User Guide
Software Version: 6.5.2
Last Revision: 5/25/07
3
Preface 7
CHAPTER 1
ePrism Overview 11
What’s New in ePrism 6.5 12 ePrism Overview 14
ePrism Deployment 20
How Messages are Processed by ePrism 22
CHAPTER 2
Administering ePrism 27
Connecting to ePrism 28 Configuring the Admin User 32 Web Server Options 35
Customizing the ePrism Interface 36
CHAPTER 3
Configuring Mail Delivery Settings 37
Network Settings 38 Virtual Interfaces 42 Static Routes 45 Mail Routing 46
Mail Delivery Settings 48 Mail Aliases 53
Mail Mappings 55 Virtual Mappings 57
CHAPTER 4
Directory Services 59
Directory Service Overview 60 Directory Servers 61
Directory Users and Groups 63 LDAP Aliases 67
LDAP Mappings 69 LDAP Recipients 71 LDAP Relay 73 LDAP Routing 76
CHAPTER 5
Mail Security and Encryption 79
SMTP Mail Access 80 Anti-Virus 82
Threat Outbreak Control 85
External Email Message Encryption 90 Encrypting Mail Delivery Sessions 94 SSL Certificates 97
4
Attachment Content Scanning 106 Objectionable Content Filter 110
Pattern Based Message Filtering (PBMF) 112 Malformed Mail 121
Dictionaries 123 Message Archiving 125
CHAPTER 7
Intercept Anti-Spam 131
Intercept Anti-Spam Feature Overview 132 Trusted and Untrusted Mail Sources 134 Configuring Intercept Anti-Spam 136 Intercept Components 139
Intercept Advanced Features 177 Trusted and Blocked Senders 181 Spam Quarantine 187
CHAPTER 8
User Accounts and Remote Authentication 195
POP3 and IMAP Access 196 Local User Mailboxes 197 Mirror Accounts 199 Strong Authentication 200
Remote Accounts and Directory Authentication 202 Relocated Users 205
Vacation Notification 206 Tiered Administration 209
CHAPTER 9
Secure WebMail and ePrism Mail Client 211
Secure WebMail 212 ePrism Mail Client 216
CHAPTER 10
Policy Management 219
Policy Overview 220 Creating Policies 223 Domain Policies 224 Group Policies 226 User Policies 231 Managing Policies 233 Policy Diagnostics 234
5
CHAPTER 11
Threat Prevention 237
Threat Prevention Overview 238 Configuring Threat Prevention 239 Creating Threat Prevention Rules 241 Static Address Lists 251
Dynamic Address Lists 253 F5 Blocking 256
Cisco Blocking 261
Threat Prevention Status 264
CHAPTER 12
HALO (High Availability and Load Optimization) 265
HALO Overview 266 Configuring Clustering 268 Cluster Management 274
Configuring the F5 Load Balancer 278 Queue Replication 279
CHAPTER 13
Reporting 283
Viewing and Generating Reports 284 Viewing the Mail History Database 294 Viewing the System History Database 296 Report Configuration 299
CHAPTER 14
System Management 301
System Status and Utilities 302 Mail Queue Management 305 Quarantine Management 306 License Management 308 Software Updates 311 Security Connection 312 Reboot and Shutdown 313 Backup and Restore 314 Centralized Management 321 Problem Reporting 326 Health Check 327
CHAPTER 15
Monitoring System Activity 329
Activity Screen 330 System Log Files 332 Offloading Log Files 335
SNMP (Simple Network Management Protocol) 337 Alarms 340
6
Examining Log Files 346
Network and Mail Diagnostics 355 Troubleshooting Content Issues 360
APPENDIX A
Using the ePrism System Console 363
APPENDIX B
Restoring ePrism to Factory Default Settings 367
APPENDIX C
Message Processing Order 369
APPENDIX D
Customizing Notification and Annotation Messages 371
APPENDIX E
Performance Tuning 375
Setting Default Performance Settings 376 Advanced Settings 377
APPENDIX F
SNMP MIBS 383
MIB Files Summary 383 MIB Files 387
MIB OID Values 411
7
Preface
Preface
This User Guide provides detailed information on how to configure and manage your ePrism Email Security Appliance, and contains the following topics:
• Chapter 1 — “ePrism Overview” on page 11 • Chapter 2 — “Administering ePrism” on page 27
• Chapter 3 — “Configuring Mail Delivery Settings” on page 37 • Chapter 4 — “Directory Services” on page 59
• Chapter 5 — “Mail Security and Encryption” on page 79 • Chapter 6 — “Message Content Scanning” on page 101 • Chapter 7 — “Intercept Anti-Spam” on page 131
• Chapter 8 — “User Accounts and Remote Authentication” on page 195 • Chapter 9 — “Secure WebMail and ePrism Mail Client” on page 211 • Chapter 10 — “Policy Management” on page 219
• Chapter 11 — “Threat Prevention” on page 237
• Chapter 12 — “HALO (High Availability and Load Optimization)” on page 265 • Chapter 13— “Reporting” on page 283
• Chapter 14 — “System Management” on page 301 • Chapter 15 — “Monitoring System Activity” on page 329 • Chapter 16 — “Troubleshooting Mail Delivery” on page 343
The following sections contain supplemental information for the ePrism Email Security Appliance:
• Appendix A — “Using the ePrism System Console” on page 363
• Appendix B — “Restoring ePrism to Factory Default Settings” on page 367 • Appendix C — “Message Processing Order” on page 369
• Appendix D — “Customizing Notification and Annotation Messages” on page 371 • Appendix E — “Performance Tuning” on page 375
• Appendix F — “SNMP MIBS” on page 383
8
The following documents are included as part of the ePrism documentation set:
Conventions
The following typographical conventions are used in this guide: TABLE 1. ePrism Documentation
Document Description
Release Notes Provides up to date information on the product, including new features, improvements, bug fixes, and any known issues. If instructions in the Release Notes differ from the Installation Guide or User Guide, use the instructions in the Release Notes.
Installation Guide
Provides detailed information on how to install and provide the initial configuration for the ePrism Email Security Appliance.
User Guide Provides detailed information on how to configure, administer, and troubleshoot the ePrism Email Security Appliance.
Intercept Anti-Spam Quick Start Guide
Describes the basic configuration details and recommended strategies for ePrism’s Intercept Anti-Spam features.
