GFI Product Manual Administrator Guide
The information and content in this document is provided for informational purposes only and is provided "as is" with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources.
Contents 1 Introduction 1.1 About this manual 1.2 Terms and conventions used in this manual 1.3 Licensing 2 About GFI MailEssentials 2.1 GFI MailEssentials components 2.1.1 GFI MailEssentials scan engine 2.1.2 GFI MailEssentials web interface 2.1.3 GFI MailEssentials Email Management console 2.1.4 GFI MailEssentials Switchboard 2.2 Inbound mail filtering 2.3 Outbound mail filtering 2.4 Email scanning and filtering engines 2.4.1 Malicious emails' scanning 2.4.2 Content filtering engines 2.4.
.1 Dashboard 4.1.1 Status and statistics 4.1.2 Email processing logs 4.1.3 Antivirus and anti-spam engine updates 4.1.4 POP2Exchange activity 4.2 Reports 4.2.1 Enabling/Disabling reporting 4.2.2 Generating a report 4.2.3 Custom reports 4.2.4 Generating custom reports 4.2.5 Deleting custom reports 4.2.6 Searching the reporting database 4.2.7 Configuring reporting database 5 User Actions 5.1 Personal Whitelist and Blocklist 5.2 Quarantine Search 5.2.1 Using the Quarantine Search 6 Email Security 6.
7.1.7 Sender Policy Framework 7.1.8 Anti-Spoofing 7.1.9 Greylist 7.1.10 Header Checking 7.1.11 Spam Keyword Checking 7.1.12 Bayesian Analysis 7.1.13 Whitelist 7.1.14 New Senders 7.2 Spam Actions - What to do with spam emails 7.2.1 Configuring Spam Actions 7.3 Sorting anti-spam filters by priority 7.4 Spam Digest 7.4.1 Configuring spam digests - Administrator spam digest 7.4.2 Configuring spam digests - Recipient spam digest 7.5 Anti-Spam settings 7.5.1 Log file rotation 7.5.2 Anti-Spam Global Actions 7.5.
9.2 Searching the quarantine 9.3 Search Folders 9.3.1 Default Search Folders 9.3.2 Creating, editing and removing Custom Search Folders from Searches 9.3.3 Using the Search Folders node to auto-purge quarantined emails 9.4 Working with Quarantined emails 9.4.1 Viewing quarantined emails 9.4.2 Approving Quarantined Emails 9.4.3 Permanently Delete Quarantined Emails 9.5 Quarantine RSS Feeds 9.5.1 Enabling Quarantine RSS Feeds 9.5.2 Subscribing to Quarantine RSS feeds 9.5.
12.2 User interface mode 12.2.1 IIS Security Settings 12.3 Failed emails 12.3.1 Reprocessing legitimate emails that fail 12.3.2 Failed emails notifications 12.4 Tracing 12.5 POP2Exchange - Download emails from POP3 server 12.5.1 Configuring POP3 downloader 12.5.2 Configure dial up connection options 12.6 Moving spam email to user’s mailbox folders 12.6.1 Microsoft® Exchange Server 2003 12.6.2 Microsoft® Exchange 2007/2010 12.7 Move spam to Exchange 2010 folder 12.8 Synchronizing configuration data 12.8.
15.3 Lotus Domino Anti Spam Folder Configuration 15.4 GFI MailEssentials Configuration 16 Appendix 3 - Microsoft® Exchange 2003 Clusters 16.1 Installing GFI MailEssentials in a cluster environment 16.
List of Figures Screenshot 1: Specifying administrator's email address and license key 34 Screenshot 2: SMTP server and virtual directory details 34 Screenshot 3: DNS Server settings 36 Screenshot 4: Proxy settings 37 Screenshot 5: Inbound email domains 37 Screenshot 6: SMTP Server settings 38 Screenshot 7: Selecting the default anti-spam action to use 39 Screenshot 8: Creating a test rule on Keyword filtering 43 Screenshot 9: Test email blocked by Test rule 44 Screenshot 10: The GFI MailE
Screenshot 39: Virus scanning engine actions 81 Screenshot 40: Virus scanning engine updates 83 Screenshot 41: McAfee configuration 84 Screenshot 42: Virus scanning engine actions 85 Screenshot 43: Virus scanning engine updates 87 Screenshot 44: Information Store Protection node 89 Screenshot 45: VSAPI Settings 90 Screenshot 46: Trojan and Executable Scanner: General Tab 91 Screenshot 47: Virus scanning engine updates 93 Screenshot 48: Email Exploit configuration 94 Screenshot 49: Virus
Screenshot 79: Log file rotation 143 Screenshot 80: Global actions 144 Screenshot 81: DNS server settings 145 Screenshot 82: Perimeter SMTP Server settings 148 Screenshot 83: Content Filtering: Body Tab - setting conditions 158 Screenshot 84: Content Filtering: Body Tab- configuring other options 159 Screenshot 85: Content Filtering: Users/Folders Tab 161 Screenshot 86: Add users to a Content Filtering rule 161 Screenshot 87: Attachment Filtering: General Tab 164 Screenshot 88: Attachment
Screenshot 119: Setting permissions to the newsletter 212 Screenshot 120: Entering subscribers to the newsletter 214 Screenshot 121: Enable or disable email monitoring 215 Screenshot 122: Add Mail Monitoring rule 216 Screenshot 123: Configuring email monitoring 216 Screenshot 124: Creating an exception 217 Screenshot 125: Specifying the administrator’s email address 219 Screenshot 126: Scanning Manager 220 Screenshot 127: Updates server proxy settings 221 Screenshot 128: Local Domains list
Screenshot 159: Copy to the clipboard a link to the current application 275 Screenshot 160: Include all public and other users’ folders when a folder list is requested 275 Screenshot 161: New mail-in database 276 Screenshot 162: Enable Public Folder Scanning 277
1 Introduction 1.1 About this manual The scope of this Administrator Guide is to help you install, run, configure and troubleshoot GFI MailEssentials on your network. The table below describes the contents of this guide. Chapter About Description The components and tools that make up GFI MailEssentials How inbound and outbound mail scanning works Overview of the engines that protect your mail system Typical deployment scenarios For more information, refer to About GFI MailEssentials (page 16).
Chapter Description Email Management How to use the tools in the Email Management Tools console Disclaimers Auto-replies List server Email Monitoring For more information, refer to Email Management (page 201). NOTE: From the Email Management console you can also access the Pop2Exchange feature. For more information, refer to POP2Exchange - Download emails from POP3 server (page 235). General Settings Describes how to customize general settings for your environment.
2 About GFI MailEssentials Topics in this chapter: 2.1 GFI MailEssentials components 16 2.2 Inbound mail filtering 18 2.3 Outbound mail filtering 18 2.4 Email scanning and filtering engines 19 2.5 Typical deployment scenarios 21 2.1 GFI MailEssentials components 2.1.1 GFI MailEssentials scan engine The GFI MailEssentials scan engine analyzes the content of inbound, outbound and internal emails using a number of engines and filters.
Use the GFI MailEssentials Switchboard to configure: How to launch the GFI MailEssentials user interface Set Virtual Directory names for the web interface and RSS Configure a number of other advanced options used for troubleshooting purposes Enable/Disable email processing Enable/Disable tracing Setting email backups before and after processing Setting Quarantine Store location and Quarantine Public URL Specifying user account for the 'Move to Exchange Folder' settings Specifying Remoting Ports Enable/Disab
2.2 Inbound mail filtering Inbound mail filtering is the process through which incoming emails are scanned and filtered before delivery to users. Inbound emails are routed to GFI MailEssentials and processed as follows: 1. SMTP level filters (Directory Harvesting and Greylist) can be executed before the email body is received. 2. The email is scanned by the malware and content filtering engines. Any email that is detected as containing malware is processed according to the actions configured.
4. If configured, email monitoring is next executed and the appropriate actions taken. 5. If enabled, Auto Whitelist adds the recipients' email addresses to the auto-whitelist. This automatically enables replies from such recipients to go to the sender without being checked for spam. 6. Email is sent to the recipient. 2.
The following engines scan and block spam emails. FILTER DESCRIPTION ENABLED BY DEFAULT SpamRazer An anti-spam engine that determines if an email is spam by using email reputation, message fingerprinting and content analysis. Yes Anti-Phishing Blocks emails that contain links in the message body pointing to known phishing sites or if they contain typical phishing keywords.
2.5 Typical deployment scenarios This chapter explains the different scenarios how GFI MailEssentials can be installed and configured. 2.5.1 Installing directly on Microsoft® Exchange server 21 2.5.2 Installing on an email gateway or relay/perimeter server 21 2.5.
Figure 2: Installing GFI MailEssentials on a mail gateway/relay server This setup is commonly used to filter spam on a separate machine, commonly installed in the DMZ. In this environment a server (also known as a gateway/perimeter server) is set to relay emails to the mail server. GFI MailEssentials is installed on the gateway/perimeter server so that spam and email malware is filtered before reaching the mail server.
NOTE If GFI MailEssentials is installed on the perimeter server, you can use the anti-spam filters that run at SMTP level - Directory Harvesting and Greylist. NOTE In Microsoft® Exchange Server 2007/2010 environments, mail relay servers in a DMZ can be running Microsoft® Exchange Server 2007/2010 with the Edge Transport Server Role. NOTE Configure the IIS SMTP service to relay emails to your mail server and configure the MX record of your domain to point to the gateway machine.
3 Installation The scope of this chapter is to help you install GFI MailEssentials on your network with minimum configuration effort. Topics in this chapter: 3.1 System requirements 3.1.1 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 Hardware requirements Processor Available Memory (RAM) Free Disk Space Software requirements Antivirus and backup software Firewall port settings 3.2 Pre-installation actions 3.2.1 Installing on the Microsoft® Exchange server 3.2.
NOTE Hardware requirements depend on a range of factors including email volume, and number of Anti Virus engines enabled in GFI MailEssentials. The requirements specified above are required for GFI MailEssentials only. 3.1.5 Software requirements Supported Operating Systems Windows® Server 2003 Standard or Enterprise (x86 or x64)(including R2) or later (including Microsoft® Windows Server 2012 - Standard and DataCenter editions).
Windows® Authentication role and Static Content services - Required when installing on Microsoft® Windows Server 2008/2008R2 MSMQ - Microsoft® Messaging Queuing Service - for more information how to install MSMQ, refer to: http://go.gfi.com/?pageid=ME_MSMQ NOTE For more information on how to install pre-requisites on Microsoft Windows® Server 2008 refer to: http://go.gfi.com/?pageid=ME_Win2008 For more information on how to install pre-requisites on Microsoft Windows® Server 2012 refer to: http://go.gfi.
32-bit installations (x86) 64-bit installations (x64) <..\Program Files\Exchsrvr\Mailroot> - if installed on the same machine as Microsoft® Exchange 2003 <..\Program Files\Microsoft\Exchange Server\TransportRoles> - if installed on the same machine as Microsoft® Exchange 2007 <..\Program Files\Microsoft\Exchange Server\V14\TransportRoles> - if installed on the same machine as Microsoft® Exchange 2010 <..
Port Description 389/636 LDAP/LDAPS This port is used in these scenarios: Microsoft® Exchange environment - Required if the server running GFI MailEssentials does not have access/cannot get list of users from Active Directory, for example, in a DMZ environment or other environments which do not use Active Directory. Lotus Domino mail server environment - Required to get email addresses from Lotus Domino server. Other SMTP mail server environments - Required to get email addresses from SMTP server. 3.
Step 5: Enable your mail server to route emails via gateway Step 6: Update your domain MX record to point to mail relay server Step 7: Test your new mail relay server Step 1: Enable IIS SMTP Service Windows Server 2003 1. Go to Start > Control Panel > Add or Remove Programs > Add/Remove Windows Components. 2. Select Application Server and click Details. 3. Select Internet Information Services (IIS) and click Details. 4. Select the SMTP Service option and click OK. 5.
3. Select Forward all mail to smart host and specify the IP address of the server managing emails in this domain. IP address must be enclosed in square brackets, for example, [123.123.123.123], to exclude them from all DNS lookup attempts. 4. Click OK to finalize your configuration. Step 4: Secure your SMTP email-relay server If unsecured, your mail relay server can be exploited and used as an open relay for spam.
8. Enter domain name and click OK 9. Select Allow messages to be relayed to these domains. 10. Click OK. Lotus Notes For more information on how to setup Lotus Domino routing, refer to Installation Guide(Domino). SMTP/POP3 mail server Configure your mail server to route all inbound and outbound email through GFI MailEssentials.
NOTE You can also use Telnet to manually send the test email and obtain more troubleshooting information. For more information refer to: http://go.gfi.com/?pageid=ME_TelnetPort25 3.3 Installation procedure This section describes how to run the installation of GFI MailEssentials. 3.3.1 Important notes 1. If you are currently using a previous version of GFI MailEssentials, you can upgrade your current installation while at the same time retaining all your existing configuration settings.
