User Guide. MailMarshal SMTP. Version 6.0

(1)

User Guide

MailMarshal SMTP

(2)

THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, MARSHAL LIMITED PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.

This document and the software described in this document may not be lent, sold, or given away without the prior written permission of Marshal Limited, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of Marshal Limited. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. Marshal Limited may make improvements in or changes to the software described in this document at any time.

U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government’s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.

Check Point, FireWall-1, VPN-1, Provider-1, and SiteManager-1 are trademarks or registered trademarks of Check Point Software Technologies Ltd.

Firewall Suite, MailMarshal, Security Reporting Center, and WebMarshal are trademarks or registered trademarks of Marshal Limited. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.

(3)

iii

Chapter 1

Introduction

1

What Is MailMarshal? ... 2

What Does MailMarshal Provide? ... 2

How MailMarshal Helps You ... 4

How Customers Use MailMarshal ... 4

Legal Firm Gains Immunity From Network Issues ... 5

Electronic Fulfillment House Optimizes Email Usage ... 6

MailMarshal Customers Save Time and Money ... 6

How MailMarshal Works ... 7

Servers ... 8

Configuration ... 9

Monitoring and Reporting ... 9

(4)

Chapter 2

Planning Your MailMarshal Implementation

11

Deployment Checklist ... 12

Understanding Deployment Scenarios ... 12

MailMarshal as an Internal Email Relay ... 13

MailMarshal as the Only Email Server ... 14

MailMarshal and Other Software on the Same Server ... 15

MailMarshal in a Distributed Array of Servers ... 16

Hardware and Software Requirements ... 17

Hardware Required for MailMarshal Server ... 17

Software Required for MailMarshal Server ... 18

Software Required for Other Components ... 19

Network Access Required for MailMarshal ... 20

Understanding Email Routing ... 21

Background Information ... 21

How MailMarshal Routes Email ... 22

Setting up Outbound Routing ... 22

Setting up Inbound Routing ... 23

When Installing MailMarshal on the Existing Email Server ... 24

Locating MailMarshal Folders ... 24

Gathering Information Before Installation ... 26

Chapter 3

Installing MailMarshal

29

Installation Checklist ... 30

Installing Pre-Requisites ... 31

Installing MailMarshal on a Single Server ... 31

Installing MailMarshal on an Array of Servers ... 33

Installing the Array Manager Server ... 34

(5)

Post-Installation Configuration Steps ... 38

Completing the Configuration Wizard ... 38

Excluding Working Folders From Virus Scanning ... 42

Configuring Email Routing ... 44

Creating Directory Connectors ... 45

Installing MailMarshal Reports ... 47

Installing MailMarshal Web Components ... 47

Installing MailMarshal Client Tools ... 51

Upgrading MailMarshal ... 52

Uninstalling MailMarshal ... 55

Chapter 4

Understanding MailMarshal Interfaces

57

Understanding the Configurator ... 58

Working With the Getting Started and Common Tasks Pages ... 59

Working With Menu and Detail Items ... 60

Working With Properties Configuration ... 60

Committing Configuration ... 61

Understanding the Console ... 61

Understanding the Web Console ... 62

Understanding the Reports Console ... 63

Understanding the Spam Quarantine Management Web Site ... 64

Understanding Other Tools ... 65

Chapter 5

Implementing Your Email Content Security Policy

67

Configuring Email Content Security ... 68

(6)

Stopping Viruses ... 72

Anti-Virus Policy and Rules ... 72

Installing and Configuring Virus Scanners ... 73

Preventing Relaying ... 75

Controlling Who Can Send Email Through Your Server ... 76

DNS Blacklists ... 77

PTR Lookups ... 78

Blocked Hosts ... 79

Authentication by Account ... 80

Filtering Messages and Attachments ... 80

Chapter 6

Understanding Email Policy, Policy Groups, and Rules

83

Understanding Policy Groups ... 83

Understanding Rules ... 85

Receiver Rules ... 85

Standard Rules ... 85

Creating Rules ... 85

Understanding User Matching ... 88

Understanding Rule Conditions ... 89

Rule Conditions for Standard Rules ... 90

Rule Conditions for Receiver Rules ... 103

Understanding Rule Actions ... 105

Rule Actions for Standard Rules ... 106

Rule Actions for Receiver Rules ... 113

Understanding Order of Evaluation ... 114

Adjusting the Order of Evaluation of Policy Groups ... 115

Adjusting the Order of Evaluation of Rules ... 115

(7)

Chapter 7

Understanding Email Policy Elements

117

Configuring Connectors ...119

Configuring User Groups ...120

Creating and Populating User Groups ...120

Moving and Copying Users and Groups ...123

Identifying Email Text Content Using TextCensor Scripts ...123

Creating and Editing Scripts ...124

Editing TextCensor Scripts ...127

Duplicating TextCensor Scripts ...127

Script and Item Weighting ...127

Item Syntax ...129

Importing Scripts ...130

Exporting Scripts ...131

TextCensor Best Practices ...131

Testing TextCensor Scripts ...133

Notifying Users with Message Templates and Message Stamps ...133

Message Templates ...134

Creating a Message Template ...136

Digest Templates ...138 Editing Templates ...140 Duplicating Templates ...140 Deleting Templates ...141 Message Stamps ...141 Using Variables ...143 Date Formatting ...148

(8)

Header Matching and Rewriting ... 158

Changing and Adding Headers with the Receiver ... 158

Using Rules to Find Headers ... 159

Using Rules to Change Headers ... 160

Using the Header Rewrite Wizard ... 160

Extending Functionality Using External Commands ... 166

Chapter 8

Monitoring Email Flow

171

Using the MailMarshal Console ... 173

Connecting to MailMarshal Using the Console ... 173

Connecting to MailMarshal Using the Web Console ... 174

Viewing Server Statistics ... 174

Deleting and Retrying Queued Messages ... 176

Using Mail Batching ... 176

Viewing Folders and Folder Contents ... 176

Working With Email Messages ... 177

Viewing Email History ... 183

Searching Folders and Email History ... 184

Viewing Alert History ... 185

Setting Console Security ... 185

Using Windows Tools ... 189

Event Log ... 189

Performance Monitor ... 190

Using MailMarshal Text Logs ... 190

Chapter 9

Managing MailMarshal Configuration

191

Managing Your MailMarshal License ... 191

Reviewing the Installed License ... 192

Requesting a New License Key ... 193

(9)