TABLE 2. Typographical Conventions Typeface
or Symbol Description Example
italic Screen name or data field names Activity Screen, or SMTP Port
bold Button names, Menu items, and
Screen names Select Basic Config on the menu and click the Apply
➝
Network buttoncourier font
Text displayed on the screen and File
and Directory Names backup/backup.gzip
Bold courier
Text entered by the user Enter: example.com Information that describes important
features or instructions
Please see the following section for more details
Information that alerts you to potential problems and issues
Use caution when enabling this feature
9
Preface
Contacting Technical Support
St. Bernard Software telephone support is available Monday-Friday 07:00am to 4:00pm (Pacific Standard Time)
08:30 to 17:30 (UTC) North America, South America, Pacific Rim (PST) 15015 Avenue of Science
San Diego, CA 92128 Main: 858.676.2277 FAX: 858.676.2299
Technical Support: 858.676.5050
Technical Support Email: [email protected] Europe, Asia, Africa (UTC)
Unit 4, Riverside Way Watchmoor Park, Camberley Surrey, UK
GU15 3YQ
Main: 44.1276.401.640 FAX: 44.1276.684.479
Technical Support: 44.1276.401.642
Technical Support Email: [email protected]
Copyright Information
© 2003-2007 St. Bernard Software, Inc. All rights reserved.
St. Bernard Software is trademark of St. Bernard Software Inc. All other trademarks or registered trademarks are hereby acknowledged.
11
This chapter provides an overview of the architecture and features of the ePrism Email Security Appliance, and contains the following topics:
• “What’s New in ePrism 6.5” on page 12 • “ePrism Overview” on page 14
• “ePrism Deployment” on page 20
ePrism Overview
12
What’s New in ePrism 6.5
The ePrism Email Security Appliance version 6.5 adds several new features while considerably improving the functionality of existing features.
Blocked Senders List
The Blocked Senders List allows end users to specify a list of addresses from which they do not want to receive mail. These senders will be blocked from sending mail to that specific user via ePrism. If a sender is on the Blocked Senders List, the message can either be rejected with notification or discarded by ePrism.
Blocked Senders are configured via Mail Delivery ➝ Anti-Spam ➝ Trusted/Blocked Senders on the menu.
Virtual Interfaces
Virtual Interfaces are used by ePrism to define additional interfaces and IP addresses to send and receive mail for specific domains. These Virtual Interfaces are associated with the existing physical network interfaces on ePrism. ePrism will send all outbound email for a specific domain using its specified IP address in the Virtual Interfaces configuration. ePrism selects the Virtual Interface to use for outgoing mail by matching the sender's domain to the domains associated with the configured Virtual Interfaces.
Virtual Interfaces are configured via Basic Config ➝ Virtual Interfaces on the menu.
Image Spam Analysis
An Image Spam email message typically consists of random text or no text body and contains an attachment picture (usually .gif or .jpg format) that supplies the text and graphics of the spam message. These types of spam messages are difficult to detect because the message contains no helpful text or URL characteristics that can be scanned and analyzed.
The Image Spam Analysis feature that performs advanced analysis of image attachments to help determine if the message is spam or legitimate mail. Similar to ePrism's other Anti-Spam features that detect spam characteristics in the text of a message, the Image Spam Detection feature extracts certain characteristics of the attached image to determine if these
characteristics are similar to those seen in actual spam messages.
The Image Spam Detection feature uses the Token Analysis feature to analyze image spam messages. Token Analysis must be enabled for Image Spam detection to work.
Enable the Image Analysis option via Mail Delivery ➝ Anti-Spam ➝ Intercept ➝ Token Analysis ➝ Advanced on the menu.
13
Intercept™ Anti-Spam Improvements
The following improvements have been made to ePrism's Intercept Anti-Spam feature: • The Intercept Anti-Spam engine has been enhanced to increase Intercept's effectiveness
against the latest types of image spam and other spam messages.
• The Intercept training engine and database have been updated to improve the efficiency and effectiveness of training for spam and legitimate mail.
• Intercept's use of the BorderWare Security Network (BSN) and DNS/URL Block Lists has been improved to provide more effective reputation and block list contribution to the overall Intercept spam score decision for a message.
• Bulk Analysis has been modified to reduce the probability of false positives in the Intercept spam decision. To revert to the previous behaviour and increase the emphasis on Bulk Analysis results, set the Bulk Analysis weight to 90 in the advanced Intercept settings, accessed via Mail Delivery ➝ Anti-Spam ➝ Intercept and clicking the Advanced button.
LDAP Paging Support
When querying an LDAP server, the amount of information returned may contain thousands of entries and sub-entries. Paging allows LDAP information to be retrieved in more manageable sections to control the rate of data being returned. Previously, ePrism could not retrieve more entries than the administrative limit configured by Microsoft Active Directory®, requiring the limit to be increased on the Active Directory server. Active Directory LDAP paging is now supported by ePrism and removes the requirement to manually set a higher maximum page size in Active Directory for use with ePrism LDAP user imports.
ePrism Overview
14
ePrism Overview
ePrism is a dedicated Mail Firewall designed for deployment between internal mail servers and the Internet. ePrism supports the standard mail protocols for processing email messages while offering a secure method for their processing and delivery. ePrism has been designed
specifically to resist operating system attacks and protect mail servers from direct SMTP and HTTP connections.
ePrism Deployment
ePrism is generally configured to accept all mail for a domain or sub-domain, store and process mail according to specified security policies, and deliver the mail to one or more internal mail servers for collection by users. ePrism is ideally suited for deployment in parallel with an existing firewall, on a DMZ, or on an internal network.
See “ePrism Deployment” on page 20 for more detailed information on deploying ePrism.
Mail Delivery Security
ePrism has a sophisticated mail delivery system with several security features and benefits to ensure that the identifying information about your company’s email infrastructure remains private.
• For a company with multiple domain names, ePrism can accept, process and deliver mail to private email servers.
• For a company with multiple private email servers, the ePrism can route mail based on the domain or subdomain to separate groups of email users.
• Security features such as mail mappings and address masquerading allow the ability to hide references to internal host names.
Content Scanning and Filtering
ePrism implements attachment controls, attachment content scanning, and content filtering based on pattern and text matching. These controls prevent the following issues:
• Breaches of confidentiality
• Legal liability from offensive content • Personal abuse of company resources • Compliance policies
Attachment controls are based on the following characteristics:
• File Extension Suffix — The suffix of the file is checked to determine the attachment type, such as .exe, or .jpg.
• MIME Content Type — MIME (Multipurpose Internet Mail Extensions) can be used to identify the content type of the message.
• Content Analysis — The file is analyzed from the beginning to look for characteristics that can identify the file type. This analysis ensures that the attachment controls are not
15
• Deep Content Scanning — Attachments such as PDFs or Microsoft Word documents can be analyzed for words or phrases that match a pattern filter or compliance dictionary.
