Email Security SonicWALL Email Security 7.0 for Microsoft Small Business Server
System Compatibility
SonicWALL Email Security 7.0 Software is supported on systems with the following:
Operating Systems
• Windows Small Business Server 2003
• Windows Small Business Server 2008
Hardware Requirements
Refer to the system requirements for Microsoft Small Business Server, available on the Microsoft website. SonicWALL Email Security for Small Business Server has the following additional requirements:
• 2 Gigabytes additional RAM recommended (1 Gigabyte additional RAM minimum)
• Hard Disk: 40GB minimum. Your storage needs are based on your mail volume, quarantine size, archived data, and auditing settings.
Note: To test connectivity in SonicWALL Email Security for Small Business Server, click the Test Connectivity to
SonicWALL button on the System > License Management page in the user interface. If the test fails, check your firewall to be sure that outbound HTTPS communication is allowed.
Enhancements
The following is a list of enhancements made to features in the SonicWALL Email Security 7.0 for Small Business Server release:
• Junk Button for Outlook — A client application that allows users to report junk email messages. This feature is described in the user’s guide.
• GRID Anti-Virus — An enhancement that gives SonicWALL Email Security customers anti-virus and anti-spyware protection by using the extensive SonicWALL GRID Network to identify and defend against virus and spyware threats.
• GRID Connection Management with Sender IP Reputation — A feature that rejects connection requests from servers with a bad IP reputation. This feature is described in the administrator’s guide.
• Judgment Details — An enhancement to the auditing features that allows administrators to view blocked messages and determine why they were blocked. This enables them to refine their filters and reduce false positives.
Known Issues
The following is a list of known issues in the SonicWALL Email Security 7.0 Software release:
Symptom Condition 74365 Non-administrator user is logged out if he tries to schedule reports. A user with manager privileges, but
not administrator privileges, may be logged out unexpectedly while trying to schedule reports.
74237 Per-Group Anti-Spam settings are incorrectly applied. The corporate
settings are used instead. Occurs when Active Directory or
Exchange 5.5 are incorrectly configured. To correct the problem, add the NetBIOS domain and check the configuration.
71097 Effectiveness improvements in version 6.2 and above require the Email Security to download a large set of thumbprint files when upgrading from earlier versions.
During the download, the interface may be slow to respond, and CPU use will be high. Normal operations will resume once the thumbprint files are downloaded.
3
New Features
The following new features have been added to version 7.0. This section contains the technical notes written to introduce the features.
Junk Button for Microsoft Outlook
Even the best filtering in the world cannot always tell if a message is junk. The Junk Button for Outlook makes it easy and convenient for users to mark a message as junk and share that information with other users in their organization and around the world.
The Junk Button for Outlook is a small application distributed to workstations by system administrators. Individual users can also install the Junk Button application. When a user presses the Junk Button, the highlighted email message is moved to the user’s Outlook Trash folder and the message’s thumbprint is added to the GRID Network thumbprint database. As more thumbprint reports accrue about a message, SonicWALL Email Security appliances and installations are more likely to filter that message as spam so that other users do not see it.
Note: After installing the Junk Button for Microsoft Outlook, you must restart Outlook. If Outlook fails to restart properly, reboot your system. The Junk Button is only available after the first time you receive a “Junk Box Summary” email.
Benefits:
• Empowers users—Users are not just getting rid of their own spam, they are helping other users around the world.
• Improves enterprise spam filtering—The enterprise benefits from the human intelligence of its members to reduce the amount of spam the organization as a whole receives.
• Decreases helpdesk needs—Users can report and dispose of spam themselves, without contacting the helpdesk for support.
The SonicWALL Junk Button allows you to remove spam from your inbox by clicking a small toolbar button in Microsoft Outlook.
Your feedback helps block spam sent to you, your organization, and other people using SonicWALL Anti-Spam and Email Security products.
The SonicWALL GRID Network collects your “Junk vote”, parsing the spam email into its attributes and combining your vote with other sources. These reputation updates, called thumbprints, are delivered back to your SonicWALL Email Security system every five minutes, improving your system’s ability to block spam, phishing, and virus emails. The text of messages is not reported to the GRID Network. Instead, the message is converted into a uniquely identifying hash, and only this hash is used in the thumbprint.
GRID Anti-Virus
SonicWALL Email Security’s GRID Anti-Virus modules enable you to protect your organization from inbound email-borne viruses. Once SonicWALL Email Security has identified the email message or attachment that appears to contain a virus or is likely to contain a virus, you choose how to manage the infected email. GRID virus-protection packages are available as part of the Email Protection subscription and can be enabled by the SonicWALL Email Security administrator for the entire organization.
Benefits:
• Protects against viruses—Using the dynamically-updated SonicWALL GRID Network, GRID Anti-Virus automatically protects users against inbound virus and spyware threats
• Protects against spyware—SonicWALL GRID Anti-Virus prevents users from downloading spyware and stops any existing spyware from being disseminated from protected email systems.
• Layered Defense—SonicWALL GRID Anti-Virus can be used in conjunction with additional Anti-Virus Subscriptions from McAfee or Kaspersky Lab.
How Does GRID AV Work?
The SonicWALL GRID Anti-Virus uses SonicWALL's proprietary virus-detection technology to scan inbound email messages and attachments for viruses, Trojan horses, worms and other types of malicious content. The virus-detection engine is updated frequently from the SonicWALL GRID Network to protect against the latest virus and spyware threats. GRID AV can be used in conjunction with additional virus-detection engines from McAfee ® and Kaspersky for a layered defense against inbound threats.
