Omnicast Live Viewer User Guide
Contents
1. COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 108 WEB 4 MODUSGATE ADMINISTRATION IP List for Web Servers Authentication Can be used to specify IPs that have access to the web applications e This is not generally used if modusGate is configured to do internal routing to a single Exchange mail server Quarantine Encoding Used to specify the default character encoding for advanced WebQuarantine e If using Latin characters keep the default setting US ASCII Visual settings Used to specify the number of contacts and messages that appear on each page in WebQuarantine e If there are too many contacts or messages to be displayed on one page page numbers become available allowing you to scroll through all pages COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 109 FIND 4 MODUSGATE ADMINISTRATION Find With this feature you can easily search for users domains and quarantined messages where applicable This feature is convenient if you have multiple domains or a large user base Admin Follow the instructions below to use the Find feature Step Action 1 In Search For select Domains Users and or User Alias Admin Quarantine r Search For I Domains Containing C Beginning With Exact Match Q F Users PO ga T sero Maximum Results 100 z All domains C Ihis domain 123 el Results 0 Items in Find Results2. SMTP_VRFY is safe to use if only modusGate can connect to the mail server Alias addresses are supported When selected the adjoining boxes to the right should contain the same IP hostname and port as those entered in Step 4 e Exchange 2000 2010 address validation does occur and aliases are supported Take note that distribution lists do count as mailboxes Inthe right hand boxes enter the IP of the Active Directory AD Server if different from the Exchange server Use port 3268 for access to the Global Catalog the entire user list or enter a custom port You may optionally check Use SSL TLS COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 20 CONFIGURING ROUTES 3 INSTALL MODUSGATE Step Action 5 e Lotus Domino supports SMTP_VRFY so consider this option cont d before trying to implement an LDAP based solution Aliases may not be detected when using LDAP and may count as mailboxes e OpenLDAP is a generic LDAP auth mechanism that works with many mail servers Aliases may count as mailboxes Inthe right hand boxes enter the IP of the LDAP Server if different from the mail server Use port 389 or enter a custom port You may optionally check Use SSL TLS e Disabled is an advanced option used to lock the user list and prevent invalid addresses from being dynamically created This is typically used if Active Directory LDAP cannot be used for mailbox validation The user l
3. Full Logging logs all results Basic Logging logs the most common results Custom Logging appears when you manually select the events to log e Select Scan Results to be Logged Displays the selected filtering results e Select Status to be Logged Displays the selected message processing status Information is updated dynamically as messages progress through the system and or are filtered CAUTION This log is processor intensive To reduce the load on the system consider doing the following e Limit the number of events to log Enable Audit logging for specific domains or users override settings exist at both the Domain and User levels COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 106 WEB 4 MODUSGATE ADMINISTRATION Web WebAdmin Privileges This section is subdivided into 2 sets of properties WebAdmin and Quarantine see the lower level tabs Beginning with WebAdmin this panel contains the privileges or permissions settings that are used by both the WebAdmin and WebQuarantine applications These privileges determine what settings users can or cannot change themselves Allowed Domain properties Specify the domain level settings that an administrator can modify using the WebAdmin console All options except Message Audit and Domain Keys are enabled by default Reporting Virus Levels Virus Actions Virus Alerts Phishing Levels d Phishing Acti
4. Allowed User types This feature is available but not required because users are created automatically in modusGate Domain controls If you have multiple domains you can set different WebAdmin privileges WebAdmin per domain as described above The Administrators section enables you to specify which users will have access to the WebAdmin panel to act as domain administrators Click Add to select the users who will have administrator rights These users will be able to modify domain and user settings as defined above User controls From this panel you can specify which users will have access to the WebAdmin WebAdmin panel to act as domain administrators Click Add to select the users who will have administrator rights These users will be able to modify settings for all users as defined above Quarantine options Web users directory Specifies the directory where users quarantined messages and custom settings are stored including changes to filter options quarantine report contents and schedule settings and statistics regarding the number and type of filtered messages WebAdmin URL By entering the WebAdmin URL in this field WebQuarantine and WebAdmin work in conjunction with each other EXAMPLE WebAdminURL http localhost WebAdmin e The URL must always end with a forward slash e In WebQuarantine when users click on Settings they will be logged on automatically to WebAdmin to configure their mailbox settings
5. Find Results 2 Select Containing Beginning With or Exact Match and enter the text to search Wildcards can be used 3 Maximum Results set the number of results to display in the Find Results window 4 Select to search All Domains or This Domain and enter the name You can optionally browse the domain list using the ellipsis button The latter function is navailable if multiple Search For items are checked 5 Click Find to display the results in the Find Results window Double clicking an item in the results list will open its properties page COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 110 FIND 4 MODUSGATE ADMINISTRATION Quarantine This feature allows you to search for specific messages in the Quarantine Step Action il In Search For select one or multiple filter types When Spam is selected you can further specify a message category by clicking the ellipsis button p Search For r The search string must match any of these Vit a I Vius Name minene Bo ity Forbidden Attachments From Address I To Address D I Phishing I Blocked by Rules Containing Beginringwith Exact Match I Blocked Senders CI I Corupted Unseannable x3 Language Filter m Where local domain is included in the From or To field M Spam ical Al domains W I False Positive only C Ihsdoman besom o a sf Name From to Subject Re
6. EXAMPLE E g serveraddress webadmin It may take several seconds to log into WebAdmin for large deployments because of the message statistics view If faster access is required the statistics view can be disabled 1 With Notepad open the Web config file located in Vircom Web WebAdmin Root 2 Locate lt add key ShowStats value true gt 3 Replace true with false 4 Save the file COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 133 APPENDIX A WEB APPLICATIONS 6 APPENDICES WebAdmin was developed for system and domain administrators Access should not be given to end users The Login as user feature was designed for use by administrators to verify changes made for a specific user Before users can access WebAdmin they must be granted permission For details see WebAdmin Privileges on page 107 Domains The main panel provides access to the configuration options as well as providing a summary of the message statistics for your domain s and users Statistics are available for the Last Day Last Week and Last Month Use the drop down menu to select the time period Click Edit to access the specific domain or enter a domain name and click Go Go to specific domain Go View message statistics for Last Week z D e as 13 o 0 0 0 0 akiva com pi o 0 0 o nika com 6 o 0 0 0 0 hoenix com 5 0 0 p Si to amp 0 0 Nu
7. Expected a quoted string or multi line string NOTE Sieve scripts support UTF 8 characters The scan engine treats the content according to the applied rules Your spam severity settings will determine what levels of policy scripts are applied in the system Click OK to exit the screen Enable the script e Use Up or Down to change the priority of the script e Scripts run in order from top to bottom Use Disable to turn a script off NOTE Restart the MODUSCAN service after deleting or disabling a script COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 91 RULES 4 MODUSGATE ADMINISTRATION Enforcement of Corporate Email Policies and Parental Control In order to customize sieve scripts effectively modusGate employs an optimized receiving service to target mail traveling in specific directions An attribute in the envelope of a message rcp file identifies the message e Routing From Outside to Outside e Incoming From Outside to Inside e Local From Inside to Inside e Outgoing From Inside to Outside Trusted lists override the control script e Unless trusted lists are disabled some messages will bypass the control filter e Ifa client is using this feature for parental control the Trusted Senders List on the child s PC must be disabled e Because processing order is important the control script should be run last to avoid excess junk mail in the moderator s quarantine Corpo