Virus Scanning
The ePrism Email Security Appliance features optional virus scanning based on Kaspersky Anti-Virus. Messages in both inbound and outbound directions can be scanned for viruses and malicious programs. ePrism’s high performance virus scanning provides a vital layer of protection against viruses for your entire organization. Automatic pattern file updates ensure that the latest viruses are detected.
Threat Outbreak Control
The Threat Outbreak Control feature provides customers with zero-day protection against early virus outbreaks. For most virus attacks, the time from the moment the virus is released to the time a pattern file is available to protect against the virus can be several hours. During this period, mail recipients are vulnerable to potential threats. ePrism's Threat Outbreak Controls can detect and take action against early virus outbreaks to contain the virus threat.
Malformed Message Protection
Similar to malformed data packets used to subvert networks, malformed messages allow viruses and other attacks to avoid detection, crash systems, and lock up mail servers. ePrism ensures that only correctly formatted messages are allowed into your mail systems. Message integrity checking protects your mail servers and clients and improves the effectiveness of existing virus scanning implementations.
Intercept Anti-Spam
The ePrism Email Security Appliance provides a complete and robust set of anti-spam features specifically designed to protect against the full spectrum of current and evolving spam threats. ePrism’s Intercept Anti-Spam engine can combine the results of several Anti-Spam features to provide a better informed decision on whether a message is spam or legitimate mail. These features include:
• Specific Access Patterns (SAP) — Filter messages based on pattern matches against the client address or header parameters such as HELO or Envelope-From and Envelope-To. • Pattern Based Message Filtering (PBMF) — Filter messages based upon matches in the
envelope/header/body of a message.
• Spam Dictionaries — Filters messages based on a dictionary of typical spam words and phrases that are matched against a message.
• Mail Anomalies — Checks various aspects of the incoming message for issues such as unauthorized SMTP pipelining, missing headers, and mismatched identification fields. Checks for recent spam and viruses from a specific IP address can also be enabled which is used in conjunction with the Threat Prevention feature.
• DNS Block List (DNSBL) — Detects spam using domain-based lists of hosts with a poor reputation. Messages can also be rejected immediately regardless of the results of other Anti-Spam processing if the client is listed on a DNSBL. A configurable threshold allows administrators to specify how many DNSBLs must trigger to consider the sender as unreliable.
ePrism Overview
16
• URL Block List — Detects spam by examining the URLs in a message and querying a SURBL (Spam URI Realtime Block Lists) server to determine if this URL has been used in spam messages.
• Bulk Analysis — Detect bulk mail spam by checking mail sent to a large numbers of users. • Token Analysis — Detects spam based on advanced content analysis using databases of
known spam and valid mail. This feature is also specially engineered to effectively detect Image spam.
• Sender Policy Framework (SPF) — Performs a check of a sending host’s SPF DNS records to identify the source of a message.
• DomainKeys Authentication — Performs a check of a sending host’s DomainKeys DNS records to identify the source of a message.
Threat Prevention
ePrism’s Threat Prevention capabilities that allow organizations to detect and block incoming threats in real-time. Threat types can be monitored and recorded to track client IP behaviour and reputation. By examining mail flow patterns, ePrism detects whether a sending host is behaving maliciously by sending out viruses, spam, or attempting denial-of-service (DoS) attacks. By instantly recognizing these types of mail patterns, ePrism can be an effective solution against immediate attacks. ePrism’s Threat Prevention feature can block or throttle inbound mail connections before the content is processed to lessen the impact of a large number of inbound messages.
Trusted and Blocked Senders List
These features allow users to create their own personal Trusted and Blocked Senders Lists based on a sender’s email address. The Trusted email addresses will be exempt from ePrism’s spam controls allowing users to trust legitimate senders, while email addresses on the Blocked Senders List will be prevented from sending mail to that user via ePrism.
Spam Quarantine
The Spam Quarantine is used to redirect spam mail into a local storage area for each individual user. Users will be able to connect to ePrism either directly or through a summary email to view and manage their own quarantined spam. Messages can be deleted, or moved to the user’s local mail folders. Automatic notification emails can be sent to end users notifying them of the existence of messages in their personal quarantine area.
Secure WebMail
ePrism’s Secure WebMail provides remote access support to internal mail servers. With Secure WebMail, users can access their mailboxes using email web clients such as Outlook
®
Web Access, Lotus iNotes, or ePrism’s own web mail client. ePrism addresses the security issues currently preventing deployment of web mail services by providing the following protection:• Strong authentication (including integration with Active Directory) • Encrypted sessions
17
Authentication
ePrism supports the following authentication methods for administrators, WebMail users, Trusted Senders List, and Spam Quarantine purposes:
• User ID and Password • RADIUS and LDAP • RSA SecurID® tokens
• SafeWord and CRYPTOCard tokens
Mail Delivery Encryption
All mail delivered to and from ePrism can be encrypted using TLS (Transport Layer Security). This includes connections to remote systems, local internal mail systems, or internal mail clients. Encrypted messages are delivered with complete confidentiality both locally and remotely.
Encryption can be used for the following:
• Secure mail delivery on the Internet to prevent anyone from viewing email while in transit. • Secure mail delivery across a LAN to prevent malicious users from viewing email other than
their own.
• Create policies for secure mail delivery to branch offices, remote users and business partners.
• ePrism supports TLS/SSL encryption for all user and administrative sessions.
• TLS/SSL is used to encrypt SMTP sessions effectively preventing eavesdropping and interception.
Local User Mailboxes
ePrism can host user mailboxes and act as a fully functioning mail server for small offices. ePrism fully supports POP3 and IMAP (including their secure versions) and SMTP protocols for retrieving and sending mail.
HALO (High Availability and Load Optimization)
ePrism is the first email firewall to provide enterprises with a fail-safe clustering architecture for high availability. HALO ensures email is never lost due to individual system failure through its unique security, cluster management, load balancing and optimization, and "stateful failover" queue replication capabilities. All systems can be clustered together to increase additional capacity, throughput, or provide load balancing and optional high availability.
Cluster Management
The cluster management feature allows administrators to manage ePrism clusters and to synchronize configuration settings across all systems in the cluster. Combined reports and email database searches may be derived from clustered systems. Specific features include:
• Configuration Replication — This function allows systems to be added to clusters and to assume the configuration of a defined "master" Cluster Console system.
ePrism Overview
18
• Cluster Synchronization — Systems within a cluster can be synchronized to the defined "master" system. Any changes to the configuration of the Cluster Console master are reflected in the configuration of all systems in the cluster.
