from launching the Netmail Anti-Spam Agent. Proxy This option lets you configure whether your Netmail Secure server requires a proxy to gain access to anti-spam updates. If your Netmail Secure server does not have direct FTP- and HTTP-based Internet Access, then you must select Use Proxy when updating definitions in order to access anti-spam updates from Messaging Architects. For more information about configuring Proxy Access, see “Details”. 80 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Note: If you wish to manually update your XCFSpam1 virus definition immediately, log in to the operating system via SSH (Secure Socket Shell) by opening an SSH client. Open a terminal window as the admin user, and when prompted enter your pas sword. At the prompt, enter the following command: /opt/ma/netmail/var/netmail/work/mantispam/xcfspam1/updatespam_xcfspa m1_data XCFSpam1 The XCFSpam1 engine is designed as a large-scale learning system where human and autonomous machine elements collaborate to produce and refine the filtering rules. Note: The XCFSpam1 engine sends connection information regarding catch rates and the IP addresses from which is receives email back to Messaging Architects’ servers over SMTP. This feature helps track the reputation service of XCFSpam1. XCFSpam2 The XCFSpam2 engine uses Advanced Pattern Detection, which is based on the mass distribution of malware over the Internet. It detects and blocks spam in any language and is highly effective against image-based spam and PDF spam. XCF Spam4 The XCFSpam4 engine complements our other spam engines. It utilizes more than one million reputation queries, pattern matches or rules to identify spam with an incredibly high accuracy rate, and a near-zero false positive rate. XCFSURBL The XCFSURBL spam engine uses SURBLs to help identify unsolicited messages. SURBLs are lists of URIs that have appeared in unsolicited messages. SURBLs search the message body of incoming mail for similar sites to help check whether the messages are unsolicited. This is similar to how RBLs function, only RBLs check IP addresses rather than URIs. Used as a second-stage filter, SURBLs help identify a large majority of difficult, remaining unsolicited messages that were not filtered out in a first-stage filter. For more information about SURBLs, visit http:// www.surbl.org/. To enable the XCFSURBL spam engine, select Use the XCFSURBL Engine. You also have the option of enabling or disabling the following specific lists used by SURBLs: sc.surbl.org: SpamCop websites ws.surbl.org: sa-blacklist websites ob.surbl.org: Outblaze URI blacklist ab.surbl.org: AbuseButler websites XCFNSRL Select Use the NSRL Engine if you want to enable the NSRL Engine. DBL The DBL (Domain Block List) is a real-time database of domains that are found in spam messages. It can be used to help identify, filter, and manage spam that contains DBL-listed domains. The DBL is both a domain URI Blocklist and RHSBL. It can be used for both message body URI checks and for connection checks at the SMTP level and header domain checks and other checks involving domains. Select DBL Enabled if you want enable the Domain Block List. DBL Zones This option allows you to add your own DBL zones that you want flagged by Netmail Secure. Advanced The Advanced tab allows you to apply advanced configuration changes to the Netmail Anti Spam Agent. 81 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Large Messages This option allows you to specify a maximum size for large messages in KB. You can then determine the course of action taken by Netmail Secure when a message over the maximum allowable size is detected by the Netmail Anti-Spam Agent. Deliver to Mailbox: This option delivers the message over the maximum allowable size to the recipient’s mailbox. Tag Subject & Deliver to Mailbox: This option adds custom text to the subject line and delivers the message to the recipient’s mailbox. Apply User Policy: This option applies the domain, group, or user-level policy to large messages. Send to Quarantine: This option sends the message to the recipient’s Quarantine for review and deletion. BCC to: The BCC to option will send a blind carbon copy of the message, including the attachment, to the address specified in organizations where a full digest of all received mail is required by a specific individual or department. Advanced Settings The following advanced options are available to you: Do not allow whitelisted senders to bypass this scan engine: When enabled, this option prevents senders who appear on your custom Allowed Hosts from bypassing the anti-spam engine. Tip: You can create custom lists of IP addresses that will always be designated as trusted or blocked addresses by choosing Co nnection Manager > Lists Module in the Netmail Administration Console. Use the available fields to create custom lists of Blocked and Allowed Hosts. Parse HTML Messages: When enabled, the spam engine rasterizes and extracts URIs from HTML-based messages. The Diagnostics: Enable Reference ID and Diagnostics: Enable X-Tag options are troubleshooting tools. They should only be selected if Support has approved so. Click Save Changes to save your changes. Anti-Virus Policy Configuration and Management Anti-Virus policies apply to any message which is flagged as containing a virus. Anti-Virus policies can be configured to deliver the message to a mailbox, append a line of text to the subject line of the message, delete the message, clean the message or send the message to quarantine. System administrators can also choose to notify a designated individual when a policy action is triggered, with or without notifying the sender 82 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide and/or recipient of the message by configuring an Anti-Virus policies in conjunction with a Notifications policy. This section provides step-by-step instructions on how to create an Anti-Virus policy. If you have already created your Anti-Virus policy or are using a custom policy, then see “Configuring Domains, Groups and Users” to learn how to apply policies and overrides to different levels: per domain, per group or per user. Warning: Messaging Architects does not recommend granting Anti-Virus policy overrides to end users. From the Netmail Administration Console, choose Policies > Anti Virus to create your Anti-Virus policy. By default, the Default tab is displayed. Click Create Anti Virus Policy, enter a name for your new Anti-Virus policy, and then click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Anti-Virus policy you have just created to configure it. By default, the Actions tab is displayed. Action From the list of available Message Actions, specify what you want to do when a message containing a virus is detected by Netmail Secure. Deliver to Mailbox This option delivers the message containing the virus to the recipient’s mailbox. Tag Subject & Deliver to Mailbox This option appends custom text to the subject line and delivers the message containing the virus to the recipient’s mailbox. Warning: If you choose to enable this option, messages containing viruses may be delivered to recipients, unless blocked by another policy. Messaging Architects strongly recommends that you do not create an Anti-Virus policy using these options. Delete the Message This option deletes the message containing the virus. Send to Quarantine This option sends the message to the recipient’s quarantine for review and deletion. This option allows the recipient to review the message in the quarantine. 83 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Warning: If you choose to enable this option, messages containing viruses may be delivered to the quarantine, unless blocked by another policy. Messaging Architects strongly recommends that you do not create an Anti-Virus policy using this option. BCC to The BCC to option will send a blind carbon copy of the message, including a copy of the virus, to the address specified in organizations where a full digest of all received mail is required by a specific individual or department. Send Notification This option allows you to choose a Notification policy. Notification policies can be configured to automatically send email notifications to recipients, senders and/or administrators when messages containing blocked file content or attachments, viruses or spam are detected in the system. Notification Policies are created by choosing Policies > Notifications. For more information, see “Notifications”. Allow Delivery Status Notifications This option will send a delivery status notification to the sender if the recipient’s email server is unavailable. This option also allows Read Receipts if enabled on the recipient’s email client. Sample Anti-Virus Policy This policy ensures that email messages containing viruses are not delivered to end user mailboxes. 1. Choose Policies > Anti Virus > Create Anti Virus Policy. 2. Enter a name for your policy, such as Delete, and then click Create. 3. Select your new Delete policy from the list of policies that appear on the left-hand side of the Netmail Administration Console. 4. Under Action, select Delete the Message. This option deletes the message containing the virus. 5. Click Save Changes to save your policy. 6. Select Domains. Highlight the name of your domain. The Policies tab is displayed by default. 7. Under Policies in Effect, click Assign Policy. 8. In the window that appears, select Virus as the policy Type, select Incoming as the Direction, and select the name of the Policy you have just created. 9. To apply the policy to all users in the organization, do not select Allow this policy to be overridden. 10. Click Assign to assign your Anti-Virus policy to the domain. Netmail Anti-Virus Agent The Netmail Anti-Virus Agent integrates with multiple engines to perform virus scanning on all messages handled by Netmail Secure. This allows you to scan all inbound and outbound messages travelling through your Netmail Secure server for viruses. From the Netmail Administration Console, you can then determine the course of action taken by Netmail Secure when a virus is detected by creating intelligent Anti-Virus policies. From the Netmail Administration Console, choose Clusters > <Cluster Name> > Agents > Anti Virus to configure the Netmail Anti-Virus Agent. By default, the Configuration tab is displayed. 84 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Configuration The Details tab allows you to apply basic configuration changes to the Netmail Anti-Virus Agent. Status The Netmail Anti-Virus Agent should be Enabled at all times. Disabling the agent prevents the Netmail Secure server from launching the Netmail Anti-Virus Agent. Options The Scan Compressed Files option allows you to select that messages with zipped file attachments will also be scanned for viruses. If your Netmail Secure server does not have direct FTP- and HTTP-based Internet Access, then you must select Use Proxy when updating definitions in order to access anti-virus updates from Messaging Architects. For more information about configuring Proxy Access, see “Details”. Note: If you wish to manually update your virus definitions immediately, log in to the operating system via SSH (Secure Socket Shell) by opening an SSH client. Open a terminal window as the admin user, and when prompted enter your password. Dependin g on your selected Anti-Virus Engine, at the prompt, enter one of the following commands: Eset:/opt/ma/netmail/var/netmail/work/mantivirus/xcfantivirus1/updatevirus_xcfantivirus1_data McAfee:/opt/ma/netmail/var/netmail/work/mantivirus/xcfantivirus2/updatevirus_xcfantivirus2_data Zero Hour AV:/opt/ma/netmail/var/netmail/work/mantivirus/xcfantivirus3/updatevirus_xcfantivirus3_data Engines Use the XCFAntiVirus1 Engine: Select this option if you want to enable the Eset anti-virus engine. This anti-virus engine should be enabled at all times. Use the XCFAntiVirus3 Engine: Select this option if you want to enable the Zero Hour AV engine. This anti-virus engine adds an additional security layer to Netmail Secure to identify viruses in real time based on their unique distribution patterns without the need to update virus signatures. The Zero Hour AV engine should be enabled at all times. Cache This Number of Entries field lets you specify how many messages containing viruses you want to keep in the cache before they are removed and for how long. When an identical copy of the message arrives, Netmail Secure will treat the message in the exact same way as the original. If 85 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide the message contains a virus, it will identified as such without requiring the anti-virus engine to run. The Minutes field allows you to specify how long you want messages containing viruses to remain in the cache. Enter the time frame in minutes. For example, if you want messages to remain in the cache for 2 hours, enter 120 minutes in the field. Advanced The Advanced tab allows you to apply advanced configuration settings to the Netmail Anti-Virus Agent. Large Messages This option allows you to specify a maximum size for large messages in MB. You can then determine the specific course of action taken by Netmail Secure when a message over the maximum allowable size is detected by the Netmail Anti-Virus Agent. Deliver to Mailbox: This option delivers the message over the maximum allowable size to the recipient’s mailbox. Tag Subject & Deliver to Mailbox: This option adds custom text to the subject line and delivers the message to the recipient’s mailbox. Apply User Policy: This option applies the domain, group, or user-level policy to large messages. Send to Quarantine: This option sends the message to the recipient’s Quarantine for review and deletion. Return Message to Sender: This option returns the message over the maximum allowable size to the sender. BCC to: The BCC to option will send a blind carbon copy of the message, including the attachment, to the address specified in organizations where a full digest of all received mail is required by a specific individual or department. 86 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Compressed Archives This option allows you to specify how many scanning levels deep you wish to apply to files that have been recursively zipped. Note: Enabling this option slows down processing because a file that has been zipped an inordinate number of times will take longer to scan. Password Protected Archives This option allows you to specify the course of action taken by Netmail Secure when a message containing a password-protected zipped attachment is detected. Deliver to Mailbox: This option delivers the message to the recipient’s mailbox. Tag Subject & Deliver to Mailbox: This option adds custom text to the subject line and delivers the message to the recipient’s mailbox. Apply User Policy: This option applies the domain, group, or user-level policy to password-protected attachments. Send to Quarantine: This option sends the message to the recipient’s Quarantine for review and deletion. Return Message to Sender: This option returns the message to the sender. BCC to: This option will send a blind carbon copy of the message, including the attachment, to the address specified in organizations where a full digest of all received mail is required by a specific individual or department. Unscannable Messages This option allows you to specify the course of action taken by Netmail Secure when an unscannable message is detected. An unscannable message may be a fragmented file, a file that has been tampered with or a file that was created on an unrecognizable operating system. Deliver to Mailbox: This option delivers the unscannable message to the recipient’s mailbox. Tag Subject & Deliver to Mailbox: This option adds custom text to the subject line and delivers the message to the recipient’s mailbox. Apply User Policy: This option applies the domain, group, or user-level policy to unscannable messages. Send to Quarantine: This option sends the message to the recipient’s Quarantine for review and deletion. Return Message to Sender: This option returns the message to the sender. BCC to: The BCC to option will send a blind carbon copy of the message, including the attachment, to the address specified in organizations where a full digest of all received mail is required by a specific individual or department. Attachment Blocking Policy Configuration and Management The Attachment Blocking feature of Netmail Secure allows system administrators to configure policies to block attachments by filename or Mime type, preventing new types of viruses or unwanted email from entering the messaging and collaboration system. Typically, an organization implements an Attachment Blocking policy because attachments are at a higher risk of containing viruses and can be blocked regardless of whether the anti-virus pattern file is capable of detecting a virus. This speeds up the processing as files can be blocked strictly on their attachment content without Netmail Secure having to scan them. You may also want to implement separate policies for different categories of attachments. For example, you may want to create an audio attachment blocking policy that prevents all attachments with *.mp3, *.wav, and *.wma file extensions from entering the system. Attachment Blocking policies can be configured to deliver the message to a mailbox, append a line of text to the subject line of the message, delete the message, strip the attachment from the message or send the message to quarantine. System administrators can also choose to notify a designated individual about a violation in epolicy without notifying the sender of the message. Attachment Blocking policies can also be configured in conjunction with a Notifications policy. This section provides step-by-step instructions on how to create an Attachment Blocking policy. If you have already created your Attachment Blocking policy or are using a custom policy, then see "Configuring Domains, Groups and Users" to learn how to apply policies and overrides to different levels: per domain, per group or per user. Attachment Blocking policies should address your organization’s needs and regulations with respect to content and email. Several custom Attachment Blocking policies have been created and included with Netmail Secure. These custom policies address a wide variety of known attachment types and are grouped in to easily selectable policy categories such as Executables and Scripts, Audio and Disk Images. The custom policies are located under Policies > Attachment Blocking and are included to provide protection from known dangerous attachment types. From the Netmail Administration Console, choose Policies > Attachment Blocking to create your Attachment Blocking policy. By default, the De 87 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide tails tab is displayed. Click Create Attachment Policy, enter a name for your new Attachment Blocking policy, and then click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Attachment Blocking policy you have just created to configure it. By default, the Actions tab is displayed. Actions The Details tab allows you to specify basic configuration details for your Attachment Blocking policy. Enable Fingerprinting This option enables fingerprinting. Fingerprinting is a method by which the real attachment type of a specified file is detected without relying on its file extension. Viruses are often disguised as other file types. Fingerprinting prevents files from being sent through the system when their extension is renamed. This allows you to protect your messaging and collaboration system from viruses that use a known file format. For example, if fingerprinting is enabled and *.doc files are listed as blocked attachments, the attachment scanner will block all *.doc files even if the file is renamed suspicious_file.txt. Scan Compressed Files This option allows you to scan for blocked attachments within compressed files, so that zipped messages will be scanned for forbidden file attachments. Limit Total Message Size 88 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide This option allows you to limit the total message size. Attachment Size Limit This option allows you to specify an attachment size limit for incoming messages. You can select if you want the attachment size limit to be either less than or greater than a specified attachment size in MB. If the Limit Total Message Size option is selected, the attachment size limit will be applied to the total size of all attachments appended to a message (i.e., if you limit the size to 200 MB, all attachments added together cannot exceed 200 MB in size). If the Limit Total Message Size opt ion is not selected, the attachment size limit will be applied to the individual attachments (i.e., if you limit the size to 200 MB, each attachment can be up to 200 MB in size). Forbidden Filenames In the list box, enter the forbidden filename extensions you wish to include in your Attachment Blocking policy. Forbidden Mime Types In the list box, enter the forbidden Mime Types you wish to include in your Attachment Blocking policy. Mime Types are similar to file extensions, but more universally accepted. Mime Types are typically used to identify the type of information that a file contains. Here are some example of common Mime Types: Common File Extension text/html .html image/png .png image/jpeg .jpg audio/mpeg .mp3 application/x-executable .exe Action From the list of available Message Actions, specify what you want to do when a message containing a blocked attachment is detected by Netmail Secure. Deliver to Mailbox: This option delivers the message containing the blocked attachment to the recipient’s mailbox. Warning: If you choose to enable this option, messages containing blocked attachments may be delivered to recipients, unless blocked by another policy. Messaging Architects strongly recommends that you do not create an attachment blocking policy using this option. Tag Subject & Deliver to Mailbox: This option adds custom text to the subject line and delivers the message containing the blocked file attachment to the recipient’s mailbox. Warning: If you choose to enable this option, messages containing blocked attachments may be delivered to recipients, unless blocked by another policy. Messaging Architects strongly recommends that you do not create an attachment blocking policy using this option. Delete the Message: This option deletes the message containing the blocked attachment. Strip the Attachment: This option strips the message attachment from the email message before sending the rest of the message to the recipient without providing file information and links to the attachment. 