If installing GFI MailEssentials on an email gateway or relay/perimeter server, configure that machine to act as a gateway. For more information, refer to Installing on an email gateway or relay/perimeter server (page 28). Save any pending work and close all open applications on the machine. 5. GFI MailEssentials installation restarts Microsoft® Exchange or Microsoft IIS® SMTP services. This is required to allow GFI MailEssentials components to register correctly.
Screenshot 1: Specifying administrator's email address and license key 6. Key in the administrator’s email address in the Administrator Email and enter License Key. Click Next. NOTE 'Evaluation' is no longer accepted as a license key. Access the GFI website customer area to upgrade your license key before starting the upgrade process. 7. Select the mode that GFI MailEssentials will use to retrieve the list of email users. Option Description Yes, all email users are available on Active Directory.
NOTE Default settings are typically correct for most installations. Option Description The website to create the GFI MailEssentials virtual directory Select the website where you want to host the GFI MailEssentials virtual directories. The GFI MailEssentials Configuration virtual directory Specify a name for the GFI MailEssentials virtual directory. The GFI MailEssentials Quarantine RSS feeds virtual directory Specify a name for the GFI MailEssentials Quarantine RSS feeds virtual directory.
3.3.3 Post-Installation Wizard The post-installation wizard loads automatically after installing GFI MailEssentials the first time. It enables configuration of the most important settings of GFI MailEssentials. 1. Click Next in the welcome page. Screenshot 3: DNS Server settings 2. In the DNS Server dialog, select: Option Description Use the same DNS server used by this server Select this option to use the same DNS server that is used by the operating system where GFI MailEssentials is installed.
Screenshot 4: Proxy settings 3. In the Proxy Settings dialog, specify how GFI MailEssentials connects to the Internet. If the server connects through a proxy server click Configure proxy server… and specify proxy settings. Click Next.
4. In the Inbound email domains dialog specify all the domains to scan for viruses and spam. Any local domains that are not specified in this list will not be scanned. Click Next. NOTE When adding domains, select Obtain domain’s MX records and include in perimeter servers list to retrieve the domain’s MX records and automatically add them to the perimeter SMTP servers list (configured in the next step). Screenshot 6: SMTP Server settings 5.
Screenshot 7: Selecting the default anti-spam action to use 6. In the Default anti-spam action dialog select the default action to be taken when emails are detected as spam. NOTE This action applies to anti-spam filters only. Malware filters automatically quarantine blocked emails. For more information, refer to Email scanning and filtering engines (page 19).
Next step: Optimize your protection system to ensure that it is effectively up and running. For more information, refer to Post-Install actions (page 41). NOTE To re-run the Post-Installation wizard, from command prompt, navigate to the GFI MailEssentials installation folder and run the following command: e2kwiz.exe clean 3.4 Upgrading a previous version GFI MailEssentials enables you to upgrade existing installations of GFI MailEssentials and/or GFI MailSecurity.
Only previous version of GFI MailSecurity is installed Install GFI MailEssentials as if installing for the first time. For more information, refer to Installation procedure (page 32). Following the installation, also complete the GFI MailEssentials Post Install Wizard. For more information, refer to Post-Installation Wizard (page 36). Only previous version of GFI MailEssentials is installed Install GFI MailEssentials as if installing for the first time.
Action Description Add GFI MailEssentials scanning engines to the Windows DEP Exception List. Data Execution Prevention (DEP) is a set of hardware and software technologies that perform memory checks to help prevent malicious code from running on a system. If you installed GFI MailEssentials on an operating system that includes DEP, you will need to add the GFI MailEssentials scanning engine (GFiScanM.exe) and the Kaspersky Virus Scanning Engine (kavss.exe) executables.
6. Click Add and from the dialog box browse to: \GFI\MailEssentials\AntiVirus\Kaspersky\, and choose kavss.exe. 7. Click Apply and OK to apply the changes. 8. Restart the GFI MailEssentials Autoupdater service and the GFI MailEssentials AV Scan Engine services. 3.5.2 Test your installation After configuring all post-install actions, GFI MailEssentials is ready to start protecting and filtering your mail system from malicious and spam emails.
5. From the Subject tab, select Block emails if content is found matching these conditions (message subject). 6. In Edit Condition type Threat test and click Add Condition. 7. From Actions tab, enable Block email and perform this action and select Quarantine email. 8. Click Apply to save the rule. Step 2: Send an inbound test email 1. From an external email account, create a new email and type Threat test as the subject. 2. Send the email to one of your internal email accounts.
4 Monitoring status GFI MailEssentials enables monitoring of your email activity in real time or by generating reports of email activity for a particular time period. Monitoring module Description Dashboard The GFI MailEssentials Dashboard provides real time information that enables you to monitor the product. To access the Dashboard, go to GFI MailEssentials > Dashboard. This includes: Important statistical information about blocked emails. For more information, refer to Status and statistics (page 46).
4.1.1 Status and statistics Screenshot 10: The GFI MailEssentials Dashboard To open the Dashboard, go to GFI MailEssentials > Dashboard. This page displays statistics, status of services and a graphical presentation of email activity. More details on these sections are provided below.
Services Screenshot 11: The GFI MailEssentials Services The Services area displays the status of GFI MailEssentials services. - Indicates that the service is started. Click this icon to stop service. - Indicates that the service is stopped. Click this icon to start a stopped service. You can also start or stop services from the Microsoft® Windows Services console. To launch the Services console, go to Start > Run, type services.msc and click OK.
Charts Screenshot 13: Dashboard charts The Charts area displays graphical information about emails processed by GFI MailEssentials. Select the time period from the drop-down list to display information for that period in the charts. Area Description View charts for Enables you to select a period for which to view charts. Available options are: Last 6 hours Last 24 hours Last 48 hours Last 7 days Email scanning timeline (time graph) Shows a time graph in intervals for the time period selected.
4.1.2 Email processing logs Screenshot 14: Email processing logs From GFI MailEssentials Configuration, you can monitor all processed emails in real time. Navigate to GFI MailEssentials > Dashboard and select the Logs tab to display the list of processed emails. The following details are displayed for each email processed: Date/Time Sender Recipient(s) Subject Scan Result - shows the action taken on the email.
Action Description Failed Email that could not be scanned by GFI MailEssentials. Email is moved to one of the following folder: \GFI\MailEssentials\EmailSecurity\FailedMails\ \GFI\MailEssentials\AntiSpam\FailedMails\ For more information, refer to Failed emails (page 231).
4.1.3 Antivirus and anti-spam engine updates Screenshot 16: Virus scanning engines updates The updates of antivirus and antispam scanning engines can be monitored from a central page. Go to GFI MailEssentials > Dashboard and select the Updates tab to review the status and dates when scanning engines were last updated. Click Update all engines to check for, and download, all updates. The updates are checked for, and downloaded, as configured in the engines' configuration pages.
4.1.4 POP2Exchange activity Screenshot 17: POP2Exchange log From GFI MailEssentials, you can monitor the activity of POP2Exchange in real time. Navigate to GFI MailEssentials > Dashboard and select the POP2Exchange tab. NOTE For more information, refer to POP2Exchange - Download emails from POP3 server (page 235). 4.2 Reports GFI MailEssentials enables you to create reports based on data logged to database. To access Reporting, go to GFI MailEssentials > Reporting.
4.2.2 Generating a report 1. From GFI MailEssentials configuration, go to GFI MailEssentials > Reporting > Reports. Screenshot 18: Creating a report 2.
Option Description Report type Select the type of report to generate: Emails Blocked - shows total emails blocked by anti-spam and anti-malware filters for each email direction (Inbound, Outbound and Internal) out of all emails processed. Emails Blocked Graph - graphically shows total emails blocked by anti-spam and anti-malware filters for each email direction (Inbound, Outbound and Internal) out of all emails processed.
Screenshot 19: Emails blocked graph report Report functions Use the report top toolbar to do the following functions: Function Icon Description Print Click to print report. Print current page Click to print the page that is currently displayed. Navigate Use this toolbar to navigate through report pages. Save Select format to save report in and click Save. Specify location where to save report.
4.2.3 Custom reports Custom reports enable you to save specific report parameters (for example, a report type for a specific time/date period) and to have it generated on a schedule. Use this feature to automate report generation. Configuring custom reports 1. From GFI MailEssentials configuration, go to GFI MailEssentials > Reporting > Reports. 2. Select Custom Reports tab and click New. 3.
select Save to Disk, provide a location where file will be saved the format of the file. 6. Click Save to save newly created report. 4.2.4 Generating custom reports To generate a custom report: 1. From GFI MailEssentials configuration, go to GFI MailEssentials > Reporting > Reports. 2. From the Custom Reports tab, select a report to generate. 3. Click Generate. 4.2.5 Deleting custom reports To delete a custom report: 1. From GFI MailEssentials configuration, go to GFI MailEssentials > Reporting > Reports.
Search criteria Description Start date & End date Select date range to filter emails from that period. Click Search. User Filter email address results. Key in number and click to specify conditions. Total emails Filter users by the amount of emails processed. Key in number and click conditions. to specify 3. The list of matching users is displayed. Click an email address to view detailed report of emails processed for that email address. Screenshot 21: Reports database search results 4.
Configuring a Microsoft® Access database backend Screenshot 22: Configuring a Microsoft® Access database backend 1. Navigate to Reporting > Settings. 2. Select MS Access. 3. Key in the complete path including filename (and .mdb extension) of the database file. If you only specify a filename, the database file is created in the following default path: \GFI\MailEssentials\data\ 4. Click Apply. Configuring a Microsoft® SQL Server database backend 1.
NOTE For information how to create a new database in Microsoft® SQL Server refer to http://go.gfi.com/?pageid=ME_newSQLdb. 2. Navigate to Reporting > Settings. Screenshot 23: Configuring SQL Server Database backend 3. Select SQL Server. 4. Select Detected server and select the automatically detected SQL Server from the list. If the server is not detected, select Manually specified server and key in the IP address or server name of the Microsoft® SQL Server. 5.
8. Click Apply. Configuring database auto-purging You can configure GFI MailEssentials to automatically delete (auto-purge) records from the database that are older than a particular period. To enable auto-purging: 1. Navigate to Reporting > Settings and select Auto-purge tab. 2. Select Enable Auto-Purging and specify how long items in database should be stored in months . NOTE Auto-purging is applied only to the current database configured in the Reporting tab. 3. Click Apply.
5 User Actions GFI MailEssentials uses Active Directory groups to determine what is displayed to logged in users when they login GFI MailEssentials. If the currently logged in user is part of the Administrators group, then GFI MailEssentials loads with all the configuration options that enable setting up GFI MailEssentials.
Screenshot 24: GFI MailEssentials logged on as a user 2. Select Personal Whitelist\Blocklist.
Screenshot 25: Personal Whitelist\Blocklist 3. To create a Personal Whitelist, select Personal Whitelist tab; for personal blocklists, select Personal Blocklist tab. 4. Key in the email address to whitelist/block and click Add Email. To update an existing entry, select the email address, perform any required changes and click Update. To delete an exiting entry, select an entry and click Delete. NOTE You can also export and import lists.
5.2.1 Using the Quarantine Search 1. Logon GFI MailEssentials using a user Active Directory or user logon credentials. Screenshot 26: GFI MailEssentials logged on as a user 2. Select Quarantine Search.
Screenshot 27: Quarantine Search 3. Specify the required search criteria. SEARCH CRITERIA DESCRIPTION Date: Select the date range when the email was quarantined. Available date ranges are: Any date/time Since yesterday Last 7 days Last 30 days Custom date range Search by sender Specify a sender who sent the email that was quarantined. Search for text in subject Specify the text to search for within quarantined email subject.
Screenshot 28: Quarantine Search Results 5. Select one or more quarantined emails and click Approve to approve an email in mailbox and have it delivered to the currently logged on user's email. Alternatively click Delete to permanently delete an email from Quarantine.
6 Email Security The security filters of GFI MailEssentials offer protection against virus-infected and other malicious emails. Topics in this chapter: 6.1 Virus Scanning Engines 68 6.2 Information Store Protection 88 6.3 Trojan and Executable Scanner 91 6.4 Email Exploit Engine 94 6.5 HTML Sanitizer 97 6.1 Virus Scanning Engines GFI MailEssentials uses multiple antivirus engines to scan inbound, outbound and internal emails for the presence of viruses.
Screenshot 29: Vipre configuration 2. Select Enable Gateway Scanning (SMTP) check box, to scan emails using this Virus Scanning Engine. 3. Select whether to scan inbound and/or outbound emails using this Virus Scanning Engine. Option Description Scan inbound SMTP email Select this option to scan incoming emails Scan outbound SMTP email Select this option to scan outgoing emails 4.
Screenshot 30: Virus scanning engine actions 5. From Actions tab, choose the action to take when an email is blocked: Action Description Quarantine email Stores all infected emails detected by the selected Virus Scanning Engine in the Quarantine Store. You can subsequently review (approve/delete) all the quarantined emails. For more information, refer to Quarantine (page 180). Delete email Deletes infected emails.
Screenshot 31: Virus scanning engine updates 8. From Updates tab, select Automatically check for updates to enable automatic updating of the AV files for the selected engine. 9. From Downloading option list, select one of the following options: Option Description Only check for updates Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates are available for this engine. This option will NOT download the available updates automatically.
