Start Filtering Email
This page is your starting point for filtering email to see how the Proofpoint Messaging Security Gateway (appliance) catches and quarantines spam and messages containing a virus.
You have these choices for getting email into the appliance:
• You can inject sample email provided by Proofpoint into the appliance. This is the fastest way to see messages in the Quarantine, and after an hour or so, you can view graphs and reports describing data collected from the Quarantine. To use this method, click the Filter sample email collection icon.
• You can inject a corpus of email messages that you collected into the appliance. To use this method, you must first create a zip archive that contains a collection of email messages in RFC 822 format. Click the Upload and filter your email icon if you want to use this choice.
• You can set up email forwarding directly from your personal POP account to the appliance for filtering. All email messages directed to your POP account (for example, [email protected], or [email protected]) are forwarded to the appliance, filtered, and then delivered to the email address that you specify for forwarded email. Click the Filter email from any POP account icon to use this method.
Filter Sample Email
Use this page to inject sample email provided by Proofpoint into the appliance.
Enter your email address into the Recipient Email Address field, and click the Start icon. Your email address will be added to the User Repository and you will receive a sample User Digest. The Digest lists the messages addressed to you that have been quarantined because they are spam or contain a virus.
When the message injection process finishes, click the View the Quarantine icon to go directly to the Quarantine to see your quarantined messages.
Note: You need to wait at least one hour before you can create reports.
Be sure to check your email account for a Digest sent to you by the appliance. The Digest contains a list of messages that are addressed to you and are stored in the Quarantine. (The Digest is sent to the email account that you entered into the Recipient Address field.)
Filter Your Email
Use this page to inject your own corpus of email messages into the appliance. Create a zip archive that contains a collection of email messages in RFC 822 format.
Before you create the zip archive, you should clean up the email headers in the corpus. For example, if the messages are addressed to no legitimate recipients, or to multiple recipients, that information is stored in the Quarantine along with the message. If you release a message from the Quarantine, or send Digests to all recipients who have messages in the Quarantine, you can potentially generate countless email bounces.
1. Enter a new email address for the recipient for the filtered email in your corpus. This is an optional but recommended step. For example, if you enter your email address into the Recipient email address (optional) field, the messages injected into the Quarantine from your corpus will be addressed to you, and will show up in your Digest.
2. Enter the directory path and filename for your zip archive into the Filename field, or use the Browse button to locate it.
3. Click the Start icon to begin injecting the messages.
When the message injection process finishes, click the View the Quarantine icon to go directly to the Quarantine to see your quarantined messages.
Note: You need to wait at least one hour before you can create reports.
Be sure to check your email account for a Digest, sent to you by the appliance. The Digest contains a list of messages that are addressed to you. The Digest is sent to the email account that you entered into the Recipient email address (optional) field.
Filter Email from a POP Account
Use this page to set up email forwarding directly from your personal POP account to the appliance for filtering. All email messages directed to your personal POP account (for example, [email protected], or [email protected]) are forwarded to the appliance first, filtered, and then delivered to the email address that you specify for forwarded email.
Note: Some ISPs charge a fee for email forwarding.
You need the following information:
• The name of the mail server for your POP account.
• The user name and password for your POP account.
• Some POP accounts require the port number.
• Some POP servers require SSH for communication.
• A new address to which forwarded email messages will be sent.
To set up email forwarding from a POP account:
1. Fill in the fields according to the information you gathered above about your POP account and ISP.
2. Click Verify POP Settings to check if the appliance can connect to your POP account.
3. Enter a new email address into the Forward email address field. This address should not be the same as your POP account email address.
4. Click the Start icon to configure the POP forwarder.
You can create more than one email forwarding profile. For example, if you have several different POP accounts, you can create a forwarding profile for each one.
Check the Quarantine for messages that were forwarded and filtered by the appliance by clicking Quarantine >
Messages in the navigation pane.
Note: You need to wait at least one hour before you can create reports.