8. address previously entered Type to yyy yourdomain com lt enter gt where yyy the same email address previously entered Type testing 12 3 lt enter gt Type lt enter gt Enter a single dot and click lt enter gt COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 22 CONFIGURING ROUTES 3 INSTALL MODUSGATE Step Action 12 Type quit lt enter gt 13 Verify that the recipient address received the message Change the MX Once your connection s are tested and working the next step is to change record your DNS records e Onthe DNS Server modify the MX Mail Exchange record so that your mail domain points to the modusGate server instead of the Exchange e Create an A or Host record that maps the new modusGate MX to the Gate server s IP address e Since new MX records can take anywhere from 12 to 48 hours to propagate only remove the mail server s MX after modusGate s MX has been propagated Do this to hide your mail server from public view when spammers see multiple MX s for the same domain they often bypass the primary modusGate s and target the secondary the mail server COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 23 INSTALLING THE WEB COMPONENTS SEPARATELY 3 INSTALL MODUSGATE Installing the web components separately Install the web The following instructions apply only if you plan to install the web components Components on a separate server
9. bulk email Also known as junk mail COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 146 GLOSSARY 7 GLOSSARY SPF Sender Policy Framework SPF helps to prevent return path address forgery and makes it easier to identify sooofs For more information go to www openspf org or RFC 4408 Spoof In the context of network security a spoofing attack is a situation in which a person or program successfully masquerades as another by falsifying data With phishing a legitimate Web page such as a bank s is reproduced in ook and fee by the phisher The intent is to trick users into thinking that they are connected to a trusted site The phisher then harvests personal information SURBL Spam URI Real time Block Lists A SURBL detects spam messages based on message body URIs instead of the soam senders They allow you to block messages that have spam hosts mentioned in the message bodies For more information go to www surbl org URI A string of characters used to identify or name a resource The main purpose is to enable interaction with representations of the resource over the Internet using specific protocols URL Universal or Uniform Resource Locator An Internet address used by Web browsers to access a specific site or a document resource Virus Any piece of code that replicates and executes itself Viruses usually deliver a piece of malicious code that carries out a destructive operation on t
10. create a custom TXT or HTML file containing the notification text and browse to select the file name e Use current message plain text enter your text in the window below COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 88 FORBIDDEN ATTACHMENTS F A 4 MODUSGATE ADMINISTRATION Encoding Specify the text format either Text plain or Text HTML Remember to enter the HTML code in the message body or specify an HTML file if you are pointing to a file Alert Substitutions In the alert notifications you may use two substitutions that will insert text based on the message being scanned and the results of the scan e Insert the sender name of the infected message enter i s e Insert the scan report from the anti virus engine enter 2 s Domain controls Forbidden Attachment settings can be configured at the Domain level in Attachments the Console Go to Domains gt select domain name gt Attachments Enable Override server default settings e Override cannot be selected if Force scanning for all Domains and all Users is checked in the system settings under FA e Configure your preferences for scanning level message handling and whether members of this domain can release attachments from Quarantine e The attachment list cannot be customized here User controls Forbidden Attachment settings can be configured at the User level in the Attachments Console Go to Users gt select
11. e _ modusGate mailbox quarantine e c winnt temp Resolving backlogs in Holding and Domains folders The modusGate spool holding folder stores messages bound for local and outbound delivery If there are more than 2 000 messages in this folder there may be a problem However the content of the modusGate spool domains folder is more important as this is what modusGate uses to coordinate mail delivery e Check local deliveries e Go to the spool domains local folder to verify the contents e If there is a large backlog of messages something is preventing the processing of messages going to the local domains e Inthe folder there should be one of four types of files which are of the same type envelope files but the extension of the files indicates what processing has been completed e RCO files recently arrived RCP files that have yet been scheduled for delivery e ROP files scheduled for delivery and awaiting processing e LCK files locked RCP files that are in the process of being delivered e DEF files deferred files have undergone a delivery attempt and are awaiting retry e Inthe Console go to System gt Mail Delivery and click Deliver Now e Inthe spool domains local folder press lt F5 gt to refresh the contents of the folder e If the number of files does not decrease or if it increases after performing a Deliver Now this signifies a problem The backlog might be due to communication
12. gt Phishing COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 74 PHISHING 4 MODUSGATE ADMINISTRATION Enable Override server default settings e Override cannot be selected if Force scanning for all Domains and all Users is checked in the system settings under Phishing e Configure your preferences for scanning level message handling and whether members of this domain can release phishing messages from Quarantine User controls Phishing settings can be configured at the User level in the Console Phishing Go to Users gt select user name gt Phishing Enable Override domain default settings e Override cannot be selected if Force scanning for all Domains and all Users is checked in the system settings under Phishing e Configure your preferences for scanning level message handling and whether this user can release phishing messages from Quarantine COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 75 SPAM 4 MODUSGATE ADMINISTRATION Spam The Spam controls are separated into 2 layers of tabs Properties and Preferences seen at the bottom of the panel This section begins with the Preference settings which is where you set the scan levels and message handling rules Options Use these settings to configure spam scanning for the entire system Spam Options System Trusted Senders System Blocked Senders SURBL Spam Links Iv Enable message scanning for
13. see http tools ietf org html draft levine smtp batv O1 This feature allows you to specify which IP addresses or domains are allowed to relay mail through your server preventing your server from being used as an open relay Mail Server Cloaking e This hides the mail server from public view when relaying mail for a defined route modusGate becomes the public view server COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 51 SECURITY 4 MODUSGATE ADMINISTRATION Accept mail for relay from these hosts Enter the IP addresses and domain names that are allowed to send mail through the server i e to external addresses e The localhost address 127 0 0 1 and the IPs corresponding your configured routes are automatically added to this list e When adding addresses accepted formats are 10 10 10 10 10 10 10 10 10 10 0 16 and domain com Block Scan Attack This feature allows you to limit the number of recipients per incoming message This effectively prevents soammers from sending messages with an unusually high number of recipients You can also prevent dictionary spam attacks by slowing them down or blocking them e To exclude specific IP addresses from this limit go to Security gt Trusted Address List gt SMTP Security Trusted Address gt Trusted Address and enter the IP addresses Limit the Maximum Number of Valid Recipients e Allows you to limit the number of recipients per