89 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Store the Attachment for [x] days: This option copies the message attachment and stores the attachment on Netmail Store for the number of days specified before sending the rest of the message to the recipient. When the number of days specified is reached, Netmail Store deletes the attachment, thereby freeing up storage space. Strip and Store the Attachment for [x] days: This option strips the message attachment from the email message and stores the attachment on Netmail Store for the number of days specified before sending the rest of the message to the recipient including file information and links to the attachment within the body of the email. When the number of days specified is reached, Netmail Store deletes the attachment, thereby freeing up storage space. For more information, see "Custom Policies". Send to Quarantine: This option sends the message to your quarantine in the event that an email message containing a blocked attachment is detected in the system. Warning: If you choose to enable this option, messages containing blocked attachments may be delivered to quarantine. Messaging Architects strongly recommends that you do not create an attachment blocking policy using this option. BCC to: The BCC to option will send a blind carbon copy of the message, including the attachment, to the address specified in organizations where a full digest of all received mail is required by a specific individual or department. Send Notification: This option allows you to choose a Notification policy. Notification policies can be configured to automatically send email notifications to recipients, senders, and/or administrators when messages containing blocked file content or attachments, viruses, or spam are detected in the system. Notification Policies are created by choosing Policies > Notifications. For more information, see "N otifications". Allow Delivery Status Notifications: This option will send a delivery status notification to the sender if the recipient’s email server is unavailable. This option also allows Read Receipts if enabled on the recipient’s email client. Conflict Notification This option allows you to specify a email address to which a notification will be sent if a conflict prevents the policy from being applied. Exceptions The Exceptions tab allows you to apply exception rules to your Attachment Blocking policy. Bypass Keyword This option allows you to specify a keyword which, if included in a message’s subject heading, will allow the message to bypass the Attachment Blocking policy. Allowed Filenames 90 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide This option allows you to enter any filename extensions you wish to exclude from the Forbidden Filenames list. All messages containing filename extensions listed in the Allowed Filenames list box will bypass the Attachment Blocking policy. Allowed Mime Types This option allows you to enter any Mime Types you wish to exclude from the Forbidden Mime Types list. All messages containing Mime Types listed in the Allowed Mime Types list box will bypass the Attachment Blocking policy. Sample Attachment Blocking Policy The following Attachment Blocking policy can be created to ensure that file attachments with renamed extensions do not bypass the Attachment Blocking engine: 1. Choose Policies > Attachment Blocking > Create Attachment Policy. 2. Enter a name for your policy, and then click Create. 3. Select your new policy from the list of policies that appear on the left-hand side of the Netmail Administration Console. 4. Select Enable Fingerprinting. Fingerprinting prevents files from being sent through the system when their extension is renamed. This allows you to protect your messaging and collaboration system from viruses that use a known file format. For example, if fingerprinting is enabled and *.d oc files are listed as blocked attachments, the attachment scanner will block all *.doc files even if the file is renamed suspicious_file.txt. 5. Under Forbidden Filenames, enter the forbidden filenames you wish to include in your Attachment Blocking policy, such as *.doc. 6. Under Action, select Delete the Message. 7. Click Save Changes to save your policy. 8. Select Domains. Highlight the name of your domain. The Policies tab is displayed by default. 9. Under Policies in Effect, click Assign Policy. 10. In the window that appears, select Attachment as the policy Type, select either Incoming or Outcoming for the Direction, and select the name of the Policy you have just created. 11. To apply the policy to all users in the organization, do not select Allow this policy to be overridden. 12. Click Assign to assign your Attachment Blocking policy. Content Filter Policy Configuration and Management The Content Filter feature of Netmail Secure lets system administrators create custom filters and apply a corporate footer to outbound messages to enforce company-wide email usage policies by using specific keywords and regular expressions (RegEx). Netmail Secure supports the use of Regular Expression Searching (RegEx) which provides a way to search for advanced combinations of characters. Netmail Secure also uses Advanced Keyword Syntax for Deep Content Analysis. Content Filter policies can be configured to deliver the message to a mailbox, append a line of text to the subject line of the message, delete the message or send the message to quarantine. System administrators can also choose to notify a designated individual about a violation in epolicy without notifying the sender of the message. Content Filter policies can also be configured in conjunction with a Notifications policy. This section provides step-by-step instructions on how to create a Content Filter policy. If you have already created your Content Filter policy, then see "Configuring Domains, Groups and Users" to learn how to apply policies and overrides to different levels: per domain, per group or per user. The following table contains several RegEx examples: 91 Character Meaning Example ^ matches the start of a line ^the finds “the” at the beginning of a line $ matches the end of a line end$ finds “end” at the end of a line \ treats next character literally \$100 matches “$100,” not “100$” which is useful when the next character is reserved, such as % or ? [abc] indicates set of characters, one of which must be present sampl[ae] matches “sample” or “sampla,” but not “samplx” Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide [a-z] indicates a range of characters [a-z] matches any single lower-case letter [^a-z] indicates any character, except the ones in the bracketed range indicates any character, except the ones in the bracketed range .* indicates any character, except the ones in the bracketed range indicates any character, except the ones in the bracketed range .+ indicates 1 or more of something indicates 1 or more of something [a-z]+ indicates 1 or more of something indicates 1 or more of something The following table contains several Advanced Keyword Syntax examples: Character Meaning Example () groups rules or criteria together (account)(balance summary) matches all instances when the word "account" is followed by "balance" or "summary" {} exception group - used to group several individual exceptions {aa bb cc} can be used to replace !aa !bb !cc !{} exception - if !{n} is matched, the rule fails (credit)(card)[4](!{expiration}) matches "credit card" except if followed within 4 words by "expiration" % any numerical digit can occupy the corresponding position in the matched word % matches ‘7’, %%% matches ‘558’, etc. * specifies a match for zero or more occurrences of the preceding expression lo*t matches “lot”, “loot”, “looot”, “loooooot”, etc. Grouping Variables Wild Card Variables *aa* matches any token containing the substring ‘aa’ ? matches any single character ? matches ‘t’ or ‘3’, etc. ~ following a word, it uses the root value of that word and any other iteration or version as part of the rule (terminate~) matches “terminated”, “termination”, “terminator”, “terminating”, etc. Note: Do not insert spaces between the wild card indicators and the word to which they apply. Range Variables /S indicates the range is equal to a sentence /S(2010) matches ‘2010’ found within a sentence /P indicates the range is equal to a paragraph /P(salary) matches “salary” found within a paragraph /T indicates the range is equal to the entire text or message /T(present~) matches “present”, “presented”, “presenting”, etc. found within an entire text Note: If not specified, the default range is /S or within a sentence. Note: When creating rules and filters it is important to note that particular strings can be delimited either between "( )" or by placing them on separate lines within the filter rule itself. From the Netmail Administration Console, choose Policies > Content Filter to create your Content Filter policy. By default, the Default tab is displayed. Click Create Content Filter Policy, enter a name for your new Content Filter policy, and then click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Content Filter policy you have just created to configure it. By default, the Actions tab is displayed. 92 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Actions From the list of available Message Actions, specify what you want to do when a message is detected by Netmail Secure that violates the corporate email policy and contains content that should not be sent in an email is detected by Netmail Secure. Deliver to Mailbox This option delivers the message containing filtered content to the recipient’s mailbox. Tag Subject & Deliver to Mailbox This option adds custom text to the subject line and delivers the message containing filtered content to the recipient’s mailbox. Delete the Message This option deletes the message containing filtered content. Relay through Secure Route This option allows you to forward the message containing filtered content to a relay host, such as an encryption server. Send to Quarantine This option sends the message to the recipient’s quarantine for review and deletion. Return Message to Sender This option returns the message over the maximum allowable size to the sender. 93 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide BCC to The BCC to option will send a blind carbon copy of the message containing filtered content, to the address specified in organizations where a full digest of all received mail is required by a specific individual or department. Subject This option allows you to append a line of text to the subject line of the BCCed message. Send Notification This option allows you to choose a Notification policy. Notification policies can be configured to automatically send email notifications to recipients, senders, and/or administrators when messages containing filtered content or attachments, viruses, or spam are detected in the system. Notification Policies are created by choosing Policies > Notifications. For more information, see “Notifications”. Allow Delivery Status Notifications This option will send a delivery status notification to the sender if the recipient’s email server is unavailable. This option also allows Read Receipts if enabled on the recipient’s email client. Description This option allows you to add a description of the delivery result. Conflict Notification This option allows you to specify a email address to which a notification will be sent if a conflict prevents the policy from being applied. Criteria Ignore Messages The Ignore Messages option further enhances Netmail Secure’s performance by allowing organizations to create a Content Filter policy that will only act on messages which were not caught by the other scanning engines. From the list of available options, choose one or all of the following: Ignore Spam: Select this option if you want to ignore messages containing spam that were trapped by the scanning engines. Ignore Virus: Select this option if you want to ignore messages containing viruses that were trapped by the scanning engines. Ignore Blocked Attachment: Select this option if you want to ignore messages containing blocked attachments that were trapped by the scanning engines. Filter Values Under Filter Values, specify how you want message content to be filtered. Language: This option allows you to choose the language you want to filter. By default, the language is English, but you can choose other languages as well. In addition to English, Netmail Secure supports Chinese, Dutch, French, German, Italian, Japanese, and Spanish. Filter Type: This option allows you to select what type of content you would like to filter. In the textbox, enter specific keywords or regular expressions to search. Keywords: This option allows you to enter specific words or phrases to search for. For example, if you want to filter out email messages that contain objectionable content, enter those keywords in the list box. Header Keywords: This option allows you to enter header keywords to search for at the protocol level. For example, if you want to filter out email messages that contain certain words in the header fields, enter those keywords in the list box. Regular Expressions: This option allows you to enter regular expressions to search for. Filter Value: This option allows you to filter content by specific words or word variants. To add a new entry to the list, simply click inside the textbox and enter a filter value. Ensure that each filter value is entered on a new line. Non-Matching Messages From the list of available options, specify what you want to do if Netmail Secure finds a message that does not match the criteria entered above. 94 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide For example, if you want to create a Corporate policy to add a corporate footer to all outbound messages from your organization, leave the Filter Type and Value fields blank, select Footer and enter appropriate text in the list box. Footer: This option adds a footer to messages that do not match the content filter criteria specified above. Add Recipients: This option allows you to add recipients. Netmail Content Filter Agent The Netmail Content Filter Agent allows system administrators to use the advanced content filtering capabilities of Netmail Secure to address corporate epolicy, compliance and security. From the Netmail Administration Console, choose Clusters > <Cluster Name> > Agents > Content Filter to configure the Netmail Anti-Virus Agent. By default, the Details tab is displayed. 95 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Details The Netmail Content Filter Agent should be Enabled at all times. Disabling the agent prevents the Netmail Secure server from launching the Content Filter Agent. Advanced The Advanced tab allows you to apply advanced configuration changes to the Netmail Content Filter Agent. 96 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Large Messages This option allows you to specify a maximum size (in MB) for large messages in megabytes. You can then determine the specific course of action taken by Netmail Secure when a message over the maximum allowable size is detected by the Netmail Content Filter Agent. Netmail Secure’s Deep Content Analysis feature uses Open Office. Open Office is installed and running with Netmail Secure, so you can leave this option blank. Should you require a more powerful installation of Open Office, however, you can install Open Office on a more powerful server and point Netmail Secure to it. Deliver to Mailbox: This option delivers the message over the maximum allowable size to the recipient’s mailbox. Tag Subject & Deliver to Mailbox: This option adds custom text to the subject line and delivers the message to the recipient’s mailbox. Apply User Policy: This option applies the domain, group, or user-level policy to large messages. Send to Quarantine: This option sends the message to the recipient’s Quarantine for review and deletion. 