NOTE An email notification is always sent when an update fails. 12. To check for and download updates immediately, click Download updates. 13. Click Apply. 6.1.2 BitDefender 1. Go to Email Security > Virus Scanning Engines > BitDefender. Screenshot 32: BitDefender configuration 2. Select Enable Gateway Scanning (SMTP) check box, to scan emails using this Virus Scanning Engine. 3. Select whether to scan inbound and/or outbound emails using this Virus Scanning Engine.
4. If you installed GFI MailEssentials on a Microsoft® Exchange machine, you will also have the option to scan internal emails and the Information Store. Select Scan Internal and Information Store Items. NOTE To use the Information Store Virus Scanning feature, you must enable the option from Information Store Protection node. For more information, refer to Information Store Protection (page 88). NOTE In this page you can also review the antivirus engine licensing and version information. 5.
Action Description Quarantine email Stores all infected emails detected by the selected Virus Scanning Engine in the Quarantine Store. You can subsequently review (approve/delete) all the quarantined emails. For more information, refer to Quarantine (page 180). Delete email Deletes infected emails. Send a sanitized copy of the original email to recipient(s) Choose whether to send a sanitized copy of the blocked email to the recipients. 7.
Screenshot 34: Virus scanning engine updates 9. From Updates tab, select Automatically check for updates to enable automatic updating of the AV files for the selected engine. 10. From Downloading option list, select one of the following options: Option Description Only check for updates Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates are available for this engine. This option will NOT download the available updates automatically.
NOTE An email notification is always sent when an update fails. 13. To check for and download updates immediately, click Download updates. 14. Click Apply. 6.1.3 Kaspersky 1. Go to Email Security > Virus Scanning Engines > Kaspersky. Screenshot 35: Kaspersky configuration 2. Select Enable Gateway Scanning (SMTP) check box, to scan emails using this Virus Scanning Engine. 3. Select whether to scan inbound and/or outbound emails using this Virus Scanning Engine.
Store Items. NOTE To use the Information Store Virus Scanning feature, you must enable the option from Information Store Protection node. For more information, refer to Information Store Protection (page 88). NOTE In this page you can also review the antivirus engine licensing and version information. Screenshot 36: Virus scanning engine actions 5.
Option Description Notify administrator Notify the administrator whenever this engine blocks an email. For more information, refer to Administrator email address (page 219). Notify local user Notify the email local recipients about the blocked email. 7. To log the activity of this engine to a log file select Log occurrence to this file. In the text box specify path and file name to a custom location on disk where to store the log file.
Option Description Only check for updates Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates are available for this engine. This option will NOT download the available updates automatically. Check for updates and download Select this option if you want GFI MailEssentials to check for and automatically download any updates available for this engine. 10.
Screenshot 38: Norman configuration 2. Select Enable Gateway Scanning (SMTP) check box, to scan emails using this Virus Scanning Engine. 3. Select whether to scan inbound and/or outbound emails using this Virus Scanning Engine. Option Description Scan inbound SMTP email Select this option to scan incoming emails Scan outbound SMTP email Select this option to scan outgoing emails 4.
Store Items. NOTE To use the Information Store Virus Scanning feature, you must enable the option from Information Store Protection node. For more information, refer to Information Store Protection (page 88). NOTE In this page you can also review the antivirus engine licensing and version information. 5. Select Enable Sandbox to use the Norman Antivirus Sandbox feature. This executes email attachments in a virtual environment and monitors all actions and effects on a system.
Action Description Quarantine email Stores all infected emails detected by the selected Virus Scanning Engine in the Quarantine Store. You can subsequently review (approve/delete) all the quarantined emails. For more information, refer to Quarantine (page 180). Delete email Deletes infected emails. Send a sanitized copy of the original email to recipient(s) Choose whether to send a sanitized copy of the blocked email to the recipients. 7.
Screenshot 40: Virus scanning engine updates 9. From Updates tab, select Automatically check for updates to enable automatic updating of the AV files for the selected engine. 10. From Downloading option list, select one of the following options: Option Description Only check for updates Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates are available for this engine. This option will NOT download the available updates automatically.
NOTE An email notification is always sent when an update fails. 13. To check for and download updates immediately, click Download updates. 14. Click Apply. 6.1.5 McAfee 1. Go to Email Security > Virus Scanning Engines > McAfee.
2. Select Enable Gateway Scanning (SMTP) check box, to scan emails using this Virus Scanning Engine. 3. Select whether to scan inbound and/or outbound emails using this Virus Scanning Engine. Option Description Scan inbound SMTP email Select this option to scan incoming emails Scan outbound SMTP email Select this option to scan outgoing emails 4. If you installed GFI MailEssentials on a Microsoft® Exchange machine, you will also have the option to scan internal emails and the Information Store.
6. From Actions tab, choose the action to take when an email is blocked: Action Description Quarantine email Stores all infected emails detected by the selected Virus Scanning Engine in the Quarantine Store. You can subsequently review (approve/delete) all the quarantined emails. For more information, refer to Quarantine (page 180). Delete email Deletes infected emails.
Screenshot 43: Virus scanning engine updates 9. From Updates tab, select Automatically check for updates to enable automatic updating of the AV files for the selected engine. 10. From Downloading option list, select one of the following options: Option Description Only check for updates Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates are available for this engine. This option will NOT download the available updates automatically.
NOTE An email notification is always sent when an update fails. 13. To check for and download updates immediately, click Download updates. 14. Click Apply. 6.2 Information Store Protection When GFI MailEssentials is installed on the Microsoft® Exchange server machine, Information Store Protection allows you to use the Virus Scanning Engines to scan the Microsoft® Exchange Information Store for viruses.
Screenshot 44: Information Store Protection node 2. From Information Store Virus Scanning tab, select Enable Information Store Virus Scanning. 3. Click Apply. The status of the Virus Scanning Engines used to scan the Information Store is displayed in the table. You can also disable a particular antivirus engine from Information Store Scanning. Navigate to the Virus Scanning Engines page, select the antivirus engine and disable Scan Internal and Information Store Items. 6.2.
Screenshot 45: VSAPI Settings 3. (Optional) Select Enable background scanning to run Information Store Scanning in the background. WARNING Background scanning causes all the contents of the Information Store to be scanned. This can result in a high processing load on the Microsoft® Exchange server depending on the amount of items stored in the Information Store. It is recommended to enable this option only during periods of low server activity such as during the night. 4.
5. Click Apply. 6.3 Trojan and Executable Scanner The Trojan and Executable Scanner analyzes and determines the function of executable files attached to emails. This scanner can subsequently quarantine any executables that perform suspicious activities (such as Trojans). How does the Trojan & Executable Scanner work? GFI MailEssentials rates the risk-level of an executable file by decompiling the executable, and detecting in real-time what the executable might do.
2. Select Enable Trojan & Executable Scanner to activate this filter. 3. In Email checking area, specify the emails to check for Trojans and other malicious executables by selecting: Option Description Check inbound emails Scan incoming emails for Trojans and malicious executable files. Check outbound emails Scan outgoing emails for Trojans and malicious executable files. 4.
Screenshot 47: Virus scanning engine updates 8. From Updates tab, select Automatically check for updates to enable automatic updating of the AV files for the selected engine. 9. From Downloading option list, select one of the following options: Option Description Only check for updates Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates are available for this engine. This option will NOT download the available updates automatically.
NOTE An email notification is always sent when an update fails. 12. To check for and download updates immediately, click Download updates. 13. Click Apply. 6.4 Email Exploit Engine The Email Exploit Engine blocks exploits embedded in an email that can execute on the recipient’s machine either when the user receives or opens the email. An exploit uses known vulnerabilities in applications or operating systems to compromise the security of a system.
Screenshot 49: Virus Scanning Engine: Configuration page (Actions Tab) 3. From Actions tab, choose the action to take when an email is blocked: Action Description Quarantine item Stores all infected emails detected by the selected Virus Scanning Engine in the Quarantine Store. You can subsequently review (approve/delete) all the quarantined emails. For more information, refer to Working with Quarantined emails (page 187). Delete item Deletes infected emails. 4.
Screenshot 50: Virus scanning engine updates 6. From Updates tab, select Automatically check for updates to enable automatic updating of the AV files for the selected engine. 7. From Downloading option list, select one of the following options: Option Description Only check for updates Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates are available for this engine. This option will NOT download the available updates automatically.
NOTE An email notification is always sent when an update fails. 10. To check for and download updates immediately, click Download updates. 11. Click Apply. 6.4.2 Enabling/Disabling Email Exploits 1. Go to Email Security > Email Exploit Engine > Exploit List Screenshot 51: Email Exploit List 2. Select the check box of the exploit(s) to enable or disable. 3. Click Enable Selected or Disable Selected accordingly. 6.
6.5.1 Configuring the HTML Sanitizer 1. Go to Email Security > HTML Sanitizer. Screenshot 52: HTML Sanitizer configuration page 2. Enable the HTML Sanitizer by selecting Enable the HTML Sanitizer checkbox . 3. Select direction of emails: Option Description Check inbound emails Scan and sanitize HTML scripts from all incoming emails. Check outbound emails Scan and sanitize HTML scripts from all outgoing emails. 4. Click Apply. 6.5.
Screenshot 53: HTML Sanitizer Whitelist page 2. In Whitelist entry, key in an email address, an email domain (for example, *@domain.com) or an email sub-domain (for example, *@*.domain.com) and click Add. NOTE To remove an entry from the HTML Sanitizer whitelist, select an entry and click Remove. 3. Click Apply. 6.5.3 HTML Santizer Domain\IP Exclusions The HTML Santizer Domain\IP Exclusions feature enables administrators to specify IP addresses or domains to exclude from HTML Sanitizer.
specifying domains and have the feature resolve the domains’ MX records and (optionally) the SPF record to get the IP addresses. To manage domains\IP exclusions in the HTML Sanitizer Whitelist: 1. Navigate to Email Security > HTML Sanitizer and select Domains\IP exclusions tab. Screenshot 54: Domain\IP Exclusions 2. Key in the domain or IP address to exclude and click Add. NOTE To remove an entry from the HTML Sanitizer Domain\IP Exclusions, select an entry and click Remove. 3.
7 Anti-Spam The anti-spam filters included with GFI MailEssentials help detect and block unwanted emails (spam). Topics in this chapter: 7.1 Anti-Spam filters 101 7.1.1 SpamRazer 7.1.2 Anti-Phishing 7.1.3 Directory Harvesting 7.1.4 Email blocklist 7.1.5 IP DNS Blocklist 7.1.6 URI DNS Blocklist 7.1.7 Sender Policy Framework 7.1.8 Anti-Spoofing 7.1.9 Greylist 7.1.10 Header Checking 7.1.11 Spam Keyword Checking 7.1.12 Bayesian Analysis 7.1.13 Whitelist 7.1.
FILTER DESCRIPTION ENABLED BY DEFAULT Director Harvesting Directory harvesting attacks occur when spammers try to guess email addresses by attaching well known usernames to your domain. The majority of the email addresses are non-existent. Yes (only if GFI MailEssentials is installed in an Active Directory environment) Email Blocklist The Email Blocklist is a custom database of email addresses and domains from which you never want to receive emails.
NOTE GFI MailEssentials downloads SpamRazer updates from: *.mailshell.net 1. Go to Anti-Spam > Anti-Spam Filters > SpamRazer. Screenshot 55: SpamRazer Properties 2. From the General tab perform any of the following actions: Option Description Enable SpamRazer engine Enable or disable SpamRazer. Enable SpamRazer SPF (Recommended) Enable or disable Sender Policy Framework. It is recommended to enable this option and to have this filter running after to the Email Whitelist.
Screenshot 56: SpamRazer Updates tab 3. From the Updates tab, perform any of the following actions: Option Description Automatically check for updates Configure GFI MailEssentials to automatically check for and download any SpamRazer updates. Specify the time interval in minutes when to check for spam detection rule and SpamRazer engine updates. NOTE It is recommended to enable this option for SpamRazer to be more effective in detecting the latest spam trends.
NOTE You can download updates using a proxy server. For more information, refer to Proxy settings (page 221). 4. Click Actions tab to select the actions to perform on messages identified as spam. For more information, refer to Spam Actions - What to do with spam emails (page 135). 5. Click Apply. 7.1.2 Anti-Phishing Blocks emails that contain links in the message body pointing to known phishing sites or if they contain typical phishing keywords.
Screenshot 57: Anti-Phishing options 2. From the General tab, select/unselect Check mail messages for URI’s to known phishing sites option to enable/disable Anti-Phishing. 3. From the Keywords tab select any of the following options: Option Description Check URI's in mail messages for typical phishing keywords Enable/disable checks for typical phishing keywords Add Enables adding keywords to Phishing filter.
Option Description Automatically check for updates Configure GFI MailEssentials to automatically check for and download any Anti-Phishing updates. Specify the time interval in minutes when to check for updates. NOTE It is recommended to enable this option for Anti-Phishing to be more effective in detecting the latest phishing trends. Enable email notifications upon successful updates Select/unselect checkbox to be informed via email when new updates are downloaded.