14. to save your modifications I Override my server defaults When a message is filtered e Phishing Delete message immediately Spam Block message into Quarantine Trusted Senders virus 3p Normal z Blocked Senders Language Filter IE Senders receive notifications Reporting Ii Recipients receive notifications Quarantine z Save Message Audit V VIRCOM freedom of e expression Users From the Users panel you have access to the following configuration panels e Find search for a specific user e View All view all users for the specific domain and access the configuration panel for it e Statistics view message statistics for each user on the domain COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 135 APPENDIX A WEB APPLICATIONS 6 APPENDICES joestrummer Generic johnlydon Generic morrissey Generic petermurphy Generic a robertsmith Generic p siouxsie Generic User View From the Users panel you have access to the following configuration panels All settings available in the Console are also available here e Virus specify how modusGate should process messages that contain viruses e Attachments specify how modusGate should process messages that contain forbidden attachments e Phishing specify how modusGate should process phishing messages e Spam specify how modusGate shou
15. using features built into Outlook and to control the contents from there The following sections will decribe all these options Console The quarantine panel in the Console allows you to monitor and view administration Messages captured by the attachment spam and anti virus filter engines Any addresses blocked by custom blacklists will also be included To capture all filtered messages system wide Block Message into Quarantine must first be enabled in each of the filter control panels Virus Soam System Blocked Senders within the Soam controls Phishing and FA NOTE These same settings can also be configured at the Domain and User levels The panel is divided into 2 sections the message Properties and the Results The Results section displays a list of all of the quarantined messages sorted and displayed separately according to the content e Spam displays messages blocked by the SCA your custom sieve scripts and the custom blacklists e Attachments displays messages blocked by the Forbidden Attachment settings e Viruses displays the infected files e Phishing displays messages considered to contain phishing content A Find Result tab displays the search results for the Find command when searching for a particular message See Find on page 110 COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 97 QUARANTINE MANAGEMENT 4 MODUSGATE ADMINISTRATION Using Quarantine Properties Sel
16. whereby the Windows operating system is installed with a RAID array Solution If you use a RAID array for your OS drive with the RAID mode set to write through mode instead of writeback mode by default the controller only sends an acknowledgement of a disk write operation after the disk write has completed In the example above no disk write operations would be acknowledged until the RAID controller has finished purging the cache file and has merged it into the Registry hive Therefore it is recommended that the RAID controller on the OS drive be set to use writeback mode which sends an acknowledgement before the write operation is complete This ensures faster response For additional information please consult the IBM Systems Software Information Center article Understanding write cache mode for logical drives COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 120 TROUBLESHOOTING 5 TROUBLESHOOTING Web Application Issues If the Web components are not installed on the same machine as modusGate or if the modusGate machine has more than one NIC perform the following steps WebRoot Custom config File The information contained in this file is required to access the data for WebMonitor If there are multiple NICs on the modusGate server you may need to replace localhost with the first static IP of the server for the following values Sit W ebMailServerAddress Monito
17. Click OK to create the new database structure NOTE If you wish to move or copy data stored on the old database this must be done manually using the SQL Server import export controls 9 Optional click Test Connection This option can be used at any time to verify that modusGate is able to communicate with the database server COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 34 SYSTEM 4 MODUSGATE ADMINISTRATION Extended Database If you use a Blockade configuration of two or more modusGate servers Vircom provides the Extended Database structure to store Users properties The database script can be found in the modusGate program files Vircom modusGate DBStructures SQL Server ExtendedDB For up to date information about the database schema and the various properties see the Knowledge Base http kbase vircom com kbase default asp id 1710 amp SID amp Lang 1 Quarantine Reports modusGate provides the option to send quarantine reports to your users The report is a summary digest that is emailed on a scheduled basis Links within the report allow users to release or delete spam add sender addresses to their trusted or blocked lists and in some cases release forbidden attachments with special permission If a user releases a message containing a forbidden attachment it is scanned for viruses where applicable Consequently the message could be quarantined again in which case it
18. Email SMTP Port 25 modusGate amp Exchange Server Exchange SMTP Service Port 26 System requirements The following are the recommended minimum system requirements for modusGate Server Requirement Description Windows Server Windows Server 2003 2008 2008 R2 64 bit with OS the most recent Service Pack Virtual Machines VM are also supported NOTE modusGate Server cannot be installed ona Windows Web Edition Server any version CPU 2 13 GHz Intel Pentium IV processor Disk 40 GB or higher 7200 RPM hard drive mirrored is recommended NTFS with Indexing disabled Memory 1024 MB RAM MDAC Microsoft Data Access Component 2 8 SP1 or higher DNS Server Must be accessible by modusGate IIS Internet Information Server version 6 0 or higher May be installed on the modusGate server or ona separate computer NET 3 5 SP1 and NET Framework versions 3 5 SP1 and 4 0 Extended 4 0 Extended are both required COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 8 CONFIGURATION REQUIREMENTS 2 GETTING STARTED Requirement Description SQL Server Microsoft SQL Server 2000 2008 2008R2 or SQL Server 2005 Express Edition It is recommended that SQL be installed on a separate standalone computer IE 6 or above Required for WebMonitor and WebAdmin access Adobe Acrobat Version 7 or higher required to read the Reader administration guides Database modusGate requires databases f
19. ITAdmin mydomain com Weekly on Sundi Mail Filter Statistics Enabled ITAdmin mydomain com Monthly on the 1 I System Overview Enabled ITAdmin mydomain com Daily at 08 00 NOTE When accessing the Report Scheduler for the first time the error The system cannot connect with WebMonitor may appear along with the System Configuration panel Copy the URL address from the Address field of the Web browser and paste it into the WebMonitor URL field in the System Configuration Click on Save To schedule a report e Select the report type and name e Set the frequency can be monthly weekly or daily e Choose the report format PDF or Excel e Enter an address to be displayed in the Email From field by default the local postmaster address is used if configured Enter the recipient email address in the Email To field To disable enable scheduled reports click Status Message Audit System administrators can audit email messages to get an up to date view of mail processing Transactions are displayed in a 1 line summary to provide traceability of who sent the message and when to whom whether the message was filtered or delivered and whether the user opened it Searching Messages The search feature allows you to search for specific messages in the message audit log using various search criteria including date sent sender recipient address subject content scan results message status etc Note that because of database
20. LDAP requests COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 144 GLOSSARY 7 GLOSSARY MIB Management Information Base A MIB is a file that contains descriptions about the characteristics of a modusGate Server or any other managed device on a network for which a MIB has been created The characteristics described in the MIB are the functional elements for the modusGate Server which can be monitored using SNMP software NVC Norman Virus Control Software sold by Norman Data Defense that provides server side anti virus protection modusGate uses the same virus definition files as Norman Virus Control ODBC Open Database Connectivity ODBC is an application programming interface API used to access third party databases Open Proxy A proxy that allows computers to use it to make connections to services on their behalf whether they would normally have permission to access the service or not Open Relay An SMTP mail server configured in such a way that it allows anyone on the Internet to relay i e send mail through it Often open to attack and hijacked to send large amounts of spam Phishing A scam that uses spam to deceive people into disclosing their credit card numbers bank account information passwords and other sensitive information Phishers often masquerade as trustworthy or well known businesses POPS Post Office Protocol 3 A standard mail protocol for authenticating a