97 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Return Message to Sender: This option returns the message over the maximum allowable size to the sender. BCC to: The BCC to option will send a blind carbon copy of the message, including the attachment, to the address specified in organizations where a full digest of all received mail is required by a specific individual or department. Tag Subject & Return Message to Sender: This option adds custom text to the subject line and returns the message to the sender. Deep Content Analysis This option allows you to filter messages and attachments using Netmail Secure’s Deep Content Analysis feature. Compressed Archives This option allows you to specify how many scanning levels deep you wish to apply to files that have been recursively zipped. Note: Enabling this option slows down processing because a file that has been zipped an inordinate number of times will take longer to scan. Password Protected Archives This option allows you to specify the course of action taken by Netmail Secure when a message containing a password-protected zipped attachment is detected. Deliver to Mailbox: This option delivers the message to the recipient’s mailbox. Tag Subject & Deliver to Mailbox: This option adds custom text to the subject line and delivers the message to the recipient’s mailbox. Apply User Policy: This option applies the domain, group, or user-level policy to password-protected attachments. Send to Quarantine: This option sends the message to the recipient’s Quarantine for review and deletion. Return Message to Sender: This option returns the message to the sender. BCC to: The BCC to option will send a blind carbon copy of the message, including the attachment, to the address specified in organizations where a full digest of all received mail is required by a specific individual or department. Tag Subject & Return Message to Sender: This option adds custom text to the subject line and returns the message to the sender. Unscannable Messages This option allows you to specify the course of action taken by Netmail Secure when an unscannable message is detected. An unscannable message may be a fragmented file, a file that has been tampered with or a file that was created on an unrecognizable operating system. Deliver to Mailbox: This option delivers the unscannable message to the recipient’s mailbox. Tag Subject & Deliver to Mailbox: This option adds custom text to the subject line and delivers the message to the recipient’s mailbox. Apply User Policy: This option applies the domain, group, or user-level policy to unscannable messages. Send to Quarantine: This option sends the message to the recipient’s Quarantine for review and deletion. Return Message to Sender: This option returns the message to the sender. BCC to: The BCC to option will send a blind carbon copy of the message, including the attachment, to the address specified in organizations where a full digest of all received mail is required by a specific individual or department. Tag Subject & Return Message to Sender: This option adds custom text to the subject line and returns the message to the sender. Executive Reports The Executive Reports feature of Netmail Secure allows you to create a policy that will automatically send customized executive reports containing event information to designated individuals inside your organization. The Executive Reports feature allows corporate executives to see how many email messages containing viruses, spam, blocked attachments, or other filtered email is being trapped by Netmail Secure, and how effective Netmail Secure is at protecting the organization’s messaging and collaboration system. Executive Reports provide tangible proof of Netmail Secure’s effectiveness. Single Day Executive Reports can be generated to report daily statistics for incoming and outgoing messages, a top 10 list of spam recipients and 98 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide a top 10 list of spam sender IP addresses. Multi-Day Executive Reports provide statistics for both incoming and outgoing messages, message queues, system usage information, and user quarantine actions for today and yesterday, and averages for the last 7 days and the last 30 days. Executive Reports can be customized with specific header information. You can also specify the type of information you want to include in the executive reports you send. This section provides step-by-step instructions on how to create an Executive Report policy. If you have already created your Executive Report policy or are using a custom policy, then see "Configuring Domains, Groups and Users" to learn how to apply policies and overrides to different levels: per domain, per group or per user. From the Netmail Administration Console, choose Policies > Executive Reports to create your Executive Reports policy. By default, the Details tab is displayed. Click Create Executive Report Policy, enter a name for your new Executive Report policy, and then click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Executive Report policy you have just created to configure it. By default, the Executive Report tab is displayed. 99 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Delivery When selected, the Deliver to local addresses only option sends notifications only to internal addresses within the organization. Header From the list of available header fields, specify what fields you want to include in the header of executive reports sent to designated individuals. Received: This option lets you specify the text string that will be used to display a list of mail servers that the message passed through before being delivered. Subject: This option lets you specify a text string that will be included in the Subject field of the message. From: This option lets you specify the display name and/or email address of the sender of the executive report, such as System Administrator or [email protected]. To: This option lets you specify the email address of the message recipient. CC: This option lets you specify the email address of the recipient to whom a carbon copy of the message was sent. Reply-To: This option lets you specify an email address where recipients of executive reports may reply to the message. X-Sender: Allows you to specify additional information about the sender of the email. Custom: This option lets you customize a header field included in executive reports. Remove: This option lets you remove an existing header field. Add new: This option lets you add a new header field. Message Use the available fields to customize the type of information you want to include in executive reports you want to send. You can specify whether the executive reports should be in plain text or HTML. If you enter an HTML message, make sure to enter the HTML code in the message body. 100 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Netmail Secure includes a custom Executive Report that contains variables used to query the logging database. The following variables are used to generate Executive Reports: %OpenReport(reportname, condition string)%: This variable opens a query string. %BindVar(name, type, flag)%: This variable binds a field to be returned from the query. %record%: This variable can be used in conditions to determine if there are any records to display. This variable must be called after the OpenReport and one or more BindVar calls. %value(name)%: This variable displays a field that was previously bound. This variable must be called after the OpenReport and one or more BindVar calls. Lists Policy Configuration and Management The Lists policy feature of Netmail Secure allows you to create an email security policy with specific email addresses, domain names or IP addresses that will always be blocked or allowed by Netmail Secure. The use of wildcards is supported, however email addresses, domain names and IP addresses are read and matched from right to left, so that *[email protected] has the same effect as [email protected] and will match both [email protected] and [email protected]. Proper configuration of the Lists policy can improve Netmail Secure performance by always bypassing the scanning of blocked or allowed addresses. Tip: To add a domain name to your Allowed or Blocked Addresses, the use of wildcards is supported. For example, user@*.messagingarchitects.com will match [email protected]. This section provides instructions on how to create a Lists policy. If you have already created your Lists policy, then see "Configuring Domains, Groups and Users" to learn how to apply policies and overrides to different levels: per domain, per group or per user. From the Netmail Administration Console, choose Policies > Lists to create your Lists policy. By default, the Details tab is displayed. Click Creat e List Report Policy, enter a name for your new Lists policy, and then click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Lists policy you have just created to configure it. By default, the Action s tab is displayed. Addresses Allowed Addresses 101 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Use the available text box to add email addresses, domain names, and IP addresses to the list of Allowed Addresses from which Netmail Secure should always accept email. To edit an existing allowed address, highlight the address in the list, and click Advanced Edit. To delete an address from the list, highlight the address, and click Remove. Blocked Addresses Use the available text box to add email addresses, domain names and IP addresses to the list of Blocked Addresses from which Netmail Secure should always reject email. To edit an existing blocked address, highlight the address in the list, and click Advanced Edit. To delete an address from the list, highlight the address, and click Remove. Tip: After creating your Allowed and Blocked Addresses lists, click Save Changes to save your settings. Mail Route Through the creation of Delivery and Authentication policies, the Mail Route feature allows you to deliver and authenticate messages to multiple destinations. More specifically, it allows for multiple relay addresses and multiple authentication addresses. For example, if you have a domain hosted on both GroupWise and Exchange, you can create a delivery and authentication route for GroupWise and another delivery and authentication route for Exchange. Route objects are assigned to the domain and can also be assigned to content filters for secure delivery. Routes must be created before the domain is created. Note: You must first create a Delivery policy before creating an Authentication policy having the same domain as the Delivery policy. To get started, from the Netmail Administration Console, choose Policies > Mail Route to create your Mail Route policy. By default, the Details t ab is displayed. Click Create Mail Route Policy, enter a name for your new Mail Route policy, and then click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Mail Route policy you have just created to configure it. By default, the Details tab is displayed. 102 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Authentication This option allows you to prioritize route authentication. To add an Authentication route to your Mail Route policy, click Add Route. In the window that appears, select the Type of protocol you want to use for authentication. Your choices are: SMTP, MX, NetMail (SMTP), Novell GroupWise 6/7 (LDAP), Novell GroupWise 8 (LDAP), Lotus Domino (SMTP), Microsoft Exchange (LDAP), LDAP (manual), ODBC, Route, and Local Authentication. The configuration settings for each authentication protocol are different. Complete the following fields, if applicable to your chosen authentication protocol: SMTP Server Host: Enter the host IP address and the port number of the SMTP server. 103 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Note: When creating your Authentication policy, ensure that the host IP address is the same as that of the corresponding Delivery policy. Encryption:Select the security protocol you want to apply to the authentication protocol: None: Select this option of you do not want to apply any security protocols. TLS (optional): If you select this option, messages will be delivered to the recipient whether or not they support TLS. If TLS is supported, then the protocol will be applied and the message delivered. If the recipient does not support TLS, the message will be delivered anyway. TLS (required): Select this option if you require that the recipient supports TLS in order for messages to be delivered to them. If the recipient does not support TLS, the message is not delivered. This ensures that all mail is delivered securely. SSL: Select this option if you want to apply the SSL to delivered messages. Domain: Enter the domain name of the SMTP server. SMTP Extensions Select whether you want to Detect, Assume, or Ignore the following SMTP extensions: DSN PIPELINING 8BITMIME CHUNKING BINARYMIME ETRN STARTTLS AUTH SIZE XCLIENT For more information about these SMTP extensions, refer to “Authentication”. User Lookup Authentication: Select this option if you want to include the domain when authenticating messages. LDAP Search: Select this option if you want the LDAP server to search for users recursively. LDAP Server Host: Enter the host IP address and the port number of the LDAP server. Note: When creating your Authentication policy, ensure that the host IP address is the same as that of the corresponding Delivery policy. Encryption: Select SSL if you want to apply the SSL to delivered messages. LDAP Version: Select either 2 or 3 as your LDAP version. Directory Authentication DN: Enter the authentication DN of the LDAP directory. Password: Enter a password for the LDAP directory. Base DN: Enter the base DN of the LDAP directory. User Class Name: Enter the name of the user class. Naming Attribute: Enter a naming attribute. Naming Prefix: Enter a naming prefix. Mail Attribute: Enter a mail attribute. Disabled Attribute: Enter a disabled attribute. 104 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Disabled Value: Enter a disabled value. Attribute Translation This option allows you to apply a field mapping by importing user attributes from a .csv file. ODBC Connection DSN: Enter the Data Source Name (DSN) of the user data source. ODBC User: Enter the name of the ODBC user that you will be authenticating to that database. ODBC Password: Enter the password for the specified ODBC user. Queries Lookup SQL: Specify the query string that will be used to find users. Authentication SQL: Specify the query string that will be used to find passwords. Authentication: Select this option if you want to include the domain when authenticating SQL. Password Encoding: Select the type of password encoding you wan to implement. Route Mail Route Object: Select a mail route object for your Route protocol. Route Testing When adding a route, you can choose to test the route you are creating by clicking Test. In the window that appears, enter an existing user’s email address and password, and enter an email address of a user that does not exist on the target system. Click Test Authentication. This troubleshooting tool will inform you of the user’s status on the target system. When creating your Authentication policy, you can add as many routes as you wish. If you have two or more routes, you can change the route priorities by using the up and down arrows next to the routes. You can also choose to delete a route by clicking the x next to the route. 105 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Delivery This option allows you to prioritize route delivery. To add a Delivery route to your Mail Route policy, click Add Route. In the window that appears, select the Type of protocol you want to use for authentication. Your choices are: SMTP, MX, Route, and Local Delivery. The configuration settings for each delivery protocol are different. Complete the following fields, if applicable to your chosen delivery protocol: SMTP Server Host: Enter the host IP address and the port number of the SMTP server. Note: When creating your Authentication policy, ensure that the host IP address is the same as that of the corresponding Delivery policy. Encryption:Select the security protocol you want to apply to the authentication protocol: None: Select this option of you do not want to apply any security protocols. TLS (optional): If you select this option, messages will be delivered to the recipient whether or not they support TLS. If TLS is supported, then the protocol will be applied and the message delivered. If the recipient does not support TLS, the message will be delivered anyway. TLS (required): Select this option if you require that the recipient supports TLS in order for messages to be delivered to them. If the recipient does not support TLS, the message is not delivered. This ensures that all mail is delivered securely. SSL: Select this option if you want to apply the SSL to delivered messages. Domain: Enter the domain name of the SMTP server. Resolve Aliases: Select which aliases you would like resolved for your delivery route. You can choose to resolve user aliases, domain aliases, both user and domain aliases, or neither. Signature: This option allows you to add a DKIM signature to delivered messages. 106 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide User Lookup Authentication: Select this option if you want to include the domain when authenticating messages. SMTP Extensions Select whether you want to Detect, Assume, or Ignore the following SMTP extensions: DSN PIPELINING 8BITMIME CHUNKING BINARYMIME ETRN STARTTLS AUTH SIZE XCLIENT For more information about these SMTP extensions, refer to “Authentication”. Route Mail Route Object: Select a mail route object for your Route protocol. Route Testing When adding a route, you can choose to test the route you are creating by clicking Test. In the window that appears, enter an existing user’s email address and password, and enter an email address of a user that does not exist on the target system. Click Test Authentication. This troubleshooting tool will inform you of the user’s status on the target system. When creating your Delivery policy, you can add as many routes as you wish. If you have two or more routes, you can change the route priorities by using the up and down arrows next to the routes. You can also choose to delete a route by clicking the x next to the route. 