Netmail Secure 5.2
Administration Guide
Netmail Secure Administration Guide
Netmail Secure is a Linux-based self-managed email security solution that can be used with any messaging and collaboration system, including Netmail Server, Novell GroupWise, Microsoft Exchange, IBM Lotus Notes, and Domino. Netmail Secure integrates anti-spam, anti-virus, content filtering, data leak prevention and attachment blocking in a single solution that provides total protection to stop email threats from impacting your organization and compromising security.
Table of Contents
Introducing Netmail Secure Feature Overview Component Overview Netmail Secure Clustering Scenarios
How Netmail Secure Processes Mail Netmail Secure Single Node Deployment Netmail Secure 3 Node Deployment
Netmail Secure Multi-Node Cluster Setup Best Practices Storage Considerations
Netmail Secure Virtual Messaging Firewall System Information
Deploying Netmail Secure VMF Performing the Bootstrapping Sequence Launching the Netmail Secure Setup Wizard Logging in to the Netmail Administration Console Configuring Domains, Groups and Users
Creating Domains Administering Domains
Assigning Domain-Level Policies Managing Users and Groups Editing Allow and Block Lists Editing Domain-Level DSN Messages Editing Domain-Level DKIM Signatures Editing Domain Configurations SMTP Modules AntiMasking Module DBL Module GreyList Module Limits Module Lists Module NSRL Module Protocol Filter Module RBL Module
RDNS Module SPF Module
Policy Planning, Configuration and Management Policy Overview
Alias Policy Configuration and Management Anti-Spam Policy Configuration and Management Anti-Virus Policy Configuration and Management
Attachment Blocking Policy Configuration and Management Content Filter Policy Configuration and Management Executive Reports
Lists Policy Configuration and Management Mail Route
Outbound Limits Policy Configuration and Management Quarantine Management
Quarantine Actions Policy Quarantine Management Policy Quarantine Management Agent Quarantine Reports Policy Quarantine Access Warp Drive Agent Queue Server
Advanced System and Agent Configuration Spools
Configuring your Netmail Secure Host Cluster IMAP Agent
SMTP Agent Alerts Agent
Creating Netmail Secure Alerts Sender Verification Agent Rules Agent
SURBL Agent POP Agent Notifications
The Netmail Secure Node Dashboard Using the Node Dashboard System Traffic Policy Engine Logs Message Tracking Troubleshooting License Information Version Information Backup Change Password Diagnostics Search
Appendix A - Configuring Netmail Secure with Your Email System GroupWise GWIA Configuration
Lotus Domino SMTP Configuration Lotus Domino LDAP Configuration
Enabling Internet Passwords for Access to the Quarantine Appendix B - Custom Policies
Sample Email Compliance Policy for Financial Institutions Sample Email Compliance Policy for Educational Institutions Sample Email Compliance Policy for Corporate Organizations Sample Email Security Policy
Introducing Netmail Secure
Netmail Secure’s 100% policy-driven management platform helps organizations create customized rules for enforcing corporate and regulatory compliance with enterprise email security policies. Leveraging Netmail directory services, the web-based Netmail Administration Console provides a single point of administration to facilitate large-scale deployments. Netmail Secure supports clustering and load-balancing to ensure a truly enterprise-level performance and high availability of your messaging system at all times.
Designed to increase the overall security of your messaging and collaboration system, Netmail Secure is available as a virtual appliance. The Netmail Secure appliance has an intuitive browser-based interface designed to manage security and network access locally and remotely.
Appliance Benefits:
Auto-updateable anti-spam signatures and anti-virus definitions.
Improved performance due to tighter hardware integration and optimization. Higher security with a hardened operating system.
Improved control with enhanced logs and statistics right on your desktop. Higher and quicker ROI due to reduced integration costs and faster deployment.
Feature Overview
Netmail Secure is a policy-based email firewall solution that is compatible with any SMTP email server and provides you with an intelligent approach to Email Risk Management. It integrates advanced, multi-layered anti-spam with state-of-the-art anti-virus protection, content filtering, attachment blocking and security policies. Netmail Secure is a highly scalable modular solution: its components can be located on a single Netmail Secure server or distributed individually or in groups across multiple servers to provide both fault tolerance and load balancing for the Netmail Secure platform. Netmail Secure’s built-in clustering abilities lets server nodes detect and cluster together for maximum performance and uptime. Within a cluster, a master node will detect if other nodes are overloaded and impacting performance, and then re-distribute the workload between servers in a cluster ensuring better resource utilization.
Key Features and Benefits
Features Benefits
100% Policy-Based Management Define customizable corporate email security policies that can be applied at the domain, group, or end-user level to allow organizations to define their email security rules centrally.
Directory-Enabled Service Stores all policy information in an enterprise class directory, providing a single point of administration for configuring and managing email security policies across the entire organization.
Highly Scalable Modular System Architecture for Unmatched Performance and Stability
Components can be located on a single server or distributed across multiple servers to provide fault tolerance and load balancing. Built-in Application-Layer Clustering Guarantees superior performance and scalability of the messaging
infrastructure with the necessary level of fail-over required. Requires no third-party software, customization or professional services to implement clustering.
Zero Administration Translates into a fully automated, auto-updated messaging platform
that requires no ongoing configuration, no administration and no fine tuning.
Advanced Virus Technologies Allows users to choose between multiple dedicated auto-updated virus engines to protect the messaging and collaboration system from email-based threats, such as viruses, worms, Trojans, spyware, phishing and other unwanted email.
Multi-Tiered Anti-Spam Defense Provides multiple auto-updated Xtreme Content Filter anti-spam engines that use advanced pattern recognition and SURBL anti-spam technology. All engines detect and block spam in any language and are highly effective against image-based spam, snowshoe spam, and PDF spam. The new XCFSURBL engine scans messages for URI hosts listed on SURBLs.
Content Filtering and Deep Content Analysis Supports Deep Content Analysis and the use of Regular Expression Searching (RegEx) which provides a way to search for advanced combinations of characters and prevent data leaks.
Enhanced Attachment Blocking The Attachment Blocking feature in Netmail Secure has been enhanced to allow organizations to define and enforce acceptable-use policies to help organizations control the flow of message content and attachments. Netmail Secure can be used to identify and prevent a wide variety of inbound and outbound policy violations—including sensitive and confidential data, offensive language, maximum message size, allowable attachment type and size, and many more. Reputation Protection with Outbound Limits The Outbound Limits feature allows administrators to monitor outgoing
mail for any suspicious activity resulting potentially from an email account being compromised.