Screenshot 58: Directory Harvesting page 2. Enable/Disable Directory Harvesting and select the lookup method to use: Option Description Enable directory harvesting protection Enable/Disable Directory Harvesting. Use native Active Directory lookups Select option if GFI MailEssentials is installed in Active Directory.
Option Description Use LDAP lookups Select to configure your LDAP settings if GFI MailEssentials is installed in SMTP mode. If your LDAP server requires authentication, unmark the Anonymous bind option and enter the authentication details that will be used by this feature. NOTE Specify authentication credentials using Domain\User format (for example masterdomain\administrator). NOTE In an Active Directory, the LDAP server is typically the Domain Controller. 3.
7.1.4 Email blocklist The Email Blocklist is a custom database of email addresses and domains from which you never want to receive emails. This filter is enabled by default on installing GFI MailEssentials. Configuring Email Blocklist 1. Go to Anti-Spam > Anti-Spam Filters > Email Blocklist. Screenshot 59: Email blocklist 2. From the Blocklist tab, configure the email addresses and domains to block.
OPTION DESCRIPTION Enable Email Blocklist Select/Unselect to enable/disable email blocklist. Add Add email addresses, email domains or an entire domain suffix to the blocklist. 1. Key in an email address, domain (for example, *@spammer.com); or an entire domain suffix (for example *@*.tv) to add to the blocklist. 2. Specify the email type to match for the emails to be blocklisted. NOTE For more information about the difference between SMTP and MIME refer to: http://go.gfi.
Screenshot 60: Personal blocklist 2. Select Personal Blocklist tab and select or unselect Enable personal email blocklist to enable or disable personal blocklist feature. 3. Click Apply. Removing emails from users' personal blocklist 1. Go to Anti-Spam > Email Blocklist and select Personal Blocklist tab. 2. From the User drop down list, select the user for whom to delete an email address. 3. Select an email address from the list of email addresses. Click Remove. 4. Click Apply. 7.1.
Important notes 1. The DNS server must be properly configured for this feature to work. If this is not the case, time outs will occur and email traffic will be slowed down. For more information refer to: http://go.gfi.com/?pageid=ME_ProcessingSlow 2. Querying an IP DNS Blocklist can be slow (depending on your connection), so email can be slowed down a little bit. 3.
3. Click Actions tab to select the actions to perform on messages identified as spam. For more information, refer to Spam Actions - What to do with spam emails (page 135). 4. Click Apply. NOTE To enable IP DNS Blocklist at SMTP Transmission Filtering level, select Anti-Spam > Filter Priority > SMTP Transmission Filtering tab and click Switch next to IP DNS Blockist to enable/disable filtering at SMTP level or on receipt of full email. 7.1.
Option Description Add URI DNS Blocklist If required, add more URI DNS Blocklists to the ones already listed. Key in the full name of the URI DNS Blocklist domain and click Add URI DNS Blocklist. Order of preference The order of preference for enabled URI DNS Blocklists can be changed by selecting a blocklist and clicking on the Up or Down buttons. Enable Selected Select a URI DNS Blocklist and click Enable Selected to enable it.
Screenshot 63: Enable and configure the Sender Policy Framework 2. Click Enabled to enable the Sender Policy Framework filter. If the email sender IP address is definitely not authorized to send emails from the sender domain, emails are blocked. 3.
4. Select IP Exceptions or Email Exceptions tab to configure IP addresses and/or recipients to exclude from SPF checks: IP exception list: Entries in this list automatically pass SPF checks. Select IP Exception List checkbox,add a new IP address and description and click Add. To remove entries, select entries from the list and click Remove Selected. To disable the IP exception list unselect IP Exception List checkbox.
Screenshot 64: GFI MailEssentials Anti-Spoofing filter 2. Select Enable Anti-Spoofing to enable Anti-Spoofing filter. 3. In the SMTP Server: field, provide the SMTP server where GFI MailEssentials checks for email recipient addresses. Also provide a description for the server in the Description: field. NOTE The SMTP Server field supports the following types of entry: A single IP Address A CIDR range (for example, 192.0.2.1/24) 4. Click Add SMTP Server to save SMTP server details.
By default, Use authorized IP addresses from perimeter server and Do not block authenticated connections are enabled. It is not recommended that these options are disabled. NOTE Do not block authenticated connections check boxdoes not apply for Microsoft IIS and Microsoft Exchange 2003. It only works with Exchange 2007 or later. 7.1.9 Greylist The Greylist filter temporarily blocks incoming emails received from unknown senders.
Screenshot 65: Email Exclusions 3. Select Email exclusions tab to specify any email addresses or domains that you do not want to greylist. In the Edit Addresses area specify: full email address; or emails from an entire domain (for example: *@trusteddomain.com); or an entire domain suffix (for example: *@*.mil or *@*.edu) Also specify if the exclusion applies to senders (select From (>)) or to the local recipients (select To (>)).
NOTE To exclude whitelisted and auto-whitelisted email addresses and domains from being greylisted and delayed, select Exclude email addresses and domains specified in Whitelist. 4. Select the IP exclusions tab to specify any IP addresses to exclude from being greylisted. Click Add IPs and specify an IP to exclude. 5. To exclude whitelisted IP addresses from being greylisted and delayed, select Exclude IP addresses specified in Whitelist. 6.
Screenshot 66: Header checking options 2.
Option Description Check if the email header contains an empty MIME FROM: field. Checks if the sender has identified himself in the From: field. If this field is empty, the message is marked as spam. Check if the email header contains a malformed MIME FROM: field. Checks if the MIME from field is a correct notation as defined in the RFCs. Maximum number of recipients allowed in email Identifies emails with large amounts of recipients and flags them as SPAM.
Screenshot 67: Language Detection 4. Select Block the list below to select the languages to block or Block all except the list below to block all languages except the ones selected. 5. Select the languages to block/allow from the Languages area. 6. Click Actions tab to select the actions to perform on messages identified as spam. For more information, refer to Spam Actions - What to do with spam emails (page 135). 7. Click Apply. 7.1.
2. From the General tab, select Block emails if content is found matching these conditions (message body) to enable Spam Keyword checking on email body.
Screenshot 68: Spam Keyword checking properties GFI MailEssentials 7 Anti-Spam | 126
3. In the Condition Entry area, key in a keyword or a combination of keywords for this filter to block. Use the 'AND', 'OR', 'AND NOT' and 'OR NOT' operators to configure specific conditions. For example: Key in the phrase‘Basketball sports’, GFI MailEssentials to block an email with the phrase 'Basketball sports'. Only this phrase would activate the rule, not the word basketball OR sports separated by some other words.
NOTE To find the conditions to export, use the controls under the list of conditions to move between the pages listing the conditions. 2. In the File Download screen, click Save and select a folder where to save the export file. To import conditions: 1. From the Conditions list area within the General or Subject tab, key in the folder and filename of the file to import. 2. Click Import. 7.1.
GFI Anti-Spam Folders public folders trains the Bayesian filter in the same way as live outbound email sending. NOTE To use this option, Public Folder Scanning must be enabled. For more information, refer to Public Folder Scanning (page 149). Stage 2: Enabling the Bayesian filter After the Bayesian filter is trained, it must be enabled. 1. From GFI MailEssentials configuration console, go to Anti-Spam > Anti-Spam Filters > Bayesian Analysis. 2. From the General tab select Enable Bayesian Analysis.
NOTE You can download updates using a proxy server. For more information, refer to Proxy settings (page 221). 4. Click Actions tab to select the actions to perform on messages identified as spam. For more information, refer to Spam Actions - What to do with spam emails (page 135). 5. Click Apply. NOTE GFI MailEssentials also provides a Bayesian Analysis wizard that enables you to train the Bayesian Analysis filter from a machine other than where GFI MailEssentials is installed.
GFI MailEssentials 7 Anti-Spam | 131
Screenshot 70: Whitelist tab 2. From the Whitelist tab, configure the email addresses and domains to whitelist. Select/Unselect Enable email whitelist to enable/disable whitelist. Perform the following actions: Action Add a whitelist entry Description 1. In Email Address/Domain, provide the email address/domain to whitelist. For example: . *@companysupport.com or. *@*.edu. 2. In Email Type specify the email header field to match for the emails to be whitelisted.
5. From the IP Whitelist tab, configure: Option Description Enable IP Whitelist Select to allow emails received from specific IP addresses to be whitelisted. Add IP Whitelist entries 1. Specify: Single computer / CIDR: Key in a single IP address or a range of IP addresses using CIDR notation. Group of computers: Specify the Subnet Address and Subnet Mask of the group of IPs to whitelist. 2. (Optional) Add a Description. 3 Click Add.
2. Select Personal Whitelist tab and select or unselect Enable personal email whitelist to enable or disable personal whitelist feature. 3. Click Apply. Removing emails from users' personal whitelist 1. Go to Anti-Spam > Whitelist and select Personal Whitelist tab. 2. From the User drop down list, select the user for whom to delete an email address. 3. Select an email address from the list of email addresses. Click Remove. 4. Click Apply. 7.1.
2. In the General tab, select Enable New Senders to enable check for new senders on all inbound messages. Screenshot 73: New Senders Exceptions 3. From Exceptions tab, configure senders/recipients whose emails are excluded from the New Senders check. Option Description Enable New Senders exception list Select this option to enable the exceptions list. Add exception Key in an email address to exclude and click Add. Repeat for each address to add. Edit exception 1.
7.2.1 Configuring Spam Actions In the Actions tab, select an option that defines which action to take on emails marked as spam. Screenshot 74: Anti-spam actions Action Description Quarantine Email Emails detected as spam are stored in the Quarantine Store. Other spam actions are disabled if the email is quarantined. For more information, refer to Quarantine (page 180). Delete Email Delete an email blocked by that particular spam filter. Other spam actions are disabled if the email is deleted.
Action Description Deliver email to mailbox Choose the folder where to deliver the email. Available options are: In Inbox - Routes spam to user's inbox In Exchange junk email folder - Routes spam to users's default junk email folder. NOTE The In Exchange junk email folder option is not available when configuring the New Senders filter. In Exchange mailbox sub-folder - Route all spam to a specific folder in the user’s mailbox. Type the folder where to move spam email.
Action Description Tag the email with specific text Select this option to add a tag to the email subject. Key in the text to use for tagging and specify where to place the tag: Prepend to subject - insert the specified tag at the start (i.e. as a prefix) of the email subject text. Example: [SPAM]Free Web Mail Append to subject - insert the specified tag at the end (i.e. as a suffix) of the email subject text.
Screenshot 75: Assigning filter priorities 2. Select a filter and click assign a lower priority. (up) button to assign a higher priority or click (down) button to NOTE Click Default Settings to restore the filters' order to default. 3. Click Apply. 7.4 Spam Digest The spam digest is a short report sent to an administrator or user via email.
Screenshot 76: Spam digest properties/Administrator spam digest 2. From the Administrator Digest tab, click Send administrator spam digest to enable spam digest. 3. Configure the desired sending frequency (Daily, Weekly, Monthly) and specify a date and a time when email is sent. 4. Specify the digest content that will be sent in the email, either a Total count of processed email and spam or Total spam captured per spam filter or both. 5. Finalize settings by selecting Apply. 7.4.
Screenshot 77: Recipient spam digest 2. From the Recipient Digest tab, select Send recipient spam digest to enable spam digest. 3. Configure the desired sending frequency (Daily, Weekly, Monthly) and specify a date and a time when email is sent. 4. Specify the digest content that will be sent in the email: Total count of processed email and spam Total spam captured per spam filter List of blocked spam or any combination of options as required.
Screenshot 78: Spam digest recipient list 4. Click on the Recipients list tab, add the users to receive the spam digest and select the method used to determine who should receive the spam digest. Available options are: Only users listed below should receive the recipient spam digest. All users except the ones listed below will receive the recipient spam digest. NOTE The required list of users can also be imported from a file in XML format in the same structure that GFI MailEssentials would export files.
7.5.5 Perimeter SMTP Server Settings 148 7.5.1 Log file rotation Over time, log files may become very large. GFI MailEssentials enables log rotation, where new log files are created periodically or when the log file reaches a specific size. To enable log file rotation: 1. Go to Anti-Spam > Anti-Spam Settings. Screenshot 79: Log file rotation 2. From the Anti-spam logging tab, select Enable log file rotation and specify the rotation condition (by size or by time). 3.
Screenshot 80: Global actions 2. Select Global Actions tab and choose whether to: Delete the email Forward it to an email address Move it to a specified folder. 3. Select Log occurrence to this file to log these occurrences to a log file. 4. Click Apply. 7.5.3 DNS Server Settings DNS Server settings are very important in GFI MailEssentials since a number of anti-spam filters, such as IP DNS Blocklist, URI DNS Blocklist and SpamRazer, perform domain lookups when filtering spam. 1.
Screenshot 81: DNS server settings 1. From the DNS Server tab configure: Option Description Use the DNS server configured for this computer to use Select this option to use the same DNS server that is used by the operating system where GFI MailEssentials is installed. Use the following DNS server Select this option to specify a DNS server that is different than the one used by the local machine. 2. Click Test DNS Server to test connectivity with the specified DNS server.