Backing Up and Restoring the Configuration ...194

Backing Up the Configuration ...195

Restoring the Configuration ...196

Configuring Local Domains ...197

Changing Local Domains Information ...197

Changing Local Domains on a Specific Server ...200

Setting Up Accounts ...201

Creating Accounts ...201

Editing Existing Accounts ...202

Deleting Accounts ...203

Configuring Delivery Options ...203

Configuring Default Delivery Options ...203

Configuring Delivery Options For A Specific Server ...205

Configuring Email Batching and Dial-Up ...206

Configuring Manager Security ...207

Managing Array Nodes ...208

Managing Node Services ...208

Adding and Deleting Nodes ...209

Joining A Node To An Array ...210

Customizing Settings for Nodes ...211

Setting Advanced Options ...212

Server Properties - Advanced ...212

Node Properties - Advanced ...213

Array Communications ...214

Folder Locations ...216

Quarantine Synchronization Tool ...217

(10)

Chapter 10

Reporting on MailMarshal Activity

223

Data Retention and Grouping ... 223

Data Retention ... 224

Reporting Groups ... 224

Connecting to the Database ... 225

Generating Reports ... 226

Available Reports ... 226

Entering Parameters ... 228

Available Parameters ... 229

Navigating the Report Window ... 232

Exporting Reports ... 233

Chapter 11

Delegating Spam and Quarantine Management

237

Setting Up Console Access ... 238

Setting Up Spam Quarantine Management Features ... 239

Spam Quarantine Management Windows ... 239

Setting Up Folders and Templates ... 241

Setting Up Rules ... 242

Setting Up Spam Quarantine Management for Other Folders ... 242

Using the Message Release External Command ... 243

Appendix A

Wildcards and Regular Expressions

247

Wildcard Characters ... 247 Regular Expressions ... 249 Shortcuts ... 249 Reserved Characters ... 250 Examples ... 252 Map Files ... 253

(11)

Glossary

255

(12)

(13)

About This Book and the Library

The User Guide provides conceptual information about the MailMarshal SMTP product (MailMarshal SMTP). This book defines terminology and various related concepts.

Intended Audience

This book provides information for individuals responsible for understanding MailMarshal SMTP concepts and for individuals managing MailMarshal SMTP installations.

Other Information in the Library

The library provides the following information resources:

Evaluation Guide

Provides general information about the product and guides you through the trial and evaluation process.

User Guide

Provides conceptual information and detailed planning and installation information about MailMarshal SMTP. This book also provides an overview of the MailMarshal SMTP user interfaces and the Help.

Help

Provides context-sensitive information and step-by-step guidance for common tasks, as well as definitions for each field on each window.

(14)

xiv User Guide

Conventions

The library uses consistent conventions to help you identify items throughout the documentation. The following table summarizes these conventions.

Convention Use

Bold • Window and menu items

• Technical terms, when introduced Italics • Book and CD-ROM titles

• Variable names and values • Emphasized words Fixed Font • File and folder names

• Commands and code examples • Text you must type

• Text (output) displayed in the command-line interface Brackets, such as [value] • Optional parameters of a command

Braces, such as {value} • Required parameters of a command Logical OR, such as

value1 | value2

(15)

About Marshal

Marshal's Content Security products (MailMarshal for SMTP, MailMarshal for Exchange , WebMarshal, Security Reporting Center and Firewall Suite) deliver a complete email and Web security solution to a variety of Internet risks. They provide comprehensive protection by acting as a gateway between an organization and the Internet. It allows organizations to restrict, block, copy, archive, and automatically manage the sending and receiving of messages.

Marshal Products

Marshal's Content Security solution, which includes MailMarshal SMTP, MailMarshal for Exchange and WebMarshal, delivers a complete email and Web security solution to these risks by acting as a gateway between your organization and the Internet. The products sit behind your firewall but in front of your network systems to control outbound

documents and their content. By providing anti-virus, anti-phishing and anti-spyware protection at the gateway, Marshal's Content Security solution offers you a strategic, flexible and scalable platform for policy-based filtering that protects your network, and as a result, your reputation.

Contacting Marshal

Please contact us with your questions and comments. We look forward to hearing from you. For support around the world, please contact your local partner. For a complete list of our partners, please see our Web site. If you cannot contact your partner, please contact our Technical Support team.

Telephone: +44 (0) 870 040 4441 (EMEA) +1 713-681-0055 (Americas) + 64 9 580 0531 (Asia-Pacific)

(16)

(17)

Chapter 1 Introduction

Email is an essential communication tool used by nearly every business and organization. Email is widely used because it provides an open, effective, rapid, and inexpensive way of sending text, images, and other data nearly anywhere. However, the same features that make email such a useful tool also present issues and hidden costs. Spam, email viruses, malicious code, legal liability issues, and declining employee productivity are all risks associated with the use of email by organizations.

Spam commonly accounts for more than half of the email that an organization receives. Email viruses, Trojans and other malicious files spread around the world and can cause millions of dollars in damage in just a matter of hours. Every day brings new reports of organizations forced into legal action due to staff misuse of email. Email remains the lifeblood of modern business

communication, but the disadvantages of email use are growing rapidly.

MailMarshal is an email security solution specifically designed to deal with these issues. Many organizations today have created policies and guidelines for the appropriate use of email, and employee education programs to deal with the torrent of spam and viruses. MailMarshal allows an organization to actually

(18)

What Is MailMarshal?

NetIQ MailMarshal SMTP is a fast, easy-to-use email filtering solution that ensures a safe and productive working environment by enforcing organizational Acceptable Use Policy (AUP) and protecting against Spam and viruses. The product boasts a 95% Spam detection rate with less than 0.01% false positives, all while performing up to 4 times faster than the competition. Suspect email messages are deleted, quarantined or simply monitored based on the needs of the organization. Administrators can generate meaningful reports depicting email usage and security concerns while the company receives a significant return on investment (ROI) as workplace productivity increases, corporate assets are protected and the potential for corporate liability is diminished. Supporting enterprises with tens of thousands of users, MailMarshal SMTP is by far the most powerful, feature-rich Anti-Spam solution available today.