• Cluster Reporting — ePrism reports can be generated for a single system or for all systems in a cluster. The email database can be searched by system or by cluster. The history and status of any message can be instantly retrieved regardless of which system processed the message.
Load Balancing and Optimization
A basic requirement of high availability is to have an automated or semi-automated mechanism for switching the mail stream between available systems in the cluster, depending on their individual availability or health.
Utilizing DNS round-robin techniques or dedicated load balancing hardware, email can be directed to ePrism systems in a cluster depending on their availability and current load. Queue Replication
To prevent the loss of email messages during a system failure, ePrism has created a unique solution with "stateful failover" queue replication technology that replicates queues and
intelligently synchronizes messages to a defined mirror system within a cluster. If a system in a cluster should fail and there exists undelivered mail in its queue, a mirror system can take ownership of that queue’s messages and successfully process and deliver them. This ensures that no email messages are ever lost.
Policy Controls
Policy-based controls allow settings for annotations, anti-spam, anti-virus, and attachment control to be customized and applied based on the group membership, domain membership, or email address of the recipient. User groups can be imported from an LDAP-based directory, and then policies can be created to apply customized settings to these groups.
For example, you can set up an Attachment Control Policy to allow your Development group to accept and send executable files (.exe), while configuring your attachment control settings for all your other departments to block this file type to prevent the spread of viruses among the general users.
Directory Service Support
ePrism integrates with LDAP (Lightweight Directory Access Protocol) directory services such as Active Directory, OpenLDAP, and iPlanet, allowing you to perform the following:
• LDAP lookup prior to internal delivery — ePrism can check for the existence of an internal user via LDAP before delivering a message. This feature allows you to reject mail to unknown addresses in relay domains, reducing the number of attempted deliveries of spam messages for non-existent local addresses. This check can be performed directly to an LDAP server or to a cached directory stored locally on ePrism.
• Group/User Imports — An LDAP lookup will determine the group membership of a user when applying policy-based controls. LDAP users can also be imported and mirrored on ePrism to be used for services such as the Spam Quarantine.
• Authentication — LDAP can be used for authenticating IMAP access, user mailbox, and WebMail logins.
19
• SMTP Relay Authentication — LDAP can be used for authenticating clients for SMTP Relay.
• Mail Routing — LDAP can be used to lookup Mail Routes for a domain to deliver mail to its destination server.
Manageability
ePrism provides a complete range of monitoring and diagnostics tools to monitor the system and troubleshoot mail delivery issues. Admin sessions can also be encrypted for additional security, while comprehensive logs record all mail activity.
• Web Browser-based Management — The web browser management interface displays a live view of system activity and traffic flows. The management interface can be configured to display this information for one or many systems, including systems in a local cluster or systems that are being centrally managed.
• Reporting and Auditing — The reporting and audit features deliver a comprehensive set of statistics that may be generated at any time or scheduled for automatic delivery. ePrism includes a wide range of predefined reports, including information on system health, mail processing, spam, virus filtering statistics, and user mail volumes. Administrators can easily create customized reports.
• Enterprise integration with SNMP — Using SNMP (Simple Network Management Protocol), ePrism can generate both information and traps to be used by SNMP monitoring tools. This extends the administrator’s view of ePrism and allows an instant view of significant system events, including traffic flows and system failures.
• Alarms — ePrism can generate system alarms that can automatically notify the administrator via email and console alerts of a system condition that requires attention. • Archiving — Archiving support allows organizations to define additional mail handling
controls for inbound and outbound mail. These features are especially important for organizations that must archive certain types of mail for regulatory compliance or for corporate security policies.
Security Connection
The Security Connection provides an automated software update service. By enabling the Security Connection, you are automatically notified of any new patches and updates for the ePrism software. St. Bernard continuously monitors for new vulnerabilities and issues new updates to defend against them, ensuring that you have them as soon as they are available.
Internationalization
ePrism supports internationalization for annotations, notification messages, and mail database views. For example, a message is sent to someone who is on vacation and the message used character set ISO-2022-JP (Japanese), the vacation notification sent back will be in the same character set. The mail history database can also be viewed using international character sets.
ePrism Overview
20
ePrism Deployment
ePrism is designed to be situated between mail servers and the Internet so that there are no direct SMTP (Simple Mail Transport Protocol) connections between external and internal servers.
ePrism is typically installed in one of three locations: • In parallel with the firewall
• On your DMZ (Demilitarized Zone)
• Behind the existing firewall on the Internal network
SMTP TCP port 25 traffic is redirected from either the external interface of the firewall or from the external router to ePrism. When the mail is accepted and processed, ePrism initiates an SMTP connection to the internal mail server to deliver the mail.
ePrism in Parallel with the Firewall
The preferred deployment strategy for ePrism is to be situated in parallel with an existing network Firewall. ePrism’s inherent firewall security architecture eliminates the risk associated with deploying an appliance on the perimeter of a network. This parallel deployment eliminates any mail traffic on the firewall and decreases its overall load.
21
ePrism on the DMZ
Deploying ePrism on the DMZ is an equally secure method of deployment configuration. This type of deployment prevents any direct connection from the Internet to the internal servers, but does not ease the existing load on the firewall.
ePrism on the Internal Network
ePrism can also be deployed on the Internal Network. Although this configuration allows a direct connection from the Internet into the internal network, it is a perfectly legitimate configuration when dictated by existing network resources.
ePrism Overview
22
How Messages are Processed by ePrism
The following sections describe the sequence in which the various ePrism security features are applied to any inbound and outbound mail messages and how these settings affect their delivery.
Trusted Mail
ePrism only processes mail through the spam filters when a message originates from an "untrusted" source. Trusted sources bypass the spam controls. By default, mail that arrives on a particular network interface from the same subnet is "trusted".
There are two ways to control how sources of mail are identified and trusted: 1. The network interface the mail arrives on
2. A specified IP address (or address block), or server or domain name
See “Trusted and Untrusted Mail Sources” on page 134 for information on configuring trusted and untrusted sources.
Inbound and Outbound Scanning
For features that scan both inbound and outbound mail, the following rules apply: • Mail from trusted source to local recipient — Inbound
• Mail from trusted source to non-local recipient — Outbound • Mail from untrusted source to local recipient — Inbound • Mail from untrusted source to non-local recipient — Inbound
SMTP Connection
An SMTP connection request is made from another system. ePrism accepts the connection request unless one of the following checks (if enabled) is triggered:
• Reject on Threat Prevention — Rejects mail when the client is rejected by the Threat Prevention feature.