NOTE The email address should NOT be a local domain. The default address is rcommands@mailessentials.com. A mailbox for the configured address does not need to exist, but the domain-part of the address must consist of a real email address domain that returns a positive result to an MX-record lookup via DNS. This can also be a public email account that you can manage (for example gmail or yahoo mail) 3. Optionally, configure some basic security for remote commands: A shared password to include in the email.
NOTE When configuring phrases other than a single words, enclose them in double quotes (“ ”). Blocklist commands Use blocklist commands to add a single email address or an entire domain to the email blocklist. Available commands are: ADDBLIST: ; Example: ADDBLIST: user@somewhere.com; NOTES 1. Add an entire domain to the blocklist by specifying a wildcard before the domain Example: ADDBLIST: *@domain.com; 2. Wildcards cannot be used in domain names. Example: ADDBLIST: *@*.domain.
NOTE Timestamp is formatted as yyyymmddhhmmss. 7.5.5 Perimeter SMTP Server Settings SMTP servers that relay emails to the GFI MailEssentials server must be specified. 1. From the GFI MailEssentials Configuration, go to Anti-Spam > Anti-Spam Settings. Screenshot 82: Perimeter SMTP Server settings 2.
Option Description The following SMTP servers receive emails directly from the Internet and forward them to this server Emails are relayed to the GFI MailEssentials server from other SMTP servers. Click Detect to instruct GFI MailEssentials to automatically detect SMTP servers by retrieving MX records of inbound domains. Click Add SMTP Server to manually add the IPs of any other SMTP servers that relay emails to the GFI MailEssentials server.
NOTE You can also use GFI MailEssentials with Lotus Domino. For more information refer to Appendix 2 in this guide. Public folder scanning setup for Microsoft® Exchange Servers 1. From the GFI MailEssentials configuration console go to Anti-spam > Anti-Spam Settings. Select Public Folder Scanning tab. 2. Select Enable Public Folder Scanning and from Poll public folder via list select: Exchange Server 2003 - Select MAPI, IMAP or WebDAV. Exchange Server 2007 - Choose WebDAV or Web Services.
Option Description Web Services Specify the following details: Server - mail server name Domain - use the local domain NOTE If both a local and a public domain exist, always use the local domain. Port - default Web Services port (80, or 443 if using SSL).
NOTE For Microsoft® Exchange Server 2003 SP2, right click GFI AntiSpam Folders and select All tasks > Manage Settings option. 9. Select Folder rights or Modify client permissions and click OK or Next. 10. Specify the credentials of the new power user account created in step 1 and test the setup to ensure permissions are correct.
8. From the Microsoft® Exchange System Manager right click GFI AntiSpam Folders and select All tasks > Propagate settings. 9. Select Folder rights checkbox and click OK. Microsoft ® Exchange 2007 1. From Microsoft ® Exchange Management Shell, key in the following command: ReplaceUserPermissionOnPFRecursive.ps1 -Server "server" TopPublicFolder "\’GFI AntiSpam Folders’" -User "Default" -Permissions Contributor Replace “server” with the full computer name. 2.
Managing legitimate email As with any anti-spam solution, GFI MailEssentials might require some time until the optimal antispam filtering conditions are achieved. In cases where this is not yet achieved, there might be instances where legitimate email is identified as spam. In such cases users should add emails incorrectly identified as spam to Add to whitelist and This is legitimate email folders to ‘teach’ GFI MailEssentials that the email in question is not spam. NOTES 1.
NOTES 1. In Microsoft® Outlook, dragging and dropping email moves the email to the selected folder. To retain a copy of the email, hold down the CTRL key to copy the email rather than moving it. 2. Detailed information how to create the GFI AntiSpam folders is included in this manual. For more information, refer to Enabling Public Folder Scanning (page 149). Adding senders to the Email Blocklist 1.
8 Content Filtering Content Filtering engines enable administrators to control the content of emails. These engines scan the content of emails and attachments, and block emails containing content matching the content filtering rules. Topics in this chapter: 8.1 Keyword Filtering 8.1.1 8.1.2 8.1.3 8.1.4 8.1.5 156 Creating a Keyword Filtering rule Enabling/disabling Rules Removing content filtering rules Modifying an existing rule Changing rule priority 157 162 162 162 162 8.2 Attachment Filtering 8.2.
8.1.5 Changing rule priority 162 8.1.1 Creating a Keyword Filtering rule To create a Keyword filtering rule follow the steps listed below: Step 1: Configuring basic rule setting Step 2: Configuring terms to block Step 3: Configuring the actions to take on detected emails Step 4: Specifying the users to whom to apply this rule Step 1: Configuring basic rule settings 1. Go to Content Filtering > Keyword Filtering and select Add Rule... 2. Specify a name for the rule in the Rule name text box. 3.
Screenshot 83: Content Filtering: Body Tab - setting conditions 3. From the Condition entry area, key in keywords to block in the Edit condition box. You can also use conditions AND, OR, AND NOT and OR NOT to use a combinations of keywords. 4. To add the keyword or combination of keywords keyed in, click Add Condition. To modify an entry in the Conditions list, select it and make the required changes in the Condition entry box. To remove an entry from the Conditions list, select it and click Remove.
Screenshot 84: Content Filtering: Body Tab- configuring other options 5. (Optional) From the Options area, configure the following settings: Option Description Match whole words only Block emails when the keywords specified match whole words. Apply above conditions to attachments Select this option to apply this rule also to text in attachments. In the Attachment filtering area specify the attachments' file extension (for example, .doc) to apply or exclude from this rule. 6.
Option Description Quarantine email Stores blocked emails in the Quarantine Store. You can subsequently review (approve/delete) all the quarantined emails. For more information, refer to Quarantine (page 180). Delete email Deletes blocked emails. Move to folder on disk Moves the email to a folder on disk. Key in the full folder path where to store blocked emails.
Screenshot 85: Content Filtering: Users/Folders Tab 2. Specify the users to apply this rule to. Option Description Only this list Apply this rule to a custom list of email users, groups or public folders. All except this list Apply this rule to all email users except for the users, groups or public folders specified in the list. 3. To add email users, user groups and/or public folders to the list, click Add. Screenshot 86: Add users to a Content Filtering rule 4.
NOTE You do not need to input the full name of the users, groups or public folder. It is enough to enter part of the name. GFI MailEssentials will list all the names that contain the specified characters. For example, if you input sco, GFI MailEssentials will return names such as Scott Adams and Freeman Prescott, if they are available. 5. Select the check box next to the name(s) that you want to add to the list and click OK.
1. Go to Content Filtering > Keyword Filtering. 2. From the Content Filtering page, click the (up) or or decrease the priority of the selected rule. (down) arrows to respectively increase 3. Repeat step 2 until rules are placed in the desired sequence. 8.2 Attachment Filtering Attachment Filtering allows you to set up rules to filter what types of email attachments to allow and block on the mail server.
Screenshot 87: Attachment Filtering: General Tab 3. Specify a name for the rule in the Rule name text box. 4. Select whether to scan inbound, outbound and/or internal emails.
Option Description Check Internal emails Select this option to scan internal emails. NOTE This option is only available when GFI MailEssentials is installed on the Microsoft® Exchange server 5. In the Attachment Blocking area, specify the types of attachments to block: Option Description Block all Block all email attachments of any type. Block this list Block a custom list of attachment types.
Screenshot 88: Attachment Filtering: Actions Tab 2. To block an email that matches the rule conditions, select Block attachment and perform this action and select one of the following options: Option Description Quarantine email Stores blocked emails in the Quarantine Store. You can subsequently review (approve/delete) all the quarantined emails. For more information, refer to Quarantine (page 180). Delete email Deletes blocked emails. Move to folder on disk Moves the email to a folder on disk.
NOTE When GFI MailEssentials is installed on same machine as Microsoft® Exchange 2003, GFI MailEssentials may not be able to block outbound emails, but instead replaces the blocked content with a threat report. 3. Select Send a sanitized copy of the original email to recipient(s) to choose whether to send a copy of the blocked email to the recipients but with the malicious content removed. 4. GFI MailEssentials can send email notifications whenever an email triggers this filter.
2. Specify the users to apply this rule to. Option Description Only this list Apply this rule to a custom list of email users, groups or public folders. All except this list Apply this rule to all email users except for the users, groups or public folders specified in the list. 3. To add email users, user groups and/or public folders to the list, click Add. Screenshot 90: Add users to a Content Filtering rule 4.
8.2.3 Removing attachment rules Warning Deleted rules are not recoverable. If in doubt, it is recommended to disable a rule. 1. Go to Content Filtering > Attachment Filtering. 2. From Attachment Filtering page, select the rule(s) that you want to remove. 3. Click Remove Selected. 8.2.4 Modifying an existing rule 1. Go to Content Filtering > Attachment Filtering. 2. From Attachment Filtering page, click the name of the rule to modify. 3. Perform the required changes in the rule properties and click Apply.
Screenshot 91: Adding a new Advanced Content Filtering rule 2. In Rule Name area, provide a name for the new rule. 3. In Condition area, provide the condition that the email has to meet to match this rule. From the drop down select the email part (Header, Subject, Body, Attachment Name or Attachment Content) and choose a condition (Start with, Ends with, Contains, Matches Exactly, Matches Regex). In the text box, key in the keyword or regular expression that the email should match.
1. From the Actions tab, configure what happens when this rule is triggered. Screenshot 92: Actions Tab 2. To block an email that matches the rule conditions, select Block email and perform this action and select one of the following options: Option Description Quarantine email Stores blocked emails in the Quarantine Store. You can subsequently review (approve/delete) all the quarantined emails. For more information, refer to Quarantine (page 180). Delete email Deletes blocked emails.
NOTE When GFI MailEssentials is installed on same machine as Microsoft® Exchange 2003, GFI MailEssentials may not be able to block outbound emails, but instead replaces the blocked content with a threat report. 3. Select Send a sanitized copy of the original email to recipient(s) to choose whether to send a copy of the blocked email to the recipients but with the malicious content removed. 4. GFI MailEssentials can send email notifications whenever an email triggers this filter.
2. Specify the users to apply this rule to. Option Description Only this list Apply this rule to a custom list of email users, groups or public folders. All except this list Apply this rule to all email users except for the users, groups or public folders specified in the list. 3. To add email users, user groups and/or public folders to the list, click Add. Screenshot 94: Add users to a Content Filtering rule 4.
1. From Content Filtering > Advanced Content Filtering, select rule to enable/disable. 2. Click Disable Selected to disable rule or Enable Selected to enable. 8.3.4 Sorting Rules Advanced Content Filtering rules are applied in the same order, from top to bottom as they are listed in the Advanced Content Filtering page (that is, rule with priority value 1 is checked first). To change the sequence/priority of rules: 1. Navigate to the Content Filtering > Advanced Content Filtering node. 2. Click the rule.
Check password protected archives Check corrupted archives Check for recursive archives Check size of uncompressed files in archives Check for amount of files in archives Scan within archives Check password protected archives 1. Navigate to Content Filtering > Decompression node. 2. From the list of available filters, click Check password protected archives. 3. To enable this filter, select Check password protected archives. 4.
2. From the list of available filters, click Check corrupted archives. 3. To enable this filter select Check corrupted archives. 4.
email is triggered as malicious. 5. Specify what to do when an email contains an archive that triggers this filter: Option Description Quarantine Quarantines blocked emails Automatically Delete Deletes blocked emails NOTE When GFI MailEssentials is installed on same machine as Microsoft® Exchange 2003, GFI MailEssentials may not be able to block outbound emails, but instead replaces the blocked content with a threat report. 6.
Option Description Quarantine Quarantines blocked emails Automatically Delete Deletes blocked emails NOTE When GFI MailEssentials is installed on same machine as Microsoft® Exchange 2003, GFI MailEssentials may not be able to block outbound emails, but instead replaces the blocked content with a threat report. 6. Select Send a sanitized copy of the original email to recipient(s) to choose whether to send a copy of the blocked email to the recipients but with the malicious content removed. 7.
NOTE When GFI MailEssentials is installed on same machine as Microsoft® Exchange 2003, GFI MailEssentials may not be able to block outbound emails, but instead replaces the blocked content with a threat report. 6. Select Send a sanitized copy of the original email to recipient(s) to choose whether to send a copy of the blocked email to the recipients. 7. Click the Actions tab to configure further actions. 8. GFI MailEssentials can send email notifications whenever an email triggers this filter.
9 Quarantine The GFI MailEssentials Quarantine feature provides a central store where all emails detected as spam or malware are retained. This ensures that users do not receive spam and malware in their mailbox and processing on the mail server is reduced. Administrators and mail users can review quarantined emails by accessing the quarantine interface from a web browser. GFI MailEssentials can also send regular email reports to email users to review their blocked emails.
