Starter Guide.
Remote Administration Permissions
Table 3-22 describes the remote administration permissions you can set, and which method of remote access you can use for each permission setting.
Table 3-22 Remote administration permissions
Permission setting Access Access method
All Permissions All of the permissions on the list below.
Web
View and work with isolated e-mails using Message Administrator functions. You can select to enable the administrator to use the Message Search function, queues and logs, or only have access to either the queues or the logs.
See Message Administrator on page 229 for more information about Message Administrator.
Yes Yes
Rules Administration Create and manage rules to enforce your organization’s AUP using Rules Administrator functions.
See The Rules Administrator on page 113 for more information about Rules Administrator.
No Yes
System The administrator can: No Yes
Adding a Remote Administrator Account
To use Remote Administration you need to add administrator accounts and set their permissions. If there are no administrator accounts, Remote Administration is unavailable.
To add a remote administrator account:
1 In the Server Configuration console, select Administration > Configuration
2 Click Add…
Dictionary Management
Manage Dictionaries and their content.
See Dictionary Management on page 255 for more information.
Yes Yes
User Management Set administrative access to E-mail Filter. No Yes Table 3-22 Remote administration permissions (Continued)
Permission setting Access Access method
3 The User Profile dialog box is displayed.
4 Enter a user name, password and e-mail address for the administrator.
The password must have at least six characters.
5 Select the permissions for the administrator. See Table 3-22 on page 91 for a list of permissions.
The Queues list displays the queues that are available to the administrator. Use Queue Management to change these settings. See Queue Management on page 64.
6 Click OK.
Editing a Remote Administrator Account
To edit a remote administrator account:
1 In the Server Configuration console, select Administration > Configuration
2 Select an administrator from the list, and then click Edit...
3 The User Profile dialog box is displayed.
4 Change the user details or the permissions as needed.
5 Click OK.
Deleting a Remote Administrator Account
To delete a remote administrator account:
1 In the Server Configuration console, select Administration > Configuration
2 Select an administrator from the list, and then click Delete...
3 To delete the profile, click Yes in the confirmation pop-up.
C ERTIFICATE M ANAGEMENT
You need to use a certificate for the TLS and SMTPS security features in the Send and Receive services.
SurfControl supports two types of certificate:
• Self-signed – Self-signed certificates are useful to secure internal e-mail traffic between mail servers because verification/authentication is not an issue; all servers are owned by the company, and therefore trusted.
• CA (Certification Authority) signed – You can buy a certificate from a CA, such as Thawte or Verisign.
To obtain a certificate, you need to submit a CSR (certificate signing request) to the CA. These CAs will only issue a certificate if they are satisfied that you own the domain that the certificate is being issued for.
Figure 3-17 shows a typical Certificate Management dialog box if there is no certificate installed and there is no pending certificate signing request (CSR).
Figure 3-17 Administration - Certificate Management
If there is a certificate installed, or a certificate is installed with a pending CSR, or there is a pending CSR and no certificate installed, the relevant details are displayed.
Note: Prior to managing E-mail Filter certificates, you must log in with the same user account that was specified during installation configuration. See the SurfControl E-mail Filter Starter Guide for details. If you are logged in as a different user, TLS is not enabled and you will not be able to use your certificate, whether it is self-signed or CA signed.
Using the Certificate Wizard
When you click Certificate Manager, the Certificate Wizard opens.
Figure 3-18 Administration Certificate Management - Certificate Wizard
The options available depend on the status of your certification. Using the Certificate Wizard, you can:
• Create a CSR.
• Create a self-signed certificate and install it.
• Assign an existing certificate, if you have one saved.
• Process a pending CSR and install the certificate.
• Delete a pending CSR.
• Remove the current certificate.
Creating a Self-signed Certificate or CSR
To create a self-signed certificate or CSR, you need to enter the following information in the Certificate Wizard:
Caution: If you do not have a certificate installed, your server will not be able to send or receive e-mail securely.
• The number of bits to be used to generate the certificate. The certificate is more secure if you select a higher number.
Default = 1024
• The name of your organization and your organizational unit (division or department).
• Your geographical information.
CSR only. If you are creating a CSR, you also need to enter a file name (format *.txt) for the request file.