107 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Important: You must create a Delivery policy before creating a corresponding Authentication policy. The Authentication policy and the Delivery policy must have the same Domain. Click Save Changes to create and save your Delivery policy. Outbound Limits Policy Configuration and Management New in Netmail 5.2 An Outbound Limits policy can detect if any user accounts in your mail system are showing atypical behavior with respect to sending out email messages. In other words, this type of policy can help identify whether an account has been compromised, based on changes in its sending patterns. As such, having an Outbound Limits policy can, for example, help prevent your organization from unknowingly sending out spam and ending up on black lists. Netmail Secure does not offer a default Outbound Limits policy. Not all users have the same sending habits, such as the quantity of messages they send and the frequency at which they send them, so there is no standard baseline that can be used to create a default policy. Every organization has its own unique baselines, or rather, different baselines for different users within the organization. To create an Outbound Limits policy, choose Policies > Outbound Limits in the Netmail Administration Console. By default, the Default tab is displayed. Click Create Outbound Limits Policy, enter a name for your new Outbound Limits policy, and then click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Outbound Limits policy you have just created to configure it. By default, the Details tab is displayed. Details The Details tab allows you to specify volume-based pattern settings. Blocking Under Blocking, enter the maximum number of email Messages and Recipients allowed per minute before mail flow is blocked for a user. These two limits are independent of one another, therefore mail flow will be blocked if only one of them is reached. Throttling Under Throttling, specify the percentage of the numbers you entered under Blocking (i.e., maximum number of messages and recipients) that, if met, will cause mail flow to be throttled back. Notification Address 108 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Under Notification Address, enter an email address to which you want notifications to be sent if the limits you specified are exceeded. Advanced The Advanced tab allows you to specify quality-based pattern settings. Blocking Under Blocking, specify the percentage of mail that must be considered abuse before the system begins blocking mail from the offending sender. Specify limits for the following categories: Rejected Recipients Virus Spam Attachments Protocol Filter Throttling Under Throttling, specify the percentage of the numbers you entered under Blocking (i.e., rejected recipients, virus, spam, attachments, and protocol filter) that, if met, will cause mail flow to be throttled back. 109 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Quarantine Management Quarantining email is a safeguard that allows for examination of questionable messages prior to accepting or rejecting the mail messages. In Netmail Secure, the Global Quarantine feature all quarantined email to a centralized mailbox where administrators can access and perform action on any email trapped by Netmail Secure. Netmail Secure also notifies users periodically of their quarantined email. For more information on the Quarantine application, see "Quarantine Access". A component of Netmail Secure, the Quarantine application allows end users to see how many email messages containing viruses, spam, blocked attachments or other filtered email are being trapped by Netmail Secure. To access their quarantined email, end users simply click the URL link contained in the body of an administrator-sent email message to automatically launch the Quarantine application. End users can also perform actions directly from the Quarantine Report. The Warp Drive Agent is the back-end component responsible for the Quarantine application. In order for end users to access and manage their quarantine, the Warp Drive Agent must be enabled at all times. To configure the Warp Drive Agent, see "Warp Drive Agent". Through the Netmail Administration Console, system administrators can create policies that will automatically send out customized quarantine reports containing event information to designated individuals inside the organization in the form of an administrator-sent email message. When new mail is quarantined by Netmail Secure, system administrators can use the Netmail Administration Console to automatically notify end users that there is mail in their quarantine for review. End users can also access their live quarantine mailboxes by creating a new IMAP account in their mail client and pointing the mail client to the Netmail Secure server. For more information on how to create IMAP accounts, see Appendix A - Accessing Live Quarantine via IMAP in the Netm ail Secure Quarantine User Guide. Quarantine Actions Policy Quarantine Actions Policies allow you to configure which options will be available to end users through the Quarantine application. Quarantine Actions policies can be configured for both incoming and outgoing spam, viruses, forbidden content, and blocked attachments. You can also indicate how you want end users to view their quarantined messages: Sanitized: Allows users to view quarantined messages in text format only (i.e., images are not displayed). Original: Allows users to view quarantined messages in their original format, including both text and HTML format, if applicable. Both: Allows users to choose how they view their quarantined messages. When they open a message, they get the choice of viewing in its original format or in text format only. 110 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide From the Netmail Administration Console, choose Policies > Quarantine > Quarantine Actions to create your Quarantine Actions policy. By default, the Details tab is displayed. Click Create Quarantine Actions Policy, enter a name for your new Quarantine Actions policy, and then click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Quarantine Actions policy you have just created to configure it. The Details tab is displayed. Netmail Secure also includes several pre-created custom policies available in the Netmail Administration Console under Policy Templates. For example, a Policy Template entitled Full Incoming Privileges has been created for you under the Quarantine Actions category. This policy grants full incoming privileges to end users in the Quarantine application allowing end users to Delete, Release, Report, Allow User, Allow Domain, Block User and Block Domain for all Incoming Spam, Viruses, Filtered Content, and Blocked Attachments. The other options will still appear in the Quarantine application, but will be disabled to end users. Quarantine Management Policy The Quarantine Management Policy feature of Netmail Secure allows system administrators to create and configure a Quarantine Management policy to automatically clean up quarantined email messages after a specific period of time based on certain criteria. The system can be configured to delete blocked file attachments, viruses, spam, and other filtered email content based on the age of the file (in days) or the size of the quarantine (in bytes). Items will be deleted starting with the oldest items until the sizes are below the threshold value. You must have an entry in each section in order to generate quarantine reports. Netmail Secure also includes several pre-created custom policies available in the Netmail Administration Console under Policy Templates. For example, both size-based and time-based policy templates have been created for you under the Quarantine Actions category. From the Netmail Administration Console, choose Policies > Quarantine > Quarantine Management to create your Quarantine Actions policy. By default, the Details tab is displayed. Click Create Quarantine Management Policy, enter a name for your new Quarantine Management policy, and then click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Quarantine Management policy you have just created to configure it. The Details tab is displayed. Sample Quarantine Management Policy The following Quarantine Management policy can be created to ensure that the server is not filled up with quarantined messages: Note: This policy will delete messages that are older than 14 days from the Netmail Secure server and from the end user quarantine at the same time every day. 1. Choose Policies > Quarantine > Quarantine Management > Create Quarantine Management Policy. 2. Enter a name for your policy, and then click Create. 111 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 3. Select your new policy from the tree menu on the left-hand side of the Netmail Administration Console. 4. Under Virus Cleanup, enter the following value: File Age: 14 5. Under Spam Cleanup, enter the following value: File Age: 14 6. Under Blocked Attachment Cleanup, enter the following value: File Age: 14 7. Under Content FIlter, enter the following value: File Age: 14 8. Click Save Changes to save your policy. 9. Choose Domains. Highlight the name of your domain, and select the Policies tab. 10. Under Policies in Effect, click Assign Policy. 11. In the window that appears, select Quarantine Management as the policy Type, and then click the name of the Quarantine Management Pol icy you have created. Click Assign. 12. Click Save Changes to save your changes. Quarantine Management Agent The Quarantine Management Agent allows you to specify the time at which Quarantine Cleanup will occur and the time(s) at which User Quarantine Reports will be sent. During Management, the Quarantine Management Agent checks and updates information about your license and applies the size and date criteria that you have configured as part of your Quarantine Management Policy. By default, the Quarantine Management Agent will run Quarantine Cleanup at 1 a.m., but you can change the default to any time that is convenient for your organization. At this time, Netmail Secure’s Executive and Quarantine Reports will be sent. You can, however, select a different time or times at which the User Quarantine Reports are sent. Quarantine Reports Policy The Quarantine Reports feature of Netmail Secure allows system administrators to create policies that automatically send customized quarantine 112 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide reports containing event information to designated individuals inside the organization in the form of an administrator-sent email message. Netmail Secure can be configured to automatically send these notification email messages to end users on a scheduled basis when new mail is quarantined. To access their quarantined email, end users can simply click the URL link contained in the body of the email message to automatically launch the Quarantine application. End users can also perform actions directly from the quarantine reports such as to release quarantined mail to their inboxes, report an email message to the system administrator, add email addresses and domains to their personal Allow Lists and more. For more information on how to use the Quarantine, see the Netmail Secure Quarantine User Guide. The Quarantine is a web-based application that allows end users to access and manage their quarantined email from anywhere in the world over the Internet. Quarantine allows end users to see how many email messages containing viruses, spam, blocked file attachments, or other filtered mail is trapped by Netmail Secure. From the Netmail Administration Console, choose Policies > Quarantine > Quarantine Reports to create your Quarantine Reports policy. By default, the Details tab is displayed. Click Create Quarantine Report Policy, enter a name for your new Quarantine Reports policy, and then click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Quarantine Reports policy you have just created to configure it. The Quarantine Report tab is displayed. Netmail Secure also includes several pre-created custom policies available in the Netmail Administration Console. For example, a Detailed Multi-Day policy has been created for you under the Quarantine Reports category. This policy sends a detailed quarantine report containing the last 5000 items received in an end user’s quarantine, and could be used to send a full quarantine report to an end user who has been away for a prolonged period of time. 113 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Delivery Enable When selected, this option automatically sends quarantine reports to end users. Deliver to local addresses only When selected, this option sends quarantine reports only to internal addresses within the organization. Action Host This option allows you to override the %actionurl% and %url% variables in the quarantine report, which default to the IP address of the Netmail Secure system, with a hostname or IP address of your choice, such as quarantine.netmail.com. Header From the list of available header fields, specify what fields you want to include in the header of quarantine reports sent to users. Received: This option lets you specify the text string that will be used to display a list of mail servers that the message passed through before being delivered. Subject: This option lets you specify a text string that will be included in the Subject field of the message. From: This option lets you specify the display name of the sender, such as System Administrator, and/or a return email address if recipients of quarantine reports want to reply to the message, such as [email protected]. To: This option lets you specify the email address of the message recipient. 114 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide CC: This option lets you specify the email address of the recipient to whom a carbon copy of the message was sent. Reply-To: This option lets you specify an email address where recipients of quarantine reports may reply to the message. X-Sender: Allows you to specify additional information about the sender of the email. Custom: This option lets you customize a header field included in quarantine reports. Remove: This option allows you to remove an existing header field. Message Use the available fields to customize the type of information you want to include in the quarantine reports you send. You can specify whether the quarantine reports should be in plain text or HTML. If you enter an HTML message, make sure to enter the HTML code in the message body. Netmail Secure includes a default Quarantine Report that contains the number of new messages in quarantine by type, the total number of messages in quarantine by type, and the number of messages by type in quarantine that were cleaned. The following variables are used to generate quarantine reports. %new%: This variable indicates the number of new messages since the previous quarantine report was generated. %before%: This variable indicates the number of messages before the quarantine cleanup. %after%: This variable indicates the number of messages remaining after the quarantine cleanup. %cleaned%: This variable indicates the number of messages that were removed during quarantine cleanup. %total ()%: This variable indicates the total number of messages of a specific type (spam, virus, filtered content or blocked attachment) in quarantine. %spam ()%: This variable indicates the total number of spam messages in quarantine. %virus ()%: This variable indicates the total number of viruses in quarantine. %content ()%: This variable indicates the total number of content filtered messages in quarantine. %attach ()%: This variable indicates the total number of forbidden attachments in quarantine. %url%: This variable contains the URL address of the Quarantine application. Quarantine Access Netmail Secure provides both Global Quarantine and End User Access to administrators. With Global Quarantine, administrators have access to a mailbox on the mail server specifically created to receive all quarantined mail. Through the Quarantine application, system administrators have system-wide access to any end user quarantine through the Switch User option. The Switch User option is a completely transparent process that allows administrators to review the contents of any end user quarantine within the organization as well as review the Allow and Block lists configured by the end user. This option also lets administrators view or modify the rights and permissions granted to each end user directly from the Quarantine application. Simple and Advanced Filter options are also available to allow administrators and end users to filter items in quarantine by subject, body contents, date range, sender, recipient, attachment name, and message type (spam, virus, content, and attachment). Tip: System administrators who use single sign-on can automatically log in to the Quarantine application by passing a user’s credentials using a form POST. The required form fields are the following: action = http(s)://ip_or_hostname_of_your_netmail (http://ip_or_hostname_of_your_netmail__)/login/ user = (user's full e-mail address) pass = (user's password) Once logged in, a cookie will be set in the user’s browser to preserve the authenticated “session.” 115 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Global Quarantine Global Quarantine gives Administrators access to a mailbox on the mail server specifically created to receive all quarantined mail. The mailbox is created automatically by the Netmail Secure software when the very first item is delivered to quarantine. The mailbox name is the same as that of the corresponding domain to which quarantined mail is delivered. If multiple domains receiving quarantined mail, then multiple Global Quarantine mailboxes will exist. Global Quarantine mailboxes are listed in the table on the left-hand side of the Quarantine tab. When a mailbox is selected, its name is highlighted in green and the messages in that mailbox are displayed. To toggle from one Global Quarantine mailbox to another, click the names of the mailboxes. Reviewing or Modifying User-Selectable Policies in Quarantine User Selectable policies are configured through the Domains feature of the Netmail Administration Console. With the Switch User option in the Quarantine application, system administrators can review or modify any policy that has been granted to any end user within the organization. To review or modify policies associated with end users: 1. To access the Quarantine application in the Netmail Administration Console, click the Quarantine tab. 2. Under Switch User, type the first few letters of the name of an end user whose policies you want to view or modify. 3. From the dropdown list, use the arrow keys to select the end user, or double-click on the name of the end user you want to select. 4. Click the Preferences link. The Preferences link allows you to view what User-Selectable policies have been assigned to the selected end user. For each option available, use the dropdown list to view the policies available to the end user for managing and reviewing their own quarantine. Important: Keep in mind that the names of policies and their associated actions created in the Netmail Administration Console appear to end users in the Netmail Quarantine application under the Preferences link, therefore it is important to create policies and actions that are easy to interpret, such as Tag Subject and Deliver Message. 5. If required, you can modify the actions associated with policies for the selected end user, and then click Save. Changes made in the Quarantine application are automatically updated in the Netmail Administration Console. 116 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Reviewing or Modifying Allow or Block Lists in Quarantine System administrators can also review or modify the Allow and Block Lists associated with end users within the organization. To review or modify Allow or Block Lists associated with end users: 1. Type the first few letters of the name of an end user whose Allow and Block Lists you want to view or modify. 2. From the dropdown list, select the end user. 3. Click the Preferences link, then choose the Allow List or Block List tab. 4. If required, you can modify the Allowed and Blocked Domains and/or the Allowed and Blocked Addresses for the selected end user, and then click Save. Changes made in the Quarantine application are automatically updated in the Netmail Administration Console. 117 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Warp Drive Agent The Warp Drive Agent is the agent responsible for the new and improved Quarantine application. Powered by a faster, more robust web engine, the Quarantine allows end users access to their quarantined mail from anywhere over the Internet. For more information on the Quarantine, see " Quarantine Management". Options HTTP Port This option allows you to specify the port the Warp Drive Agent uses for HTTP connections. The default HTTP port number is port 80. Use the default port number unless that port number is already in use by another program on your Netmail Secure server. HTTPS Port This option allows you to specify the port the Warp Drive Agent uses for secure HTTPS connections. The default HTTPS port number is port 443. Use the default port number unless that port number is already in use by another program on your Netmail Secure server. Require SSL This option allows you to specify whether you require a SSL for secure HTTPS connections. Action Host This option allows you to specify a hostname or IP address to be used for actions in the message. Delivery Queue Messages are transferred from the Monitored Queue to the Delivery Queue. The SMTP Agent retrieves messages from the Delivery Queue for delivery to the end user’s mail client. Queue Server The Queue Server must be enabled at all times. 118 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Status The Queue Server cannot be disabled. Options Spool Volume From the dropdown list, select the location of your desired message spool. Maximum Connections Per Delivery Route Specify the maximum number of messages you want sent concurrently to a single destination. 