Search through Spam emails only Search through both Malware and Spam 1. Go to GFI MailEssentials > Quarantine. Screenshot 96: Malware and Spam Search Area 2. From the Quarantine page, select All Emails from Search for dropdown. 3. Specify the required search criteria. SEARCH CRITERIA DESCRIPTION Date: Select the date range when the email was quarantined.
Screenshot 97: Malware and Spam Search Area 2. From the Quarantine page, select Malware and Content Only from Search for dropdown. 3. Specify the required search criteria. SEARCH CRITERIA DESCRIPTION Date: Select the date range when the email was quarantined. Available date ranges are: Any date/time Since yesterday Last 7 days Last 30 days Custom date range Search by sender Specify a sender who sent the email that was quarantined.
SEARCH CRITERIA DESCRIPTION Search for text in subject Specify the text to search for within quarantined email subject. Quarantine Reason Key in the reason for which the email to search for was quarantined. Item Source Select the source from where email was identified as Malware and quarantined.
Screenshot 98: Spam Only search area 2. From the Quarantine page, select Spam Only from Search for dropdown. 3. Specify the required search criteria. Available options are: SEARCH CRITERIA DESCRIPTION Date: Select the date range when the email was quarantined. Available date ranges are: Any date/time Since yesterday Last 7 days Last 30 days Custom date range Search by sender Specify a sender who sent the email that was quarantined.
9.3 Search Folders A Search Folder is a folder that has a custom search query associated to it and displays all quarantined emails that match the search query. Examples of search folders: A search folder that displays only outbound emails quarantined by the Virus Scanning Engines. A search folder that displays inbound emails quarantined in a particular date range and addressed to a particular user.
Screenshot 100: Default search folders 2. Select a search folder from the Default Search Folders area or from a node beneath Quarantine node to access the search folder. GFI MailEssentials will automatically search for and display all quarantined emails that satisfy the default search folder search criteria.
All Malware and Content Items All Spam Items NOTE Use the search results to review quarantined emails. You can approve false positives for delivery to recipients. For more information, refer to Working with Quarantined emails (page 187). 9.3.2 Creating, editing and removing Custom Search Folders from Searches 1. Go to Quarantine node. 2. Create a new search for quarantined emails. For more information, refer to Searching the quarantine (page 180). 3.
9.4.3 Permanently Delete Quarantined Emails 190 9.4.1 Viewing quarantined emails Searching within the Quarantine or using default or customized search folders yields a list of quarantined emails. Screenshot 101: Search Results NOTE The results page may be split in two tabs: Malware and Content - Emails blocked by anti-malware engines and content filtering rules. Spam - Emails blocked by anti-spam filters. 1.
Option Description Date The date when email was quarantined Source The location from where the email was quarantined Item Source Enables selecting a source to filter the display with. Available options are: View all Information Store (VSAPI) Gateway (SMTP) Information Store (Transport) Page size Enables customizing how many emails per page are currently displayed. Choose a number to view a maximum number of items per page. 2. Click a row to access the individual email details.
There might be instances where you might want to approve an email blocked by GFI MailEssentials. GFI MailEssentials allows the administrator to approve a quarantined email so that it is released from the Quarantine Store and delivered to its intended recipients. To approve emails: 1. Use the search features described in the previous sections to return a list of quarantined emails. 2. Select the checkbox next to the quarantined email(s) to approve and click Approve.
NOTE GFI MailEssentials Quarantine RSS feeds can be used on most RSS Feed Readers. For a list of freely available RSS Feed Readers that were tested with GFI MailEssentials Quarantine RSS feeds refer to: http://kbase.gfi.com/showarticle.asp?id=KBID002661 Topics in this chapter: 9.5.1 Enabling Quarantine RSS Feeds 191 9.5.2 Subscribing to Quarantine RSS feeds 192 9.5.3 Securing access to the GFI MailEssentials Quarantine RSS feeds 192 9.5.1 Enabling Quarantine RSS Feeds 1.
4. Select Enable Quarantine RSS feeds on this folder checkbox. 5. Specify the refresh interval in minutes in the Refresh feed content every text box. The default value is 10 minutes. 6. Specify the maximum number of items you want the feed to include in the Feed should contain at most text box. The default value is 100 items. NOTE You can change the URL of an RSS feed by clicking Reset Feed URL.
Screenshot 104: Spam Options - General Options tab 2. From the General Options tab change or confirm the Spam quarantine store email retention period. 3. Click User Settings tab.
Screenshot 105: Spam Options - User Settings tab 4. Select Send user quarantine reports at regular intervals to enable sending of User quarantine reports. NOTE User quarantine reports are emails sent to users on a regular basis with a list of blocked spam for that user. Using this list, users can check and approve any legitimate emails. Email blocked by the Malware and Content Filtering filters are not shown in these emails. 5. Configure the frequency at which report will be sent.
selected date/time. 6. Configure the users that will receive the Quarantined Spam reports. Select All Users except the ones listed below or Only users in the list below and provide the email address of the users to include or exclude. NOTE Click Browse to select a file with a list of email addresses to import and click Import. 7. Click Apply. 9.6.
Screenshot 106: Quarantine Mode 2. From Quarantine Mode tab, select Send quarantine approval forms by email checkbox to enable the sending of Quarantine Approval Forms. 3. From the Select recipient area, specify the recipient of the Quarantine Approval Forms: Option Description Send to administrator Sends Quarantine Approval Forms to the administrator as configured in General Settings node. For more information, refer to Administrator email address (page 219).
Configuring Nonexistent Recipients The Nonexistent Recipients filter requires access to the list of local addresses. This is done either via Active Directory or if communication with Active Directory is not possible, via an LDAP server. 1. Navigate to Quarantine > Quarantine Options > Malware Options. Screenshot 107: Nonexistent Recipients 2. From Nonexistent Recipients tab, select Enable Nonexistent Recipients protection checkbox. 3.
Option Description Use native Active Directory lookups Select this option if GFI MailEssentials is installed in Active Directory mode and has access to ALL users on Active Directory. Skip to step 8. NOTE When GFI MailEssentials is installed in Active Directory user mode on a DMZ, the AD of a DMZ usually does not include all the network users (email recipients). In this case configure GFI MailEssentials to use LDAP lookups.
The Quarantine Store location is the Quarantine Store location where quarantined emails are stored. By default, this is located in the GFI MailEssentials installation path. This might however need to be moved to an alternate location in cases where, for example, you might be running out of disk space. The Quarantine Public URL provides access to the Quarantine Page from an external location. By default, this is based on the GFI MailEssentials IIS Virtual directory settings you provided during installation.
3. Provide an alternate URL as the URL to use to access the quarantine from an external location outside your organization, 4. Click OK to save setup.
10 Email Management GFI MailEssentials includes a number of tools that facilitate management of incoming and outgoing emails. Topics in this chapter: 10.1 Disclaimers 201 10.1.1 Configuring Disclaimers 10.1.2 Disabling and enabling disclaimers 201 205 10.2 Auto-Replies 205 10.2.1 Configuring auto-replies 206 10.3 List Server 208 10.3.1 Creating a newsletter or discussion list 10.3.2 Using Newsletters/Discussions 10.3.3 Configuring advanced newsletter/discussion list properties 208 210 211 10.
3. Select: Option Description Domain Disclaimer Choose the domain from the list of configured domains. All emails sent from that domain will have the disclaimer added. User Disclaimer Specify a user or group of users, to whom the disclaimer is added for outbound emails. If GFI MailEssentials is in Active Directory mode, pick users or groups of users directly from Active Directory; else specify the SMTP email address of the user. Screenshot 110: New Disclaimer general properties 4.
Screenshot 111: HTML Disclaimer 5. To add a disclaimer in HTML format, select the HTML tab. Click Edit HTML to launch the HTML disclaimer editor and edit the HTML disclaimer text. Screenshot 112: HTML disclaimer editor 6. To add variables in disclaimer, navigate to Insert > Variable…. The variables that can be added are email fields or Active Directory fields. Select the variable to add and click OK.
NOTE The recipient display name and email address variables will only be included if the email is sent to a single recipient. If emails are sent to multiple recipients, the variables are replaced with 'recipients'. 7. Click Close when finished editing the HTML disclaimer. 8. Import or export an HTML disclaimer in .htm or .html format using the Import and Export buttons. 9.
10. Select Plain Text tab and insert the text to include for use in plain text emails directly into the Text Disclaimer field. 11. Optionally add variables in disclaimer by clicking Variable…. The variables that can be added are email fields (sender name, recipient email address, etc…) or Active Directory fields (name, title, telephone numbers, etc..). Select the variable to add and click OK.
10.2.1 Configuring auto-replies 1. Click Start > All Programs > GFI MailEssentials > Email Management Tools to load Email Management Tools. 2. Right click Email management > Auto-Replies node and select New > Auto-Reply. Screenshot 114: Creating a new auto reply 3. Key in the email address that sends auto-replies when receiving emails, and click OK. Example - If ‘sales@master-domain.com’ is used, senders sending to this email address will receive an auto reply.
4. Check and subject contains: checkbox to enable auto replies for emails containing specific text in the subject field. 5. In the Auto Reply from: field, specify an email address in case where an auto-reply is required from a different email address other than the email address to which the inbound email was addressed to. 6. In the Auto Reply subject field, specify the subject of the auto reply email. 7. In Auto Reply text, specify the text to display in the auto reply email.
NOTE By default, tracking numbers are generated using the following format: ME_YYMMDD_ nnnnnn Where: ME - GFI MailEssentials tag. YYMMDD - Date in year, month and date format. nnnnnn - automatically generated tracking number. 12. Click OK button to finalize settings. 10.3 List Server List servers enable the creation of two types of distributions lists: 1.
Screenshot 117: Creating a new list 3. In the List name: field, key in a name for the new list and select a domain for the list (only if you have multiple domains). Click Next to continue setup. 4. Select Microsoft Access or Microsoft SQL Server/MSDE as database and from the Database type group select if GFI MailEssentials should create a new database or connect to an existing database. Click Next to continue. NOTE For lists of up to 5000 members, you can use Microsoft Access as a backend.
Option Description Microsoft Access with Existing Option In the File field specify the path to your existing Microsoft Access database that contains the newsletter/discussion subscribers. From the Table drop down list select the table where the subscribers list is stored. Microsoft SQL Server with Automatic Option Specify SQL server name, logon credentials and database used to store newsletter/discussion subscribers list.
To enable users to easily subscribe to newsletters, add a web form asking for name and email address and automatically generate an email where the sender is the email address of the new user and the recipient is: -subscribe@yourdomain.com 10.3.3 Configuring advanced newsletter/discussion list properties After creating a new list, further options can be configured which enable the customization of elements and behavior of the list.
1. Right click the list to add a footer to and select Properties. 2. From Footer tab, click Edit HTML to create an HTML footer. Tip Use footers to show how users can subscribe and unsubscribe from list. Setting permissions to the list Specify who can submit an email to the list. If list is not secured, anyone can send emails to the entire list by sending an email to the list address. NOTE Permissions are not configurable for discussion lists. 1.
3. Enable passwords by selecting the Password required: checkbox and providing a password. For more information how to use this feature refer to the Securing newsletter with a password section below. Securing newsletters with a password Set a password that secures access to newsletter in case someone else makes use of the email client or account details of a permitted user. NOTE Discussion lists cannot be secured with passwords. 1. Right click the list to set permissions for, and select Properties. 2.
Screenshot 120: Entering subscribers to the newsletter 2. From Subscribers tab, click Add. 3. Key in 'Email Address', 'First name', 'Last name' and 'Company fields' and click OK. The new subscriber email address is added to Email list. NOTE First name, last name and company fields are optional. NOTE To remove subscribers from list, select user and click Remove .
When a new newsletter or discussion list is created, a table called 'listname_subscribers' with the following fields as shown in the table below is created. To import data into the list, populate the database with data in the following fields.
10.4.2 Configure email monitoring 1. Right click Email management > Mail Monitoring node and select New > Inbound Mail Monitoring Rule or Outbound Mail Monitoring Rule to monitor inbound or outbound email respectively. Screenshot 122: Add Mail Monitoring rule 2. Key in the destination email address/mailbox to copy the emails to. Click OK to continue. Screenshot 123: Configuring email monitoring 3. Click sender and recipient Select buttons to specify which emails this rule should monitor.
NOTE To monitor all mail, key in: *@* Condition Rule All email sent by a particular user Create outbound rule, specify sender email or select user (if using AD) in the sender field and key in *@* as the recipient’s domain. All email sent to a particular user Create inbound rule, specify recipient email or select user (if using AD) in the recipient field and specify *@* as the sender’s domain.
4. Select the Exceptions tab to add senders or recipients who will be excluded from the new rule. The available options are: Option Description Except if sender is Excludes the specified sender from the list. Except if recipient is Excludes the specified recipient from the list. NOTE When specifying exceptions for inbound monitoring rules, the Sender list contains nonlocal email addresses and the Recipient list addresses are all local.
11 General Settings Topics in this chapter: 11.1 Administrator email address 219 11.2 Enabling/Disabling scanning modules 219 11.3 Proxy settings 221 11.4 Local domains 222 11.5 Managing local users 222 11.6 SMTP Virtual Server bindings 223 11.7 Version information 224 11.8 Patch Checking 225 11.9 Access Control 225 11.1 Administrator email address GFI MailEssentials sends important notifications to the administrator via email. To set up the administrator’s email address: 1.