21. MUST use the parentheses and quotation marks Exit the DNS Server console and return to the DKIM panel in modusGate Click Test DNS String If you had created strings for multiple domains select a domain name first in the Domain Key Configuration table before clicking Test DNS String If the test is successful click Enable to activate the signature To delete a signature select the domain name and click Remove You must also remove the DNS string from the DNS server Advanced settings Key Size bits 768 kai Simple no email modifications allowed Poets anai C Relaxed nofws replace whitespaces J Testing Mode I Notes 2 Signed By default all users will be Pitinaoned Except the following You can optionally use this panel to modify the key structure NOTE Any changes made to the following properties will change the DNS string Therefore you must also replace the string text on the DNS server Key Size use this to optimize performance default is 768 bits COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 64 SECURITY 4 MODUSGATE ADMINISTRATION e Larger numbers will reduce performance but will increase the difficulty of breaking the signature Canonical algorithm used to determine how the header is handled e Simple default tolerates almost no modification of the email message in transit e Relaxed tolerates common modifications such as whitespace replaceme
22. Packing Eas hazelnidia paceworldwide com 6 21 2011 5 07 AM Release Block Goods don t miss out Half Price S if el ntsnow gmail co 6 21 2011 4 03 AM Release Block Health Includes Amino Acids Lose 40 petrinamona bungi com 6 21 2011 3 11 AM Release Block Health Trusted Online Pharmacy Cia m intonia addyourprofil 6 21 2011 2 27 AM Release Block Miscellaneous Replica Watches Store welcome shanitamarisha ilisa com 6 21 2011 1 10 AM Release Block Goods ee Rolex com F com 6 21 2011 12 46 AM Release Block Blocked by Rules Doctors Give You The Truth C rtawannagf eaton com 6 20 2011 11 47PM Release Block Category Subject From Date Action Virus Your Federal Tax transaction Adele_House irs gov 6 21 2011 6 10 AM N A Block Virus Rejected Federal Tax transfer Dewitt_Henry irs gov 6 20 2011 7 04 AM N A Block Delete All Contents Report actions Reports allow users to perform the following functions COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 99 QUARANTINE MANAGEMENT 4 MODUSGATE ADMINISTRATION e View the message content by clicking the Subject link dangerous links within the message are inoperable or blocked e Release a message to the Inbox when permitted viruses can never be released e Additional release options include The ability to add the sender s email address or domain name to his her Trusted List Ability to report the message as a false positive a copy of the message is sent to Virc
23. Privileges gt Allowed User Properties See Web on page 107 for details COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 100 QUARANTINE MANAGEMENT 4 MODUSGATE ADMINISTRATION A detailed description of this program and its functions can be found in the WebQuarantine User Manual located in the WVircom modusGate Documentation folder directQuarantine for Outlook This add on program to modusGate provides users with a live up to date view of their quarantined messages directly within Outlook Users are able to see the message type spam attachment virus etc and can perform release delete block and trust functions using buttons embedded in Outlook s toolbar ribbon controls In addition users have the added ability to report messages as spam if and when they slip by the filters File Edit View Go Tools Actions Help Adobe PDF Type a que iHn 284 Beck O Miia 7 Fi By Messages iS Snagit Window i B3 Release MRSpam Trust e Block z 4 directQuarantine Search directQuarantine Favorite Folders t D From Subject Received E Inbox 1 Unread Mail Date Today Sent Items edeanelv saeca Enhancement pills Tue 9 6 2011 2 59 PM Mail Folders R elizshawna bac BEST quality gene Tue 9 6 2011 2 42 PM 2 Al Mail Items wabn iyso com Buy now Viagra Ci Tue 9 6 2011 1 48 PM B EF Mailbox ag tavqskui afmb Exclusi
24. VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 357 SYSTEM 4 MODUSGATE ADMINISTRATION Step Action 6 You may change the following report format settings if desired System Report is the master layout for the Quarantine Report You may optionally create a custom report which can then be selected from the dropdown menu System Theme you may optionally customize the colors fonts logos etc used in the Quarantine Report Use this setting to select a custom theme NOTE For information about creating custom reports see the Knowledge Base article http kbase vircom com kbase default asp id 1720 amp SID amp Lang 1 Display Name enter the email address to be displayed in the From field in Quarantine Report messages From Email enter the email address to be used when sending the reports By default the postmaster address is used 74 Set Report Content these settings determine what message details are included in each user s Quarantine Reports The default settings provide the maximum amount of information A note about the spam probability levels this feature can be used as a filter to display only the messages that may have been quarantined in error Ci e False Positives It is recommended to select the Medium and Low probabilities for this purpose e Messages labelled High probability can safely be disabled for most people Optional You can allow users to set their own report content preferences by enabli
25. closely To locate the counters open Windows Performance Monitor In the list of Available Counters you should find each of the following modusGate services where applicable Modusadm Moduscan Modusmon SMTPDS SMTPRS and Webmailsvr Expand each item to see its list of available counters COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 122 SECTION 6 APPENDICES APPENDIX A WEB APPLICATIONS 6 APPENDICES Appendix A Web Applications The following section describes the functions available in the modusGate WebMonitor and WebAdmin applications For details about WebQuarantine see the WebQuarantine User Guide located in the Vircom modusGate Documents directory WebMonitor The WebMonitor application provides information about system health and the mail statistics It is preferable to run it on a separate web server as it could interfere with modusGate s performance An SVG viewer is required to view the interface Download the SVG viewer from http www abobe com svg viewer install NOTE This application can only be executed in Internet Explorer 6 7 and 8 IE 9 is not supported Login e WebMonitor uses NT authentication e Your Windows login ID must have permission to access the folder where WebMonitor is located The default folder is Program Files Vircom Web Webmonitor To log into WebMonitor type webmonitor login aspx after the server URL EXAMPLE _ s
26. e Delete message immediately Block message into Quarantine e Allow users to release quarantined attachments use this option if there are issues with false positives or if you want to allow users to release certain message types Note that this option can also be set at the domain and user levels to provide more control This feature enables you to specify if and how to notify the sender that the message contained a forbidden attachment CAUTION Due to current behavior of soam and malware that spoof sender addresses do NOT use this option If enabled false notifications are likely to be sent to people who did not actually send the attachment This feature allows you to specify if and how to notify the recipients when a message contains a blocked attachment NOTE Both directQuarantine and or Quarantine Reports clearly label the messages that contain attachments so you may want to use those features instead of the notification process Enable Alert Notifications to Recipients e This must be turned on at the server level to be able to set individual controls at either the domain or user levels Recipients receive notification e This server level override function allows you to reset individual domains and or users settings to force everyone to receive alerts e Enter the Name Address and Subject for the alert messages Select the message to be used for the alert e Use the default message e Use message from file