• Reject on unauthorized SMTP pipelining — Rejects mail when the client sends SMTP commands ahead of time without knowing that the mail server actually supports SMTP command pipelining. This stops messages from bulk mail software that use SMTP command pipelining improperly to speed up deliveries.
• Reject on expired ePrism license — Rejects mail if the ePrism license has expired. • Specific Access Pattern and Pattern Based Message Filter (Reject) — Rejects mail
based on SAP and PBMF for the HELO, Envelope-TO, Envelope-From, and Client IP fields. • Reject on DNS Block list — Rejects mail if the sender is on a DNSBL and ePrism is set to
reject on DNSBL.
• Reject on BSN (Reputation, Infected, Dial-up) — Rejects mail based on statistics provided by the St. Bernard Security Network.
23
• Reject on unknown sender domain — Rejects mail when the sender mail address has no DNS A or MX record.
• Reject on missing reverse DNS — Rejects mail from hosts where the host IP address has no PTR (address to name) record in the DNS, or when the PTR record does not have a matching A (name to address) record. This setting is rarely used because many servers on the Internet do not have valid reverse DNS records, and enabling it may result in rejecting mail from legitimate sources.
• Reject on missing sender MX — Rejects mail when the sender’s mail address is missing a DNS MX record.
• Reject on non-FQDN sender — Rejects mail when the address in the client MAIL FROM command is not in fully-qualified domain form (FQDN).
• Reject on Unknown Recipient — Rejects mail if the specified recipient does not exist. The system will perform an LDAP lookup on the recipient’s address to ensure they exist before delivering the message.
Mail Header and Message Properties
The connection is now accepted. The message will be accepted for processing unless one of the following occurs:
• Reject on missing addresses — Rejects mail when no recipients in the To: field, or no senders in the From: field were specified in the message headers.
• Maximum number of recipients — Rejects mail if the number of recipients exceeds the specified maximum (default is 1000).
• Maximum message size — Rejects mail if the message size exceeds the maximum.
Malformed Content, Virus Checking, and Attachment Control
Messages are scanned for malformed and very malformed messages, viruses, and specific attachments. If there is a problem, ePrism can be configured with a variety of actions, such as sending the message to the administrative Quarantine folder.
Threat Outbreak Control
Messages are scanned by Threat Outbreak control to look for virus-like behaviour. These messages can be quarantined until updated Anti-Virus pattern files are available to rescan them.
OCF (Objectionable Content Filter)
Messages are scanned for objectionable content using a pre-defined list of words, and a configurable action is taken.
Pattern Based Message Filters and Specific Access Patterns
The messages are scanned to see if they match any existing Pattern Based Message Filters (PBMF), or Specific Access Patterns (SAP) set to "Trust" or "Allow Relaying".
ePrism Overview
24
Trusted and Blocked Senders List
If a sender is on a user’s Trusted Sender’s List, the message will skip all remaining checks. If the sender is on a user’s Blocked Sender’s List, the message will be rejected or discarded depending on the configuration.
Attachment Content Scanning
Deep scanning is performed on attachments for blocked words and phrases.
Encryption
If enabled, outbound messages are encrypted before being delivered.
Anti-Spam Processing
If the message arrives from an "untrusted" source, it will be processed for spam by the Intercept Anti-Spam engine. All Intercept features that are enabled will contribute to the final spam score of a message.
Mail Mappings
The message is now accepted for processing and the following occurs:
• If the recipient address is not for a domain or sub-domain for which ePrism is configured to accept mail (either as an inbound mail route or a virtual domain) then the message is rejected.
• If the recipient address is mapped in the Mail Mappings table, then the "To" field in the message header will be modified as required.
Virtual Mappings
The message is now examined for a match in the Virtual Mapping table. If such a mapping is found, the envelope-header recipient field will be modified as required. LDAP virtual mappings will then be processed. Virtual mappings are useful for the following:
• Acting as a wildcard mail mapping, such as any user for example.com goes to mail.example.com. You can create exceptions to this rule in the mail mappings for particular users.
• ISPs who need to accept mail for several domains and the envelope-header recipient field needs to be rewritten for further delivery.
• To deliver to internal servers, use Mail Delivery ➝ Routing ➝ Mail Routing.
In all cases, mappings rely on successful DNS lookups for an MX record.
Relocated Users
When mail is sent to an address that is listed in the relocated user table, the message is bounced back with a message informing the sender of the relocated user’s new contact information.
25
Mail Aliases
When mail needs to be delivered locally, the local delivery agent runs each local recipient name through the aliases database. An alias results in the creation of a new mail message to be created for the named address or addresses. This mail message is then entered back into the system to be mapped, routed, and so on. This process also occurs with local user accounts for whom a "forwarder address" has been configured. Local user accounts will be treated like aliases in this case.
Local aliases are typically used to implement distribution lists or to direct mail for standard aliases such as mail to the "postmaster" account. LDAP aliases are then processed. LDAP functionality can be used to search for mail aliases on directory services such as Active Directory.
Mail Routing
During the mail routing process, there is no modification made to the mail header or the envelope. A mail route specifies two things:
• Which domains ePrism will accept mail for (other than itself). • Which hosts the mail should be delivered to.
The message is now delivered to its destination.
See “Message Processing Order” on page 369 for a summary of the message processing order.
27
CHAPTER 2
Administering ePrism
This chapter describes how to administer and configure basic settings for the ePrism Email Security Gateway, and contains the following topics:
• “Connecting to ePrism” on page 28 • “Configuring the Admin User” on page 32 • “Web Server Options” on page 35
28
Connecting to ePrism
To administer ePrism using the web browser administrative interface, launch a web browser on your computer and enter the IP address or hostname for ePrism as the URL in the location bar.
Your system must be listed in your DNS server to be able to connect via the hostname.
Supported web browsers:
• Microsoft Internet Explorer 6 and greater • Firefox 1.0 and greater
• Mozilla 1.0 and greater • Netscape 6.0 and greater • Safari 1.0 and greater
The login screen will then appear. Enter your admin ID and password.
When logged in, the main ePrism Email Security Gateway Activity screen and main menu will appear.
29
Connecting to ePrism
Navigating the Main Menu
The main menu consists of the following main categories: Activity
The Activity screen provides you with a variety of information on mail processing activity, such as the number of messages in the mail queue, the number of different types of messages received and sent, and current message activity. If you are running a HALO cluster, you will also have a Cluster Activity option that will show you the activity statistics for the entire cluster.