Enhanced Message Tracking The Message Tracking feature allows administrators to quickly
determine the status or whereabouts of both inbound and outbound email messages.
Allow / Block Host Functionality Allows administrators to dynamically block or allow a range of IP addresses.
Name Server Reputation List (NSRL) Name Server Reputation List is an SMTP module that blocks messages at the connection and content levels. The NSRL Module functions similarly to the RBL and GreyList modules, except that it blacklists name servers that are spammer-friendly and marks all the domains hosted by those name servers in email links as spam.
Route Objects Through the creation of Delivery and Authentication policies, the
Route Objects feature of Netmail Secure allows you to authenticate messages to multiple destinations. More specifically, it allows for multiple relay addresses and multiple authentication addresses. For example, if you have a domain hosted on both Novell GroupWise and Microsoft Exchange, you can create a delivery and authentication route for GroupWise and another delivery and authentication route for Exchange.
Greylisting Preserves system resources by temporarily rejecting email from
suspicious senders. Network-Level Real-Time Perimeter Protection Specialized Layers to
Analyze Message Content, IP Header Information, Envelope Information and Source Domain
Blocks DoS, OpenRelay and harvesting attacks.
Web-Based Administration Console Allows administrators to plan, configure and implement corporate-wide email security policies using the intuitive, easy-to-use Netmail interface.
Web-Based Quarantine A web-based application providing end users with real-time access to
quarantined email through the Internet or via IMAP.
Netmail Secure Perimeter Protection
By using a platform-independent multi-layered anti-spam and anti-virus defense with advanced SMTP security options, Netmail Secure is a complete email firewall that blocks scan attacks and uses authentication to accurately identify recipient email addresses for incoming messages. Netmail Secure also blocks messages based on real-time blacklists (RBL), limits the number of simultaneous connections and rejects connections from specified addresses or IPs.
Netmail Secure is compatible with any SMTP-based mail server. The gateway is deployed safely behind the corporate firewall through a single connection, effectively enhancing server security. Netmail Secure provides gateway intelligence that features unique user-aware
pre-authentication to identify whether incoming messages are destined for valid users on your system. All incoming messages to invalid users are turned away at the perimeter thus reducing the overhead of processing non-deliverable messages.
The mail gateway component of Netmail Secure provides the receipt and local delivery of all your Internet mail. The process is transparent to the email server.
Understands Simple Mail Transfer Protocol (SMTP) and Extended SMTP (ESMTP). Restriction of incoming messages based on size.
Efficient multi-thread worker-pool threading model for high-speed reception.
Validation of Sending Host using Reverse DNS, Domain name validation, or Sender Policy Framework.
Restriction of Sending Host through Real-Time Black Lists, Name Server Reputation Lists, Internet Domain Name, and IP Restriction Lists.
User Pre-Authentication
Validates recipient addresses against the destination mail system to reduce receipt of invalid messages. Dynamically creates and maintains a cached user list of all valid users for the destination mail system(s).
Block scan attack
Limit the maximum number of invalid recipients. Slowdown or block IP addresses.
Cache connections by number of entries and lifetime.
Administrator-specified list of IP addresses which automatically block mail from these hosts.
Component Overview
Netmail Secure is modular to provide flexibility without compromising email security and consists of several components that can be implemented depending upon the needs of your organization.
SMTP Modules
The SMTP Modules feature performs various security functions at the SMTP level.
Greylisting
Temporarily rejects any email from any sender it does not recognize. Legitimate email servers will attempt to resend the message again after which Netmail Secure will accept the second transmission. Greylisting provides protection against spam scripts that do not attempt to resend messages.
Allow Lists
Administrator-specified list of IP addresses which automatically bypasses reverse DNS lookup and RBL lookup.
Real-Time Blacklists (RBLs)
Lookup SMTP hosts in Real-Time Blacklist (RBL) hosts. Administrator-specified RBL hosts.
Exclude trusted IP addresses from lookup. Cache RBL lookup results.
Name Server Reputation List (NSRL)
Blocks messages at the connection and content levels.
Blacklists name servers that are spammer-friendly and marks all the domains hosted by those name servers in email links as spam.
Reverse DNS
Perform reverse DNS lookup for the SMTP host. Cache DNS lookup results.
Connection Limits
Limit connections by total number of connections to host based on percentage of mail by category. Limit connections by simultaneous connections from single IP.
Specify system-wide connection limits.
Specify IP addresses for which no limits are applied. Reject all incoming mail from specified hosts or IP addresses.
Anti-Phishing/Spoofing Protection (SPF)
Checks with the sender’s DNS server to look for IP class or domain name forgery.
Sender ID
Based on SPF and caller ID, Sender ID rejects emails with a forged or “spoofed” MAIL FROM.
Scan Attack
Limit the maximum number of invalid recipients. Slowdown or block IP addresses.
Protocol Filtering
Filter messages at the protocol level.
Block messages based on the following header fields: To, From, Subject, Received, Helo/EHLO, Mail From, Rcpt To and X-Advertisement.
Mail Relaying
Limit mail relaying to trusted hosts or domains. Processes outbound messages from the mail server.
Trusted IPs
Administrator-specified list of IP addresses which automatically bypass Block scan attack filter, reverse DNS lookup and RBL lookup.
Policy Engine
The Policy Engine allows organizations to create policies to scan email content to meet both security and compliance requirements. Applicable to both inbound and outbound email, Netmail Secure provides automated enforcement of corporate email policy to protect organizations from litigation or compromise of reputation and integrity.
The Policy Engine is the core component of Netmail Secure that creates, manages and enforces email security policies to ensure that the network remains secure, compliant and highly available at all times. The Policy Engine facilitates the implementation of corporate-wide email security by using pre-defined policies that can be specified at the domain, group or end-user level. These policies are customizable to allow organizations to define their email security rules centrally. The web-based Netmail Administration Console facilitates the implementation of these policies with its intuitive, easy-to-use interface.
With the Policy Engine, system administrators can create:
Comprehensive Anti-Virus and Anti-Spam policies that process messages according to pre-defined specifications, such as quarantine, delete or tag and deliver spam messages. For more information, see “Anti-Virus Policy Configuration and Management” and “Anti-Spam
. Policy Configuration and Management”
Policies that automatically send customized notification messages to both sender and recipient regarding blocked message content. For more information, see “Notifications”.
Executive Report policies that automatically send customized executive reports containing event information to designated individuals inside your organization. Executive Reports can be configured to show how many email messages containing viruses, spam, blocked attachments or other filtered email is being trapped by Netmail Secure. For more information, see “Executive Reports”.