27. have been configured and mail begins to flow through modusGate Double clicking a domain name in the Domain view will display the properties panels for that domain Note that clicking the Domains button in the toolbar will produce the same behavior Users e The list of users is also created dynamically once mail begins to flow through modusGate COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 27 THE ADMINISTRATION CONSOLE 4 MODUSGATE ADMINISTRATION e Click the Users button in the toolbar the results window will display all usernames in a given domain If there are multiple domains click the domain name to see the list of users for that domain e Double clicking a username in the results window will display the properties panels for that user NOTE Please note the following exceptions regarding the Users list e The Users list and property panels are not accessible when using modusGate with an unlimited user license e The Users list will not populate dynamically if in the Connections screen you set Automatically populate user list to Disabled This is an advanced option used for special configuration requirements and or to prevent automatic cleanup of unused mailboxes during the regular synchronization process Override To support customization override settings are available in the domain and functionality user properties for the following features alias addresses footers or disclaime
28. kbase default asp id 1561 amp SID amp Lang 1 2 How to write a mail agent http kbase vircom com kbase default asp SID amp Lang 1 amp id 1316 To create an agent follow the directions below The example given will archive all inbound and outbound messages that pass through modusGate Step Action 1 In the Agent text box type the name of the batch file or program to be run followed by m r The m directive copies the message file e The r directive copies the header envelope e Be sure to enter the full path to the file name with quote marks Ce EXAMPLE C Progra 1 Vircom modusGate ARCHIVEMAIL BAT m r Click Apply 2 Open Notepad to create your batch file Click Save As and enter the filename from Step 1 e g archivemail bat Save the file to a folder in the system path e g C Progra 1Vircom modusGate 3 Enter the following text ECHO OFF FIND I domain com 2 gt nul IF errorlevel O COPY 1 C AnyDestinationFolder NOTE modusGate only supports the ability to direct messages to a specified folder not a mailbox If modusGate is installed on a network that is configured to access the Internet through a proxy server you must enter the proxy server information in this panel This is required to access the spam engine and anti virus updates Click Use a proxy server and enter the host or IP address and the port of the proxy server From this panel you can create custom error
29. of image spam e When the first image spam is received a signature is created for the message and cached e The message is not accepted Instead a temporary error is returned to the sender This blocks a significant number of image spam because few spammers will resend e Ifthe message is re sent a signature is created for this message e The signatures of the first and second messages are compared Valid senders always resend the same message therefore the signatures will be identical and the message will be delivered By contrast a soammer is unlikely to resend the exact same message In the event that a spammer sends a second message albeit a different one modusGate will respond to it in the same manner as it did for the first and the message will be cached Assuming an identical message is never resent within the cache time frame i e 4 hours by default the sender s IP address will be added to the blocked senders list Extended Mode is designed to protect against spam and is intended to work in conjunction with Vircom s SCA engine While the SCA engine is very effective at blocking image spam the speed with which spammers create variants of their images has required us to increase our spam blocking efforts Differences between Basic and Extended Modes Basic Mode how greylisting is normally implemented cannot block messages where the spammer resends it using the same Mail From and RCPT TO pair Extended Mode
30. return Export will export the list to a text file Default will revert the entire list back to default content and levels Using the Edit button provides a number of options It can be used to change an existing file name and or filter level including the items in the supplied list EXAMPLE DLL files are under the Strong category but can be moved to Normal by using Edit Being able to move files is especially useful if you want to set different scan levels for different people Scenario you want to allow specific file types through for some users Group A but to block those files for all other users Group B Before making any changes you need to know how the scan levels work Extreme ALL message types are blocked including Extreme Strong and Normal Strong messages in both the Strong and Normal groups are blocked Normal only the Normal group is blocked Returning to the scenario to block file types for the majority of users Cin Group B place the files in either the Strong or Extreme category and set the equivalent scan level for the Group B users Because the users in Group A must recieve those files set their scan level lower to Normal COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 86 FORBIDDEN ATTACHMENTS F A 4 MODUSGATE ADMINISTRATION Auto Cleanup These settings allow you to specify when forbidden attachments are deleted from the quarantine Messages are remov
31. reverse lookup failed Ifthe host is found on an RBL the envelope will contain the header X Modus RBL will be set to IP Blacklisted Furthermore if Reject connection immediately if the host is blacklisted is enabled Security gt Real Time Blacklist and Postpone the rejection until authentication is disabled Security gt Sender Reputation the connection will be rejected e If the host is found on an RBL and Postpone the rejection until authentication is enabled the decision will be delayed until the user can be authenticated COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 140 APPENDIX D TRUSTED AND BLOCKED SENDERS BEHAVIORS 6 APPENDICES At the Mail From command if reverse DNS is enabled and fails or if RBL lookup is enabled and fails and modusGate is not configured to reject the connection immediately if the host is blacklisted the connection is rejected After the Mail From command modusGate checks for SPF support and performs a Look up for SMTP host in the real time whitelist servers if enabled Security gt Sender Reputation At the scanning stage modusGate does not scan internally generated messages or messages from IP addresses in the list of trusted addresses Security gt Trusted Address List gt Scanning Trusted Address If the message contains an attachment greater than the configured limit modusGate does not scan it Rules gt Performance gt Attachment Size Verifica
32. stopped Retry Domain s An entry is made whenever SMTPDS is instructed to immediately retry the pending domains Change Configuration This item is not recorded The above items can also be logged in the Windows Event Viewer COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 103 LOGS 4 MODUSGATE ADMINISTRATION Log Name Event Description OPERATION Protocol Exchanges Logs every SMTP command sent to and response received by the system Extended Protocol Exchanges Logs every extended protocol command sent and response received by the system Received Message Data All message data received by SMTPRS is logged in the operation log file e This information creates huge log files and should be used for debugging purposes only Atno time should you enable this feature for every day use Transmitted Message Data All the message data sent by SMTPDS is logged in the operation log file e This information creates huge log files and should be used for debugging purposes only e At no time should you enable this feature for every day use Received Transaction Summary A Summary of message receipt is logged It can also be logged in Windows Event Viewer Transmitted Transaction Summary A summary of the message transmission is logged It can also be logged in Windows Event Viewer Network Connections Incoming and outgoing network connections are logged DNS Transactions DNS requests sent by modu
33. the domain name entered in the previous screen It uses a format supported by both Active Directory and LDAP EXAMPLE Ifthe domain name is xyz com the Base DN format is DC xyz DC com 8 User DN and Password enter the email address and password of the Administrator or mgate user as instructed in Exchange Active Directory configuration on page 10 This format is supported by both Active Directory and LDAP Please note the following e t is recommended to use the mgate account its access to user information is restricted and therefore more secure e Ifthe mgate user has not been created yet enter the Administrator s information temporarily Keep in mind that the user credentials should be updated manually after the account is created 9 Click Next to view the summary table and verify the information Click Add to enter other domains or mail servers if necessary To edit or change any information use the Console s Connection settings Click Finish to close the wizard Using the console Use the modusGate Administration Console settings Connections Step Action 1 Click on the modusGate icon on your desktop to launch the Administration Console 2 Click Connections go to Routes gt Add Domain COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 19 CONFIGURING ROUTES 3 INSTALL MODUSGATE Step Action 3 Enter your domain name in Domain mask and click OK e Keep the Route for in