119 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Advanced System and Agent Configuration The Secure object allows system administrators to apply advanced configuration setting changes to Netmail Secure at any time. During the Netmail Secure configuration procedure, you provided configuration settings for your system. These settings are automatically applied and updated to the Netmail Administration Console. However, you can still make changes to these settings at any time by choosing Secure on the left-hand side of the Netmail Administration Console. System From the Netmail Administration Console, choose Secure. By default, the System tab is displayed. Postmaster During the configuration procedure, you were prompted to specify a System-wide Postmaster Email Address and the name of your Netmail Secure Host Cluster. To change the System-wide Postmaster Address, enter the new address in the available textbox. SMTP Log Retention This option allows you to specify the number of days for which the SMTP log should be kept. The longer the retention period, the slower the log will be. A retention period of no longer than 5 days is recommended. Store The Netmail Store URI option allows you to enter the IP address of your Netmail Store cluster. SNMP Community This option allows you to specify an SNMP community string. SNMP community strings function as embedded SNMP passwords. Netmail Secure supports Read-only SNMP communities. Read-only gives read access to all objects in the MIB, but does not allow write access. SNMP Trap Receivers This option allows you to add a Trap Receiver. SNMP Trap Receivers are used to notify a network management system which communicates with agents to get statistics and alerts from managed devices that a significant event has occurred. When a trap condition occurs, the SNMP Agent sends an SNMP trap message to any network management systems specified as the trap receiver. 120 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide To add a SNMP Trap Receiver, use the dropdown box next to Version to select a trap object. Then, enter the SNMP Community, the Host nam e or IP address of the remote SNMP trap receiver and the Port number. Click Add. The list box displays a list of currently configured SNMP Trap Receivers that were added using the Add option. To modify an existing Trap Receiver, select the Trap Receiver in the list, and click Advanced Edit. To remove an existing Trap Receiver from the list, highlight the Trap Receiver in the list, and then click Remove. Important: Click Save Changes to save your changes. Spools The Spools application of Netmail Secure provides system administrators with real-time information about what is occurring in the Message Spool. The Message Spool stores messages in transit, allowing the messages to be retrieved for processing at a later point in time. This process of spooling is particularly useful when there is a large number of messages coming in to the system at once. When mail is received through Netmail Secure, the SMTP Agent places the messages in the Monitored Queue, which is the message queue that is monitored by various Netmail Secure Agents. Agents retrieve the messages from the Monitored Queue and process the messages in the Message Spool. The Message Spool is located in the Quarantine Store, which contains a Quarantine repository for each end user and the Message Spool that stores messages in transit. To access the Spools application, click the Secure > Spools tab in the Netmail Administration Console. Searching for Messages in the Spool The Spools application allows you to search for messages currently in the spool. To search for messages in the spool, select the cluster in which you want to search. You can also choose to narrow your search by one or more of the following options: Sender Sender IP Recipient Header It is also possible to narrow your search even further by choosing to view messages in specific phases of the spool. To narrow your search, select one, several, or all of the following spooling phases: Attachment Blocking Sender Verification Anti Virus Anti Spam 121 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Content Filter SURBL Sieve Delivery Once you have specified your search options, click Search to populate the message table. Viewing and Managing Messages in the Spool Message Table The Spools application allows you to view messages currently in the spool. The message table displays basic message information in five different columns: Sender: Displays the email address of the sender. IP: Displays the IP address of the domain from which the message originates. Subject: Displays the subject heading of the message. Queue: Displays which phase of the Mail Spool the message is in. Date: Displays the date and time at which the message was sent. To rearrange the order of the displayed data, simply click on the column headings to sort the messages in either ascending or descending order. Regulating Message Flow in the Cluster The Spools field displays the name and IP address of the cluster you have selected for your search. To control whether or not you want messages to continue entering the cluster, toggle between Start Accepting and Stop Accepting. To control whether or not you want messages to continue being processed in further phases of the spooling process, toggle between Pause Processing and Resume Processing. Creating a New Spool The Spools field also displays two default spools running in the cluster: spool and bad. The numbers in parentheses next to each spool indicate the number of messages in each spool. To add a new spool to the list, click Create a new spool. When prompted, enter a name for the new spool, and click Confirm. By default, new spools are displayed as being offline. To activate a spool, click Bring Online. To deactivate a spool, click Bring Offline. Toggling Between Spools It is possible to toggle between the different spools listed in the Spools field. Each time you select a different spool, you must click Search in order to update the message table. Performing Actions on Messages Once you have populated the message table with you selected list of messages in the Message Spool, it is possible for you to perform certain actions on the messages. Moving Messages It is possible to move messages to different spools. Select one or several messages, and click Move. When prompted, select the spool to which you want to move the message(s), and click Confirm. Viewing the Message Journal The Message Journal allows you to view information about messages queued in the Message Spool. To view a message’s journal, select the message, and click View Journal. The Message Journal displays information about the message as it is processed in different phases of the Message Spool. Each time the message is processed, a new Revision section is documented in the Message Journal. To return to the Spools tab, click anywhere in the Spools tab to close the Message Journal. 122 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Deleting Messages It is possible to delete messages from the Message Spool. To delete one or several messages, select the messages you want to delete, and click Delete. Configuring your Netmail Secure Host Cluster The name of your Netmail Secure Host Cluster appears under Clusters in the Netmail Administration Console. To make advanced configuration changes, use the arrow icon to expand the tree and choose the name of your Netmail Secure cluster. Even if you have deployed only a single Netmail Secure server, your server will appear as a cluster by default to facilitate the deployment of additional servers. Details From the Netmail Administration Console, choose Clusters, and then use the arrow icon to expand the tree and choose the name of your server. By default, the Details tab is displayed. The Details tab allows you to make basic configuration setting changes to the Netmail Secure server. 123 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Options The Enable SSL & TLS option enables SSL & TLS, which allows mail clients to connect to the Netmail Secure server over an SSL or TLS connection by creating encrypted links between the server and the mail client. Transport Layer Security provides SSL encryption between two email hosts. If both hosts have implemented TLS, the transmission will be encrypted; otherwise, it will be sent in clear text. TLS is not a guarantee of encrypted transmission. Important: By default, Netmail Secure uses a self-signed certificate for securing client communication. For various reasons, some organizations may require the use of a certificate validated by a public Certificate Authority (CA). Netmail Secure uses OpenSSL to generate Certificate Signing Requests (CSRs) as well as private keys. For more information on how to locate the certificate files, how to generate a CSR for submission to a CA, and how to replace the default certificate file with the one returned from the CA, see the Updating SSL Certificates in M+Guardian or Netmail Secure knowledge base article. The Default Domain field displays the name of your domain. The name of your default domain appears in the SMTP banner as well as in all headers of email messages. HTTP Proxy This section lets you configure access to the Internet through an HTTP proxy server. In the available fields, enter the hostname or IP address and port of the proxy server you wish to use. If required, you must also enter the username and password used to access the proxy server. This information is necessary to access anti-spam and anti-virus updates from Messaging Architects when your Netmail Secure server does not have Internet Access. FTP Proxy This section lets you configure access to the Internet through an FTP proxy server. From the dropdown box, choose the Proxy type from the available options. In the available fields, enter the hostname or IP address and port of the proxy server you wish to use. If required, you must also enter the username and password you use to access the proxy server. This information is necessary to access anti-spam and anti-virus updates from Messaging Architects when your Netmail Secure server does not have Internet Access. Volumes The Volumes tab allows you to specify different volumes for the message spool and the message store. You can also add additional stores and spools as required. 124 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Spool Path This field contains the directory path where you want the message queue to reside. Message Store Path This field contains the directory path where end user mailboxes and messages are located. Physical Hosts The Physical Hosts tab displays the name and IP address of each node that exists in the selected cluster, as configured during the Netmail Secure configuration procedure. From here, you can choose to Stop, Restart, Reboot, or Power off your existing nodes. Agent Ordering Depending on the email security requirements of your organization, the Agent Ordering tab can play a key role. The Agent Ordering tab allows you to change the queue order of the Agents simply by clicking and dragging. For example, if policy enforcement is your major concern, then you should place Content Filter first. If the processing speed of Netmail Secure is your major concern, then you should place Attachment Blocking first to enable scanning at the protocol level which will reduce the total number of invalid messages that require scanning by the Anti-Virus and Anti-Spam Agents. If you place the Anti-Spam Agent before the Anti-Virus Agent, you will similarly lower the processing requirements because the Anti-Virus Agent will not be required to scan spam for viruses. 125 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Firewall The Firewall tab allows displays a list of firewall services that are open. You can toggle the check boxes to indicate which firewall services should or should not be enabled. IMAP Agent The IMAP Agent enables access to the Quarantine functionality in Netmail Secure via IMAP clients. The IMAP Agent allows IMAP clients to download mail from the server. The mail client connects to the IMAP Agent and sends the username and password. In an eDirectory configuration, the IMAP Agent looks up the user in eDirectory and authenticates the user. With the IMAP Agent, end users can access their quarantine though their email account in lieu of accessing it through a separate web portal. For more information on this feature, see the Netmail Secure Quarantine User Guide. The IMAP Agent option should be enabled at all times. Disabling the agent prevents Netmail Secure from launching the IMAP Agent. 126 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide SMTP Agent The SMTP Agent is the gateway between your Netmail Secure server and the Internet. Its primary function is to transfer messages to and from the Internet. This agent must be running on at least one server for users to send local messages from POP or IMAP clients or to send messages over the Internet. Status The SMTP Agent option should be enabled at all times. Disabling the agent prevents the Netmail Secure server from launching the SMTP Agent. SMTP port: This option allows you to specify the port the SMTP Agent uses for HTTP connections. The default SMTP port number is port 25. Use the default port number unless that port number is already in use by another program on your Netmail Secure server. SMTPS port: This option allows you to specify the port the SMTP Agent uses for secure SMTP connections. The default SMTP port 127 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide number is port 465. Use the default port number unless that port number is already in use by another program on your Netmail Secure server. SMTP Submission port: This option allows you to specify the port the SMTP Agent uses for HTTP connections, but requires authentication. The default SMTP port is 587. Options Enable Verify Command The VRFY command allows external clients to verify that a user exists in your messaging system. Tip: If enabled, VRFY can pose a security risk because it allows external users to anonymously request verification of usernames. For example, if spammers want to find out the usernames in your company, they could query the system with a serie s of usernames until the system verified a valid username. Verify Recipients By default, the SMTP Agent accepts all incoming messages and places them in a queue where their email addresses are verified. There are three options available: Enabled: If enabled, Netmail Secure verifies that a user exists in the messaging system. If the user is not listed, then the email message is rejected. When verifying that a user exists in the messaging system, the SMTP Agent looks up the username to verify that a user exists in the messaging system. If the user is not listed, it returns a "User Not Found" message. Disabled: If disabled, Netmail Secure will not verify that a user exists in the messaging system before sending email. Stealth: If selected, Netmail Secure verifies that a user exists in the messaging system before sending email. Relay Host This option allows you to relay all mail to non-hosted domains. In the available textbox, enter the host name, domain name, or IP address of the server being used, followed by the port number. Message Size Limit The maximum message size the SMTP Agent can accept. Because the SMTP Agent handles all Internet traffic, the message size limit applies to both incoming and outgoing email messages. Trusted Senders This option allows you to manage your Blocked and Allowed Hosts Lists of IP address ranges that will always be designated as Blocked Hosts and Allowed Hosts by the Connection Manager at the protocol level. Banner This option allows you to enter a custom banner to be used by the SMTP server. Alerts Agent The Alerts Agent allows system administrators access to the Alerts feature of Netmail Secure. The Alerts feature of Netmail Secure allows system administrators to send out messages when specific thresholds have been reached in Netmail Secure. For example, you can create an Alert that will automatically notify IT staff when available disk space reaches a certain threshold. If you want to be able to send out alerts based on selected criteria, the Alerts Agent should be enabled at all times. For more information on the Alerts feature of Netmail Secure, see "Creating Netmail Secure Alerts". 128 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Tip: Messaging Architects recommends that you monitor the Netmail Secure system activity for normal values in order to establish a baseline prior to creating Alerts. Creating Netmail Secure Alerts The Netmail Administration Console can be configured to self-monitor the performance of Netmail Secure. Using the Alerts feature, system administrators can create an Alerts policy to automatically send out alerts based on selective criteria. For example, you can create an Alerts policy that will notify an administrator when the number of connections exceeds normal values which may indicate a DoS attack or a Directory Harvest attack. Or you can create an Alerts policy to monitor Quarantine database size. If the size of the Quarantine database reaches a certain threshold, then an alert will automatically be sent out. Administrators may then choose to create a Quarantine Management policy to clean the Quarantine database more frequently. Triggers The Triggers tab allows you to create Time-based or Static Triggers based on a wide variety of selected criteria. You can also specify multiple recipients of alerts. 129 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Enabling Alerts By default, the Alerts Agent is enabled. Disabling this feature prevents Netmail Secure from sending out Alerts. The Send SNMP Trap option allows you to send SMTP Traps. Time-based Triggers You can create an Alerts policy to automatically send out alerts to specific recipients within your organization at regularly scheduled intervals. You can select what kind of alert should be sent out and what specific criteria triggers the alert. You can also specify at what interval these alerts should be sent out. To create a time-based Alerts Policy: 1. From the dropdown menu, choose what type of alert you want to create from the following options: Messages received Spam messages received Viruses detected Attachments blocked Content blocked Number of Connections 2. After selecting what type of alert you wish to send out, the is greater than/is less than field appears. Enter the appropriate criteria in the is greater than/is less than field. 3. Enter the time interval in minutes in the appropriate field. For example, if you want to specify 2 hours as the time interval, enter 120 minutes in the field. 4. Click Save Changes to save your changes. Tip: If you have multiple alerts and want to delete an alert, use the dropdown menu of the alert you want to delete, and select Re move. Static Triggers You can also create an Alerts policy based on a static trigger that will automatically send out alerts to specific recipients within your organization. You can select what kind of alert should be sent out and specify what criteria triggers the alert. To create a static Alerts Policy: 130 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 1. From the dropdown menu, choose what type of alert you want to create from the following options: Number of queued messages Quarantine database size Free disk space Free memory 2. After selecting what type of alert you wish to send out, the is greater than/is less than field appears. Enter the appropriate criteria in the is greater than/is less than field. 3. Click Save Changes to save your changes. Tip: If you have multiple alerts and want to delete an alert, use the dropdown menu of the alert you want to delete, and click Rem ove. Message The Message tab allows you to create custom messages to accompany your Alerts. Delivery Enable: When selected, this option automatically sends alerts to selected recipients. Deliver to local addresses only: When selected, this option sends alerts only to internal addresses within the organization. 