Policies that send customized quarantine reports containing event information to designated individuals inside the organization in the form of an administrator-sent email message at regularly scheduled intervals. For more information, see “Quarantine Reports Policy”. Content Filter policies to scan and filter email messages based on specific expressions or keywords. For more information, see “Content
. Filter Policy Configuration and Management”
Attachment Blocking policies to explicitly block attachments by filename, extension or type. For more information, see “Attachment .
Blocking Policy Configuration and Management”
Customized Delivery and Authentication policies that can deliver and authenticate messages to multiple destinations using multiple relay and authentication addresses. For more information, see “Mail Route”.
Outbound Limits policies to monitor outgoing mail for suspicious activity and suspend mail flow if an email account seems to have been compromised. For more information, see "Outbound Limits Policy Configuration and Management".
Quarantine Management policies to automatically clean up quarantined email messages after a specific period of time based on certain criteria. For more information, see “Quarantine Management Policy”.
Customized Lists policies to always block or allow specific email addresses, domain names or IP addresses. For more information, see “L .
ists Policy Configuration and Management”
Quarantine Actions policies to configure which options will be available to end users through the Quarantine application. For more information, see “Quarantine Actions Policy”.
Anti-Virus Agent
Through the Netmail Anti-Virus Agent, Netmail Secure offers the use of multiple dedicated, multi-layered auto-updated virus engines to protect your messaging and collaboration system from email-based security threats, such as viruses, worms, Trojans, spyware, phishing and other unwanted email. These engines are integrated to the core of Netmail Secure to provide inbound and outbound message scanning for optimal performance and reliability. The integration of multiple high-performance virus scanning technologies provides system administrators with the flexibility to select which anti-virus engine they want to use.
The virus engine you choose must be the engine for which you have
Important: received a digitally signed xml license file.
Auto-updates
Receive automatic virus definition updates directly from Messaging Architects.
Performance
Cache last positive anti-virus identifications. Specify size and time limit of cache entry retention.
Virus Handling
Option to scan compressed or zipped files for viruses.
Option to specify maximum size for large attachments and choose to delete, quarantine, tag subject line, or return to sender. Option to recursively scan zipped files by number of zip levels.
Configurable course of action taken when an unscannable message is detected. Notifications to senders and recipients of detected viruses.
Option to specify what action Netmail Secure should take when a message containing a password-protected zipped attachment is detected.
Anti-Spam Agent
Through the Netmail Anti-Spam Agent, Netmail Secure provides four multi-tiered auto-updated Xtreme Content Filter spam engines: XCFSpam1, XCFSpam2, XCFSpam4, and XCFSURBL. All engines inspect the full range of attributes of incoming email messages, including sender IP addresses, message envelope headers and structure and the unstructured content in the body of messages. Netmail Secure’s proprietary technology tests numerous connection-level data points, including DNS and MX record verification, to deliver unrivalled accuracy with the lowest possible rate of false positives and protect you against the onslaught of image spam.
XCFSpam1 Engine
Designed as a large-scale learning system where human and autonomous machine elements collaborate to produce and refine the filtering rules.
XCFSpam2 Engine
Uses Advanced Pattern Detection, which is based on the mass distribution of malware over the Internet, and SURBL anti-spam technology to combat the evolving techniques of spammers.
Detects and blocks spam in any language and is highly effective against image-based spam and PDF spam.
XCFSpam4 Engine
Complements our other spam engines.
Uses more than one million reputation queries, pattern matches or rules to identify spam with an incredibly high accuracy rate, and a near-zero false positive rate.
XCFSURBL Engine
Scans messages for URI hosts listed on SURBLs and uses them to help identify and block unsolicited messages. Four specific lists used by SURBLs can be individually enabled or disabled or disabled.
Large Messages
Limit the size of messages.
Specify how messages larger than the maximum size are handled by Netmail Secure.
Name Server Reputation List (NSRL)
Blacklists spammer-friendly name servers and marks all domains listed by those name servers in email links as spam.
Auto-updates
Receive automatic spam signature updates directly from Messaging Architects.
Warp Drive Agent
The Netmail Warp Drive Agent provides the Web Quarantine component of Netmail Secure. The Web Quarantine is a web-based application that allows end users to manage their quarantined email from anywhere in the world through the Internet. End users can access the Quarantine application through any standard web browser such as Internet Explorer, Mozilla Firefox and Safari by simply specifying the URL of the server.
The quarantine feature provides:
End user access to quarantine from anywhere in the world. Access to live quarantine mailbox via IMAP.
Netmail Secure Clustering Scenarios
To provide organizations with a robust solution that is scalable, fault tolerant and highly available, Netmail Secure supports application-layer clustering to enable multiple servers to work together to mitigate any interruptions in the message flow.
There are a number of different clustering scenarios available which will largely depend upon the organization, its size, the number of daily messages processed as well as the level of fault tolerance desired for the system. With Netmail Secure’s highly scalable modular system architecture, components can be located on a single Netmail Secure server or distributed individually or in groups across multiple servers to provide both fault tolerance and load balancing for the Netmail Secure platform.
How Netmail Secure Processes Mail
When mail is received through Netmail Secure, the SMTP Agent places the messages in the Monitored Queue. The Monitored Queue is the message queue that is monitored by various Netmail Secure Agents.
Agents retrieve the messages from the Monitored Queue and process the messages in the Message Spool. The Message Spool is located in the Quarantine Store. The Quarantine Store contains a Quarantine repository for each end user and the Message Spool that stores messages in transit.
Messages in transit are scanned by the various Netmail Secure Security Agents, and then processed accordingly. For example, if a message is trapped by the Netmail Anti-Spam Agent, the Netmail Anti-Spam Agent may forward the message to the end user quarantine as per the organization’s Anti-Spam policy.
If the message contains a virus, the Netmail Anti-Virus Agent may delete the message from the queue as per the organization’s Anti-Virus policy. Messages that are not caught by any of the Security Agents are returned to the Monitored Queue and then transferred to the Delivery Queue. The SMTP Agent retrieves the messages from the Delivery Queue for delivery to the end user’s mail client.
Netmail Secure Single Node Deployment
The following deployment illustrates an Netmail Secure single node deployment. This deployment scenario is ideal for organizations with up to 1000 email accounts or with total email traffic of 750,000 messages a day.
Netmail Secure 3 Node Deployment
The following deployment illustrates a Netmail Secure 3 node deployment. This deployment scenario is suitable for organizations with 1000 -25,000 email accounts or email traffic of 6,000,000+ messages a day, or for organizations requiring enterprise-class fault tolerance.