NOTE This feature enables or disables particular scanning engines only. Disabled engines do not process inbound, outbound and/or internal emails. All other features of GFI MailEssentials, such as the quarantine store, is still functional. 1. From the GFI MailEssentials Configuration, navigate to General Settings > Settings and select the General tab. Screenshot 126: Scanning Manager 2.
11.3 Proxy settings GFI MailEssentials automatically checks for and downloads updates (for example, virus definitions updates and SpamRazer definitions) from the Internet. If the server on which GFI MailEssentials is installed, connects to the Internet through a proxy server, configure the proxy server settings as follows: 1. From GFI MailEssentials Configuration go to General Settings > Settings and select Updates tab. Screenshot 127: Updates server proxy settings 2.
11.4 Local domains Screenshot 128: Local Domains list GFI MailEssentials requires the list of local domains to enable it to distinguish between inbound, outbound or internal emails. During installation or post install wizard, GFI MailEssentials automatically imports local domains from the IIS SMTP service or Microsoft® Exchange Server. In some cases, however, local domains may have to be added manually. IMPORTANT GFI MailEssentials only filter emails destined to local domains for spam.
NOTE The number of users retrieved is also used for licensing purposes. 11.5.1 GFI MailEssentials installed in Active Directory mode When GFI MailEssentials is not installed on the same machine as your mail server and Active Directory is present, then GFI MailEssentials retrieves mail-enabled users from the Active Directory domain of which the GFI MailEssentials machine forms part.
NOTE The SMTP Virtual Server Bindings tab is not displayed if you installed GFI MailEssentials on a Microsoft® Exchange Server 2007/2010 machine. 11.6.1 Binding GFI MailEssentials to another other SMTP Virtual Server. NOTE Some services are temporarily stopped while performing this operation. This may affect mail flow and/or email scanning. 1. Go to General Settings > Settings and click Bindings tab. 2. Select the SMTP Virtual Server to bind GFI MailEssentials to. 3. Click Apply. 4.
NOTE Always quote your GFI version and build information when contacting GFI support. 11.8 Patch Checking The Patch Checking feature verifies if there are any software patches available for your version of GFI MailEssentials by directly connecting to the GFI Update Servers. NOTE It is highly recommended to check for patches periodically to keep GFI MailEssentials updated. 1. Navigate to General Settings > Product Patches. Screenshot 130: Checking for product patches 2.
NOTE Configuring Web UI access is only possible when GFI MailEssentials is running in IIS mode and can be accessed over the network (including different trusted domains). Access Control is not configurable when GFI MailEssentials is running in Local mode. For more information, refer to User interface mode (page 227). 1. From GFI MailEssentials Configuration, go to General Settings > Access Control. Add domain users or groups and select the product features to allow access to.
12 Miscellaneous topics Topics in this chapter: 12.1 Virtual directory names 227 12.2 User interface mode 227 12.3 Failed emails 231 12.4 Tracing 233 12.5 POP2Exchange - Download emails from POP3 server 235 12.6 Moving spam email to user’s mailbox folders 238 12.7 Move spam to Exchange 2010 folder 240 12.8 Synchronizing configuration data 241 12.9 Disabling email processing 252 12.10 Email backup before and after processing 253 12.11 Remoting ports 254 12.
To select the mode: 1. Launch the GFI MailEssentials Switchboard from Start > Programs > GFI MailEssentials > Switchboard. Screenshot 132: GFI MailEssentials Switchboard - UI Mode 2. From the UI mode area, select: Option Description Local mode GFI MailEssentials loads in an html viewer application, accessible from the machine where GFI MailEssentials is installed only.
NOTE Some services are temporarily stopped while performing this operation. This may affect mail flow and/or email scanning. 3. Click Yes to restart the displayed services. 4. Click OK. 12.2.1 IIS Security Settings The Security button within the UI mode tab enables you to configure an Access Control List and Authentication method. Access Control List The Access control list specifies who can access GFI MailEssentials and what features are available for which users or groups.
Screenshot 133: IIS Security - ACL tab 3. Click Add... and provide the name of the user or group to add to the list. 4. Select the type of access to grant. Available options are: Full Quarantine Reporting RSS 5. Click OK to finalize setup. To remove access to a user or group, select the item to remove and click Remove. IIS Authentication Mode The IIS Authentication Mode enables you to choose the authentication method to use when accessing GFI MailEssentials. 1.
3. Select Authentication tab. Screenshot 134: IIS Security - Authentication tab 4. Select one of the available options: Option Description Windows Mode Windows authentication enables GFI MailEssentials to make use of the credentials of the currently logged on user and does not provide log-off and automatic timeout of the user interface session. Forms Mode (Default) Forms authentication provides the ability for users to log off.
12.3.1 Reprocessing legitimate emails that fail It is recommended to contact GFI Support when a number of emails are being moved to the failedmails folder. When the issue is resolved, emails can be re-scanned by GFI MailEssentials to determine if they are safe to be delivered. NOTE Files with extension .PROP in the failedmails folder are used for troubleshooting purposes. When reprocessing failed emails, these files can be deleted. GFI MailEssentials installed on Microsoft® Exchange Server 2007/2010 1.
Screenshot 135: Enabling Failed emails notification 2. Select Send Notifications on Failed Mail. 3. Click Apply. NOTE Some services are temporarily stopped while performing this operation. This may affect mail flow and/or email scanning. 4. Click Yes to restart the displayed services. 5. Click OK. 12.4 Tracing GFI MailEssentials provides the facility of creating log files for debugging purposes. Use tracing for troubleshooting purposes or when contacting GFI Support.
\GFI\MailEssentials\AntiSpam\DebugLogs\ \GFI\MailEssentials\WwwConf\DebugLogs\ To enable or disable Tracing: 1. Launch the GFI MailEssentials Switchboard from Start > Programs > GFI MailEssentials > Switchboard and select Tracing tab. Screenshot 136: Configuring Tracing options 2. Select or unselect Tracing enabled to enable or disable logging respectively.
1. Launch the GFI MailEssentials Switchboard from Start > Programs > GFI MailEssentials > Switchboard and select Tracing tab. NOTE Some services are temporarily stopped while performing this operation. This may affect mail flow and/or email scanning. 2. Click Clear Tracing Logs and click Yes to restart the displayed services. 3. Click OK when completed. 12.
4. Click Add to add a POP3 mailbox from which to download email. Screenshot 138: Adding a POP3 mailbox 5. Key in the POP3 server details, mailbox login name and password of the mailbox. Choose between: Option Description Send mail to address stored in ‘To’ field GFI MailEssentials will analyze the email header and route the email accordingly. If email analyzing fails, email is sent to the email address specified in the alternate address field.
Option Description If mail is larger, then: Choose to delete email larger than the maximum allowed size, or send a message to the postmaster. 8. Click OK. 12.5.2 Configure dial up connection options 1. From the GFI MailEssentials server, go to Start > Programs > GFI MailEssentials > Email Management Tools. 2. Select POP2Exchange node and double click General. 3. From the Dialup tab select Receive mails by Dial-Up or Dial on Demand. Screenshot 139: Dial-up options 4.
Process every (minutes): Enter the interval at which GFI MailEssentials must connect to POP3 mailbox. Screenshot 140: Configuring when to pick up email 5. Click Schedule and specify the hours when GFI MailEssentials should dial-up to pick up email. A check mark indicates that GFI MailEssentials will dial out. A cross indicates that GFI MailEssentials will not dial out at this hour. 6. Click OK. 12.
rulemgmtres.dll rulemgmt.exe rule.dll gfi_log.dll 3. From the Microsoft® Exchange Server, open command prompt and change the directory to the location where the Rules Manager files were copied. 4. In command prompt type: regsvr32 rule.dll 5. On confirmation, click OK. Launch Rules Manager 1. From the Microsoft® Exchange Server, navigate to the location where Rules Manager files were copied and open rulemgmt.exe. 2.
1. Double click on a mailbox to launch the Rules dialog. 2. A list of rules applicable to the selected mailbox is displayed. Click Add rule to add a new rule Select a rule and click Edit rule to change settings of the selected rule Select a rule and click Delete rule to delete the selected rule. 3. Click Apply to save settings. 12.6.
Configure the dedicated user from the GFI MailEssentials Switchboard. NOTE If a user is not configured, spam cannot be moved to a mailbox sub-folder. To configure a dedicated user: 1. Launch GFI MailEssentials Switchboard from Start > Programs > GFI MailEssentials > Switchboard. 2. Select Move to Exchange tab NOTE This tab is only shown when GFI MailEssentials is installed on Microsoft® Exchange 2010 server. 3. Click Specify user account... to specify the dedicated user. 4.
The Anti-Spam Synchronization Agent works as follows: 1. A server machine hosting GFI MailEssentials is configured as the master server. 2. The other server machines, where GFI MailEssentials is installed, are configured as slave servers. 3. The slave servers upload an archive file, containing settings, to an IIS virtual folder hosted on the master server via the Microsoft® BITS service. 4.
NOTE Keep note of the configured path for reference. d. Select MESynchAgent virtual directory and from the Features View, double click SSL Settings. e. Disable the Require SSL checkbox and click Apply. f. Return to the Features View of the newly added virtual directory and double click Authentication. g. Ensure that only Basic Authentication is enabled, while the other options are disabled. h.
2. Right click Anti-Spam Synchronization Agent > Configuration and select Properties. Screenshot 141: Configuring a master server 3. From the Master tab, select This GFI MailEssentials Configuration server is also a master server and key in the full path of the folder configured to hold the contents of the MESynchAgent virtual directory. 4. Click Add and enter the hostname of the slave server. Click OK to add it to the list. Repeat this step and add all other slave servers.
Step 3: Configure slave servers Important notes 1. To configure a server as a slave server, it must meet one of the following system specifications: Microsoft® Windows Server 2008 Microsoft® Windows Server 2003 - It is recommend that you download the BITS 2.0 client update from: http://go.gfi.com/?pageid=ME_BITS2003Update 2. Slave servers automatically upload an archive file, containing settings to the IIS virtual directory on the master server, so no virtual directory should be created on slave servers.
Example: http://mydomain.com/MESynchAgent 5. In the Port field specify the port used by the master server to accept HTTP communications. NOTE By default the port value is set to 80 which is the standard port used for HTTP. 6. Select Credentials required and key in credentials used to authenticate with the master server. 7. Select: Option Description Automatic Synchronization occurs automatically at a set interval.
Screenshot 143: Configuration Export/Import Tool NOTE Duration of the export process depends on the databases’ sizes. 4. Click Export. 5. From Browse for Folder dialog, choose folder where to export configuration settings and click OK. 6. On completion, click Exit. Step 2: Copy the exported settings 1. Manually copy the folder where the configuration settings were exported. 2. Paste the folder to the machines where to import the settings.
NOTE Some services are temporarily stopped while performing this operation. This may affect mail flow and/or email scanning. 1. Stop the following services: GFI List Server GFI MailEssentials Enterprise Transfer GFI MailEssentials Legacy Attendant GFI MailEssentials AntiSpam Attendant GFI POP2Exchange IIS Admin service 2. Go to \GFI\MailEssentials\ and launch meconfigmgr.exe. NOTE Duration of the import process depends on size of the databases to be imported. 4.
NOTE Some imported settings may not be appropriate for the installation of GFI MailEssentials may need to be re-configured. This is possible for example, DNS settings, domains list and perimeter servers are different from the server from which settings were exported. Click Yes to launch the GFI MailEssentials Post-Installation wizard to reconfigure important settings. For more information, refer to Post-Installation Wizard (page 36).
“C:\MailEssentials Settings” - location where to export files. Replace with the desired destination path. /verbose - instructs the tool to display progress while copying the files. /replace - instructs the tool to overwrite existing files in the destination folder. Screenshot 144: Exporting settings via command line 4. Restart the services stopped in step 1. Importing settings via command line 1.
WARNING The import process replaces the configuration files with the files found in this folder. Screenshot 145: Importing settings via command line 4. Restart the services stopped in step 1. NOTE Some imported settings may not be appropriate for the installation of GFI MailEssentials may need to be re-configured. This is possible for example, DNS settings, domains list and perimeter servers are different from the server from which settings were exported.
NOTE For more information on the settings to verify after import, refer to: http://go.gfi.com/?pageid=ME_CheckImportSettings 12.9 Disabling email processing Disabling email processing disables all protection offered by GFI MailEssentials and enables all emails (including spam and malicious emails) to get to your user’s mailboxes. Email processing is typically disabled only for troubleshooting purposes. To enable/disable GFI MailEssentials from processing emails: 1.
NOTE Some services are temporarily stopped while performing this operation. This may affect mail flow and/or email scanning. 3. In the Service Restart Required dialog, click Yes to restart services. 4. Click OK. 12.10 Email backup before and after processing IMPORTANT Use this option for troubleshooting purposes only. 1. Launch the GFI MailEssentials Switchboard from Start > Programs > GFI MailEssentials > Switchboard and select Troubleshooting tab.