Either accept the default file name, or enter or browse to the location of an existing file.
When you have saved the file, you can send it (for example, by e-mail) to your CA.
Assigning an Existing Certificate
If you have an existing certificate, you can select the file from a list of available certificates in the Certificate Wizard.
Processing a Pending CSR
If you select to process a pending CSR using the Certificate Wizard, you will enter or browse to the location of the .cer file that you received from the CA.
Deleting a Pending CSR
If you select to delete a pending CSR using the Certificate Wizard, any data from the pending CSR is removed, and you will not be able to process any future responses.
Removing a Current Certificate
If you select to remove a current certificate using the Certificate Wizard, the current certificate is removed from the server.
Note: A higher strength security key might decrease performance.
Note: You might want to notify your CA that your CSR has been deleted.
Caution: If you do not have a certificate installed, your server will not be able to send or receive e-mail securely.
C ONFIGURATION C OMPLETE
When you have completed all your server configuration changes, click OK to confirm your changes. The following message is displayed.
Figure 3-19 Configuration update message
E-mail Filter will then stop and restart any services that have changed in their configuration.
You are now ready to begin filtering and monitoring e-mail.
B ACKING U P Y OUR S ERVER C ONFIGURATION
You can back up the configuration settings you have chosen so that you can replicate it on other servers or restore it if, for any reason you have to reinstall E-mail Filter.
Please see the Database Management Guide for details of how to use the database management utilities.
The E-mail Monitor
In This Chapter . . . .page 102 Opening the Monitor . . . .page 102 Parts of the Monitor Window . . . .page 102 QueueView . . . .page 107
I N T HIS C HAPTER
This chapter explains how to use the Monitor to view the progress of e-mails as they pass through E-mail Filter.
O PENING THE M ONITOR
To open the Monitor, select
Start > SurfControl E-mail Filter > Monitor The Monitor window is displayed.
P ARTS OF THE M ONITOR W INDOW
The Monitor window is divided into panels, each showing information about a different part of the filtering process. Figure 4-1 shows the default layout of the panels.
Figure 4-1 The Monitor
You can drag the Server Status and Queue Statistics panels anywhere on the desktop. To hide or show
Receive panel: how long each E-mail Filter service has been running for, and keeps count of all the actions applied to each e-mail.
Service Panels
Queue statistics panel:
shows how many e-mails are held in each queue.
Status bar: shows the status of the Receive, Rules and Send services
The following sections explain the parts of the monitor window in more detail.
S ERVICE P ANELS
There are three service panels, which show the progress of e-mails through E-mail Filter.
Clearing the Service Panels
To clear the service panels of all information:
1 Right-click a service panel. A shortcut menu is displayed.
2 Select Clear Console.
The information is cleared from the selected panel.
3 When there is a new event, for example, the service is restarted or the service handles an e-mail, log entries are again displayed in the service panel.
4 To clear all three service panels simultaneously, select View > Clear Status Windows.
Copying Service Panel Information to the Clipboard
You can copy the information displayed in each service panel to the clipboard to paste into another application, for example Notepad.
To copy service panel information:
1 Right-click a service panel. A shortcut menu is displayed.
Table 4-1 The service panels
Panel Information displayed
Receive panel Shows activity by the Receive Service. When a mail server or firewall requests a connection with SurfControl E-mail Filter, a log entry is displayed in this panel.
Rules panel Shows activity by the Rules Service. When E-mail Filter checks an e-mail against enabled rules, a log entry is displayed in this panel. When an e-mail triggers an action (Isolate, Delay, Delete or Allow), the log entry is in red text.
A log entry is also displayed in this panel when you update the Anti-Spam Agent.
Send panel Shows activity by the Send Service. When E-mail Filter delivers an e-mail—including those released from isolate or delay queues—a log entry is displayed in this panel.
Changing the Information Displayed in the Service Panels
You can specify how much detail you want to be displayed in each service panel by changing the logging level. There are four levels.
• Level 0
Level 0 is the lowest logging level. At level 0 you will see only basic information about the status of e-mail processing, for example:
– Blue text to show when the receive service has accepted an e-mail.
– If the e-mail has triggered a rule
– Blue text to show when the send service has sent an e-mail.