Netmail Secure Multi-Node Cluster Setup Best Practices
This page lists some of Messaging Architects' best practices for setting up a multi-node cluster for Netmail Secure.
Clusters:
It is recommended to have all servers in the same Netmail Secure cluster.
Quarantine:
During the initial setup and installation of Netmail Secure, there is nowhere to differentiate or indicate whether a server is a processing or quarantine node.
Once all servers have been added to the cluster, you can then go to the server nodes and specify where each server should store its quarantine objects. This can be done on the Volumes tab of each server.
Having a single quarantine ensures that end users only need to log in to one quarantine server and will receive only one quarantine report (if desired).If the quarantine server fails, quarantine access will be unavailable until the server is restored.
The other servers will hold items destined for the quarantine in their spool until the failed server is back up, ensuring no items will be lost.
Spool:
Each server should have its own spool. You should be able to see this on the Volumes tab of each server, but you shouldn't have to change anything.
The reason for this is that if one server ever fails, mail will keep flowing through the other server(s). Once the failed server is brought back up, it will deliver any mail that is sitting in its spool.
Database:
Ideally, you should have one database per mail system. This gives you centralized logging and reporting. You can disable PostgreSQL and set the connection path for the other servers by following the steps in the Post-installation Tasks section of the Launching the
page. Netmail Secure Setup Wizard
The logging database normally resides on the same server as the quarantine server, but this is not mandatory.
be able to write their logs. The logs generated by the other servers will not be queued in any fashion, so these logs will be lost during the failure. We do not have High Availability (HA) or Disaster Recovery (DR) in our logging.
If you wish, you may set up a database per server to ensure that no logs are lost, however this will require more processing power per server and will not provide you with centralized logging. You will essentially have to check each server's logs.
If you have a highly available SQL server on your network, however, you can choose to write the logs to it since it is a standard ODBC query that is being made.
Storage Considerations
In multi-node deployments, to avoid introducing a single point of failure for your Internet email delivery system and to ensure that your system remains highly available at all times, Messaging Architects recommends that you move the Quarantine Store off to a fibre channel storage area network (SAN). Although the initial cost of deploying a SAN solution may be higher, the long-term total cost of ownership (TCO) may be lower as fibre-channel SANs are highly scalable to accommodate future growth. Network attached storage (NAS) over a gigabit network offers reliable storage as well. If high availability is a requirement, then you should choose a SAN or a NAS solution.
Before choosing a storage solution, you should be familiar with storage technologies such as RAID levels, storage area networks (SANs) and network-attached storage (NAS). You should also evaluate your organization’s needs for dependable storage. Some organizations can expect to lose significant revenue if the messaging and collaboration system is unavailable. Finally, the type of storage solution you choose can play an important part in ensuring high availability and the rapid processing of email.
You should not plan your Netmail Secure storage solution without considering disaster recovery (DR) strategies.
Messaging Architects strongly recommends that you connect any storage
Note: system to a redundant UPS system for a highly
Netmail Secure Virtual Messaging Firewall
Netmail Secure is deployed on a virtual appliance offering rapid enterprise roll–out and scalability. The Netmail Secure virtual appliance is delivered as a software download that offers considerable green benefits including reduced HVAC and power consumption, reduced hardware footprint and elimination of shipping and packaging.
The Netmail Secure Virtual Messaging Firewall (VMF) is a fully configured soft appliance that can be deployed on any x86 hardware, using VMware's VMware ESXi / ESX 3.x or higher.
Please ensure that VMware Tools is up to date. For more information, see
Note: http://kb.vmware.com.
In this section:
System Information
Deploying Netmail Secure VMF Performing the Bootstrapping Sequence Launching the Netmail Secure Setup Wizard Logging in to the Netmail Administration Console
System Information
The Netmail Secure Virtual Messaging Firewall (VMF) is a fully configured soft appliance that can be deployed on any x86 hardware. By using VMware ESXi or ESX 3.x or higher, organizations can now deploy Netmail Secure as needed. You must install VMware Tools prior to installing Netmail Secure. Refer to System Requirements for Netmail Secure for detailed information about the minimum requirements for deploying Netmail Secure.
The following login credentials are required during the installation of Netmail Secure: User Login: admin
User Password: m3ss4g1ng
Access: “root” access through “sudo su”
Messaging Architects will only support Netmail Secure virtual machines
Note: created by Messaging Architects.
Deploying Netmail Secure VMF
This section describes how to deploy the Netmail Secure Virtual Messaging Firewall from a virtual instance of Netmail Secure from a virtual machine image onto a machine running ESX Server or ESXi Server. You must install ESX Server or ESXi Server before performing this procedure.
1. Contact Messaging Architects Support to obtain the link to download the virtual machine. 2. Unpack the compressed .rar file.
4. Click Browse to browse to the location of your .ovf file. Click Next to continue.
6. Under Name, enter a Name for your virtual appliance, and under Inventory Location, specify where in the inventory you want your virtual appliance to reside. Click Next to continue.
8. Select a datastore where you want to store the files for the virtual appliance, and then click Next to continue.
9. Select a format in which you want to store the virtual disks. Thin provisioned format allocates storage space for data on an as-needed basis, while Thick provisioned format immediately allocates all available storage space. Click Next to continue.
10. Select a network(s) that the deployed OVF template should use, and then click Next to continue.
It will take a few minutes to create the virtual machine. Once the virtual machine has been created, power up the machine and go through the bootstrapping sequence.
Performing the Bootstrapping Sequence
The bootstrapping process allows you to provide the information needed to connect your system to the Netmail Secure virtual machine.
1. In the VMware VCenter or Virtual Infrastructure Client, select your Netmail Secure virtual machine in the tree menu on the left-hand side of the screen, and then start the virtual machine. Use your keyboard to navigate through the bootstrapping sequence.
2. Select Netmail Secure 5.1 RC [VMX], and then press Enter to load the boot sequence. The screen will remain blank for a few moments while the boot sequence loads.
6. On the Hostname and Domain Name screen, enter the Hostname of your Netmail Secure virtual machine and the Domain Name. Select As
(do not select ). Select to continue.
8. On the Network Card Setup screen, select the Address heading to configure the IP address. Select the Statically assigned IP Address opti on (do not choose to configure a dynamic address). Enter the network IP Address and Subnet Mask, and then choose Next to continue.
Your system now restarts. Once the system has restarted, the bootstrapping process is complete. You are now ready to launch the Netmail Secure Wizard.