Basic Config
The Basic Config menu allows you to configure some of the basic settings for ePrism including: • Admin Account
• Alarms • Customization
• Directory Services (LDAP) • Network
• Performance • Static Routes • SNMP Configuration • Web Server Configuration • Virtual Interfaces
Mail Delivery
The Mail Delivery menu allows you to configure the features that affect mail delivery, including all mail security and anti-spam settings. It includes the following features:
• Anti-Spam (Intercept) • Anti-Virus • Outbreak Control • Content Management • Mail Access • Threat Prevention • Policy • SMTP Security • Encryption • Archiving • Delivery Settings • Routing • DomainKeys Signing
30
User Accounts
The User Accounts menu allows you to create local accounts on the ePrism and enable POP and IMAP access. Management of mirrored user accounts created by LDAP, Remote
Authentication, and Secure WebMail are also configured here. It includes the following features: • Local Accounts
• Mirrored Accounts (Only displayed if mirrored accounts exist) • Relocated Users
• Vacations • POP3 and IMAP • Secure WebMail • Remote Authentication • SecureID Configuration HALO
The HALO (High Availability and Load Optimization) menu is used to configure and manage clustered ePrism systems, and includes the following features:
• Cluster Administration • Queue Replication • F5 Integration Status/Reporting
The Status/Reporting menu allows you to view the current status of system services, manage your mail queue and the quarantine area, and review reports and logs. The menu includes the following features:
• Status & Utility • Mail Queue • Quarantine • Reporting • System Logs • Problem Reporting • Health Check
• Threat Prevention Status Management
The Management menu contains options for various ePrism system administration tasks such as backup and restore, license management, and software updates. The menu includes the following features:
• Backup & Restore • Centralized Management • License Management • Reboot & Shutdown • Software Updates • Security Connection • SSL Certificates
31
Connecting to ePrism
ePrism System Console
You can access the ePrism system console by connecting a monitor and keyboard to ePrism. The system console provides a limited subset of administrative tasks and is only recommended for use during initial installation and network troubleshooting. Routine administration should be performed via the web browser administration interface. When accessing the system console, you will be prompted for the UserID and Password for the administrative user.
See “Using the ePrism System Console” on page 363 for more detailed information on using the system console.
32
Configuring the Admin User
The primary admin account is created during the ePrism installation. Select Basic Config ➝ Admin Account from the menu to modify the password or strong authentication methods for the admin user.
It is recommended that you create additional admin users and use those accounts to manage ePrism instead of the primary admin account. The primary admin account password should then be written down and stored in a safe and secure place.
Login Lockout
If login credentials for an admin user are not properly entered after five times in a row, the account will be locked out for 30 minutes. This lockout can be reset by rebooting ePrism.
Strong Authentication
You can also configure strong authentication for the admin user. These methods of authentication require a hardware token that provides a response to the login challenge. You can choose between the following types of secure authentication tokens:
• CRYPTOCard • SafeWord • SecurID
Once selected, a configuration wizard will guide you through the steps to configure the token for the specified authentication method.
See “Strong Authentication” on page 200 for more information on strong authentication methods.
33
Configuring the Admin User
Adding Additional Administrative Users
There is only one primary admin user account, but additional administrative users can be added using Tiered Administration. This allows you to configure another user with Full Admin rights, or with granular permissions that only give admin rights to certain ePrism options. For example, you may want to add a user who can administer reports or vacation notifications, but not have any other administrative access.
Granting full or partial admin access to one or more user accounts allows actions performed by administrators to be logged because they have an identifiable UserID that can be tracked by the system.
A user with Full Admin privileges cannot modify the profile of the default Admin user. They can, however, edit others users with Full Admin privileges.
Add an administrative user as follows:
1. From the Basic Config ➝ Admin Account screen, click the Add Admin User button.
2. Enter a User ID, an optional email address to forward mail to, and a password. You can also set strong authentication methods, if required.
3. At the bottom of the Add a New User screen is a section for Administrator Privileges. 4. Select the required administrative access for the user:
• Full Admin — The user has administrative privileges equivalent to the admin user. • Administer Aliases — The user can add, edit, remove, upload and download aliases
34
• Administer Filter Patterns — The user can add, edit, remove, upload and download Pattern Based Message Filters and Specific Access Patterns.
• Administer Mail Queue — The user can administer mail queues.
• Administer Quarantine — The user can view, delete, and release quarantined files. • Administer Reports — The user can view, configure and generate reports, and view
system activity.
• Administer Users — The user can add, edit, and relocate user mailboxes (except the Full Admin users), including uploading and downloading user lists. User vacation notifications can also be configured.
• Administer Vacations — The user can edit local user’s vacation notification settings and other global vacation parameters.
• Mail History — The user can view the email database history.
• View Activity — The user can view the Activity page and start and stop mail services. Individual emails can only be viewed if Mail History is also enabled.
• View System Logs — The user can view all system logs files.
See “Tiered Administration” on page 209 for more information on configuring admin access.
Admin Login and WebMail access must be enabled on the network interface that will be used by tiered administration users. This is set in the Basic Config ➝ Network screen.
35
Web Server Options
Web Server Options
The Web Server Options screen defines the settings used for connecting to ePrism via the web browser administrative interface. By default, ePrism’s web server uses port 80 for HTTP requests and port 443 for HTTPS requests. For secure WebMail and administration sessions, it is recommended that you leave the default SSL encryption enabled to force a connecting web browser to use HTTPS.
Select Basic Config ➝ Web Server on the menu to configure your web server settings.
• Admin HTTP Port — Indicates the default port 80 for HTTP requests. • Admin HTTPS Port — Indicates the default port 443 for HTTPS requests.
• Require SSL encryption — Requires SSL encryption for all user and administrator web sessions.
• Allow low-grade encryption — Allow the use of low-grade encryption, such as DES ciphers with a key length of 64 bits, for encrypted user and administrator web sessions. • Enable SSL version 2 — Enables SSL version 2 protocol. Note that SSL version 2
contains known security issues.
• Enable SSL version 3 — Enable SSL version 3 protocol. This is the default setting. • Enable TLS version 1 — Enable TLS version 1 protocol. This is the default setting. • Character set encoding — Select the type of character encoding used for HTML data.
36
Customizing the ePrism Interface
The ePrism interface logos can be easily customized by uploading your own organization’s custom logos to replace the ePrism logo on the main login screen, the administration screen logo, and the ePrism Mail Client logo. Administrators can also customize the login page title of the administrative session screen.
Customize a logo as follows:
1. Select Basic Config ➝ Customization on the menu to customize the ePrism logos. 2. Click Browse to choose a file, and then click Next to upload the file.
Revert to the default ePrism graphic by selecting the Default Logo button.
Most graphic formats are supported, but it is recommended that you use graphics suitable for web page viewing such as GIF and JPEG. The maximum file size is 32k.