What Does MailMarshal Provide?

MailMarshal includes many powerful features to scan and filter email messages. MailMarshal also gives the email administrator granular control of policies, and the ability to delegate monitoring and control to other users.

MailMarshal scans the content of email messages and attachments as they enter or leave an organization. MailMarshal can:

• Block Spam using the NetIQ SpamCensor technology. This technology typically delivers a 95% Spam detection rate with less than 0.01% false positives.

• Scan email for viruses using third-party virus scanners.

• Scan message text, headers, and attached documents for the presence of particular phrases.

• Recognize the type and size of attached items. • Perform many other checks of message content.

(19)

MailMarshal can take a wide variety of actions on messages that violate an Acceptable Use Policy. MailMarshal can:

• Refuse receipt of a message from a remote server.

• Quarantine a message for later review by administrators or users. • Delete a message.

• Redirect a message.

• Log receipt of a message for future reference.

In addition to a superior Spam detection rate and a full set of filtering abilities, MailMarshal provides high performance.

• MailMarshal yields single server processing throughput up to 4 times greater than competing products provide.

• You can install MailMarshal on multiple servers with centralized administration to support the enterprise.

• You can control MailMarshal installations at geographically separate locations from a single administrative server.

MailMarshal also provides effective, easy-to-use interfaces.

• The email administrator can monitor and control filtering activity using Windows and Web consoles.

• Email users can verify and customize Spam blocking for their own email addresses using the Spam Quarantine Management Web site.

• The administrator and managers can generate a selection of reports detailing email usage and filtering activity.

(20)

How MailMarshal Helps You

Unmonitored email presents both financial and legal dangers to a company. For instance, Spam represents a dramatic financial threat in terms of the cost of storage, bandwidth, and wasted employee time. Virus infection and malicious code can be costly in employee time and in lost data. Inappropriate and offensive email content is both a time waster and a potential legal liability. With MailMarshal, a company receives a significant return on investment (ROI) as network security is tightened, corporate assets are protected, the potential for corporate liability is diminished, and workplace productivity increases.

How Customers Use MailMarshal

You can configure MailMarshal to support your Acceptable Use Policy for email usage. Enforcing the Acceptable Use Policy often results in savings of network resources and time. You can also use MailMarshal to provide a variety of gateway based email services that enhance functionality and convenience. The following stories show how some of our customers put MailMarshal to work.

(21)

Legal Firm Gains Immunity From Network Issues

Law firms rely on their Internet and email-based communications to stay in contact with clients and staff, both locally and in distant locations. With the increasing number of Internet-based threats making the rounds, it is essential that these risks are kept to an absolute minimum. The IT manager of a law firm that installed MailMarshal five years ago has this to say about the experience:

• Ever since we installed MailMarshal, we've been totally immune to shutdowns due to email-based viruses, worms, Trojan horses and other malignant payloads. We hear about them from colleagues and read about them in newspapers, but we don't see them at work.

• Nobody, of course, would knowingly introduce a dangerous file into the system, but the danger is in an inadvertent download or access. We have very strict controls as to what attachments are allowed through to prevent accidental infection. For instance, we quarantine all executable files as well as others that might be dangerous. Questionable emails or attachments that come in are quarantined for manual over-ride during work hours or saved until the morning if they come in at night. This way we can monitor email usage without being too invasive.

• At the end of the day, the main benefit is that we’ve avoided any problems, shutdowns or slowdowns with our email and Internet and that, more than anything, is invaluable.

Result: Reduced network congestion, reduced IT running costs, long term

(22)

Electronic Fulfillment House Optimizes Email Usage

With over 2 million members ordering their books online, a leading book club needed to optimize their email system to provide comprehensive support for marketing, order taking, fulfillment and transaction management. The senior systems analyst for the company comments:

• Email has gone from a 'best endeavors' service to a mission critical resource. We needed a flexible and mature system that could handle any situation as well as be scalable and easy to install and maintain.

• We did a full evaluation of the major available email management

packages, and MailMarshal was the product that best addressed our needs. • The installation process was extremely painless. We simply swapped our old

anti-virus gateway for MailMarshal and haven't looked back since. In fact, we have seen an increase in our email usage because our network capacity has been optimized.

Result: Increased staff productivity via unobtrusive monitoring and reduction of

excessive email usage. MailMarshal effectively separates corporate and customer email traffic.

MailMarshal Customers Save Time and Money

MailMarshal delivers benefits every day to large and small organizations. What follows is just a small sample of stories from the files:

• A 300-user city council was infected twice by the Navidad virus. This event resulted in 300 desktop computers being down for one and a half hours. All software had to be reinstalled and any unsaved documents were lost. The infection cost the council over $24,000 in lost staff productivity alone. The council then installed MailMarshal on a 30-day trial. MailMarshal prevented a further 150 Navidad virus infections over the following week. • A large commercial airline implemented MailMarshal and reduced their

(23)

• A finance company reduced their bandwidth usage by 87% when they implemented an email policy with MailMarshal that denied all files other than Microsoft Office documents.

• A respected IT company was invited to evaluate MailMarshal's anti-spam effectiveness for one month against a competitor of their choice. They ran the test in a live head-to-head trial with a major MailMarshal competitor. The products evaluated duplicate inbound email streams. At the end of the test the IT company reported back:

- MailMarshal detected over 92% of the spam the company received with only one false positive over the entire month.

- The competitor managed to detect just 81% of the spam but also created 189 false positives (more than 6 per day).

The company has since purchased MailMarshal.

• A large multi-national finance company performed an extended three-month trial of MailMarshal. After monitoring email activity for the first two months and then implementing an email Acceptable Use Policy with MailMarshal in the final month, the customer reported that they reduced non-business email by 98%.

How MailMarshal Works

MailMarshal is a server-based Simple Mail Transfer Protocol (SMTP) email content scanner that can be easily installed into a new or existing network with other gateway applications. It complements, and is compatible with, traditional Internet firewalls, SMTP mail servers, anti-virus scanners, and other security applications.

(24)

MailMarshal user interfaces include a configuration console, administration console, reports console, Spam quarantine management Web site for email users, and Web administration console.

Servers

The MailMarshal email processing server functions as the email gateway of an organization. All email entering or exiting the organization passes through it. MailMarshal can be configured with more than one email processing server. MailMarshal can use multiple servers to provide multiple gateways, or to add bandwidth and redundancy to a single gateway.