2. Select/unselect Keep a copy of every email before and after email processing checkbox to store a copy of each email processed. All emails are stored in the following locations: \GFI\MailEssentials\AntiSpam\SourceArchives\ \GFI\MailEssentials\EmailSecurity\SourceArchives\ NOTE Some services are temporarily stopped while performing this operation. This may affect mail flow and/or email scanning. 3. Click OK. 4.
Screenshot 148: Changing Remoting ports 2. In the Remoting Ports area, change the number of the Remoting port to a one that is not utilized by other applications. 3. Click Apply. NOTE Some services are temporarily stopped while performing this operation. This may affect mail flow and/or email scanning. 4. Click Yes to restart the displayed services. 5. Click OK. 12.
NOTE Information Store Protection (VSAPI) is not supported on Microsoft® Exchange Server 2013 because VSAPI was removed from Microsoft® Exchange Server 2013 by Microsoft. 12.12.1 Performance counter in Windows 2003 Server To add and view, the performance monitor counter in Windows 2003 Server, follow these steps: 1. Go to Start > Control Panel. 2. In the Control Panel window, double-click Administrative Tools. 3. Double-click Performance, to start the Performance monitor MMC. 4.
Screenshot 149: Adding VSAPI performance monitor counters in Windows 2008 Server 4. From the Select counters from computer dropdown list, select the computer to monitor. 5. From the list of available counters, expand MSExchangeIS. 6. Select any Virus Scan counter you need to add. For more information, refer to Performance monitor counters (page 258). 7. Click Add. 8. Repeat steps 6 and 7 for each process to monitor. 9. Click Ok to apply changes.
Screenshot 150: Monitoring Virus Scan Files Scanned in Windows Server 2008 Performance Monitor 12.12.3 Performance monitor counters The following VSAPI Performance Monitor counters are available: Performance Counter Description Virus Scan Messages Processed A cumulative value of the total number of top-level messages that are processed by the virus scanner. Virus Scan Messages Processed/sec Represents the rate at which top-level messages are processed by the virus scanner.
Performance Counter Description Virus Scan Bytes Scanned Total number of bytes in all of the files that are processed by the virus scanner. Virus Scan Queue Length Current number of outstanding requests that are queued for virus scanning. Virus Scan Folders Scanned in Background Total number of folders that are processed by background scanning. Virus Scan Messages Scanned in Background Total number of messages that are processed by background scanning.
13 Troubleshooting and support 13.1 Introduction This chapter explains how to resolve any issues encountered during installation of GFI MailEssentials. The main sources of information available to solve these issues are: This manual - most issues can be solved through the information in this section. GFI Knowledge Base articles Web forum Contacting GFI Technical Support 13.
Issue encountered Solution Remote commands do not work Refer to: http://go.gfi.com/?pageid=ME_RemoteCommands Processing of emails is very slow This may occur when there are DNS problems in the network. If DNS is not working correctly, the DNS lookups made by some anti-spam filters in GFI MailEssentials will timeout. For more information refer to: http://go.gfi.com/?pageid=ME_ProcessingSlow Older data not available in database when using Microsoft® Access. When reports.mdb database exceeds 1.
13.3 Scanning engines & filters Issue encountered Solution Spam is delivered to users mailbox Follow the checklist below to solve this issue: 1. Check that GFI MailEssentials is not disabled from scanning emails. For more information, refer to Disabling email processing (page 252). 2. Check if all required filters are enabled. For more information, refer to Anti-Spam filters (page 101). 3. Check if local domains are configured correctly. For more information, refer to Local domains (page 222). 4.
Issue encountered Solution GFI MailEssentials returns the following error: “The file was blocked by the attachment filtering module at file type checking stage. The attachment claimed to be a which is identified as being an attachment in category . The file was detected to belong to the category .” Cause An attached file is detected as being a file with multiple file-types. Solution For information how to resolve this issue refer to: http://go.gfi.
13.5 GFI SkyNet GFI maintains a comprehensive knowledge base repository, which includes answers to the most common problems. GFI SkyNet always has the most up-to-date listing of technical support questions and patches. In case that the information in this guide does not solve your problems, next refer to GFI SkyNet by visiting: http://kb.gfi.com/. 13.6 Web Forum User to user technical support is available via the GFI web forum. Access the web forum by visiting: http://forums.gfi.com/. 13.
14 Appendix 1 - Bayesian Filtering The Bayesian filter is an anti-spam technology used within GFI MailEssentials. It is an adaptive technique based on artificial intelligence algorithms, hardened to withstand the widest range of spamming techniques available today. This chapter explains how the Bayesian filter works, how it can be configured and how it can be trained. NOTE 1. The Bayesian anti-spam filter is disabled by default. It is highly recommended that you train the Bayesian filter before enabling it.
Example: A financial institution might use the word ‘mortgage’ many times and would get many false positives if using a general anti-spam rule set. On the other hand, the Bayesian filter, if tailored to your company through an initial training period, takes note of the company's valid outbound email (and recognizes ‘mortgage’ as being frequently used in legitimate messages), it will have a much better spam detection rate and a far lower false positive rate.
GFI MailEssentials installation path\AntiSpam\BSW\ 2. Launch bayesianwiz.exe and click Next in the welcome screen. Select the installation folder and click Next. 4. Click Next to start installation. 5. Click Finish when installation is complete. Step 2: Analyze legitimate and spam emails To start analyzing emails using the Bayesian Analysis wizard: 1. Load the Bayesian Analysis wizard from Start > Programs > GFI MailEssentials > GFI MailEssentials Bayesian Analysis Wizard. 2.
8. Click Next to start retrieving the sources specified. This process may take several minutes to complete. 9. Click Finish to close the wizard. Step 3: Import the Bayesian Spam profile When the wizard is not run on the GFI MailEssentials server, import the Bayesian Spam Profile (.bsp) file to GFI MailEssentials. 1. Move the file to the Data folder in the GFI MailEssentials installation path. 2. Restart the GFI MailEssentials AS Scan Engine and the GFI MailEssentials Legacy Attendant services.
15 Appendix 2 - Lotus Domino Use this Appendix for information on using GFI MailEssentials with your Lotus Domino installation. 15.1 Lotus Domino incompatibilities 15.1.1 Internal memos/emails are not scanned GFI MailEssentials does not scan internal memos/emails sent by Lotus Domino since the Lotus Domino’s sender/receiver format is not in a compatible format. When internal memos/emails are passed into GFI MailEssentials, these end up in the queue and are not processed.
Screenshot 151: Active Directory selection 15.2.2 Set up DNS/Router Firewall Configure the machine where GFI MailEssentials is installed to act as a gateway (also known as "Smart host" or "Mail relay" server) for all email. Effectively, all inbound email must pass through this machine before relayed to the mail server for distribution (it is the first to receive all emails destined for your mail server).
Screenshot 152: Verifying the MX record of the DNS 4. Test the new mail relay server. Before proceeding to install GFI MailEssentials, verify that the new mail relay server is working correctly. 5. Test the IIS SMTP inbound connection of the mail relay server by sending an email from an external account to an internal user (use web-mail, for example MSN Hotmail,if you do not have an external account available). Verify that the email client received the email. 6.
2. After configuration section is selected, main window will show the configuration of the server. Select desired server and click Edit configuration. Screenshot 154: Click Edit Configuration From the configuration document page, select Router/SMTP tab and ensure that Basics is selected. Double click on content to enable edit mode. Select Relay host for messages leaving the local internet domain and enter the IP Address of the machine that GFI MailEssentials is installed.
Screenshot 156: Enable Anonymous Authentication 15.3 Lotus Domino Anti Spam Folder Configuration 1. From Lotus Notes Administrator, create a database with the normal MAIL85.NTF template, that is used as the public folder. When the database is created, right click the database from the files section and select Access Control. Configure the user or group or server to have access on the database.
Screenshot 157: Create a new database 2. Convert the database using the server console by typing: load convert -e -h mail\public.nsf Command should display the following results. Screenshot 158: Load convert result 3. On completion, ensure that the database is accessible from IMAP service. From the Lotus Notes Administrator, go to Configuration, and select the Files tab. Highlight the database of the public folder, click Edit, select Copy as Link and click Application Link.
Screenshot 159: Copy to the clipboard a link to the current application 4. From the configuration, go to Messaging Settings and select IMAP tab. Screenshot 160: Include all public and other users’ folders when a folder list is requested 5. Select Public and Other Users’ Folders tab. Right click and paste on the Public Folders Database Links and enable the Include all public and other users folders when a folder list is requested’. 6. Save and close the document.
Screenshot 161: New mail-in database 7. From the Lotus Notes Administrator, configure the folder for mail usage. Go to People and Groups and select Mail-In Database. Create a new Mail-in Database and in the whole directory path enter the full path (for example, Mail\public.nsf). 8. Save and close the document. 15.4 GFI MailEssentials Configuration 1. From the GFI MailEssentials web interface, expand AntiSpam and select AntiSpam Settings. 2.
Screenshot 162: Enable Public Folder Scanning 5. From the registry , change values to use this function.
16 Appendix 3 - Microsoft® Exchange 2003 Clusters Use this appendix for instructions on how to install and uninstall GFI MailEssentials on Microsoft® Exchange 2003 clusters. A cluster is a group of servers, technically known as nodes, working collectively as a single server. Such environment provides high availability and fail over mechanisms to ensure constant availability of resources and applications including email infrastructures.
12. Click Finish. 13.
17 Glossary A Active Directory A technology that provides a variety of network services, including LDAP directory services. AD See Active Directory Anti-virus software Software that detects malware such as Trojan horses in emails, files and applications. Auto-reply An email reply that is sent automatically to incoming emails. B Background Intelligent Transfer Service A component of Microsoft Windows operating systems that facilitates transfer of files between systems using idle network bandwidth.
D Decompression engine A scanning module that decompresses and analyzes archives (for example, .zip and .rar files) attached to an email. Demilitarized Zone An internet-facing section of a network that is not part of the internal network. Its purpose typically is to act as a gateway between internal networks and the internet. Directory harvesting Email attacks where known email addresses are used as a template to create other email addresses.
False positives Legitimate emails that are incorrectly identified as spam. G Gateway The computer (server) in a LAN that is directly connected to an external network. In GFI MailSecurity, gateway refers to the email servers within the company that first receive email from external domains. Greylist filter An anti-spam filter that blocks emails sent from spammers that do not resend a message when a retry message is received.
List server A server that distributes emails sent to discussions lists and newsletter lists, and manages subscription requests. M Mail Exchange The DNS record used to identify the IP addresses of the domain's mail servers. Malware All malicious types of software that are designed to compromise computer security and which usually spread through malicious methods.
P Perimeter server/gateway The host in a LAN that is directly connected to an external network. In GFI MailEssentials perimeter gateway refers to the email servers within the company that first receive email from external domains. PGP encryption A public-key cryptosystem often used to encrypt emails.
Recursive archives Archives that contain multiple levels of sub-archives (that is, archives within archives). Also known as nested archives. Remote commands Instructions that facilitate the possibility of executing tasks remotely. RSS feeds A protocol used by websites to distribute content (feeds) that frequently changes (for example news items) with its subscribers. S Secure Sockets Layer A protocol to ensure an integral and secure communication between networks.
Z Zombie An infected computer that is made part of a Botnet through malware.
18 Index A Active Directory 20, 28, 34, 42, 62, 65, 102, 107, 151, 197, 202, 223, 241, 249, 251, 269 Antispam 51, 149, 238 Antivirus 19, 26-27, 32, 51, 68-69, 73, 77, 81, 85, 89, 177, 188 Attachment Filtering 19, 163, 179, 220, 223 Auto-replies 15-16, 18, 205 I IIS 23, 25, 28, 33, 62, 119, 199, 222-223, 226-227, 242, 248, 250, 260, 262, 271, 278 IMAP 150, 260, 274 Inbound mail filtering 18 Internal email 31, 44 Internet 18, 25, 29, 37, 148, 221, 237, 242, 262, 267, 270 B IP 30, 36, 60, 98, 112, 115, 117,
Q Quarantine 19, 35, 39, 44, 47, 62, 64, 70, 74, 77, 82, 86, 91, 95, 136, 160, 166, 171, 175, 180, 190, 192, 198, 220, 226-228, 261 R Remote commands 18, 145, 261 RSS Feeds 35, 190, 226 S Sender Policy Framework 20, 102, 115, 262 SMTP Server 28, 34, 40, 118-119, 148, 260 SMTP Virtual Server 29, 35, 223 Spam actions 135, 247, 251 SpamRazer 20, 27, 101-102, 135, 220, 262 U Updates 27, 45, 51, 68, 71, 75, 78, 83, 87, 93, 96, 102, 106, 129, 221, 225, 246, 260 Upgrade 40 URI DNS Blocklist 20, 102, 114 V VIPR
USA, CANADA AND CENTRAL AND SOUTH AMERICA 15300 Weston Parkway, Suite 104 Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com ENGLAND AND IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.com EUROPE, MIDDLE EAST AND AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.