(Both the McAfee or Kaspersky subscriptions provide outbound defense as well as Zombie Detection.) Messages determined to be dangerous by any of the scan engines are categorized as Viruses.
When any one of the virus-detection engines is activated, you also get the benefit of SonicWALL Email Security's Time Zero Virus Technology. This technology uses heuristic statistical methodology and virus outbreak responsive techniques to determine the probability that a message contains a virus. If the probability meets certain levels, the message is categorized as Likely Virus. This technology complements virus-detection engines and enabling this technology provides the greatest protection for time zero viruses, the first hours that a virus is released, when major anti-virus companies have not yet modified their virus definitions to catch it.
GRID Connection Management with Sender IP Reputation
GRID Connection Management with Sender IP Reputation is the reputation a particular IP address has with members of the SonicWALL GRID Network. When this feature is enabled, email is not accepted from IP addresses with a bad reputation. When SonicWALL Email Security will not accept a connection from a known bad IP address, mail from that IP address never reaches the Email Security server.
This feature is useful only for Email Security servers that are running as the “first touch” server (receiving email directly from the Internet). SonicWALL recommends disabling GRID Network IP Reputation if Email Security is not first touch.
GRID Connection Management with Sender IP Reputation checks the IP address of incoming connecting requests against a series of lists and statistics to ensure that the connection has a probability of delivering valuable email. The lists are compiled automatically by everyone in the SonicWALL GRID Network. Known spammers are prevented from connecting to the SonicWALL Email Security server, and their junk email payloads never consume system resources on the targeted systems.
Benefits
• Because as much as 80 percent of junk email is blocked before it ever reaches your servers, you need fewer resources to maintain your level of spam protection.
• Your bandwidth is not wasted on receiving junk email on your servers, only to analyze and delete it.
• A global network watches for spammers and helps legitimate users restore their IP reputations if needed.
Judgment Details
Judgment Details are a description of why a particular email message was flagged as junk or possible junk by SonicWALL Email Security. This might include keywords, suspicious headers, or other data that indicates a message is not legitimate. This information is only available to administrators.
SonicWALL Email Security has always collected data on why a particular email was rejected. A simplified version of the judgment details appears to users, explaining that their messages were flagged as having attributes of a particular category of junk mail, including phishing or gambling. Judgment Details for administrators is a much more fine-grained tool that identifies exactly which words, phrases, headers, or contents caused SonicWALL Email Security to put the message in the Junk Box.
5
Installing Email Security 7.0
Using the Full Installer method, follow these steps:
Downloading SonicWALL Email Security 7.0
1. Log into your account at http://www.mysonicwall.com.
2. In the left navigation pane under Downloads, click Download Center.
3. In the Activate Service – Software Download dialog box, select a language from the Select Language drop-down list.
4. Select the checkbox to agree to the terms and conditions, and then click Submit.
5. In the Download Center screen, select Email Security Software from the Type drop-down list. If not already on this selection, the screen will refresh to show links to the available Email Security software versions and release notes.
6. Click the link for the version that you want and then select Save in the dialog box. Copy the downloaded binary to the Windows server running your Email Security application.
Installing SonicWALL Email Security
Follow this procedure to install Email Security installation 7.0. The Full Installer includes installation of Apache Tomcat, the Java Runtime Environment (JRE), and Firebird as well as the base Email Security software.
1. On the server, double-click the Email Security 7.0.0 installation file and then click Run in the dialog box. If you do not have direct access to the server, use a remote desktop connection to connect to the server and run the installation file on the server.
2. In the Welcome page of the installation wizard, click Next.
3. Read the License Agreement and then click Next to accept the agreement.
4. SonicWALL recommends that Asian language packs be installed, and an alert is displayed if they are missing. To proceed with the Email Security installation and install Asian language packs later, click Next. To install Asian language packs prior to proceeding, click Cancel.
Note: Installing Asian language packs is optional, however, the spam prevention capabilities of SonicWALL Email Security may be diminished without them. Asian language packs can be installed before or after SonicWALL Email Security Software installation.
5. On the Destination Folder page, click Browse to select an alternate folder, or click Next to accept the default location.
Note: It is important that this folder is not scanned by an anti-virus engine.
6. On the Choose Data Folder page, click Browse to select an alternate folder, or click Next to accept the default location.
If the data folder is on a different disk drive than the install directory, ensure that it has fast read/write access with less than 10 millisecond latency. You can test latency with the ping command.
7. On the Start Installation page, click Next.
8. If requested, allow the installation of Tomcat, Firebird, and the Java Runtime Environment (J2RE). If Tomcat is installed in this step, it prompts for the Apache Tomcat Web server port number. The default port is 80. If you are already running a Web server on port 80, you must change the port setting. SonicWALL recommends port 8080. Click Next to continue.
Note: You can change the port number and configure HTTPS access after installation by using the Server Configuration > User View Setup page of the Email Security appliance.
9. After the installation finishes, click Finish in the Installation Complete wizard. A browser window is displayed with links to the Email Security user interface and documentation.
Note: If you are installing Email Security 7.0 on Small Business Server 2003, there is an additional set of instructions in the installer.
Document part number: 232-001641-50 Rev: B Last updated: 1/30/2009