34. 19 2007 10 03 32 AM MODUSCAN Scanning for viruses 11 19 2007 10 03 32 AM MODUSCAN Clean 11 19 2007 10 03 32 AM MODUSCAN Scanning for spam phish 11 19 2007 10 03 38 AM MODUSCAN Spam 11 19 2007 10 03 38 AM MODUSCAN Scanned and blocked by 11 19 2007 10 03 38 AM MODUSCAN Moved to spool spam an aft COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 132 APPENDIX A WEB APPLICATIONS 6 APPENDICES WebAdmin e Click on Export to export the log detail for a particular message to a HTML or text file e The file can be opened in a Web browser or saved to any location e Click on Forward to forward the log The message is sent from the postmaster account e Click on Release to release blocked messages to their destined recipients The WebAdmin application provides Web access to the administrative functions of modusGate Mirroring the Domain and User properties of the Administrative Console IT administrators can use it to manage modusGate remotely or grant access to domain administrators to manage their own user settings This can be useful for organizations that host multiple domains NOTE Note that the WebAdmin feature is not available for unlimited user licenses In addition because the functions in WebAdmin are identical to those in the Console the information contained in this section is limited Complete details can be found throughout this guide Login To log into WebAdmin type webadmin after the server URL
35. 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 50 SECURITY 4 MODUSGATE ADMINISTRATION Mail Relay e Ifa message is identified as a bounce and not BATV validated SMTPRS will return a 550 5 7 5 error code BATV uses the following format Tag Type Tag Value Loc core E g prvs 13266C8ED1 John domain com The Tag Type is prvs private simple signature The Tag Value is in the format KDDDSSSSSS BATV uses the following format Tag Type Tag Value Loc core E g prvs 13266C8ED1 John domain com The Tag Type is prvs private simple signature The Tag Value is 135266C8ED and is unique for every message sent The Loc core is the mailfrom address John domain com The Loc core is the mailfrom address John domain com Apply BATV checking when the message contains matching subect tags from this list e Click Subject Tags to enter a list of commonly used subject tags e g out of office to reduce the likelihood of false positives e Use only one entry per line e Do not use commas to separate entries as they are forbidden characters Disable BATV for these IP addresses Click IP Addresses to enter IP addresses or IP classes for which BATV will not be used NOTE When enabled modusGate sets a default grace period of 7 days During this time no messages are filtered using BATV to prevent improper handling of older messages BATV filtering begins when the grace period ends For more information about BATV
36. HIBITED 13 INSTALLING MODUSGATE 3 INSTALL MODUSGATE Step Action 5 Custom allows you to select which components to install or disable and provides advanced settings for database configuration If the web components are to be installed on a separate web server select Custom and uncheck Administration and Reporting Services See nsta ling the web components separately on page 24 for installation and configuration details If you plan to use directQuarantine take note that it must be installed on the same server as modusGate J3 modusGate ASV N Installation x vIRCOM modusGate Select the components to be installed Installs the Filtering Gateway service and Advanced Administration program Administration Console IV directQuarantine Server Installs the server application for directQuarantine for Outlook JV Administration and Reporting Web Services Installs Web based Gateway Administration WebAdmin System Health Report and Auditing Tools WebMonitor Policy Management Administration W ebPolicy End user Quarantine WebQuarantine lt Back cancel _ 6 Click Next to verify the installation paths Make any changes necessary and click Next to continue COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 14 INSTALLING MODUSGATE 3 INSTALL MODUSGATE Step Action Z If you have a SQL Server on the local machine or network select Use existing SQL Server Thi
37. ION AND DISCLOSURE PROHIBITED 41 SYSTEM 4 MODUSGATE ADMINISTRATION SMTPDS HELO this setting enables you to modify how your domain name appears in the HELO line when sending messages to another server Max server message size this value sets the maximum message size in KB that the server will accept A value of O denotes no message size limit Mail Delivery This is the message delivery schedule a list of time intervals when modusGate attempts to resend mail that could not be delivered successfully Time is measured from the moment message delivery fails to when the next attempt is made Messages are kept in the modusGate spool or queue while delivery is retried at each interval listed If the final time is reached the message is deemed undeliverable and returned to the sender Times marked with an envelope icon indicate when a notification is generated informing the sender that the message has not yet reached its destination The retry frequency can be modified by adding or removing intervals This is especially useful if when your mail server goes offline for any reason The final time can be increased e g from 2 days to 4 or more to ensure that messages to your users remain stored on modusGate until the mail server is back online Click Add to enter a new time interval to the list Select an interval and click Remove to delete it from the list Use Send Warning No Warning to enable disable sender notifications at a
38. If the problems appear to be caused by DNS timeouts two Registry keys can be added to automatically handle the failure To change the default values these keys must be created manually The settings are used by SMTPRS SMTPDS and MODUSCAN The new DWORD Registry keys must be created under HKEY_LOCAL_MACHINE Software Vircom Vopmail e DNSFailTimeout This controls how long to wait in seconds before trying the secondary DNS when the primary is down The default value is 30 mins COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 115 TROUBLESHOOTING 5 TROUBLESHOOTING e DNSRetryTimeout This controls how long in seconds to retry the primary DNS server when using the secondary The default value is 1 day NOTE You must restart the SMTPRS SMTPDS and MODUSCAN services after creating the new key Mail Spool The message Spool or queue contains the message files as they are being Directories processed by modusGate The directory is located in Vircom modusGate Spool and contains the following subdirectories Invirus Contains all messages waiting to be scanned e g virus and spam Messages found to contain unwanted content are sent to the Virus or Spam subdirectory accordingly Messages containing viruses and spam are then sent to the Mailboxes Quarantine Inbox folder to provide a view of the content to Quarantine Reports WebQuarantine and directQuarantine The message headers ar
39. LEXPRES e g SERVER SQLEXPRESS I Use custom port SQL Administrator Account M odus SQL Administrator Password SQL Database name Modus x lt Back Next gt Cancel COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 16 INSTALLING MODUSGATE 3 INSTALL MODUSGAT Step Action 9 This screen only appears during a Custom install 3 modusGate ASV N Installation eS U vircom modusGate modusGate needs a SQL account to access the database You can choose an existing account or create a new one Enter a user name and password for the modusGate database user Name po Create a new user Password Confirm lt Back cancel _ e Select Use an existing user and enter the credentials e Or select Create a new user and enter anew name and password this will be used as the administrator account for modusGate s databases This option is recommended for security purposes and modusGate will automatically configure the required permissions in SQL Click Verify to create and or validate the user credentials 10 Click Next to launch the modusGate installation and to create the database tables This process will take a few minutes 11 Click OK to start the modusGate and IIS services NOTE At this point you might be prompted to enter a DNS Suffix enter your domain name If this step is necessary Windows Server will require a reboot to registe