• Level 1
With the logging level set to 1 you will see more detailed information about service activity, for example:
– The SMTP conversation between the receive service and the connecting mail client.
– The status of rule the checking process
– The SMTP conversation between the send service and the mail server it is connecting to.
• Levels 2 and 3
Levels 2 and 3 display very detailed technical information sometimes used for diagnostic purposes. If you are discussing an issue with SurfControl Customer Support, you may be asked to increase your logging level to 2 or 3.
Changing the Logging Level. To change the logging level:
1 Right-click the service panel to change. A shortcut menu is displayed.
2 Select Console Logging Level, then select the logging level 0 = least detail
3 = most detail.
3 If you do not want information messages to be displayed, for example notification of configuration reloads, select Hide Info Messages.
Note: SurfControl recommends you keep the logging level set to 0 or 1, unless necessary for support purposes.
T HE S ERVER S TATUS P ANELS
The Server Status panels show information about the running of the services and the connections they are making.
Information Displayed in the Server Status Panels
Table 4-2 describes the information displayed in the Receive service panel.
Table 4-3 describes the information displayed in the Send service panel.
Note: To stop, start and pause services from the Server Status panel, right-click the service, and then select an action.
Table 4-2 Server Status panels – Receive service
Section Information displayed
Uptime Time since the Receive service was last started.
Total messages Number of e-mails handled by the Receive service during Uptime.
Total MB Amount of data in MB handled by the Receive service during Uptime.
Connections Total Total number of connections accepted during Uptime.
Active Number of connections currently active.
Denied Number of connections denied during Uptime.
Table 4-3 Server Status panels – Rules service
Section Information displayed
Uptime Time since the Rules service was last started.
Enabled Rules Number of rules currently enabled.
Messages Pending Number of e-mails in the \In folder awaiting checking against enabled rules.
Table 4-4 describes the information in the Send Service panel.
Clearing the Statistics
If you start the Rules service, the Statistics (Total) and the Statistics (Last hour) displays will reset to 0. To reset these statistics, right-click Rules Service and selecting Clear Statistics.
Statistics (Total) Messages Number of e-mails checked by the Rules service during Uptime.
Isolated Number of e-mails moved to an Isolate folder during Uptime.
Delayed Number of e-mails moved to the Delay folder during Uptime.
Discarded Number of e-mails discarded during Uptime.
Statistics (Last Hour)
Messages Number of e-mails checked by the Rules service in the last hour.
Isolated Number of e-mails moved to an Isolate folder in the last hour.
Delayed Number of e-mails moved to the Delay folder in the last hour.
Discarded Number of e-mails discarded in the last hour.
Table 4-4 Server Status panels – Send service Section Information displayed
Uptime Time since the Send service was last started.
Total Messages Total number of e-mails delivered by the Send service during Uptime.
Total MB Total amount of data in MB handled by the Send service during Uptime.
Active Connections Number of connections currently being made by the Send service.
Messages Pending Number of e-mails in the Out folder awaiting delivery.
Failed – Requeued Number of e-mails that have been requeued because of a temporary failure to connect to the intended mail server.
Dead Messages Number of e-mails that could not be delivered and have been designated dead messages.
Table 4-3 Server Status panels – Rules service
Section Information displayed
Q UEUE S TATISTICS AND S TATUS B AR
The Queue Statistics panel shows information about queue folders and the e-mails held in them. The Status bar shows activity by the Receive, Rules and Send services.
Q UEUE V IEW
If an e-mail cannot be delivered immediately it is held in a queue while E-mail Filter attempts to deliver it.
You can view the status of queued e-mails in the QueueView window.
O PENING Q UEUE V IEW
You can open the QueueView window from the Start Menu, or from within the Monitor.
From the Start Menu
To open QueueView from the Start menu, select Table 4-5 Queue Statistics and Status bar
Area Information displayed
Queue Statistics Shows all the queues currently set up, and the number of e-mails held in each queue.
Double-click on a queue to view the contents in Message Administrator.
Status bar Each box on the status bar shows the status of an E-mail Filter service. From left to right, the boxes show the status of the Receive, Rules and Send services respectively:
• The left field (Receive service) shows the number of current connections to the Receive Service.
• The middle field (Rules service) shows the number of currently active Rules processing threads. This number is equal to the number of e-mails currently being processed by the Rules service.
