User's Manual
Table Of Contents
- Finding your way around
- System Settings
- Policy Manager
- The Policy Manager tab
- Creating a Policy
- Address Group
- Queue Manager
- Dictionary Manager
- Global Policy
- Creating a new Sub-policy
- Editing a sub-policy
- Adding Filters to the policy
- Defining a filter
- The Anti-Virus Agent Filter
- The Anti-Spam Agent Filters
- Internet Threat Database Filter
- Standard Disclaimer
- General Content Filter
- advanced content filter
- Message Attachment Filter
- Content Guardian
- Dictionary Threshold Filter
- Key Points
- Reports & Logs
- RiskFilter System Management Console
- Appendix
- INDEX
- Notices
140 Administrator’s Guide SurfControl RiskFilter - E-mail V5.2.4
R
ISK
F
ILTER
S
YSTEM
M
ANAGEMENT
C
ONSOLE
The System Tab
5
MULTI GATEWAY POLICY ROUTING
This module sets up dynamic routing to preserve ipv4 source addresses.
Multi Gateway Policy Routng enables you to override the default gateway setting in your routing table.
Connections forwarded to RiskFilter will have their packets routed back through the source's configured
gateway. This is needed if these connections are from multiple mail servers which do not perfom SNAT
packet modifications. With this enabled, RiskFilter is able to see the original source of a forwarded
connection and route packets back through this gateway.
Multi-Gateway Policy Routing must have mail server(s) that support iptables, so that emails can be relayed
to RiskFilter before being forwarded.
To set up Multi Gateway Policy Routing:
1Select Multi Gateway Policy Routing in the System tab.
Figure 5 - 7 The Multi-Gateway Policy Routing screen
2 Select an Interface from the drop-down list box.
3 Enter the MAC address of the Gateway into the Ethernet (MAC) address field.
4 Enter the IP address of the Gateway into the IP Address field.
5 Click Add.
Caution: This should only be used if you are using NAT on your mail servers to forward mail
to RiskFilter.
Note: To test RiskFilter, run this command on the mail server:
iptables -A PREROUTING -t nat -p tcp -m tcp ! -s RF-IP --dport 25 -j DNAT. To use this feature,
you MUST run this command on the mail server.