Launching the Netmail Secure Setup Wizard
On this page:
Deploying a Single Node or the First Node of a Cluster Deploying Additional Netmail Secure Nodes
Restoring a Node Post-installation Tasks
How to Execute Commands at a Prompt Additional Commands
With the Netmail Secure Wizard, you can deploy a single Netmail Secure node or the first node of a cluster, deploy additional Netmail Secure nodes, or restore a node. There are two different methods for launching the Netmail Secure Wizard:
On the Netmail Secure appliance, double-click the shortcut to Mozilla Firefox located on your taskbar to launch the Netmail Secure Wizard.
Configure a machine on your network with access to the newly deployed Netmail Secure Virtual Messaging Firewall by opening a web browser and navigating to https://10.20.30.40/setup.
Deploying a Single Node or the First Node of a Cluster
system. Click Next to continue.
2. On the New Node Setup screen, select New System from the available options. Enter the default administrator password m3ss4g1ng under , and enter and confirm a of your choice. Click to continue.
Current Password New Password Next
4. On the Domain Configuration screen, complete the following:
Click Browse to navigate to the location of your license file. By default the default license is used, which is limited to 50 users. Under Domain Name, enter a name for your domain.
Under Authentication Source, select the authentication type, and enter the required information. You will have a different set of fields to complete depending on your choice. You can use the Test button to verify the validity of the authentication source.
Under Relay Address, enter the IP address where you want Netmail Secure to deliver email that it has processed. Use the Test button to verify that the relay address is valid.
Under Postmaster Address, enter the email address of the postmaster where notifications should be sent.
Under Abuse Address, enter an email address to which abuse reports (filed by end users through the Quarantine application) should be sent.
Under Default Time Zone, use the dropdown list to select your preferred time zone. Click Finish to complete the installation and exit the wizard.
If you did not use the Test buttons to test the authentication source and relay address, you will be warned that you haven't done so. Click OK to complete the configuration or click Cancel to go back and perform the tests.
Alternatively, you can click Advanced to configure advanced cluster and policy settings before completing the installation. This step is optional, as cluster and policy settings can be configured later.
5. On the Cluster Configuration screen, select which agents and features you want to enable or disable. These options can also be configured at a later time. Click Next to continue.
7. On the Policy Setup screen, select which policies you want to enable. These policies can also be enabled or disabled at a later time. Click Nex and then to complete the installation and exit the Wizard.
Deploying Additional Netmail Secure Nodes
At this stage in the deployment, you should have both your cluster running and an additional node with access to the Netmail Secure Wizard. 1. On the Welcome screen, agree to the terms and conditions of the End User License Agreement. Select New to deploy a new node in your existing Netmail Secure system. Click Next to continue.
2. On the New Node Setup screen, select Add Node to Cluster. Under Current Password, enter the default administrator password m3ss4g1n , and then enter and confirm a new password of your choice. Click to continue.
g Next
3. On the New Node Configuration screen, upload a license file or use the default license. Under Existing Node Admin Password, enter the administrator password of the existing node. Under Existing Node IP, enter the IP address of the existing node. If you are not sure of the IP address, use the Detect button to generate a list of existing nodes that you can choose from. If desired, select a data store to migrate. Click Finis
to install the additional node. h
Restoring a Node
It is possible to recover a previously existing node from a backup file. To do so, you must have first run a backup of Netmail Secure. For more information about backing up Netmail Secure and creating a backup file, see "Backup".
1. On the Welcome screen, agree to the terms and conditions of the End User License Agreement. Select Restore to recover a node. Click Next to continue.
2. On the Restore Node screen, complete the following: Enter your Admin Password.
Next to License, click Browse to browse to the location of your Netmail Secure license file. Next to Backup File, click Browse to browse to the location of your Netmail Store backup file. Next to Restore, choose what information you want to restore.
Click Finish to start the restoration process. This may take a few moments.
Post-installation Tasks
If you have installed multiple Netmail Secure nodes, you must perform the following post-installation tasks to disable PostgreSQL on each node, and then connect each node to the PostgreSQL server.
To disable PostgreSQL:
1. At the Console login prompt, enter the default username admin and then use the same password that you used on the first and second nodes. Gain super user rights for the admin user for the entire session by typing sudo su, and then press Enter.
2. Type chkconfig postgresql off, and then press Enter.
To connect the Netmail Secure nodes to the PostgreSQL server:
1. At the login prompt, enter the default username admin and the default password m3ss4g1ng. Gain super user rights for the admin user for the entire session by typing sudosu, and then press Enter.
2. Type vi /root/.odbc.ini. 3. Navigate to ServerName.
4. Use the arrow keys to move your cursor to the file name to the ServerName line. 5. Type to enable you to modify the text.i
6. Click Delete to delete localhost, and then enter the IP address of node 1. 7. Use Esc, and then type :wq to save and exit the file.
8. Restart the netmail service by typing service netmail restart at the prompt.
9. To access the Netmail Administration Console, open a standard web browser and enter the IP address of the server where you installed Netmail Secure.
10. Choose Domains & Users. Click on the name of your domain. By default, the Details tab is displayed. 11. Select the Quarantine Cluster you configured previously, and then click Save.
How to Execute Commands at a Prompt
Linux commands such as starting and stopping the Netmail Secure services require additional rights beyond the user rights assigned to the admin user. To grant these additional super user rights to the admin user, use the sudo command.
The sudo command is used to run commands with the root user’s privileges and is used at the beginning of each line of commands. For example, to start Netmail Secure, type sudo/etc/init.d/netmail start, and then press Enter.
The su command is used to become root (system administrator) user. For example, to gain super user rights for the admin user for the entire session, type sudo su, and then press Enter.
Additional Commands
Additional Linux commands may also be used with Netmail Secure.
To query the status of Netmail Secure, type sudo /etc/init.d/netmail status, and then press Enter.
To shut down the Netmail Secure appliance, type init 0, and then press Enter. Once the system shuts down, unplug the power cable.
To access the Netmail Administration Console, open a standard web browser and enter the IP address of the server where you installed Netmail Secure. The Netmail Administration Console can be accessed from any workstation with access to this IP address.
Netmail Secure supports Internet Explorer 8.0 and higher, Mozilla
Important: Firefox 3.0 and higher and Safari 3.0 and higher.
Messaging Architects recommends Mozilla Firefox for enhanced performance.
When you first launch the Netmail Administration Console, you are prompted for your User Name and Password. These authentication credentials are for a Netmail directory service user account which has administrative privileges to the Netmail Secure objects which were created during the installation. You can log in using NDS contextual login, such as admin.netmail.