131 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Header The Email Recipients field allows you to create a list of recipients to whom you want to send alerts. To add a recipient to the list, simply enter their email address in the available text box, and click Add. To modify an existing email address, select the email address in the list, and click Ad vanced Edit. To remove an existing email address from the list, highlight the email address in the list, and then click Remove. From the list of available header fields, specify what fields you want to include in the header of alerts sent to recipients when your Netmail Secure server meets the criteria specified by a time-based or static trigger. Received: This option lets you specify the text string that will be used to display a list of mail servers that the message passed through before being delivered. Subject: This option lets you specify a text string that will be included in the Subject field of the message. From: This option lets you specify the display name and/or email address of the sender of the alert, such as System Administrator or [email protected]. To: This option lets you specify the email address of the message recipient. CC: This option lets you specify the email address of the recipient to whom a carbon copy of the message was sent. Reply-To: This option lets you specify an email address where recipients of alerts may reply to the message. X-Sender: Allows you to specify additional information about the sender of the email. Custom: This option lets you customize a header field included in alerts. Remove: This option lets you remove an existing header field. Add new: This option lets you add a new header field. Message Use the available fields to customize the text of messages sent to recipients. You can specify whether the message should be in plain text or HTML. If you enter an HTML message, make sure to enter the HTML code in the message body. Netmail Secure includes a default Alert message. The following is the plain text message of the default alert: Alert! %countername% has exceeded %countermax% %if (counterperiod)% per %counterperiod% %end%. The current value is %countervalue%. The following variables are used in the Alert Message: %countername%: This variable contains the name of the trigger that initiated the alert. %countermax%: This variable contains the number in the is greater than/is less than field. %counterperiod%: This variable contains the time field. %countervalue%: This variable contains the current value. It is also possible to upload a file with containing a HTML or plain text message by clicking Browse. The Download button allows you to download a copy of either the plain text message or HTML message in .txt file format. Sender Verification Agent The Sender Verification Agent verifies the identity of the sender. In order to use the Sender Verification Agent, this agent must be enabled. The Sender Verification Agent is enabled by default. 132 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Rules Agent The Rules Agent is the agent responsible for processing rules defined in the Netmail email server. For legacy purposes the Rules Agent is still configurable through Netmail Administration Console if you are still using the Netmail email server. The Rules Agent must be enabled at all times. SURBL Agent The SURBL Agent blocks email messages based on any URLs found within the message body that are deemed malicious. Select Agent Enabled to enable the SURBL Agent. 133 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide POP Agent The POP Agent provides POP3 services. The ports must be enabled for services to be provided. Notifications The Notifications feature of Netmail Secure allows you to create and configure a policy that will automatically send notifications to recipients, senders, and/or administrators when email messages containing blocked file content or attachments, or viruses are detected in the system. Notifications can be customized to add corporate identity and encoded in plain text or HTML. From the Netmail Administration Console, choose Policies > Notifications to create your Notifications policy. By default, the Details tab is displayed. Click Create Notification Policy, enter a name for your new Notifications policy, and then click Create. Your new policy now appears in the tree menu on the left-hand side of the Netmail Administration Console. Click the name of the Notifications policy you have just created to 134 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide configure it. By default, the Recipient Notification tab is displayed. Recipient Notification The Recipient Notification tab lets you specify if and how the recipient of a message containing a blocked attachment, virus or other unwanted email should be notified. Delivery Enable: When selected, this option automatically sends notifications to recipients. Deliver to local addresses only: When selected, this option sends notifications only to internal addresses within the organization. Action Host: This option allows you to replace the %url% variable in the notification with an address, such as http://quarantine.netmail.c om, instead of an IP address. Header The Email Recipients field allows you to create a list of recipients to whom you want to send notifications. To add a recipient to the list, simply enter their email address in the available text box, and click Add. To modify an existing email address, select the email address in the list, and click Advanced Edit. To remove an existing email address from the list, highlight the email address in the list, and then click Remove. From the list of available header Fields, specify what fields you want to include in the header of notifications sent to recipients of messages containing blocked attachments, viruses, or other unwanted email. The following options are available: 135 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Received: This option lets you specify the text string that will be used to display a list of mail servers that the message passed through before being delivered. Subject: This option lets you specify a text string that will be included in the Subject field of the message. From: This option lets you specify the display name and/or email address of the sender of the notification, such as System Administrator or [email protected]. To: This option lets you specify the email address of the message recipient. CC: This option lets you specify the email address of the recipient to whom a carbon copy of the message was sent. Reply-To: This option lets you specify an email address where recipients of notifications may reply to the message. X-Sender: Allows you to specify additional information about the sender of the email. Custom: This option lets you customize a header field included in notifications sent to recipients. Remove: This option lets you remove an existing header field. Add new: This option lets you add a new header field. Message Use the available fields to customize the text of messages sent to recipients. You can specify whether the message should be in HTML or plain text. If you enter an HTML message, make sure to enter the HTML code in the message body. Netmail Secure includes a default Recipient Notification message that contains the email address of the original sender and the name and the type of file that was blocked. The following is the plain text message of the default recipient notification: A message addressed to you was not delivered %if(sender)% %sender% attempted to send you a message that was not accepted. %end% %if(blocked filename)% The message contained an attachment named "%blocked filename%" that was deemed unsafe. Please contact %sender% and ask them to send the message again with the unsafe attachment removed. %end% %if(infected filename)% The message was infected with a virus named "%infected filename%. %end% %if(content filter )% The message was blocked due to content. %end% The following variables are used to generate the Recipient Notifications: %sender%: This variable contains the email address of the original sender. %blocked filename%: This variable contains the name of the file that was blocked. The filename will only be provided if a forbidden file attachment is blocked. %infected filename%: This variable contains the name of the file containing the virus. The filename will only be provided if an attachment is infected with a virus. %content filter %: This variable contains the type of content that was caught. This information will only be provided if the message is caught by the content filter. It is also possible to upload a file with containing a HTML or plain text message by clicking Browse. The Download button allows you to download a copy of either the plain text message or HTML message in .txt file format. Sender Notification Click the Sender Notification tab. This tab lets you specify if and how the sender of a message containing a blocked attachment, virus, or other unwanted email should be notified. 136 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Delivery Enable: When selected, this option automatically sends notifications to senders. Deliver to local addresses only: When selected, this option sends notifications only to internal addresses within the organization. Header From the list of available header fields, specify what fields you want to include in the header of notifications sent to senders of messages containing blocked attachments, viruses, or other unwanted email. Received: This option lets you specify the text string that will be used to display a list of mail servers that the message passed through before being delivered. Subject: This option lets you specify a text string that will be included in the Subject field of the message. From: This option lets you specify the display name and/or email address of the sender of the notification, such as System Administrator or [email protected]. To: This option lets you specify the email address of the message recipient. CC: This option lets you specify the email address of the recipient to whom a carbon copy of the message was sent. Reply-To: This option lets you specify an email address where recipients of notifications may reply to the message. X-Sender: Allows you to specify additional information about the sender of the email. Custom: This option lets you customize a header field included in notifications sent to recipients. Remove: This option lets you remove an existing header field. Add new: This option lets you add a new header field. 137 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Message Use the available fields to customize the text of messages sent to senders. You can specify whether the message should be in plain text or HTML. If you enter an HTML message, make sure to enter the HTML code in the message body. Netmail Secure includes a default Sender Notification message that contains the email address of the original recipient(s) and the name and type of file that was blocked. The following is the plain text message of the default sender notification: Your message was not delivered %if(recipients)% Your message to %while(recipients)% %recipient% %end% was not delivered. %else% Your message was not delivered. %end% %if(blocked filename)% Your message contained an attachment named "%blocked filename%" that was deemed unsafe. Please try sending your message again without the offending attachment. %end% %if(infected filename)% Your message was infected with a virus named "%infected filename%. %end% %if(content filter )% Your message was blocked due to content. %end% The following variables are used to generate the Sender Notifications: %recipients%: This variable contains the name(s) of the original recipients. Recipient names will only be provided if there are valid recipients of the message. %blocked filename%: This variable contains the name of the file that was blocked. The filename will only be provided if a forbidden attachment is blocked. %infected filename%: This variable contains the name of the file containing the virus. The filename will only be provided if an attachment is infected with a virus. %content filter %: This variable contains the type of content that was caught. This information will only be provided if the message is caught by the content filter. Admin Notification This feature lets you specify if and how administrators should notified when messages containing blocked file attachments, viruses, or other unwanted email are detected in the system. 138 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Delivery When selected, the Enable option automatically sends notifications to administrators. Header From the list of available header fields, specify what fields you want to include in the header of notifications sent to administrators of messages containing blocked attachments, viruses, or other unwanted email. Received: This option lets you specify the text string that will be used to display a list of mail servers that the message passed through before being delivered. Subject: This option lets you specify a text string that will be included in the Subject field of the message. From: This option lets you specify the display name and/or email address of the sender of the notification. To: This option lets you specify the display name and/or email address of the administrator to whom the notification is sent. CC: This option lets you specify the email address of the recipient to whom a carbon copy of the message was sent. Reply-To: This option lets you specify an email address where recipients of notifications may reply to the message. X-Sender: Allows you to specify additional information about the sender of the email. Custom: This option lets you customize a header field included in notifications sent to administrators. Remove: This option lets you remove an existing header field. Add new: This option lets you add a new header field. Message Use the available fields to customize the text of messages sent to administrators. You can specify whether the message should be in plain text or HTML. If you enter an HTML message, make sure to enter the HTML code in the message body. Netmail Secure includes a default Admin 139 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Notification message that contains the email address of the original sender, the name of the policy that was violated, the name and the type of file that was blocked, and the recipients. The following is the plain text message of the default admin notification: %sender% attempted to violate policy %policy% %if(blocked filename)% The message contained an attachment named %blocked filename% that was forbidden by the %policy% policy. %end% %if(infected filename)% The message was infected with a virus named "%infected filename%. %end% %if(content filter)% The message was blocked due to content. %end% These users would have been effected: %while(recipients)% %recipient% %end% The following variables are used to generate the Admin Notifications: %sender%: This variable contains the name of the original sender. %policy%: This variable contains the name of the policy that was violated. %blocked filename%: This variable contains the name of the file that was blocked. The filename will only be provided if a forbidden attachment is blocked. %infected filename%: This variable contains the name of the file containing the virus. The filename will only be provided if an attachment is infected with a virus. %content filter %: This variable contains the type of content that was caught. This information will only be provided if the message is caught by the content filter. %recipients%: This variable contains the name(s) of the intended recipients of the blocked message. %recipient%: This variable contains the intended recipient’s email address. Sample Notification Policy The following Notification policy can be created to inform the system administrator and a sender inside the organization that a message was trapped by Netmail Secure: 1. Choose Policies > Notifications > Create Notification Policy. 2. Enter a name for your policy, and then click Create. 3. Select your new policy. 4. Click the Sender Notification tab, and then click Enable. 5. Select Deliver to local addresses only. 6. Create your notification message, or use the default message. 7. Click Save Changes to save your settings. 8. Click the Admin Notification tab, and under Delivery, click Enable. 9. Customize Header information, and then create your notification message, or use the default message. 10. Click Save Changes to save your policy. 140 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide The Netmail Secure Node Dashboard The Node Dashboard feature of Netmail Secure provides system administrators with real-time onscreen information about the performance capabilities of the Netmail Secure system as well as the ability to generate comprehensive log reports. From the Netmail Secure Node Dashboard, you can choose to view daily, hourly, or live statistics onscreen at any time. To use the Netmail Secure Dashboard, choose Secure > Clusters > <Cluster Name> > Nodes > <Node Name> in the Netmail Administration Console. By default, the Node Dashboard tab is displayed. Using the Node Dashboard The Netmail Secure Node Dashboard provides onscreen summary information about the performance of your Netmail Secure system, detailed statistics for mail traffic and the policy engine. For more detailed statistics on any of these features, click Details. System Status One or more System Status lights appears at the bottom of the Node Dashboard. A System Status light is available for each of your Netmail Secure nodes. A green status light means that the node is enabled whereas a red status light means that the node is disabled and may require attention. An orange status light also indicates that the system needs attention. To view which agents are associated with a particular node, click the name of the node. 141 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide To return to the Node Dashboard, click anywhere on the Node Dashboard to close the status information screen. System The System feature provides detailed information about the performance of your Netmail Secure system. To view detailed system statistics, click Details. These statistics are available for the last hour, the last 24 hours and the last 30 days. Use the dropdown box next to View to toggle between time periods. System Information System Information provides you with detailed information about the performance of your system, such as version information and system uptime in days, hours and minutes. With percentages available for both CPU usage and memory usage, you can monitor if your Netmail Secure system meets the requirements for mail flow through your organization. For example, if both CPU and RAM utilization are high, you may need to add 142 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide another node to the system. The System Information section displays the following information: System Uptime Version CPU Usage Memory Usage Invalid Login Attempts Engine Updates This section provides you with the most recent date and time of your anti-virus and anti-spam engine updates. Free Disk Space This section indicates the amount of free disk space you have within your Spool and Store. Traffic The Traffic feature provides summary information about your Netmail Secure server. For more detailed information about the volume of mail traffic moving through your Netmail Secure system, click Details. These statistics are available for the last hour, the last 24 hours and the last 30 days. Use the dropdown box next to View to toggle between time periods. Message Queue The Message Queue provides statistics on the average number of queued messages in your Netmail Secure system. Connections This section provides you with statistics on the total number of incoming, outgoing and relayed connections made through your Netmail Secure system, as well as the number connections made per second. Connections In Connections Out 143 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Connections Relayed Message Handling This section provides readings for the number of inbound and outbound messages, as well as the number connections made per second. Messages In Messages Out Messages Relayed Bandwidth This section provides you with statistics on how much bandwidth (in KB) was used for incoming, outgoing and relayed traffic through your Netmail Secure system, as well as the number of connections made per second. Traffic In Traffic Out Traffic Relayed Policy Engine The Policy Engine feature provides statistics on how much traffic is moving through the Netmail Secure server, and how much of that traffic contains Spam, Viruses, Blocked File Attachments and Filtered Content. You can also review what policies filtered the messages, as well as what actions end users took on those messages. These statistics are available for the last hour, the last 24 hours and the last 30 days. Use the dropdown box next to View to toggle between time periods. Overview This section provides you with statistics on the volume of mail moving through your Netmail Secure system. Total: The total number of messages. Good: The number of good messages. Bad: The number of bad messages. Threat Ratio: The ratio of bad messages to total messages. 