Each MailMarshal email processing server includes four major system services: the Receiver, the Engine, the Sender, and the Controller. All email enters the MailMarshal server via the Receiver, and is processed in the Engine. The Engine unpacks each email message (expanding any archive or compressed files) and splits the message into its individual components. It then tests the whole message and each component using the email policy.

As part of the policy, MailMarshal filters Spam using the NetIQ SpamCensor technology. MailMarshal detects viruses by invoking other vendors’ virus checking software. Many commercially available scanners are supported by MailMarshal.

The results of rule processing determine whether each email message is accepted, modified or quarantined. Accepted email is passed to the MailMarshal Sender, which then forwards it to the appropriate recipients.

The MailMarshal Array Manager functions as a central repository for

configuration. It coordinates the activity of the other MailMarshal components and serves as a connector between the email processing servers, the user interfaces, and the database.

The MailMarshal database resides on a Microsoft SQL Server. It stores configuration information and email logging data.

(25)

Configuration

The administrator configures MailMarshal from a workstation connected to the Manager server, using the MailMarshal Configurator. The initial configuration settings allow MailMarshal to act as the email gateway of an organization. A wide variety of additional configuration options allow MailMarshal to enforce your Acceptable Usage Policy by controlling how MailMarshal processes SMTP connections and individual email messages.

Monitoring and Reporting

MailMarshal provides several tools for monitoring and daily administration of email. The main tool is the Console. The Console features MailMarshal Today, which provides a summary of MailMarshal activity and server health at a glance. Using the Console, an administrator can review the processing history for any message, and can view and release any quarantined message.

The administrator can grant other users access to specific Console functions and specific quarantine folders. This allows the administrator to delegate basic tasks to help desk or departmental personnel. MailMarshal also provides a Web version of the Console, which permits remote access to the Console functionality.

Email users can review and manage suspected Spam and other quarantined email using daily email digests and the Spam Quarantine Management console. This console is a Web application typically deployed on an intranet Web server. Administrators and managers can generate reports on MailMarshal activity using the MailMarshal Reports application. MailMarshal Reports uses the Crystal Reports engine to produce detailed reports.

(26)

MailMarshal SMTP and MailMarshal for Exchange

MailMarshal SMTP shares many features with MailMarshal for Exchange, the Exchange Server based Email Content Security product from NetIQ Corporation. An organization may choose to install one or both products. Each product delivers some unique benefits.

MailMarshal for Exchange provides the ability to scan internal email within the Exchange Server.

MailMarshal SMTP provides several components which are not available within MailMarshal for Exchange, including the Spam Quarantine Management

console, receiver rules and other SMTP receiver based functions. An

organization that requires both sets of functions can run both products in the same environment. MailMarshal for Exchange and MailMarshal SMTP can be run on the same server, subject to adequate system resources.

Within this Guide, “MailMarshal” always refers to MailMarshal SMTP unless otherwise stated.

(27)

Chapter 2 Planning Your MailMarshal

Implementation

MailMarshal consists of several components, which can be located on different servers within an organization's network. The components are:

• One or more email processing servers • A SQL database

• The Configurator, used to define policy • The Console, used to manage email flow • The Reports console

• Two Web components: the Spam Quarantine Management Web site and the Web Console

• The Array Manager, which connects the user interfaces, email processing servers, and database

(28)

Deployment Checklist

Choose your MailMarshal deployment options by completing the following checklist:

Understanding Deployment Scenarios

This section discusses some typical options for the deployment of the MailMarshal components. Each option provides all required functions of an email gateway. Many other configurations are possible.

Steps See Section

1. Decide whether you will install

MailMarshal as an Array or Standalone Server.

“Understanding Deployment Scenarios” on page 12.

2. Decide the number and location

of MailMarshal email processing servers.

3. Decide the location of the SQL

database.

4. Decide where MailMarshal folders

will be located on each email processing server

“Locating MailMarshal Folders” on page 24.

5. Check hardware and software

prerequisites.

“Hardware and Software Requirements” on page 17.

6. Check network access

prerequisites.

“Network Access Required for MailMarshal” on page 20.

7. Gather information about your

email environment.

“Gathering Information Before Installation” on page 26.

(29)

MailMarshal as an Internal Email Relay

You can install MailMarshal on its own physical server, as an email relay within an organization, as shown below:

In this case the MailMarshal installation is a “standalone server” including all management and email processing components. This option is suitable for small to medium sized organizations with a single Internet gateway and email server.

All workstations within the organization send email through the email server. The email server forwards all external messages to the MailMarshal server for processing and delivery.

The DNS MX record (or the firewall's relay setting) is set so that the MailMarshal server receives all email inbound to the organization.

Install the MailMarshal database on an available SQL server in the local

Internet MailMarshal Server Fi rew a ll Email Server SMTP Port 25 SMTP Port 25 Workstation Workstation Workstation Email Admin

(30)

MailMarshal as the Only Email Server

MailMarshal can function as a POP3/SMTP server providing all email server functions for a small organization, as shown below:

In this example, workstations within the organization send email to the MailMarshal server on port 25 for processing. MailMarshal delivers email for internal addresses to MailMarshal POP3 mailboxes for collection by email clients. Retrieve and send email to and from external addresses over a dial-up or other link to an ISP.

In this case the MailMarshal installation is a “standalone server” including all management and processing components. In most organizations that choose this scenario, it will be possible to install SQL Server or MSDE on the

MailMarshal server. Install the MailMarshal Spam Quarantine Management Web site on an intranet Web server. Install MailMarshal Reports and optionally management consoles on one or more workstations in the local network.

Internet connection ISP Internet Workstation Workstation Workstation Email Admin MailMarshal Server SMTP Port 25 POP3 Port 110

(31)

MailMarshal and Other Software on the Same Server

MailMarshal can run on the same physical server as the organization's email server software, as shown below:

In this case, all email sent from outside the organization arrives at the email server computer on the default SMTP port, port 25. MailMarshal forwards processed inbound email to the other server software using the “localhost” IP address and port 97. The other server sends email for outside delivery to MailMarshal using the “localhost” IP address and port 25.

Install the MailMarshal database on an available SQL server in the local network.