• The right field (Send service) shows the number of connections being made by the Send service.
• If a service stops, an X is displayed in its status field; if the services is running but connection cannot be made, a question mark is displayed.
• If a service is paused, a ‘P’ is displayed in its status field.
Figure 4-2 shows a typical QueueView window.
Figure 4-2 QueueView window
Q UEUE V IEW W INDOW
You can view information for three types of e-mail message file:
• Queued message files
If E-mail Filter cannot send an e-mail immediately, it is requeued (see Requeuing on page 87) while E-mail Filter makes further attempts to send it.
• Pending message files
Pending messages are e-mails that are waiting for E-mail Filter to make an initial connection with a mail server so that they can be sent. If E-mail Filter attempts to make a connection but is unsuccessful, the e-mail will then be queued.
• Dead message files
If E-mail Filter cannot send an e-mail and the total requeuing period has passed, it is designated a dead message. The e-mail file is given a file extension of .d and held in the \Out folder until you act upon it.
Selecting a Type of E-mail Message to View
To select a type of message file to view:
1 Open QueueView.
2 Select View > Queued files.
The Queued Message Files view is displayed.
3 Select View > Pending files.
The Pending Message Files view is displayed.
4 Select View > Dead files.
The Dead Message Files view is displayed.
Each view is divided into columns showing the following information.
Table 4-6 QueueView columns Column What it shows
File Name The file name of the e-mail. The e-mail is stored under this name in the Out folder.
Date The date that the e-mail was placed in the Out folder
Time The time that the e-mail was placed in the Out folder
You can drag the QueueView columns to rearrange the order.
R E -S ENDING Q UEUED OR D EAD M ESSAGES
You can re-send queued or dead e-mails. This means that SurfControl E-mail Filter will make a further attempt to deliver the e-mail.
To re-sending a queued or dead e-mail:
1 Open QueueView and select the view; either Queued Message Files or Dead Message Files.
2 Select the e-mail to be re-sent. Use Shift or Ctrl to select more than one e-mail.
3 Right-click the selected e-mail. A shortcut menu is displayed.
Attempts The number of attempts that E-mail Filter has made to send the e-mail.
Reason for failure
The reason E-mail Filter was unable to deliver the e-mail, for example if the recipient’s e-mail address is invalid.
Table 4-6 QueueView columns (Continued) Column What it shows
4 Select Resend Message.
5 You are asked to confirm that you want to re-send the selected e-mail.
D ELETING A Q UEUED OR D EAD E- MAIL
You can delete queued or dead e-mails. This means that the e-mail will be irreversibly deleted, and will not be sent.
T delete a queued or dead e-mail:
1 Open QueueView, and then select the view that you want to work with – either Queued Message Files or Dead Message Files.
2 Select the e-mail to be deleted.
Note: When an e-mail is designated a dead message, a failure report is sent to the sender. If you re-send the e-mail and it still cannot be sent, further failure reports will be sent. You should therefore avoid re-sending dead messages unless you are sure that they will be delivered successfully.
4 Select Delete Message.
5 You are asked to confirm that you want to delete the selected e-mail.
You can automatically delete dead messages immediately after the requeuing period has passed. See Dead Messages on page 88.
The Rules Administrator
In This Chapter . . . .page 114 Opening the Rules Administrator . . . .page 114 How E-mail Filter Uses Rules . . . .page 117 Rules Objects. . . .page 118 Building a Rule . . . .page 118 Positioning of Rules . . . .page 124 Pre-defined Rules . . . .page 125 Rule Groups . . . .page 128 Exporting Rules . . . .page 131 Importing Rules . . . .page 132 Configuring the Rules Administrator . . . .page 133
I N T HIS C HAPTER
You use the Rules Administrator to define, create and manage the rules that support your Acceptable Use Policy (AUP). This chapter explains how E-mail Filter uses the rules you specify to check e-mail.
In this chapter you will also learn how to:
• Configure the Rules Administrator to suit your needs.
• Use SurfControl E-mail Filter’s pre-configured rules and rule groups.
• Create your own custom rules using the Rules objects.
• Manage and organize rules for optimum performance.
• Manage and organize rules for optimum performance.