Be sure to check your email account for a Digest, sent to you by the appliance. The Digest contains a list of messages that are addressed to you. (The Digest is sent to the email account that you entered into the Forward email address field.)
Disabling Email Forwarding from a POP Account
If you have more than one email forwarding profile, you can disable all of them at once. Follow these steps:
1. Log in to the appliance.
2. Click the Users link under Groups and Users in the navigation pane.
3. In the User List, click the entry for your email address to see the Attributes pop-up window.
Or select the check box for your account in the User List and click Attributes.
4. Click the Attributes tab in the Attributes pop-up window.
5. Select No for the Enable Forwarder attribute.
6. Click Save Changes.
Follow these steps to disable email forwarding from a specific POP account:
1. Log in to the appliance.
2. Click the Users link under Groups and Users in the navigation pane.
3. In the User List, click the entry for your email address, or select the check box for your account and click Attributes.
4. Click the POP3 Forwarder tab in the Attributes pop-up window.
5. Select the name of the profile you want to disable.
6. Click the Off radio button for the Enable parameter.
7. Click Save Changes.
If several users in your organization have email forwarding profiles, you can disable all of the profiles at once by changing a Global attribute. Follow these steps:
1. Log in to the appliance, and be sure you are in the Advanced mode so you see all of the links in the navigation pane.
2. Click Global under Groups and Users in the navigation pane.
3. On the Groups and Users > Global page, select No for the Enable Forwarder attribute.
4. Click Save Changes.
Chapter 3 - Appliance
Network Interface Settings
After you log in, the data you entered during the initial setup appears on the Appliance > Network > Interface page.
If necessary, you can change the appliance network interface settings.
Providing or Changing Network Interface Settings for the Appliance To enter network interface data for the appliance:
1. If you have a cluster, select the server for which you want to enter or change network data from the Server drop-down list. Click Save Changes after making configurations for each server that you select from the drop-down list.
2. Enter or modify the following parameters for your network:
• Hostname - the name you entered during the initial setup appears For example, proofpointappliance.
Important: To change the hostname of a master Proofpoint Protection Server or an agent in a cluster, see Changing Hostnames for Masters and Agents in this topic.
• Domain Name - the name you entered during the initial setup appears. If necessary, enter a different domain name. Enter a Fully Qualified Domain Name (FQDN). For example, example.com. (Do not enter an IP address or hostname.)
• DNS Settings - Primary Name Server, Secondary Name Server, Tertiary Name Server. By default the IPv4 address for the public Primary Name Server appears or the address or addresses you entered during the initial setup. The secondary and tertiary name servers are optional. Change or add addresses as necessary. (Use IPv4 addresses; do not use domain names or IPv6
addresses.)
Depending upon how your network is set up, the DNS servers may not recognize the IP addresses or hostnames of the Proofpoint Protection Servers on your network. In this case, you will want to add the IP address and hostname or hostnames of each Proofpoint Protection Server to the Hostname Override text box. The data that you enter in the Hostname Override text box populates the /etc/hosts file on the appliance.
Enter the IP address first, and then a blank space followed by the hostname or hostnames for each Proofpoint Protection server. Entering a fully-qualified domain name (FQDN) is preferable, but the system will accept IP addresses and hostnames.
For example:
10.10.10.10 pps1 proofpointmaster
10.10.10.02 pps2 proofpoint2 proofpointagent 10.10.10.03 proofpoint3.proofpoint.com
You must enter an IP address and at least one hostname for each Proofpoint Protection Server.
Configuring Appliance Network Interfaces
The appliance supports a minimum of two network interfaces, network 1 and network 2, depending upon how the appliance hardware is configured. The IPv4 network address and netmask addresses you entered during the initial setup appear on the Appliance > Network > Interface page. Each Ethernet port installed on an appliance displays as a separate network interface on the Appliance > Network > Interface page. Configure each one separately.
Network 1 is always in use; it cannot be disabled. Network 2 is optional. If you do not enter an IPv4 network address and netmask for Network 2, or for any additional network interfaces, they will be disabled.