MailMarshal is installed as a “standalone server” including all management and processing components. Install the MailMarshal Spam Quarantine Management Web site on an intranet Web server. Install MailMarshal Reports on one or more

Internet Email Server Computer Fi re w a ll MailMarshal Port 25 Other Email Software Localhost Port 25 Localhost Port 97 Workstation Workstation Workstation Email Admin

(32)

MailMarshal in a Distributed Array of Servers

You can install MailMarshal as an array of servers for an enterprise. You can install the required components in a variety of configurations. A typical configuration is shown below:

In this example, the MailMarshal installation includes a load balanced array of MailMarshal email processing servers in a DMZ. A DMZ is a part of a local network that has controlled access both to the Internet and to the internal network of the organization. All email sent from within the organization passes through the local email server, which delivers outbound messages to the MailMarshal servers on port 25. MailMarshal delivers incoming email to the local email server.

Install the MailMarshal Array Manager on a SQL server or a dedicated server within the LAN to perform configuration and connect to the MailMarshal database. Install the MailMarshal Spam Quarantine Management Web site and the MailMarshal Web console on an intranet Web server. Open TCP port 19001 (or a single port of your choice) in the firewall between the DMZ and the Array Manager, to allow MailMarshal configuration and logging traffic.

Internet Email Admin Port 19001 Port 25 MailMarshal Array Manager and SQL Server MailMarshal SQM and Console Web sites Port 25 Port 19001 MailMarshal Servers (email processing) DMZ Local Users Local Email Server

(33)

A distributed enterprise with more than one email gateway can install one or more MailMarshal email processing servers at each gateway. If the enterprise uses the same policies at all locations, it can use a single MailMarshal Array Manager to control configuration and perform logging for all locations. All the email processing servers must be able to communicate with the Array Manager on port 19001.

Install MailMarshal Reports and optionally management consoles on one or more workstations in the local network.

Hardware and Software Requirements

A basic stand-alone installation of MailMarshal will run on almost any Pentium III class computer running Windows 2000, Windows XP, or Windows

Server 2003.

Hardware Required for MailMarshal Server

The hardware required for a MailMarshal server naturally varies depending on the number of email users and the amount of email traffic. The following specifications are a suggested minimum for a single-server installation of MailMarshal:

• 1,000 users: Pentium III 600, 10GB HD, 256MB RAM

• 10,000 users: Dual Pentium III 1000, 60GB HD, 1024MB RAM Sites with more than 10,000 users can use a single server with a higher specification, or multiple processing servers. Please contact NetIQ Technical Support for a recommended configuration.

(34)

Software Required for MailMarshal Server

All prerequisite software (with the exception of the Windows operating system and the full version of SQL Server) is available on the installation CD-ROM. You can install the prerequisites during the MailMarshal installation from CD-ROM. However, NetIQ recommends that you install the prerequisites before installing MailMarshal, so as to isolate any installation issues to the specific package. MailMarshal requires:

• Windows 2000, Windows XP Professional, or Windows Server 2003. • SQL Server 2000 or MSDE 2000 to store configuration and logging data.

MSDE is a free runtime version of SQL Server. Because MSDE is limited to a

total database size of 2GB, it is suitable for MailMarshal sites with fewer than 500 email users. MSDE is included on the MailMarshal CD-ROM and in the trial download package.

• Service Pack 3 for SQL Server 2000 or MSDE 2000. This service pack is included in the version of MSDE 2000 distributed with MailMarshal.

(35)

• MSDE 2000 requires Microsoft Data Access Components (MDAC) 2.7 SP1, or a later version of MDAC. The MSDE installation will install this software if necessary. This installation requires a system restart.

• If you use named instances of SQL Server, you must install MDAC 2.8, or a later version of MDAC, on the server where you install the MailMarshal Array Manager. This installation requires a system restart.

Software Required for Other Components

MailMarshal Configurator, Console, and Reports can run under Windows 2000, Windows XP Professional, or Windows Server 2003. If you use named

instances of SQL Server, MailMarshal Reports require Microsoft Data Access Components (MDAC) 2.8, or a later version of MDAC.

Notes

• Due to Microsoft licensing restrictions, the MailMarshal email processing and Array Manager components cannot be installed on Windows Server 2003, Web Edition. However, the MailMarshal Web components can be installed on Web Edition.

• When you install prerequisites you should be prepared to restart the system.

• MailMarshal working and quarantine folders must reside on a NTFS partition.

• Due to the limitation on database size in MSDE, SQL Server is recommended for sites with more than 500 email users.

• MSDE is limited to 5 client connections. This limits the number of instances of MailMarshal Reports you can use concurrently.

(36)

The MailMarshal Web components (Spam Quarantine Management and the MailMarshal Web Console) can run under Windows 2000, Windows XP

Professional, or Windows Server 2003, including the Web edition. They require: • Windows 2000 Service Pack 3 or higher.

• Internet Information Services (IIS) 5.0 or higher.

• ASP.NET 1.1. ASP.NET is part of the .NET Framework 1.1, available on the MailMarshal CD-ROM.

The Web components support browsing from Internet Explorer 5.5 and above.

Network Access Required for MailMarshal

Typically MailMarshal uses the following network protocols and ports: • SMTP email (port 25) from MailMarshal email processing servers to the

Internet and to the internal email servers and/or clients.

• DNS (port 53, both TCP and UDP) from MailMarshal email processing servers for resolution of external email server names.

• TCP port 19001 for communication between the email processing servers, Array Manager, and Console. This connection can be changed to another port of your choice.

• HTTP and HTTPS from the Array Manager to the Internet for access to SpamCensor updates (ports 80 and 443). You can use a proxy server for Web access if your environment requires it.

Notes

• NetIQ recommends a secure Web site (HTTPS) for these components to protect user data and authentication information.

• If you install ASP.NET on a Windows Domain Controller, or on

Windows 2000 Service Pack 4, review the Microsoft Knowledge Base for issue and fix information specific to those environments such as

(37)

• SQL server connection (port 1433 by default) between the Array Manager and the SQL database, and between the database and any Reports Console. • Various NetBios ports for communication between the Array Manager and

the Configurator. For security reasons this connection should be within a trusted LAN (not through a firewall).