144 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Connections This section provides you with statistics on how many incoming messages were filtered by the Connection Manager. As the first layer of defense, the Connection Manager transparently scans all email traffic passing through the Internet gateway before it reaches your network. For more information, see "SMTP Modules". If enabled in the Netmail Administration Console, statistics on messages filtered by the following security features are available: Greylisting SPF RBL RDNS Connection Limits Block List Filtered Messages This section provides you with precise statistics on how many incoming and outgoing messages were filtered by Netmail Secure. The statistics are available for the following types of messages: Spam Messages Virus Messages Content Filter Attachment Blocking Message Processing Time This section provides you with how much time (in seconds) Netmail Secure spent processing the following types of messages. Spam Viruses Content Filter Attachment Blocking Quarantine Actions This section provides you with the number of actions performed by end users directly from the quarantine report or through the Quarantine web-based application. Release: Releases the message from quarantine to the end user Inbox. Report: Forwards a copy of the email message to the system administrator in the event that a message may have been inadvertently identified as spam. Delete: Deletes the message from quarantine. Allow: Allows end users to add an email address to a personal Allow List. Email from senders on Allow Lists are always sent to the end user Inbox. Block: Allows end users to add an email address to a personal Block List. Email from senders on Block Lists are never sent to the end user Inbox. Policies This section provides you with the number of messages in your Netmail Secure system that were filtered by specific policies. These policies are customized through the Netmail Administration Console. Logs Netmail Secure logs message traffic information observed by the system in a PostgreSQL database. Incoming connection parameters, sender and recipient lists along with message scanning results are time-stamped and inserted in the database for every message processed by Netmail Secure. To access the logs, click Live Logs on the Node Dashboard tab. 145 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Creating Reports Select one of the menu options to generate the desired log report. In the available fields, enter the search criteria, and when you are finished, click Apply to view the log report onscreen. You can search logs by Sender or Recipients. Incoming Traffic The Incoming Traffic report will produce a list of all incoming messages processed by Netmail Secure. Choose from the following fields to generate your report: Timestamp: The date and time when the message entered the system. ID: The ID of the message. Event: The system event tag generated by the content scanning engine(s) indicating the message category (spam, virus, whitelist, etc.). Sender: The email address of the sender. Recipients: A list of recipients along with their corresponding SMTP protocol server response. The following filtering options are also available for narrowing down the scope of the query and report size: Email: Filters out records which do not contain the email address in the sender or the recipient list. Start: Filters out records with a timestamp value older than the input start date. Duration: Filters out records with a timestamp value earlier than the input end date. Note: Using an empty filter field value will result in all records being selected and no filter will be applied against the corresponding field (sender, recipient or timestamp). Incoming Connection Errors The Incoming Connection Errors report will produce a list of all incoming SMTP connections which encountered errors during processing. Choose from the following fields to generate your report: Timestamp: The date and time when the message entered the system. 146 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide ID: The ID of the message. Event: Error number followed by a short description of the error. The following filtering options are also available for narrowing down the scope of the query and report size: IP: Filters for IP addresses. Start: Filters out records with a timestamp value older than the input start date. Duration: Filters out records with a timestamp value earlier than the input end date. Note: Using an empty filter field value will result in all records being selected and no filter will be applied against the corresponding field (sender, recipient or timestamp). Deliveries The Deliveries report will produce a list of all outgoing messages being relayed by Netmail Secure. Choose from the following fields to generate your report: Timestamp: The date and time when the message entered the system. ID: The ID of the message. Error: Error number (if applicable). Description: Sender Recipient pair or a description of the delivery result. The following filtering options are also available for narrowing down the scope of the query and report size. IP: Filters for IP addresses. Start: Filters out records with a timestamp value older than the input start date. Duration: Filters out records with a timestamp value earlier than the input end date. Note: Using an empty filter field value will result in all records being selected and no filter will be applied against the corresponding field (sender, recipient or timestamp). Delivery Errors The Delivery Errors report will produce a list of all outgoing SMTP connections which encountered failures during processing. For each delivery failure, a group of records with identical message ID(s) is displayed to include the original sender/recipients information, the erroneous connection attempt(s) along with their corresponding error numbers and descriptions. Choose from the following fields to generate your report: Timestamp: The date and time when the message entered the system. ID: The ID of the message. Error: Error number (if applicable). Description: Sender Recipient pair or a description of the delivery result. The following filtering options are also available for narrowing down the scope of the query and report size: IP: Filters for IP addresses. Start: Filters out records with a timestamp value older than the input start date. Duration: Filters out records with a timestamp value earlier than the input end date. 147 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Note: Using an empty filter field value will result in all records being selected and no filter will be applied against the corresponding field (sender, recipient or timestamp). Message Tracking New in Netmail 5.2 Netmail Secure tracks inbound and outbound message traffic. To access the tracking information, select the Message Tracking tab. It is possible to search using the sender, recipient, host, message ID, and date range criteria. Once you have obtained your search results, you can click View Selected next to individual messages to view detailed message tracking information. 148 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Troubleshooting The Updates feature of Netmail Secure allows system administrators to update their Netmail Secure license as well as update their Netmail Secure software at any time to ensure that they are using the most recent version of the Netmail Secure software. To use the Netmail Secure Updates feature, choose the Netmail Platform > Updates tab in the Netmail Administration Console. In this section: License Information Version Information Backup Change Password Diagnostics Search License Information The License section displays up-to-date information for the following items onscreen: Maximum number of users. Number of enabled users. Days remaining before your license expires. Expiry date of your license. Warning: When your number of enabled users exceeds the maximum number of users allowed by your license, Netmail Secure will continue to run for one week, and then shutdown. To avoid a shutdown, please contact Messaging Architects regarding your license. 149 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Note: After a new installation of Netmail Secure, license information will not be displayed until Netmail Secure’s Quarantine Management Agent runs. By default, it runs at 1 a.m. To change the default run time, navigate to Servers > <Cluster Name> > Quarantine Management Agent. Updating Your License The Update License feature of Netmail Secure allows you to manually update your license information onscreen. Your license count is updated each time the Quarantine Management runs. To update your license, click Update License. Version Information The Version Information section displays up-to-date version information for your Netmail Secure software onscreen. If a new version of the Netmail Secure software is available, this information will be displayed onscreen. Updating Your Software To update your Netmail Secure software, click Update Netmail Secure. Backup The Backup feature of Netmail Secure allows system administrators to create a Netmail Secure backup file as well as manage their existing Netmail Secure backup files. To use the Netmail Secure Backup feature, choose the Netmail Platform > Backup tab from the Netmail Administration Console. To create a new backup file: 1. Enter the name of your new file in the Create Backup field. 2. Select which objects you want to back up. 3. Click Create Backup. To manage your backup files: 1. If you want to upload a backup file from your computer, next to Backup File, click Browse to browse to the location of your backup file. Your backup file will now appear in the backup repository dropdown list. 2. Select which option you want from the available options: Restore, Download, or Delete. 150 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Restore: If you want to restore a file that you have previously backed up, select the backup file in the backup repository dropdown list, and click Restore. Download: If you want to download a backup file from the backup repository list, select the backup file in the backup repository dropdown list, and click Download. Change Password The Change Password feature allows system administrators to change their password for logging in to the Netmail Administration Console. To do so, select the Netmail Platform > Change Password tab. In the Password field, enter your current password. Then enter and confirm your new password, and click Change Password. Diagnostics New in Netmail 5.2 The Diagnostics tab allows you to test your Netmail Secure system to verify that it is handling mail correctly, as per the policies you have defined. 151 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide After the initial setup of Netmail Secure, select the Trial of functionality option, enter an email address (mailbox) that you want to use for the test, and then click Test. Netmail Secure will create the user and then apply all the policies you have created to the email address you have specified. This version of the diagnostic test was built mainly for prospective customers who wish to have an overview of the capabilities of Netmail Secure. The Basic diagnostic option performs essentially the same test as the Trial of functionality option, except that the user is not created; you need to use a real user of your email system. This version of the diagnostic test can verify that all expected policies are in effect. Once you have launched the test, a Job Status window opens, displaying the test progress and results. Once the test is complete, you can log in to the test user's mailbox and quarantine to view the results. You (the administrator) should also receive a Quarantine Report, an Executive Report, and an email with information about your Netmail Secure system. 152 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Search The Search feature allows system administrators to search Netmail Secure for domain names, groups, users, policies and containers, servers, and alerts. To do so, select the Secure object and then the Search tab. Next to Search Type, use the dropdown list to select the type of item you want to search for, and then specify a Search Value (or leave this field blank). Click Search. The search results will appear on the left-hand side of the Netmail Administration Console. 153 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 154 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Appendix A - Configuring Netmail Secure with Your Email System Netmail Secure can be configured with the following email systems: GroupWise - GWIA Lotus Domino - SMTP Lotus Domino - LDAP GroupWise GWIA Configuration Before you can send messages to the GroupWise system, a few configuration modifications to the GroupWise GWIA need to be made. From ConsoleOne, open the Properties of GWIA (Internet Gateway) dialog box. Receive Threads Netmail Secure uses temporary SMTP connections to perform pre-authentication for incoming users. The Netmail Secure server will use up to 4 SMTP receive threads on the GWIA gateway for each processor in the Netmail Secure server. This means that a hyper-threaded dual processor Netmail Secure system could potentially use up to 16 receive threads on the GWIA. To compensate for this and the increased delivery rate, you will need to increase your GWIA receive threads accordingly. Note: Messaging Architects recommends a minimum of 20 receive threads and higher if there are multiple processors in your server. To increase your GWIA receive threads, specify the number of receive threads under SMTP/MIME > Settings in the Properties of GWIA dialog box. Mail Forwarding 155 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Should you wish to have Netmail Secure scan and handle all outbound GroupWise messages, you can specify Netmail Secure as the mail forward host within GWIA. This will force GWIA to forward all messages to Netmail Secure for delivery. The advantages of having Netmail Secure control outbound delivery include: outbound virus scanning and content filtering of messages, inclusion of corporate footer on all outbound messages, centralized control of all inbound and outbound messages, and the benefits of the granular delivery retry and warning message capabilities of Netmail Secure. To configure GWIA to relay outbound mail through Netmail Secure, specify the IP address of the Netmail Secure server under SMTP/MIME Settings in the Properties of GWIA dialog box. Security Settings When receiving messages from Netmail Secure, GWIA security settings should be disabled because Netmail Secure is performing these tasks. These include de-activating any mailbomb protection and sender validation checking under SMTP/MIME > Security Settings in the Properties of GWIA dialog box. Blacklists should also be disabled. Undeliverable Mail Netmail Secure utilizes a mechanism to validate recipient email addresses by querying the GWIA. The GWIA setting to Forward Undeliverable Inbound Messages to Host (/fut switch in GWIA.CFG) can interfere with this mechanism and should not be used in conjunction with Netmail Secure. Undeliverable messages will be rejected by Netmail Secure with the proper SMTP response being provided to the sending host. Ensure that the Forward Undeliverable Inbound Messages to Host setting is cleared under SMTP/MIME > Undeliverables in the Properties of GWIA dialog box. 156 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Rule Generated Mail When a GroupWise rule sends a mail to the Internet, the address it is sent from can cause problems (see Novell TID 10100683). The mail may be sent from [email protected] or [email protected] for example. This can cause the mail to be rejected by Netmail Secure as it is not for a valid user or domain. To avoid this, you should configure your GroupWise system to send rule generated mail with the user's email address by selecting Use GroupWise user address as Mail From: for rule generated messages under SMTP/MIME > Address Handling in the Properties of GWIA dialog box. 157 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Netmail Secure Authentication Settings Within the domain configuration of Netmail Secure, you can specify the Authentication Settings to be used by Netmail Secure for this domain. When the domain is being handle by a GroupWise system, you should select SMTP as the Authentication Type. In the SMTP Authentication Settings, the Hostname or IP address setting should point to your GroupWise GWIA. Note: GroupWise offers considerable flexibility in the possible email addresses which are valid for incoming mail, such as [email protected], [email protected], etc. One side effect of this flexibility is that it is possible to end up with addresses which cannot uniquely be resolved to a single mailbox. In such scenarios, GWIA will reject the address as undeliverable, and in turn Netmail Secure would reply with an SMTP 550 Mailbox Not Found message. GroupWise provides mechanisms to avoid such conflicts by allowing overrides on Internet Addressing. At the user level, these overrides can set that incoming mail recipients are known exclusively by a specific email domain. In such a way it would be possible to have two users named John Smith on your system but each have a unique email address, such as [email protected] and john.smith@d omainb.com. In this type of scenario, the domain is a critical part in guaranteeing uniqueness and so Netmail Secure must be set to Include Domain in the Authentication Settings to avoid email being rejected by GWIA. Lotus Domino SMTP Configuration Before you can send messages to the Lotus Domino system, you must make a few configuration modifications to the Lotus Domino Administrator. Enabling a server to receive mail sent over SMTP routing To set up a server to receive SMTP-routed messages, you must enable the SMTP Listener. Then the server can "listen" for SMTP traffic over the TCP/IP port (usually port 25) and receive SMTP messages in the MAIL.BOX database(s). Enabling the SMTP listener causes the server SMTP task to start up automatically every time the server starts. To enable the SMTP Listener: 1. From the Lotus Domino Administrator, click the Configuration tab and then expand the Server section. 2. Select the Server document to be edited and then click Edit Server. 158 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 3. On the Basics tab, enable the SMTP Listener Task so that the server can receive messages routed via SMTP routing. Verifying that Local Domain Recipients Exist in the Domino Directory After you enable the SMTP Listener Task, you must enable the Verify that local domain recipients exist in the Domino Directory option on the SMTP server that is routing SMTP Inbound traffic. Enabling this option specifies that the SMTP Listener checks recipient names specified in RCPT TO commands against entries in the Domino Directory. If the domain part of the recipient’s address specified in an SMTP RCPT TO command matches one of the local Internet domains, the SMTP Listener checks all configured directories to determine whether the specified recipient is a valid user. If all lookups complete successfully and no matching username is found, the SMTP server returns a 550 permanent failure response indicating that the user is unknown. To enable the Verify option: 1. Make sure you already have a Configuration Settings document for the server(s) to be configured. 