TABLE 1. Recommended Image Sizes
Logo Type Size in Pixels
Main Screen Logo 285 x 85 pixels
Admin Screen Small Logo 191 x 57 pixels ePrism Mail Client Logo 94 x 28 pixels
37
CHAPTER 3
Configuring Mail Delivery
Settings
This chapter describes how to configure network and mail delivery settings for the ePrism Email Security Gateway, and contains the following topics:
• “Network Settings” on page 38 • “Virtual Interfaces” on page 42 • “Static Routes” on page 45 • “Mail Routing” on page 46
• “Mail Delivery Settings” on page 48 • “Mail Aliases” on page 53
• “Mail Mappings” on page 55 • “Virtual Mappings” on page 57
38
Network Settings
The basic networking information to get ePrism up and running on the network is configured during installation time. To perform more advanced network configuration and to configure other network interfaces, you must use the Basic Config ➝ Network settings screen.
From the network settings screen you can modify the following items: • Hostname and Domain information
• Default Gateway • Syslog Host
• DNS and NTP servers
• Network Interface IP Address and feature access settings • Clustering and Queue Replication interface configuration • Support Access settings
If you make any modifications to your network settings, you must reboot ePrism. The system will prompt you to restart after clicking the Apply button.
Configuring Network Settings
Select Basic Config ➝ Network on the menu to configure ePrism's network settings.
• Hostname — Enter the hostname (not the Fully Qualified Domain Name) of the ePrism Email Security Gateway, such as the hostname eprism in eprism.example.com. • Domain — Enter the domain name, such as example.com.
• Gateway — Enter the IP address of the default route for ePrism. This is typically the external router connected to the Internet, or the network Firewall’s interface if ePrism is located on the DMZ.
• Syslog Host — ePrism can log to a specific syslog host. A syslog host collects and stores log files from many sources. Enter the IP address of the syslog server that will receive all logs from ePrism.
39
Network Settings
• Name Server — At least one DNS name server must be configured for hostname resolution, and it is recommended that secondary name servers be specified in the event the first DNS server is unavailable.
DNS servers can be queried either in strict order as specified in the configuration, or by the fastest response. If "Strict Ordering" is selected, the DNS servers will be queried in the order they are configured. If the first DNS server is unavailable, the next server in the list will be queried. For "Favor Fastest" mode, ePrism uses DNS caching to determine which of the configured DNS servers is sending the fastest response. This is the default mode which will provide the best performance in most cases.
• NTP Server — NTP is critical for accurate timekeeping for the ePrism Email Security Gateway. Entering a valid NTP server will ensure that the server time is synchronized. It is recommended that secondary NTP servers be specified in the event the primary NTP server is unavailable.
Network Interfaces
Enter the required settings for each network interface. You can enter information for up to four interfaces.
Some of the following options will not be displayed unless the related feature is enabled.
• IP Address — Enter an IP address for this interface, such as 192.168.1.104. • Netmask — Enter the netmask for this interface, such as 255.255.255.0.
• Media — Select the type of network card. Use Auto select for automatic configuration. • Large MTU — Sets the MTU (Maximum Transfer Unit) to 1500 bytes. This may improve
performance connecting to servers on the local network. The default is 576 bytes.
For most organizations, the default option of 576 bytes is adequate. This option should only be changed if needed and with the involvement of a Technical Support representative.
40
• Respond to Ping — Allows ICMP ping requests to this interface. This will allow you to perform network connectivity tests to this interface, but will cause this interface to be more susceptible to denial of service ping attacks.
• Trusted Subnet — If selected, all hosts on this subnet are considered trusted for relaying and anti-spam processing.
• Admin Login — Allows access to this interface for administrative purposes. • WebMail — Allows access to WebMail via this interface.
• IMAPS Server — Allows secure access to ePrism’s internal IMAP server via this interface. • IMAP Server — Allows access to ePrism’s internal IMAP server via this interface.
• POP3S Server — Allows secure access to ePrism’s internal POP3 server via this interface. • POP3 Server — Allows access to ePrism’s internal POP3 server via this interface.
POP and IMAP settings are only displayed if enabled in User Accounts ➝ POP3 and IMAP.
• SNMP Agent — Allows access to the SNMP agent via this interface.
Advanced Parameters
The following advanced networking parameters are TCP extensions that improve the performance and reliability of communications.
• Enable RFC 1323 — Enable TCP extensions to improve performance and to provide reliable operations of high-speed paths. This is enabled by default, and should only be disabled if you experiencing networking problems with certain hosts.
• Enable RFC 1644 — Enable an experimental TCP extension for efficient transaction oriented (request/response) service. This is disabled by default.
• Path MTU Discovery (RFC 1191) — Disable Path MTU (Maximum Transfer Unit) if required to resolve delivery problems when interconnecting between specific firewalls and SMTP proxies. Path MTU is enabled by default.
41
Network Settings
Clustering
The Clustering section is used to enable clustering on a specific network interface. See “HALO (High Availability and Load Optimization)” on page 265 for more information on configuring clustering.
• Enable Clustering — Select the check box to enable clustering on this ePrism system. • Cluster Interface — Select the interface to enable clustering on.
Support Access
Enable Support Access, if required, which allows St. Bernard Technical Support to connect to this system from the specified IP address. This setting does not need to be enabled during normal usage, and should only be enabled if requested by St. Bernard Technical Support.
This option only appears if you have installed the Support Access patch in Management ➝
Software Updates.
For security reasons, Support Access communications use SSH (Secure Shell) to establish a secure connection via PKI (Public Key Infrastructure) encryption on a non-standard network port. Support Access will only allow a connection to be made from the St. Bernard network.
42
Virtual Interfaces
Virtual Interfaces are used by ePrism to define additional interfaces and IP addresses to send and receive mail for specific domains. These Virtual Interfaces are associated with the existing physical network interfaces on ePrism.
ePrism will send all outbound email for a specific domain using its specified IP address in the Virtual Interfaces configuration. ePrism selects the Virtual Interface to use for outgoing mail by matching the sender's domain to the domains associated with the configured Virtual Interfaces. If no Virtual Interface domains match the domain of the sender, or if using the Virtual Interface results in a non-routable network connection, the ePrism will send the mail via its normal outbound interface.
ePrism will also accept inbound email arriving via this Virtual Interface's IP address. When a mail server connects to SMTP port 25 on a Virtual Interface, the customized banner for that interface will be communicated. If no banner has been specified, the default ePrism banner will be used (configured via Mail Delivery ➝ Mail Access).