40. Ls and as such cannot notify its clients To troubleshoot a possible RBL problem Step Action 1 Open the RBL Server list click Export and copy and save your list to a text file 2 Click Remove to delete all addresses from the list Click Close and Apply 3 Go to System gt Services Stop and restart the SMTPRS service 4 From a command prompt telnet to port 25 to check the banner response Cit should be immediate 5 Using your saved RBL text file re enter each address one at a time into to the modusGate list Click Apply and perform the telnet test after each entry 6 When the problem RBL has been identified i e banner response is not immediate remove that entry and stop start SMTPRS Connection Limits This feature allows you to limit the number of simultaneous SMTP connections allowed from a single IP This also controls performance as it limits the number of users that can use your system at a given time COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 58 SECURITY 4 MODUSGATE ADMINISTRATION Connections Trusted Address List Total number of connections allowed for this server e Used to specify the total number of simultaneous SMTP connections allowed on your server at one time e The default is set to 500 Total number of simultaneous connections allowed from the same IP e Used to specify the number of simultaneous connections allowed from one IP address e The defaul
41. McAfee website Accept automatic high priority virus definition updates e Virus definition updates from Vircom are tested for quality However there may be emergency situations when the virus definition files are available prior to quality assurance tests Ifyou choose to receive these signature files without waiting for quality assurance testing check this option and they will be sent to you as soon as they are available NOTE It is recommended that you leave this feature disabled unless you require a time critical update from Vircom As the files have not passed quality assurance testing Vircom cannot guarantee that these files will run properly which may cause system problems Auto Updates The auto update feature connects modusGate to a Vircom server to receive updated virus definition files ensuring that your modusGate server and your users are always protected Check For Updates Every e Use the drop down menu to select when your mail server checks for virus definition files from Vircom e The system is automatically configured to check for new definintions every 15 minutes Update Now can optionally be used to force an immediate update of the files Use a secure HTTPS connection to download the virus definition updates This feature is not implemented yet Auto Cleanup_ These settings allow you to specify when a message is deleted from the virus quarantine Messages are removed from both the quarantine folder
42. ODUCTION AND DISCLOSURE PROHIBITED 24 INSTALLING THE WEB COMPONENTS SEPARATELY 3 INSTALL MODUSGATE Configure the ODBC connection WebMonitor Step 1 Action In Windows Explorer go to the Vircom Web WebMonitor directory Locate the custom config file and open it with Notepad Locate lt add key Servers value localhost gt lt add gt replace localhost with the IP address of the modusGate server 4 Save the changes WebAdmin Step Action 1 In Windows Explorer go to the Vircom Web WebAdmin Root directory Locate the web config file and open it with Notepad 3 Locate lt add key Site value gt and enter modusGate s IP address between the empty quotes 4 Open Administrative Tools gt Services and restart the WEBMAILSVR service 5 Restart the IIS service to register the collective changes for all the web components Step Action il On the server that now houses the web components go to Start gt Administrative Tools gt Data Sources ODBC Click System DSN gt Add Select the driver that matches your database type and click Finish For SQL Server 2005 Express select SQL Native Client For all other SQL versions select SQL Server 4 Enter a name for the connection and the SQL Server address can be the IP address or hostname For SQL Express enter servername sqilexpress Click Next 5 Select SQL Server authentication and enter your login credentials e g the SA account an
43. ON AND DISCLOSURE PROHIBITED 60 SECURITY 4 MODUSGATE ADMINISTRATION Step Action Purchase and install the server certificate s according to the issuer s instructions NOTE Certificates MUST be installed in the default local computer account or modusGate cannot use them In the modusGate console go to Encrypt Message Transmission gt Use certificate Select the certificate name and click Apply To assign different certificates to different IPs click Advanced Certificate Setup gt Add Enter the IP select the certificate name to be assigned and click OK Repeat this process for each IP certificate assignment required Select Enable SMTP Encryption and click Apply Stop and restart both the SMTPDS and SMTPRS services Optional select Force incoming and outgoing encryption for these IP Addresses to force specific encryption certificates to be used for certain IP addresses e If you force encryption for SMTP there may be interoperabil ity problems if the outside server does not use the same type of encryption protocols e You MUST NOT force encryption on the IP address between the modusGate server and your Web server UNLESS you configure the Web server as a secure site To do so continue with the following steps Install the Web server certificate s in the directory of the default local computer account In Internet Information Services IIS Manager select the default website or select the specific websi
44. Properties window Domain Key Properties Domain Name abc com Selecto alphabet alphabet _domainkey abe com IN TXT p MHwwDOYJKoZIhvcNAQEBBQAD aw wa JhALSGTOFGOuJms uwl w0 1 e2dKZK15nGIhZyl2KICchyd7nUKb6y PwWDYuZO g9jbPZIfkKcY d3meCbz3noSjPnoebwgcQHpe 4w07 bhtPD gzC9D wpxgLi0vMX6 QIDAQAB The public key string must be copied into your DNS text record Click Export string to copy the string to a text file Follow the steps below to configure the DNS record NOTE These instructions are specific to Microsoft DNS Server but should be similar for other DNS servers Open the DNS Server console and expand Forward Lookup Zones Right click the domain and select New Domain In New DNS Domain enter _domainkey and click OK Right click _domainkey and select Other New Records In Resource Record Type select Text TXT gt Create Record In Record Domain enter a name for the record e g DKIM In the Text field paste the public key string copied from the the modusGate Console COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 63 SECURITY 4 MODUSGATE ADMINISTRATION Step Action If using Microsoft DNS do NOT copy the parentheses or the quotation marks see example below p MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOOkPmcgqXxXXdTVieTo YfhlIA2HdoT k4P5aojObHnZgNrP24jaOZ1ITKYE QsdSTOJESbIqSNie7alGMC y VrKW907dMCZyY3RnwaO08sdStll9VAfr20f Z6i8bW YAExnvRHQIDAQAB If using Bind DNS you
45. ROHIBITED 95 RULES 4 MODUSGATE ADMINISTRATION e Presently these options cannot be modified Reload Every e Used to specify how often modusGate verifies if there is a new script available and loads it into memory e Presently these options cannot be modified Enable Attachment Size Verification e Used to restrict scanning for large attachments which can potentially slow system performance Do not scan messages with attachments larger than By default the system will not scan messages if they contain attachments that are larger than 950KB COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 96 QUARANTINE MANAGEMENT 4 MODUSGATE ADMINISTRATION Quarantine management Overview of features modusGate offers several methods for monitoring and controlling quarantined messages for administrators and end users alike 1 The Quarantine panel in the Administration Console gives the Administrator a global view of all users blocked messages 2 Quarantine Reports summary reports that can be sent to users ona scheduled basis See Quarantine Reports for configuration details 3 WebQuarantine a web application that users can log into to see a their quarantined messages in realtime and b view and modify their filter settings if allowed 4 directQuarantine for Outlook licensed separately but included with modusGate this program allows users to view quarantined messages in realtime
46. SCA engine e Custom filters based on language content are supported trusted addresses will bypass language filtering e Messages containing words or characters in several languages are given a language probability rating based on the weight of the content If the bulk of a message is in Italian it will be considered Italian and this is the code that will appear in the header envelope The probability rating determines whether the message is filtered or not e Ifthe bulk of the message is in a permitted language but contains words or characters in blocked languages the message will pass through e Messages considered spam are displayed in the high spam probability section of the Quarantine Reports and can be released by the user e The header tag is accessible to sieve scripts and allows for the creation of custom rules based on language such as exclusion rules The accuracy of language filtering depends upon the amount of text in the message body A higher number of characters ensures better accuracy Fewer than 256 characters in the message body could result in poor accuracy This may occur if you have added Unrecognizable to the Blocked Languages list From this panel you can set performance parameters to improve the performance of the spam engine Cache Size e Used to specify the number of entries to be kept in the performance cache COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE P