2. From the Domino Administrator, click the Configuration tab and then expand the Messaging section. 3. Choose Configurations. 4. Select the Configuration Settings document and then click Edit Configuration. 5. Click the Router/SMTP - Basics tab. 6. Select Restrictions and Controls tab. 7. Select SMTP Inbound Controls tab. 8. Enable Verify Local Domain Recipients Exist, so that messages addressed to local recipients that can not be resolved are not accepted. Supporting Inbound SMTP Extensions Lotus Domino supports a number of extended SMTP (ESMTP) functions. These include the ability to combine commands, set the server to check message size before accepting transfer, create a secure SSL connection with another server, and create delivery status notifications in MIME format. To enable or disable each of these options in the Configuration Settings document for the server or servers for which you want to use these extensions: 1. Make sure you already have a Configuration Settings document for the server(s) to be configured. 2. From the Domino Administrator, click the Configuration tab and expand the Messaging section. 3. Click Configurations. 4. Select the Configuration Settings document for the mail server or servers you want to administer, and click Edit Configuration. 5. Click the Router/SMTP >Advanced >Commands and Extensions tab. 6. Enable VRFY command to ensure that Domino accepts inbound requests to verify user names. 7. Select SSL Negotiated over TCPIP Port, and choose one of the following options: Enabled: Domino supports the STARTTLS command, allowing it to create an encrypted SSL channel over the SMTP TCP/IP port. Required: Domino accepts inbound SMTP connections over the TCP/IP port only from hosts that issue the STARTTLS command. 8. Click Save and Close. SMTP Authentication To enable name and password authentication for SMTP inbound mail: 1. From the Lotus Domino Administrator, click the Configuration tab and then expand the Server section. 2. Select the Server document to be edited and then click Edit Server. 3. Select the Ports tab. 4. Select the Internet Ports tab. 159 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 5. Select the Mail tab. 6. Under Authentication options, change SMTP Inbound Name & Password to Yes. Enable Full Name Lookup Address lookup specifies how the Router searches the Domino Directory to determine the Notes recipient of an inbound Internet message. Choose one: Fullname then Local Part (default): The Router first searches the Domino Directory for a match for the full Internet address ([email protected]). If no match is found, it searches the directory again, looking for a match for the local part of the address only. Fullname only: The Router searches the Domino Directory for full Internet addresses only. For example, it searches for '[email protected]' but not for 'user.' If an exact match is not found and the domain suffix is equivalent to an Internet domain alias defined in the Global domain document, a secondary search is performed using the domain suffix of the primary Internet domain. Local Part only: The Router searches the Domino Directory for a match of the local part of the Internet address, that is, the part before the @ symbol. Local part matching matches periods and underscores in the address with spaces in the directory. Note: Messaging Architects recommends that you choose Fullname then Local Part. Lotus Domino Outbound SMTP Configuration To configure Lotus Domino to send mail through Netmail Secure, you must specify the IP address or host name of Netmail Secure in the Configuration Settings document. Note: Each SMTP mail server has its own Configuration Settings document, so you must specify the IP address or host name of Netmail Secure on all server documents. To set up a relay host: 1. Make sure you already have a Configuration Settings document for the server(s) to be configured. 2. From the Domino Administrator, click the Configuration tab and then expand the Messaging section. 3. Choose Configurations. 4. Select the Configuration Settings document and then click Edit Configuration. 5. Click the Router/SMTP - Basics tab. 6. Under Relay host for messages leaving the local Internet domain, enter the following information: The host name, domain name, or IP address of the server being used. A domain name is a valid entry only if the internal DNS contains an MX record for that domain and can resolve it to a host name. When entering an IP address, enclose it within square brackets; for example, [127.0.0.1]. 7. Click Save & Close. Lotus Domino LDAP Configuration You can do Authenticated or Anonymous queries against the Domino LDAP server. Each domino server should have a replica of the address book on it, so you can point Netmail Secure to the server doing the SMTP Internet routing. Aliases that are defined in the Global Domain Document, are NOT available via LDAP. So if the users are aliased via this method, they will not authenticate. Aliases that are defined in the User Name attribute in the Person Document display in LDAP as a CN. The Short Name attribute in the Person Document display in LDAP as a UID. 160 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Note: If the Address Lookup attribute is set to Full Name then Local Part when you verify a user, if may validate a portion of the username. A good practice would be to add the full internet name for the user in the User Name field. If Only Full Name is set in the Address Lookup field, you MUST specify the entire Internet name in the User Name field to receive outside mail. LDAP Authentication You can set the Domino server to allow User and Password and/or Anonymous access. Then which data fields you allow visible are controlled via an ACL (Access Control List) document. The Access method is set per server. So you need to make sure you are checking the settings for the server which you are attempting to authenticate against. To check or change the LDAP access settings: 1. From the Lotus Domino Administrator, click the Configuration tab and then expand the Server section. 2. Select the Server document to be edited and then click Edit Server. 3. Select the Ports tab. 4. Select the Internet Ports tab. 5. Select the Directory tab. 6. Check Authentication options Settings. Name and Password: Yes/No Anonymous: Yes/No Enabling Internet Passwords for Access to the Quarantine In order for end users to be able to use or access the quarantine application, end users MUST have an Internet Password set on their account. This password, if selected, can sync with the Lotus Notes password, but it must be enabled. If an end user does not have an Internet password, inbound and outbound mail will filter properly, but end users will not have access to the quarantine. 161 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide Appendix B - Custom Policies This section includes general guidelines about security policies and compliance considerations that should be addressed by enterprise level organizations as part of the overall Risk Management strategy of the IT department, as well as several sample email compliance policies. Inbound policies are used to protect the messaging and collaboration system from email-based security threats such as viruses, worms, Trojans, spyware, phishing and other unwanted email whereas outbound policies are implemented to control the content leaving the organization. Netmail Secure facilitates the implementation of email security policies on all inbound and outbound messages to pro-actively filter message content, enforce corporate epolicy and identify policy violations. In this section: Sample Email Compliance Policy for Financial Institutions Sample Email Compliance Policy for Educational Institutions Sample Email Compliance Policy for Corporate Organizations Sample Email Security Policy Sample Group Policy Sample Email Compliance Policy for Financial Institutions The following sample email compliance policy for financial institutions can be created to identify SSN (Social Security numbers) in outbound email messages. 1. Choose Policies > Content Filter > Create Content Filter Policy. 2. Under Name for new object, enter a name for your policy, and then click Create. 3. Select your new policy from the tree menu on the left-hand side of the Netmail Administration Console. 4. Under Action on the Actions tab, select which message action you wish to take on a message which meets this criteria. Depending on your corporate epolicy, you may wish to select from the following options: Delete the Message: This option deletes the message containing the SSN. Use this option alone or use this option in conjunction with the BCC to or the Send Notification option. BCC to: This option allows you to specify where a blind carbon copy of the message should be sent. Use this option notify a designated individual about a violation in corporate epolicy without notifying the sender of the message. Send Notification: This option allows you to choose a Notification policy. Notification policies can be configured to automatically send email notifications to the sender and/or administrators when a message containing an SSN is detected in the system. Notification Policies are created by choosing Policies > Notifications. For more information, see "Notifications". 5. Click Save Changes, and then click the Criteria tab. 6. Under Filter Type, choose Regular Expressions. 7. In the Filter Value text box, enter the following number sequence: [0-9][0-9][0-9].[0-9][0-9][0-9].[0-9][0-9][0-9][0-9]. 8. Click Save Changes to save your policy. 9. Choose Domains. Highlight the name of your domain, and click Assign Policy. 10. In the dialog box that appears, select Content Filter as the policy Type, Outgoing as the Direction of mail flow, and then select the name of the Policy you have just created. Click Assign. 11. To apply the policy to all users in the organization, do not select Allow Override. 12. Click Save Changes to save your changes. Sample Email Compliance Policy for Educational Institutions The following sample email compliance policy for educational and government institutions can be created to look for specific language content in both inbound and outbound email messages. 1. Choose Policies > Content Filter > Create Content Filter Policy. 2. Under Name for new object, enter a name for your policy, and then click Create. 162 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 3. Select your new policy from the tree menu on the left-hand side of the Netmail Administration Console. 4. Under Action on the Actions tab, select which message action you wish to take on a message which meets this criteria. Depending on your epolicy, you may wish to select from the following options: Tag Subject & Deliver to Mailbox: This option allows you to add a disclaimer such as “Warning: Contains Inappropriate Content” to the subject line and deliver the message containing the objectionable language to the recipient’s mailbox. Delete the Message: This option deletes the message containing the objectionable language. Use this option alone or use this option in conjunction with the BCC to or the Send Notification option. BCC to: This option allows you to specify where a blind carbon copy of the message should be sent. Use this option notify a designated individual about a violation in epolicy without notifying the sender of the message. Send Notification: This option allows you to choose a Notification policy. Notification policies can be configured to automatically send email notifications to the sender and/or administrators when a message containing objectionable content is detected in the system. Notification Policies are created by choosing Policies > Notifications. For more information, see "Notifications". 5. Click Save Changes, and then click the Criteria tab. 6. Under Ignore Messages, select Ignore SPAM, Ignore Virus, and Ignore Blocked Attachment so that the policy will only act on messages which were not caught by the Anti-Spam, Anti-Virus, or Attachment Blocking engines. 7. Under Filter Type, choose Keywords. 8. In the Filter Value dialog box, enter keywords that fall under the objectionable content category for which you want to filter. For example, if you want identify messages containing inappropriate language content for students in an educational setting, enter those keywords in the list box. 9. Click Save Changes to save your policy. 10. Choose Domains. Highlight the name of your domain, and click Assign Policy. 11. In the dialog box that appears, select Content Filter as the policy Type, Outgoing as the Direction of mail flow, and then select the name of the Policy you have just created. Click Assign. This will apply your policy to all outbound mail. 12. To apply the policy to all users in the organization, do not select Allow Override. 13. Click Save Changes to save your changes. 14. To apply your policy to inbound mail, click Assign Policy. 15. In the dialog box that appears, select Content Filter as the policy Type, Incoming as the Direction of mail flow, and then select the name of the Policy you have just created. Click Assign. 16. To apply the policy to all users in the organization, do not select Allow Override. 17. Click Save Changes to save your changes. Sample Email Compliance Policy for Corporate Organizations The following sample email compliance policy for corporate institutions can be created to append a custom footer, such as a message disclaimer, to all outbound email messages. 1. Choose Policies > Content Filter > Create Content Filter Policy. 2. Under Name for new object, enter a name for your policy, and then click Create. 3. Select your new policy from the tree menu on the left-hand side of the Netmail Administration Console. 4. Under Action on the Actions tab, select which message action you wish to take on a message which meets this criteria. To append the footer to all outbound messages, choose the following option: Deliver to Mailbox: This option appends the disclaimer to the bottom of all outbound email messages and delivers the message to the recipient’s mailbox. 5. Click Save Changes, and then click the Criteria tab. 6. Under Non-Matching Messages, select Footer. 7. Enter the text of your footer in the available list box, such as a message disclaimer. The disclaimer text is usually a notice used to protect companies from any legal ramifications. When deciding on the text of the disclaimer text, you should consider all possible interpretations of the text and make sure that it complies with the corporate epolicy. This disclaimer text will be appended to the bottom of all outbound email 163 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide messages. 8. Click Save Changes to save your policy. 9. Choose Domains. Highlight the name of your domain, and click Assign Policy. 10. In the dialog box that appears, select Content Filter as the policy Type, Outgoing as the Direction of mail flow, and then select the name of the Policy you have just created. Click Assign. This will apply your policy to all outbound mail. 11. To apply the policy to all users in the organization, do not select Allow Override. 12. Click Save Changes to save your changes. Sample Email Security Policy The following sample email security policy should be created if end users are allowed to create IMAP folders to receive their Anti-Spam quarantine in their mail client. This policy ensures that email messages containing viruses are not delivered to end user mailboxes. 1. Choose Policies > Anti Virus > Create Anti Virus Policy. 2. Under Name for new object, enter a name for your policy, such as Delete, and then click Create. 3. Select your new Delete policy from the tree menu on the left-hand side of the Netmail Administration Console. 4. Under Action, select Delete the Message. This option deletes the message containing the virus. 5. Click Save Changes to save your policy. 6. Choose Domains. Highlight the name of your domain, and click Assign Policy. 7. In the dialog box that appears, select Virus as the policy Type, Incoming as the Direction of mail flow, and then select the name of the Policy you have just created. Click Assign. This will apply your policy to inbound mail. 8. To apply the policy to all users in the organization, do not select Allow Override. 9. Click Save Changes to save your changes. Sample Group Policy The Sample Group policy can be implemented when you want apply unique policy settings to a group of selected users within an organization, but not to the entire organization. The following scenario describes how to override an Attachment Blocking policy for members of the Marketing group. 1. To create a Marketing group, choose Domains. Highlight the name of your domain, and then click the Users tab. 2. Click Create a Group. 3. Under Group Name, enter a name for the group, such as Marketing. Click Create Group. 4. Highlight the Marketing group you just created, and then click the Users tab. 5. To add users to the group, you can either click Create a User to create a new user or Import Users to import an existing list of users from a .c sv file. 6. Click Save Changes to save your settings. 7. By default, the Images Attachment Blocking Policy Templates come pre-configured with a list of image file attachments, such as *.gif, *.jpg and *.jpeg files, that are forbidden from entering your messaging and collaboration system. You may, however, wish to override these policies for members of the Marketing group who need to access image files for marketing collateral. To do so, you can create a custom Attachment Blocking policy for the Marketing group: Choose Policies > Attachment Blocking > Policy Templates > Images > CreateAttachment Policy. 8. Under Name for new object, enter a name for your policy, and then click Create. 9. Select your new policy from the tree menu on the left-hand side of the Netmail Administration Console. 10. On the Actions tab, you can specify any Forbidden Filenames or Forbidden Mime Types you want to apply to your Marketing group, and then select the Message Action you want the policy to take. Click Save Changes. On the Exceptions tab, specify any Allowed Filenames or Al lowed Mime Types you want to apply to your Marketing group. Click Save Changes to save your policy. 11. Select Domain, and highlight the Marketing group you created. 164 Copyright © 2013, Messaging Architects. Updated: 10/05/2013 Netmail Secure 5.2 Administration Guide 12. Click the Policies tab. 13. Under Policies in Effect, click Assign Policy to assign the new Attachment Blocking policy you just created to the group. 14. In the dialog box that appears, select Attachment as the policy Type, Incoming or Outgoing as the Direction of mail flow, and then select the name of the Attachment Blocking Policy you created. Select the Overwrite existing assignments of this type option. Your new Attachment Blocking policy will overwrite any existing Attachment Blocking policies that have been inherited from the Domain to which the group belongs. Click Assign. Note: Alternatively, you can choose to first Disable all Attachment Blocking policies that have been inherited from the Domain before assigning a new policy to the group. In this case, you would not need to choose the Overwrite existing assignments of this type option, and any disabled policies could be re-enabled in the future. The Allow Override option for the Attachment Blocking policy at the Domain level must be selected in order for the Disable butto n to appear next to the Attachment Blocking policy at the Group level. If this option is not selected, you will not be able to disable the policy at the Group level. 15. Click Save Changes to save the changes you made to the group. 165 Copyright © 2013, Messaging Architects. Updated: 10/05/2013