• A remote desktop connection, such as Microsoft Terminal Services, for access through a firewall to the email processing servers. You can also use a remote desktop connection to connect securely through a firewall to the Configurator.

• POP3 (port 110) if MailMarshal is functioning as a POP3 server.

Understanding Email Routing

MailMarshal must be able to monitor all email traffic at the email gateway of an organization. Typically this requires some changes to email routing.

Background Information

Internet email travels from server to server using SMTP (Simple Mail Transfer Protocol). MailMarshal functions as a SMTP relay. Logically, MailMarshal is situated at the boundary of the local network so that email entering or leaving the organization travels through it. Physically, a MailMarshal server can be installed in several scenarios. It can run on a dedicated computer, or in some cases share a computer with other software. For some typical configurations see earlier sections of this chapter.

Before installing MailMarshal it is necessary to determine which functions MailMarshal will serve and how it will handle incoming and outgoing email.

(38)

• By sending all outbound email to a specific server (email relay).

• By performing a Domain Name Service (DNS) lookup to determine the appropriate email server for a domain, and attempting to contact that host directly.

How MailMarshal Routes Email

MailMarshal can use any of the four methods described in the preceding section.

• If MailMarshal has been configured as a POP3 server, the POP3 mailboxes are “local” to it.

• MailMarshal uses the term “Local Domains” to name the specific domains for which MailMarshal functions as the Internet email gateway. The local domains should include all of the domains hosted by other email servers within the organization that use MailMarshal as a gateway (such as Exchange or Groupwise servers). Messages for these domains will be delivered to fixed addresses.

• Where the recipient of a message is not in a local domain, MailMarshal can be configured to deliver the message either by using DNS or by relaying to a specific host for delivery.

Setting up Outbound Routing

When you plan outbound routing, take note of how your existing email server sends email to the Internet. In general you should configure MailMarshal to use the same process. For instance, your server may deliver email to a firewall or ISP (email relay), or directly using DNS.

Reconfigure your existing email server to forward all outbound Internet email to MailMarshal.

(39)

Setting up Inbound Routing

When you plan inbound routing, determine how inbound email is currently delivered to your server. If the MailMarshal server retains the IP address and server name of the previous email server, then you will not have to change inbound settings. This will generally be true if you install MailMarshal on the same physical server as the other email server software.

If the MailMarshal server will have a different IP address and server name to your previous email server, in most cases you must change the route to ensure that inbound email messages are sent to the MailMarshal server.

Before sending email messages to your organization, an email server on the Internet performs a DNS lookup to see which server (IP address) accepts email for your domain. The address returned may be that of your email server, firewall, proxy server or a downstream email relay (for example an ISP). If email messages are sent directly to your organization's email server (the DNS MX lookup returned the email server's IP address), then you must change the DNS MX record to return the IP address of the new MailMarshal server. You may also need to modify firewall permissions, to permit SMTP delivery to MailMarshal.

If the DNS lookup returns the address of the firewall, and the firewall employs address translation, you must change the translated address for incoming email to the address of the MailMarshal server. If the firewall acts as an email relay, you must change the address to which it forwards inbound email to that of the MailMarshal server.

If the DNS lookup returns the address of an upstream email relay, you must change the forwarding address setting used by that email relay so that it directs email to MailMarshal.

(40)

When Installing MailMarshal on the Existing Email Server

When MailMarshal is installed on the same physical server as the existing email server software, normally you will not need to change the inbound routing. However, because MailMarshal will take over the role of listening for SMTP traffic on port 25, you must configure the existing email server to listen for SMTP traffic on another port. Port 97 is usually available and is commonly used for this purpose, but any free TCP port can be used.

Configure MailMarshal, via its Local Domains information, to forward all inbound email messages to the local computer on the new port. Use the localhost IP address 127.0.0.1.

Configure the existing email server to forward all outbound email messages to the local computer (127.0.0.1) on port 25.

Locating MailMarshal Folders

A MailMarshal email processing server uses folders for several purposes. By default, the installation process creates these folders within the MailMarshal program installation folder. In many cases this location is satisfactory. In some cases you can enhance performance by choosing to create these folders in another location. You can choose to install them on any local disk drive. You can choose different locations on each email processing server. The folders are defined as follows:

(41)

Logging

MailMarshal uses this folder to hold text logs that provide details of each action taken by each MailMarshal service. By default MailMarshal keeps these logs for five days. These files can be large when email volume is high.

Queues

MailMarshal uses this folder to hold messages that are awaiting

processing or sending. In most cases these folders will not grow large. However in the event that MailMarshal cannot connect to upstream or downstream servers, the data in these folders can grow quickly.

Unpacking

MailMarshal uses this folder to unpack messages and extract their content, including attachments such as archive files. The size of this folder is relatively small. Because MailMarshal will create and delete files repeatedly, this area of the disk can become fragmented, which can have an adverse affect on other applications running on the server. You can improve performance by placing this folder on a separate physical disk drive to other MailMarshal components.

Note

Compressing this folder with Windows file system compression reduces the disk space required and does not materially affect performance in most cases. Do not use compression for any other MailMarshal folders.

(42)

Quarantine

MailMarshal uses this folder as the default location for all quarantine folders. MailMarshal will store all quarantined messages in subfolders of this folder. This includes any archived messages and messages in the Mail Recycle Bin. Ensure that the disk drive where this folder resides has enough free space to accommodate the messages. The space required will vary depending on retention policies for quarantined messages. You can move individual folders to physically separate places on the server. For more information see “Folders” on page 155.

Gathering Information Before Installation

Before beginning installation of MailMarshal, you should gather information about the environment. This information will be needed to configure MailMarshal, and to configure other settings so that email messages pass through MailMarshal. For detailed information about how to configure

MailMarshal, see Chapter 3, “Installing MailMarshal” and Chapter 9, “Managing MailMarshal Configuration.”

Information you should gather includes:

• The organization's Internet domain name(s) (for example ourcompany.com).

• Names of any other local domains or subdomains for which MailMarshal will process email (for example oursubsidiaries.com,

pop.ourcompany.com).

• Contact information for the DNS server administrators of domains for which MailMarshal will process email. If the MailMarshal installation will require changes to DNS settings, determine the time required to make and propagate these changes.

Note

MailMarshal will not accept new messages if there is less than 100MB of free disk space available for the Queues, Unpacking, or Quarantine folders, or 10MB for the Logging folder.