Only TCP port 25 can be used for sending and receiving mail on a Virtual Interface. Virtual Interfaces can be pinged if ping is enabled on the corresponding physical network interface. Due to their nature, Virtual Interfaces cannot be pinged from the Status and Utility screen on ePrism.
Domains using Virtual Interfaces can be used with ePrism's Domain-based Policies to provide flexibility in creating security and content policies for specific domains.
Network Routing of Virtual Interfaces
Virtual Interfaces are routed as follows:
• via a physical interface that shares the same subnet as the Virtual Interface • via the physical interface that can reach a host specified through a static route
• via the current default route (through the physical interface that connects to the default router)
For an ePrism with the following characteristics: • Interface 1: 192.168.1.10/24
• Interface 2: 172.16.1.10/16
• Default Gateway/Router: 172.16.1.1
Adding a Virtual Interface of 192.168.1.20 will route via Interface 1. Adding a Virtual Interface of 172.16.1.20 will route via Interface 2.
Adding a Virtual Interface of 10.10.1.20 will route via Interface 2 through the default gateway. If the Virtual Interface has no corresponding physical interface displayed, there is no valid route through any physical interface and the Virtual Interface will be disabled.
43
Virtual Interfaces
Configuring Virtual Interfaces
To configure Virtual Interfaces, select Basic Config ➝ Virtual Interfaces on the menu.
Administrators must upload a Virtual Interface list in CSV format that contains comma or tab separated entries in the form:
[domain],[IP Address],[Banner message] For example:
example1.com,10.2.45.10,example1.com ESMTP
ePrism supports up to 175 Virtual Interfaces. This feature does not currently support IDN (Internationalized Domain Names).
The file (vip.csv) should be created in CSV file format using Excel, Notepad or another Windows text editor. It is recommended that you download the file first by clicking the Download File button, editing it as required, and uploading it using the Upload File button. A standards-compliant banner should, at minimum, contain the domain name and the keyword ESMTP, such as "example.com ESMTP". Extra informational text after the ESMTP keyword is optional, such as "example.com ESMTP Authorized Users Only".
Mail Routing
Each domain that will be used with Virtual Interfaces must have a mail route defined via Mail Delivery ➝ Routing ➝ Mail Routing to route mail to a destination mail server.
44
DNS MX records must be published for any Virtual Interfaces. Local network devices such as the default external router must also be properly configured to route traffic to and from the Virtual Interfaces.
Virtual Interfaces and Trusts
Email arriving via a Virtual Interface is considered "Untrusted" by ePrism for Anti-Spam and security processing. To configure a client as "Trusted", use a Specific Access Pattern or Pattern Based Message Filter (PBMF) to trust the client connecting on that Virtual Interface.
To trust a client using a Specific Access Pattern: 1. Select Mail Delivery ➝ Mail Access on the menu. 2. Click the Add Pattern button.
3. Enter the IP address of the client in the Pattern field. 4. Select the Client Access check box.
5. Select "Trust" in the If pattern matches field. 6. Click the Apply button.
45
Static Routes
Static Routes
Static routes are required if the mail servers to which mail must be relayed are located on another network, such as behind an internal router, firewall, or accessed via a VPN. Select Basic Config ➝ Static Routes to configure your static routes.
To add a new static route, enter the network address, netmask and gateway for the route, and then click New Route.
46
Mail Routing
ePrism, by default, accepts mail addressed directly to it and delivers it to local ePrism
mailboxes. You can configure additional domains for ePrism to accept and route mail for using the Mail Routing menu.
Select Mail Delivery ➝ Routing ➝ Mail Routing from the menu to set up mail routes.
• Sub — Select this check box to accept and relay mail for subdomains of the specified domain.
• Domain — Enter the domain for which mail is to be accepted, such as example.com. • Route-to — Enter the address for the server to which mail will be delivered. When using a
FQDN, the corresponding DNS record will be looked up.
• Port — Enter the port number of the SMTP server if it is different from the default port number of 25. The port number must be between 1 and 65536.
• MX — (Optional) Select the MX check box if you need to look up the mail routes in DNS before delivery. If this is not enabled, MX records will be ignored. Generally, you do not need to select this item unless you are using multiple mail server DNS entries for load balancing/failover purposes. By checking the MX record, DNS will be able to send the request to the next mail server in the list.
• KeepOpen — (Optional) Select the KeepOpen check box to ensure that each mail message to the domain will not be removed from the active queue until delivery is attempted, even if the preceding mail failed or was deferred. This setting ensures that local mail servers receive higher priority.
The KeepOpen option should only be used for domains that are usually very reliable. If the domain is unavailable, it may cause system performance problems due to excessive error conditions and deferred mail.
A list of domains can also be uploaded in one text file. The file must contain comma or tab separated entries in the form:
[domain],[route],[port],[ignore_mx],[subdomains_too],[keep_open] For example:
47
Mail Routing
The file (domains.csv) should be created in csv file format using Excel, Notepad or another Windows text editor. It is recommended that you download the domain file first by clicking Download File, editing it as required, and uploading it using the Upload File button.
LDAP Routing
Click the LDAP Routing button to define mail routes using an LDAP directory server. This is the preferred method for mail routing for organizations with a large amount of domains. See “LDAP Routing” on page 76 for more detailed information on using LDAP for mail routing.
Adding Rules for Relays
To allow internal mail systems to relay mail outbound via ePrism, a Specific Access Pattern must be set up for the system.
1. Select Mail Delivery ➝ Mail Access on the menu. 2. Click the Add Pattern button.
3. Enter the IP address of the system, and select Client Access. 4. Set the if pattern matches field to "Trust".
48
Mail Delivery Settings
The Mail Delivery settings screen allows you to configure parameters related to accepting, relaying and delivery mail messages.
Select Mail Delivery ➝ Delivery Settings on the menu to configure the following parameters:
Delivery Settings
• Maximum time in mail queue — Enter the number of days for a message to stay in the queue before being returned to the sender as "undeliverable".
• Maximum time in queue for bounces — Enter the number of days a system-generated bounce message (from MAILER-DAEMON) is queued before it is considered undeliverable. Default is 5 days. Set this value to 0 to attempt delivery of bounce messages only once. • Maximum original message text in bounces — Enter the maximum amount (in bytes) of
original message text that is sent in a non-delivery notification. Range is 10 to 1000000000. If this field is left blank, the default is set to 5000 bytes.
• Time before delay warning — Number of hours before issuing the sender a notification that mail is delayed.
• Time to retain undeliverable notice mail — The number of hours to keep undelivered notice mail addressed to external mail server’s MAILER-DAEMON. These messages are typically notifications sent to mail servers with invalid return addresses and can be safely purged. Leave this value blank for no special processing.