Messaging Architects uses its own dedicated tree to store the Netmail Secure objects and an Netmail Secure Administration user account which has specific administrative privileges to the tree is created automatically for the purposes of administration.
In the fields provided, enter your credentials, and then click Log In.
The Netmail Administration Console is where system administrators can create and define custom email security rules to proactively address the issues of regulatory compliance, corporate governance and security. System administrators can also configure and manage other solutions of the Netmail platform from this same Administration Console, including Netmail Archive and Netmail Store. The Netmail Administration Console was designed for flexibility and ease of use, and is organized to assist with both day-to-day operations and advanced system configuration. The following tabs are available in the Netmail Administration Console: Welcome, Updates, Backup Change Password, , and Diagnostics. By default, when you log in to the Console as an administrator, you are redirected to the Welcome tab.
Configuring Domains, Groups and Users
Netmail Secure maintains a list of all domains and associated users for which it is configured to process mail. The Domains and Users feature lets system administrators manage these domains and users and define groups of users for whom selected policies can be applied. The intuitive Netmail Administration Console facilitates the granular application of unique policies for each domain, group or user located on the Netmail Secure server or cluster. For more information on policy, see “Policy Planning, Configuration and Management”.
During the Netmail Secure configuration procedure, you were prompted to enter configuration settings through our web-based configuration portal. These settings are automatically applied to the Netmail Secure Server; however, you can still modify these settings at any time using the Domains and Users feature in the Netmail Administration Console.
This chapter provides step-by-step instructions on how to create and configure additional domains, users and groups. If you have already configured these settings, then you can learn how to apply the Netmail Secure pre-created custom policies and overrides to different levels: per domain, per group or per user.
There are three different levels at which email security policies can be applied:
Domain-level policies apply to all users in a specified domain. If you create a domain-level policy, it applies to all users in that domain. Group-level policies apply to all users in a specific group. If you create a group-level policy, it overrides a domain-level policy. User-level policies apply only to the selected user. If you create a user-level policy, it will override all other policies.
In this section:
Creating Domains Administering DomainsAssigning Domain-Level Policies Managing Users and Groups Editing Allow and Block Lists Editing Domain-Level DSN Messages Editing Domain-Level DKIM Signatures Editing Domain Configurations
Creating Domains
This feature allows you to create additional domains, if necessary, and allows you to configure all Internet domains that the server will accept inbound messages for, along with the routing information for delivery of those messages and the routes and methods for pre-authentication and web authentication. With Netmail Secure, you can also create a secure delivery route for your domain. For more information, see “Mail Route”. If you are supporting multiple mail servers, such as GroupWise and Netmail Server, then create a separate Domain entry for each and point to the respective mail system. If you are supporting multiple domain names for a single mail server, then consider making all domain names aliases of a primary domain name. This will allow all email messages to be delivered normally, but will provide a single domain address in the Quarantine
database, thus reducing the number of quarantine reports that end users receive.
If you are running multiple email systems with a single Internet Domain,
Note: you should speak directly with a member of our
Technical Support Team.
Although using a single domain for an entire network has several advantages, you may need to create one or more additional domains for your organization to meet scalability and security requirements. Additional reasons to create more than one domain include:
Different password requirements between departments or divisions Massive numbers of objects
Decentralized network administration
To get started, select Domains in the tree menu on the left-hand side of the Netmail Administration Console. By default, the Default Policies tab is displayed, which is where you can create a new domain.
Setting Default System-Level Policies
The Default Policies tab allows you to view, edit, or remove default system policies assigned to local or remote domains, and it allows you to assign new policies to those domains. To create a new domain, click Create A Domain.
Create A Domain
The Domain Name field allows you to specify a new domain name.
Quarantine Store
The Global Quarantine Volume field contains the name and location of the global Quarantine store.
Aliases
The Alternate Domain Names option allows you to Add alternate domain names or domain aliases that the Netmail Secure server accepts mail for and delivers to the same mail system. To modify an existing alias, select the alias in the Alternate Domain Names list, and click Advanced E
. To remove an existing alias from the list, highlight the alias in the list, and then click .
dit Remove
Authentication
This feature allows you to prioritize route authentication and apply a default Authentication policy or Delivery policy.
The Route Priorities option allows you to prioritize route authentication. To add a route, click Select Route. In the window that appears, specify the route Type. Select a Mail Route Object, and then click Edit.
In the next window, under Authentication or Delivery, click Add Route to add either an Authentication route or a Delivery route.
If you are adding an Authentication route, select your authentication protocol Type. Your choices are: SMTP
MX
Netmail (SMTP)
Novell GroupWise 6/7 (LDAP) GroupWise 8 (LDAP) Lotus Domino (SMTP) Microsoft Exchange (LDAP) LDAP (manual)
ODBC Route
Local Authentication
SMTP MX Route
Local Authentication
The configuration settings for each authentication and delivery protocol are different. Complete the following fields, if applicable to your chosen authentication or delivery protocol:
SMTP Server
Host: Enter the host IP address and the port number of the SMTP server.
When creating your Authentication policy, ensure that the host IP address is
Note: the same as that of the corresponding
Delivery policy.
Encryption:Select the security protocol you want to apply to the authentication protocol: None: Select this option of you do not want to apply any security protocols.
TLS (optional): If you select this option, messages will be delivered to the recipient whether or not they support TLS. If TLS is supported, then the protocol will be applied and the message delivered. If the recipient does not support TLS, the message will be delivered anyway.
TLS (required): Select this option if you require that the recipient supports TLS in order for messages to be delivered to them. If the recipient does not support TLS, the message is not delivered. This ensures that all mail is delivered securely.
SSL: Select this option if you want to apply the SSL to delivered messages. Domain: Enter the domain name of the SMTP server.
SMTP Extensions
Select whether you want to Detect, Assume, or Ignore the following SMTP extensions:
DSN: An ESMTP command that enables delivery status notifications as defined in Request for Comments (RFC) 1891. PIPELINING: Provides the ability to send a stream of commands without having to wait for a response after each command. 8BITMIME: Indicates that the local SMTP virtual server supports 8-bit Multipurpose Internet Mail Extensions (MIME) messages. CHUNKING: Provides some features for SMTP to transmit very large binary messages (sometimes called BDAT).