(43)

• Contact information for the administrator of the firewall, if there is one. If the MailMarshal installation will require changes to firewall settings, determine the time required to make these changes.

• The IP address of the existing local email server. • The administrator's email address.

• The virus scanning software (with an appropriate license) to be used with MailMarshal.

• The outbound email delivery method now in use. Determine what changes, if any, will be required.

• The inbound email delivery method now in use. Determine what changes, if any, will be required.

• The IP addresses of DNS servers MailMarshal should use to look up Internet information.

• If prerequisite software must be installed and systems must be restarted, determine the best time to restart these systems.

(44)

(45)

Chapter 3 Installing MailMarshal

The MailMarshal installation process includes several steps. Before proceeding with installation you should decide which components of MailMarshal you will install, where in the network you will install each component, and how email will be forwarded. You should gather all needed information and software. For more information about typical installation scenarios and requirements, see Chapter 2, “Planning Your MailMarshal Implementation.”

(46)

Installation Checklist

Install MailMarshal SMTP by completing the following checklist:

Steps See Section

1. Install prerequisite software. “Installing Pre-Requisites” on page 31

2. If you plan to use a SQL Server

elsewhere in your network for the MailMarshal database, ensure that the SQL Server is correctly installed and configured.

“Installing Pre-Requisites” on page 31

3. If you are installing MailMarshal

on a single server, install all components.

“Installing MailMarshal on a Single Server” on page 31

4. If you are installing MailMarshal

on an array of servers, install required components on each server.

“Installing MailMarshal on an Array of Servers” on page 33

5. Complete post-installation steps. “Post-Installation Configuration Steps” on page 38

6. Customize MailMarshal

configuration.

Chapter 5, “Implementing Your Email Content Security Policy”

7. Install MailMarshal Reports. “Installing MailMarshal Reports” on page 47

8. Install MailMarshal Web

components.

“Installing MailMarshal Web Components” on page 47

9. Optionally install the Console and

Configurator on additional workstations.

“Installing MailMarshal Client Tools” on page 51

(47)

Installing Pre-Requisites

If you have chosen to use MSDE 2000 to host your MailMarshal database on the same server as the MailMarshal Array Manager, and you have the appropriate version of the installation package, you can install MSDE 2000 as part of the main MailMarshal installation. This installation can require the server to be restarted if it must upgrade MDAC.

You should complete and test installation of other prerequisites before installing MailMarshal components. You may need to install some or all of the following:

• If you are using SQL Named Instances, install MDAC 2.8 or above on the MailMarshal Array Manager server (or the standalone MailMarshal server). A suitable version of MDAC is included on the MailMarshal CD-ROM. To install MDAC, see the Additional Installation tab of the MailMarshal autorun application.

• Install Microsoft Internet Information Services (IIS) and ASP.NET 1.1 or above on the server where you want to install MailMarshal Web

components. IIS is included with all versions of Windows supported by MailMarshal 6.0. A suitable version of ASP.NET is included in the .NET framework, which is provided on the MailMarshal CD-ROM. To install ASP.NET, see the Additional Installation tab of the MailMarshal autorun application.

Installing MailMarshal on a Single Server

Note

The installations of MDAC and IIS typically require a restart of the server. Take this requirement into account when scheduling the installation.

(48)

To install MailMarshal on a single server:

1. Insert the MailMarshal CD-ROM, or run the downloaded installation

package.

2. On the Setup tab of the autorun, choose Begin Server Setup.

3. On the License Agreement window, carefully read the license information.

To use MailMarshal, you must agree to be bound by the terms of the agreement. To agree, click I accept the terms of the license agreement. Click Next.

4. On the Setup Type window, choose Standalone MailMarshal Server then

click Next.

5. If Microsoft SQL Server 2000 is not installed on this server, the

installer presents the SQL Server Options window.

•If you want to install MSDE 2000 on this server, choose I want to

install and use the Microsoft SQL Server Desktop Engine (MSDE).

•If you want to use a SQL Server on another server, choose I want to

use an existing installation of SQL Server 2000 or MSDE 2000.

Click Next. If you chose to install MSDE 2000, the MSDE installation runs.

6. The Choose Destination Location window displays the default installation

location for MailMarshal and the default locations for the MailMarshal processing and quarantine folders. For more information about choosing MailMarshal folder locations, see “Locating MailMarshal Folders” on page 24.

7. If you want to change the installation location, click Change then

enter or browse to a location.

8. If you want to change one or more of the folder locations, click Customize. On the Customize Folder Locations window, enter or browse

to a location for each folder. To effect the changes, click OK.

(49)

10. On the Database window, enter the information required to connect to the

SQL database MailMarshal will use for configuration and logging. In the server name field you can use the syntax servername[\instance][,port]. Click Next. If the database you selected already exists, MailMarshal will ask whether you want to overwrite this database. If the database is a valid MailMarshal 6 database, MailMarshal will also give the option to use the database.

11. The Ready to Install the Program window shows the installation type and

installation location you have chosen. To begin the installation process, click Install. The installation can take several minutes to complete.

12. On the Setup Wizard Complete window, click Finish to close the setup

wizard and open the MailMarshal Configuration Wizard. You must complete the Configuration Wizard before MailMarshal will accept and filter email. For details of this wizard see “Post-Installation Configuration Steps” on page 38.

Installing MailMarshal on an Array of Servers

MailMarshal can be installed as an array. A MailMarshal Array is a group of email processing servers that use the same policy. Each email processing server is also known as a Node. A MailMarshal Array Manager server controls configuration for all email processing servers. An array consists of an Array Manager and at least one additional node.

Note

If you use SQL Server named instances, use the instance parameter rather than the port parameter.

(50)

Installing the Array Manager Server

To install a MailMarshal array, first install an Array Manager server. You can install an email processing node on the Array Manager server as part of this installation.

To install a MailMarshal Array Manager server:

package.

4. On the Setup Type window, choose Array of MailMarshal Servers then

click Next.

5. On the Array Deployment window, choose I want to create a new array. 6. On the Array Manager Options window, if you want to install email

processing functions on this server choose This server is used to manage

the array and also process email.

7. If Microsoft SQL Server 2000 is not installed on this server, the

installer presents the SQL Server Options window.

