The administrators of each organization can create a master LDAP group that encompasses all their users and groups. That master group can then be used to administer Email Security settings across the organization, even if there are multiple domains. With a group that contains all the members of the LDAP, the administrator effectively administers the LDAP.
Users
When an administrator logs in and views the Users page, she sees all the email addresses that exist on that instance of SonicWALL Email Security. The administrator can then narrow the view to only the entries from that LDAP.
Note:
The Using Source selection allows administrators to access users who were added directly to SonicWALL Email Security, and did not come in through an LDAP entry. These entries will not be deleted with an LDAP deletion.
To filter the user view setup by source 1. Log in as the Email Security administrator.
2. Click Users & Groups and then Users.
3. Scroll down to User View Setup.
4. From the Using Source drop-down menu, choose the LDAP source associated with the users you want to view. Click Go.
You will see only the users associated with that LDAP source. The list of users can be sorted by user name, primary email address, user rights, or source. If you have already filtered by source, sorting by source will not retrieve anything outside the filter.
To sort a list of users, click on the column heading that describes the sort type. Click again to sort in reverse order.
Each LDAP user record has a checkbox next to it. To edit a user or users, check the box. If you select one user, you can log in as that user or edit that user’s rights, for example, to elevate them to group admin or help desk-level rights. If you select more than one user, you can only change their message management style to the default style.
Because there are usually many records in an LDAP source, SonicWALL Email Security has provided several ways of looking for a specific user.
To find a specific user
1. Log in as the Email Security administrator.
2. Click Users & Groups and then Users.
3. Scroll down to User View Setup.
4. From the Find all users in column drop-down menu, choose either the username or the primary email address to search on.
5. Choose which type of search you want. Exact matches are the fastest, but matches contain your search term may help you more if you cannot remember the exact username or address you are looking for.
6. Enter your search term.
7. Click Go. You will see the users who mach your search criteria.
If you want to add a user who does not appear in the automatically-generated list from your LDAP, you can choose to manually add an account. If an LDAP is not provided, the user will be added to the default LDAP source. You cannot add users to your LDAP from the SonicWALL Email Security interface.
To add a user
1. Log in as the Email Security administrator.
2. Click Users & Groups and then Users.
3. Scroll down to User View Setup.
4. Click Add.
5. Enter the user’s fully-qualified email address, choose a source (if any), and any aliases you wish to associate with the user.
To delete a user
1. Log in as the Email Security administrator.
2. Click Users & Groups and then Users.
3. Scroll down to User View Setup.
4. Select the user you wish to delete. Deleting a user will not remove the user’s LDAP entry, only the entry in the Email Security.
5. Click Add.
Groups
Administering groups
Use groups within SonicWALL Email Security to incorporate or extend existing LDAP groups. You can also change a group’s security role in SonicWALL Email Security and view the membership of a group.
To filter the group view by source 1. Log in as the Email Security administrator.
2. Click Users & Groups and then Groups.
3. Scroll down to Assign Roles to Groups Found in LDAP.
4. From the Using Source drop-down menu, choose the LDAP source associated with the groups you want to view. Click Go.
5. If you do not see the group you want, click the Add Group button. You can choose an existing group from one of your sources. You cannot create a group that does not exist.
You can change each group’s role in SonicWALL Email Security. Email Security roles determine a user’s permissions to change Email Security settings, including user settings.
To change a group’s role
1. Log in as the Email Security administrator.
2. Click Users & Groups and then Groups.
3. Scroll down to Assign Roles to Groups Found in LDAP.
4. Select the box next to the group you want to change.
5. Click Edit Role.
6. In the pop-up window, choose the role you want that group to have. You can choose only one role per group. If a user is in multiple groups, permissions are granted in the order in which the groups are listed in the user’s profile.
7. Click Apply Changes. You will see a status update at the top of the page.
You can view the members of a group in SonicWALL Email Security.
To view the members of a particular group 1. Log in as the Email Security administrator.
2. Click Users & Groups and then Groups.
3. Scroll down to Assign Roles to Groups Found in LDAP.
4. Select the box next to the group you want to see the membership of.
5. Click List Members.
You will see a pop-up window that lists the group’s membership by primary email address.
Setting Junk Blocking by Group
You can use the existing LDAP groups to configure the filtering sensitivity for different user groups.
For example, your sales group might need to receive email written in foreign languages.
To set junk blocking by group
1. Log in as the Email Security administrator.
2. Click Users & Groups and then Groups.
3. Scroll down to Set Junk Blocking Options for Groups Found in LDAP.
4. Under Using LDAP, select your LDAP.
5. Select a group to edit.
6. Click Edit Junk Blocking Options. You will see the Group Junk Blocking Options window.
Follow the recommendations described in Chapter 5, “Anti-Spam Anti-Phishing Techniques” .
Policy Groups
To manage policy groups from multiple LDAP servers 1. Log in as the Email Security administrator.
2. Click Policy and Compliance and then Policy Groups.
3. Select the LDAP source and click the Go button. You are connected to that LDAP server.
4. Click the Add Group button. The groups on that LDAP server are retrieved and presented to you.
5. Choose the groups you want to add policies to.
6. When you have selected the groups, click the Add Group button. Your groups are added.
7. You can now apply policies to these groups. If a user is a member of more than one group, actions will only be taken on the first group the system reads.
Email Address Rewriting
In a multiple LDAP server environment, administrators can map incoming or outbound email addresses to new apparent domains. This feature also allows you to expand an email list into its constituent members.
To configure Email Address Rewriting on a per-LDAP basis:
1. Log in as the Email Security administrator.
2. Click System and then Network Architecture.
3. Scroll down and click the Email Address Rewriting button.
4. Click the Add New Rewrite Operation button.
5. In Type of Operation, choose LDAP Rewrite to Primary. If you are on the Inbound tab, you could also choose LDAP Email List Expansion.
6. Enter the information for the operation you have chosen.
7. Enter a name for the rewrite operation.
8. Click Save This Rewrite Operation.