BINARYMIME: Indicates that the SMTP virtual server accepts messages that contain binary material without transport encoding by using a BODY parameter with a value of "BINARYMIME" with the MAIL command. When the SMTP server accepts a MAIL command with a BODY parameter of BINARYMIME, the server agrees to preserve all bits in each octet passed using the CHUNKING command. The BINARYMIME SMTP extension can only be used with CHUNKING.
ETRN: Sent by an SMTP server to request that the local virtual server send any email messages that it has in the queue for the domains indicated in the ETRN command.
STARTTLS: Indicates that the SMTP server supports secure SMTP over Transport Layer Security (TLS). AUTH: Signals that the local SMTP virtual server supports the SMTP authentication service extension.
SIZE: Provides a mechanism by which the SMTP virtual server can indicate the maximum supported message size.
XCLIENT: When an SMTP server announces support for the XCLIENT command, an SMTP client may send information that overrides one or more client-related session attributes. The XCLIENT command targets access control tests, client software that downloads mail from an up-stream mail server and injects it into a local MTA via SMTP, and post-filter access control and logging.
User Lookup
Authentication: Select this option if you want to include the domain when authenticating messages. LDAP Search: Select this option if you want the LDAP server to search for users recursively.
LDAP Server
Note: When creating your Authentication policy, ensure that the host IP address is the same as that of the corresponding Delivery policy.
Encryption: Select SSL if you want to apply the SSL to delivered messages. LDAP Version: Select either or as your LDAP version.2 3
Directory
Authentication DN: Enter the authentication DN of the LDAP directory. Password: Enter a password for the LDAP directory.
Base DN: Enter the base DN of the LDAP directory. User Class Name: Enter the name of the user class. Naming Attribute: Enter a naming attribute: Naming Prefix: Enter a naming prefix. Mail Attribute: Enter a mail attribute. Disabled Attribute: Enter a disabled attribute. Disabled Value: Enter a disabled value.
Attribute Translation
This option allows you to apply a field mapping by importing user attributes from a .csv file.
ODBC Connection
DSN: Enter the Data Source Name (DSN) of the user data source.
ODBC User: Enter the name of the ODBC user that you will be authenticating to that database. ODBC Password: Enter the password for the specified ODBC user.
Queries
Lookup SQL: Specify the query string that will be used to find users.
Authentication SQL: Specify the query string that will be used to find passwords.
Authentication: Select this option if you want to include the domain when authenticating SQL. Password Encoding: Select the type of password encoding you wan to implement.
Route
When adding a route, you can choose to test the route you are creating by clicking Test. In the window that appears, enter an existing user’s email address and password, and enter an email address of a user that does not exist on the target system. Click Test Authentication. This troubleshooting tool will inform you of the user’s status on the target system. When you are finished testing, click Done.
When prioritizing route authentication, you can add as many routes as you wish. If you have two or more routes, you can change the route priorities by using the up and down arrows next to the routes. You can also choose to delete a route by clicking the next to the route.x
authenticating.
The Default Delivery Policy option allows you to select the default Delivery policy you would like to use for message delivery. If no Delivery policy appears in the dropdown list, you need to create one. For information about creating a Delivery policy, see “Delivery”.
Postmaster Information
Postmaster Address: This option allows you to specify a postmaster email address. In the available textbox, enter the email address of the postmaster where notifications should be sent.
Abuse Address: This option allows you to specify an abuse address. The abuse address is the email address to which the system sends emails when end users click Report in their Quarantine. In the available textbox, enter an email address to which abuse reports should be sent.
When you are done specifying the criteria for your new domain, click Create Domain.
Setting System-Level DKIM
The DKIM tab allows you to include a system-level DKIM (DomainKeys Identified Mail) signature to messages.
DKIM provides a method for validating the identity of a domain name that is associated with a message through cryptographic authentication. It allows an organization to take responsibility for a message while the message is in transit. The organization can handle the message as the message creator or as an intermediary. In either case, it is ultimately the organization’s reputation that dictates whether the message should be trusted for delivery. To learn more about DKIM, visit http://www.dkim.org/.
By default, the Signature field is set to None. To apply a domain-level DKIM signature, select a signature from the Signature dropdown list. A new set of fields appears in the DKIM tab. Complete the following fields:
Timestamp: This option allows you to include the time when a message is sent.
Expiration Age: This option allows you to specify the number of hours, days, or weeks for which your DKIM signature is valid. Sign Body: This option allows you to sign the entire body of the message or a specific number of bytes of the message.
Sign Header: This option allows you to select the fields you want to include in the signature header. By default, all header fields are selected. To manually select specific fields, simply hold down the Ctrl key, and click the fields you want to include in the signature header. You can also opt to add custom fields in the header.
Click Save Changes to save your changes.
If no DKIM signature exists, you need to create one. To create a DKIM signature, click Add. In the window that appears, provide a name for the DKIM signature you want to add, and enter a public key and a private key. Click Save to save your new DKIM signature.
A DKIM signature can be created only on the
Note: DKIM tab of the Netmail Secure Domains object.
Searching for a Matching DNS Record
The DNS Record button is a troubleshooting tool that allows you to test a domain for a matching DNS (Domain Name Service) record. Complete the following fields before testing:
Domain: Select the domain you want to test.
Include Hash Algorithm: Select this option if you want to include the hash algorithm in the DNS text record. Include Key Type: Select this option if you want to include the key type in the DNS text record.
Service Type: Specify the service type you want to include in the DNS text record. You can choose from unspecified, email, and service types.
Testing Mode: Specify the testing mode you want to include in the DNS text record. You can choose from unspecified, testing, and subdomain testing types.
(Optional) Notes: Type in any notes you want to include with your search.
Click Test to search for a matching DNS record. The search tool specifies whether a matching DNS record was successfully found or if it failed to find a matching DNS record. Click Close to return to the DKIM tab.
Setting System-Level DSN Messages
The DSN tab allows you to customize the system-level DSN (Delivery Status Notification) that is sent to the sender if the recipient’s email server is unavailable. You can apply a different DSN to email messages sent within local domains and those sent to remote domains. By default, the DSN settings that you apply to this tab are applied to the entire system (i.e., to all the domains you have created). However, it is possible to edit and apply custom DSN settings for each individual domain.
To edit the settings for the domain DSN, select Domains > <domain name> (the name of the domain you are administering), and then click the tab.
DSN
The following information can be edited for both Local Domains and Remote Domains:
Header
This section allows you to add new header fields, remove existing header fields, or edit existing header fields in the DSN. Use the dropdown lists next to Fields to select a header. You can choose from the following headers: Received, Subject, From, To, CC, Reply-To, X-Sender, and Custom. Use the textboxes provided to enter specific keywords that you want to apply to the headers to filter out messages.