•If you want to install MSDE 2000 on this server, select I want to

install and use the Microsoft SQL Server Desktop Engine (MSDE).

•If you want to use a SQL Server on another server, choose I want to

use an existing installation of SQL Server 2000 or MSDE 2000.

Note

Typically the Array Manager server is installed on a dedicated server or a SQL Server computer located within the trusted network, and all email processing servers are located in the DMZ.

(51)

Click Next. If you chose to install MSDE 2000, the MSDE installation runs.

location for MailMarshal. If you chose to install email processing functions, this window also shows the default locations for the MailMarshal processing and quarantine folders. For more information about choosing MailMarshal folder locations, see “Locating MailMarshal Folders” on page 24.

11. Click Next.

12. On the Database window, enter the information required to connect to the

SQL database MailMarshal will use for configuration and logging. In the server name field you can use the syntax servername[\instance][,port]. If the database you selected already exists, MailMarshal will ask whether you want to overwrite this database. If the database is a valid MailMarshal 6 database, MailMarshal will also give the option to use the database. Click

Next.

Note

Most MailMarshal array installations require SQL Server. For more information see “Software Required for MailMarshal Server” on page 18.

Note

If you use SQL Server named instances, use the instance parameter rather than the port parameter.

(52)

wizard and open the MailMarshal Configuration Wizard. You must complete the Configuration Wizard before MailMarshal will accept and filter email. For details of this wizard see “Post-Installation Configuration Steps” on page 38.

Installing an Email Processing Server

To complete the initial installation of a MailMarshal array, install at least one email processing server. You can install additional email processing servers at any time.

To install a MailMarshal email processing server:

package.

4. On the Setup Type window, choose Array of MailMarshal Servers then

click Next.

5. On the Array Deployment window, choose I want to join an existing array. Click Next.

Note

You must install the Array Manager server before installing email processing servers.

(53)

location for MailMarshal and the default locations for the MailMarshal processing and quarantine folders. For more information about choosing MailMarshal folder locations, see “Locating MailMarshal Folders” on page 24.

9. Click Next.

10. On the MailMarshal Array window, enter the name of the MailMarshal Array

Manager that you will use to manage policy for this server. The name can be a computer name, IP address, or Fully Qualified Domain Name. If you have changed the default MailMarshal port, enter the new value in the Port field. If you are not logged in as a user with permission to join the

MailMarshal array, select Connect using following account and enter the correct windows account information. For more information about setting this permission see “Configuring Manager Security” on page 207. Click

Next.

wizard. The server will retrieve configuration from the Array Manager immediately and will begin accepting email connections.

(54)

Post-Installation Configuration Steps

After a standalone MailMarshal server or Array Manager is installed, you must complete the MailMarshal Configuration Wizard before MailMarshal will accept and filter email. You must also use the MailMarshal Configurator to complete several localization tasks in order to implement minimum best practices for MailMarshal installation and email filtering.

Completing the Configuration Wizard

When you click Finish on the final window of the MailMarshal Setup Wizard, by default MailMarshal displays the Configuration Wizard. If you do not

complete this Wizard after setup, MailMarshal will display it when you start the MailMarshal Configurator.

To complete the Configuration Wizard:

1. If necessary, start the Wizard by opening the MailMarshal Configurator,

found in the NetIQ MailMarshal program folder.

2. On the Welcome window, click Next.

3. On the License window, enter the name of your company or organization.

This information is used to help identify your organization when you request a license key from within MailMarshal.

On this window, MailMarshal reports the details of the license key installed on this server. In most cases the license key will be a 30 day trial key generated by MailMarshal. You can enter another license key after completing configuration. For more information, see “Managing Your MailMarshal License” on page 191.

4. On the Local Domains window, use the Local Domain Wizard to specify the

names of local domains for which MailMarshal will accept inbound email. The list should include all the domains of email addresses your organization actually uses through this gateway. In most cases the Local Domains list should exactly match the DNS MX records pointing at this server.

(55)

MailMarshal supports two types of local domains: Relay and POP3.

•Email for a relay domain is delivered by MailMarshal to another email server within your organization.

•Email for a POP3 domain is delivered to a mailbox hosted by the MailMarshal server.

Many organizations have a single entry in the Local Domains list, which matches the domain name used by the organization. However, if you receive email for more than one domain or for subdomains, you will need multiple entries.

5. To start the Local Domain Wizard, click New.

6. Choose whether MailMarshal will host any POP3 mailboxes for the domain.

Click Next.

7. Enter the domain name. If this is a relay domain, the domain name can

contain wildcard characters. For details of wildcard syntax, see Appendix A, “Wildcards and Regular Expressions.”

8. Enter the IP address and port of the server MailMarshal should relay email

to. Use port 25 unless the other server uses a different port, for instance, if both MailMarshal and the other server software are installed on the same system.

Notes

• All relay servers defined here will also be allowed to relay outbound email through MailMarshal.

• If you provide POP3 service for a domain using other software (such as Microsoft Exchange), configure that domain as a Relay domain in MailMarshal.

(56)

11. To return to the Local Domains page, click Finish.

12. If this MailMarshal installation functions as a gateway for more

than one local domain, complete Steps 5 through 11 for each local domain.

13. When you have entered all the local domains, you can adjust the order in

which MailMarshal will match the domains. MailMarshal will determine where to deliver incoming email by the first entry in the list (from the top down) that matches. To adjust the order of domains in the list, select a domain name and use the up and down arrows on the window.

14. On the Administrative Notifications window, enter email addresses used by

automated functions of MailMarshal.

•MailMarshal will send administrative notifications (such as Dead Letter reports) to the address specified in the Recipient Address field. This should be a valid and appropriate mailbox or group alias.

•MailMarshal will send administrative and user notifications and other automated email “from” the address entered in the From Address field. This should also be a valid address to allow for replies to notifications.

Note

Ensure that local domains are listed in the correct order. If you do not, email may be misdirected. For example you could use the following sequence to direct email to POP3 mailboxes within MailMarshal:

pop.example.com POP3 10.2.5.4:25 *.example.com Relay 10.1.2.1:25

If you were to reverse this sequence, the “pop” subdomain would be ignored and all email would be delivered to the relay address (that is, 10.1.2.1 port 25), because *.example.com will match for messages addressed to pop.example.com.