Message
This section allows you to add a customized Plain Text Message or HTML Message to include with the DSN. You can manually type in your own text or click Browse to upload a file. The Download button allows you to download a copy of either the Plain Text Message or HTML Message i n .txt file format. The Attach original message field allows you to specify how much of the original message you want appended to the DSN.
Retry Schedule
This section allows you to customize the retry schedule for sent email messages that are not delivered successfully. After each failure, the message can be bounced back to the sender or rescheduled to be sent [x] seconds, minutes, hours, or days later with or without the DSN. You can also choose to inherit the system retry schedule.
When you are done, click Save Changes.
Administering Domains
It is possible to configure the settings of existing domains, including specifying alternate domain names or aliases. To administer an existing domain, use the arrow icon to expand the Domains object in the tree menu, and select the name of the domain you want to manage. For each domain you create, you can apply unique Policies, manage Users, manage Allow/Block Lists, configure a DSN (Delivery Status Notification), configure a DKIM signature, and manage the overall domain Configuration. By default, the Policies tab is displayed.
Assigning Domain-Level Policies
When you click on the name of domain you want to administer, the Policies tab is displayed by default. The Policies tab allows you to manage authentication priorities, policies, and quarantine reports of an existing domain.
Authentication Priorities
This option allows you to view and prioritize route authentication. If you have two or more routes, you can change the route priorities by using the up and down arrows next to the routes. You can also choose to delete a route by clicking the next to the route. Click x Select Route to add a new Authentication route to the list. If no Authentication route exists, you need to create new one. For more information about creating an
Policies in Effect
This option allows you to view and manage domain policies that are currently in effect as well as assign new domain policies. The following actions can be taken:
Remove: Click Remove if you want to unassign a policy that is in effect.
Edit: Click Edit to assign a different policy. Select the type of policy, the direction of mail flow to which you want to apply the policy (if applicable), and the name of the actual policy you want to assign.
Allow Override: Select this option of you want the policy to override objects that inherit from this policy.
If no policies have been assigned or if you want to assign additional policies, click Assign Policy. In the window that appears, select the Type of policy you want to apply, the Direction of mail flow to which you want to apply the policy (if applicable), and the name of the Policy you want to apply. If you have not created any policies, only the default policies will be available. For more information about creating a policy, see “Policy
. Planning, Configuration and Management”
User-Selectable Policies
This option allows you to view and configure policies for which users can set preferences in their personal quarantine. Just as for domain policies, it is possible to assign, remove, edit, and override user-selectable policies to a domain. For more information about the quarantine feature, see “Q
. uarantine Management”
Quarantine Reports
This option allows you to send quarantine reports to all users and groups in the selected domain. Click Send Quarantine Report to send a quarantine report of only new items in quarantine. Click Send Full Quarantine Report to send a quarantine report of all items in quarantine.
After specifying your options, make sure you click
Important: Save Changes to save your work.
Netmail Secure automatically creates users and populates your user list when mail traffic first begins moving through your SMTP mail server. This is true for every domain you create. The user list can be found by selecting Domains > <domain name> (the name of the domain you are administering) and then clicking the Users tab. You can search this list for a specific user by typing in the first few letters of the user’s name in the search textbox and then pressing Enter.
It is also possible to manually create users, groups, and distribution lists, as well as import users. Existing users can be edited, assigned to a group, moved to another domain, or deleted.
Creating Users
To create a new user, click Create A User on the Users tab. Complete the following in the window that appears: Create A User: Enter a user name for the new user.
Identity: Enter the new user’s first and last name.
Authentication: Enter and confirm a password for the new user.
Importing Users
To import users from an existing CSV list, click Import Users. In the CSV User Import window that appears, type or paste comma separated user information into the text box provided. The information that you input should correspond to the column values you define in the top part of the window (i.e., the first comma separated value should correspond to the valued in Column 1, the second comma separated value should
correspond to the value in Column 2, etc.). Click Add field to add more columns, if needed. When you are finished defining your users, click Start .
Once the import is complete, the CSV User Import window will show the results of the import. Click Close to close the window. The users you have imported should now appear in the user list on the Users tab.
Creating Groups
To create a user group within the domain, click Create a Group on the Users tab. Enter a name for the group, and then click Create Group. The new group you have just created appears in the tree menu on the left-hand side of the screen, under the name of the domain in which the group was created.
Creating Distribution Lists
To create a distribution list, click Create a Distribution List on the Users tab. In the window that appears, complete the following: Create a Distribution List: Enter a name for your new distribution list.
Details: Enter an external or internal email address you want to add to the distribution list, and click Add. To edit an existing email address, highlight the email address in the list, and click Advanced Edit. To delete an existing email address from the list, highlight the email address and click Remove.
When you are done, click Create List.
Editing User Details and Policies
It is possible edit existing user details and policies. To do so, on the Users tab, select a user you want to modify, and then click Edit. The following tabs can be modified:
The Identification tab allows you to edit the following user information:
Details: This section allows you to modify the user’s first name, last name, full name, preferred name, group, and aliases. Security: This section allows you to edit the user’s password and user rights.
Contact: This section allows you to edit the user’s contact information, such as their title, department, company, photo URL, birthday, and description.
Work Address: This section allows you to edit the user’s work address and contact details. Home Address: This section allows you to edit the user’s home address and contact details.
The User Enabled option allows you to either enable or disable the user. When you are done, click Save changes.
Policies Tab
The Policies tab allows you to view and manage policies that are currently in effect for the selected user, as well as assign new policies. The following actions can be taken:
Disable: Click Disable if you want to cancel the policy that is in effect.
Override: Click Override if you want to override the policy with another policy of the same type.
If no policies have been assigned or if you want to assign additional policies, click Assign Policy. In the window that appears, select the Type of policy you want to apply, the Direction of mail flow to which you want to apply the policy (if applicable), and the name of the Policy you want to apply. If you have not created any policies, only the default policies will be available. For more information about creating a policy, see Policy
. Planning, Configuration and Management“Policy Planning, Configuration and Management”
The Quarantine Reports option allows you to send quarantine reports to the selected user. Click Send Quarantine Report to send a quarantine report of only new items in quarantine. Click Send Full Quarantine Report to send a quarantine report of all items in quarantine.
After specifying your options, make sure you click
Important: Save Changes to save your work.
Allow/Block Lists Tab
The Allow/Block Lists tab allows you to add, edit, or remove the selected user’s allow and block lists. These lists can contain email addresses, domain names, or IP addresses.