47. SMTP DS Helo CF Max server message size 30720 KB Use Compatibility Mode Do not enable this setting does not apply to modusGate Consider these SMTP errors as fatal when enabled you can specify a list of numerical error codes separated by a comma When modusGate encounters one of these errors from a another server it will bounce the message immediately without attempting to resend it Use high performance DNS client if the default DNS client is too slow when performing reverse DNS lookups an alternate high performance DNS client can be used instead Close SMTP Socket Connection Gracefully use this option if modusGate experiences problems with SMTP sockets that remain in an indefinite WAIT state This setting will enable modusGate to close the sockets Authenticated ETRN when enabled an SMTP client must first be authenticated through the AUTH command with a valid mailbox name and password before using the ETRN command Reject messages with empty bodies certain types of soam messages are sent with empty bodies and are therefore missing the final single dot that signals the end of transmission Using this setting blocks such messages and prevents processing issues on modusGate SMTPRS Banner Greeting use this option to create a custom banner greeting if desired This greeting is seen by external mail servers when they initiate a connection to modusGate COPYRIGHT 2011 BY VIRCOM REPRODUCT
48. SURE PROHIBITED 73 PHISHING 4 MODUSGATE ADMINISTRATION Phishing Phishing overview Phishing spam has become more prevalent and as such modusGate isolates it as a separate feature Messages with phishing content are handled like viruses However the scan behavior actually mimics that of spam the definition files are updated by the spam engine and by default the update occurs every 15 minutes Options Force scanning for all Domains and All users e Overrides individual settings for users and domains and forces scanning on all messages Do not use this function if you plan to allow domains and users override privileges Scanning Level e Select the level of aggressiveness for scanning Disabled Normal Strong or Extreme e Extreme is set by default but may produce False Positives If this occurs reducing it to Strong should provide a good balance between protection and little to no false positives When Phishing is detected Choose one of the following options for message handling e Delete message immediately e Block message into Quarantine Allow users to release phishing messages e This enables users to release phishing messages from quarantine in the event of a false positive e This feature can be enabled for specific users only if desired See the information below Domain controls Phishing settings can be configured at the Domain level in the Console Phishing Go to Domains gt select domain name
49. Unwanted content I Force scanning for all Domains and all Users Spam Scanning Level E3 Extreme Scan for these categories Categories When Spam is detected C Delete message immediately Block message into Quarantine Tag and let message pass through Tag Spam JV Disable scanning for messages sent by trusted source Force scanning for all Domains and All users e Overrides individual settings for users and domains and forces scanning on all messages Do not use this function if you plan to allow domains and users override privileges Spam Scanning Level e Select the level of aggressiveness for scanning Disabled Normal Strong or Extreme e Extreme is set by default but may produce False Positives If this occurs reducing it to Strong should provide a good balance between protection and little to no false positives COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 76 SPAM 4 MODUSGATE ADMINISTRATION ystem Trusted Senders Scan for these Categories The Vircom spam filter categorizes messages based on their content Click Categories to view the message types Select which ones you want scanned and uncheck those that should bypass the scan and be delivered When spam is detected Select one of the following message handling options e Delete message immediately e Block message into quarantine e Tag and let message pass through Enter a tag or label t
50. ae ees PND VIINI SHE De WEIO N eo se se _ Pees oes se s ooo J bee eed NT 350 eb ose ie Vircom copyright statement The contents of this manual are for informational use only and are subject to change without notice Neither Vircom nor anyone else who has been involved in the creation or production of this manual assumes any responsibility or liability for any errors or inaccuracies that may occur in this manual nor for any loss of anticipated profit or benefits resulting from the use of this manual This manual is protected by copyright laws and international treaties Your right to copy this manual is limited by copyright law and the terms of your software license agreement As the software licensee you may make a reasonable number of copies or printouts provided they are for your own use Making unauthorized copies adaptations compilations or derivative works for any type of distribution is prohibited and constitutes a punishable violation of the law Any references to names of actual companies products people and or data used in screenshots are fictitious and are in no way intended to represent any real individual company product event and or data unless otherwise noted directQuarantine modus and modusGate are all trademarks of Vircom Inc Windows Windows 2000 Server Windows Server 2000 2003 2008 IIS Internet Information Server Windows Exchange Serv
51. and the database when the expiry date is reached or when the maximum total size is reached whichever comes first You may optionally modify these settings e Message expires after enter the number of days COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 71 VIRUS 4 MODUSGATE ADMINISTRATION e Max Total Size enter the number of KB e Start job at enter a time using the format hh mm Performance These settings enable you to set parameters to improve the performance of the anti virus engine Enable Performance Caching Performance caching enables modusGate to recognize messages that have previously been scanned for viruses When a message with the same virus enters the mail system it is treated like the original e Virus scanning does not occur for these messages they are immediately quarantined or deleted according to your settings e This feature is useful when dealing with Internet worms that can send hundreds and thousands of copies to a mail server at one time e The infected file is only scanned once but all copies are treated in the same manner as the first one Cache Size Specify the number of entries to be kept in the performance cache Keep in Cache for Specify the lifetime of a cache entry Once time has expired the entry will be removed from the cache Enable Attachment s size verification You can restrict scanning for large attachments which can potentially slow sy
52. cannot be released through the report NOTE Reports will not be generated in the following cases a for people who have disabled reporting either at the domain or user levels and b when no new spam viruses or attachments have been caught since the previous report was generated COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 55 SYSTEM 4 MODUSGATE ADMINISTRATION To configure quarantine reports for the entire system Action Select Enable reporting License Key Agents Footer Scanning Order Services Global Aliases Settings System Databases Mail Delivery Perform Quarantine Reports Proxy Custom Errors IV Generate reports every fa x Hours 7 on Week days z Generate Now From 9 00 f To 17 00 x Last Report Time August 17 11 3 00 00 PM WebQuarantine URL hnttp localhast quarantine Test Url IV Allow one click release IV Add a link to permit Users to disable Quarantine reports I7 Users must login to change blocked trusted lists and quarantine report settings IV Allow users to access their report settings System Report Dea Set Report Content System Theme Default hd Display Name SES From Email Jpostmaster mm vm2k8 margot de Enable Generate reports every and set the desired frequency Note that the minimum hourly schedule is 3 hours this limit reduces the potential performance impact on the server If WebQuarantine is installed on t
53. cates a lower than average load and an arrow that is right of center indicates a higher than average load for the past 24 hours Service Status The following identifies the service status colors Green the service is functional Orange the service is in the process of starting or stopping Red the service is stopped A service may stop and start on its own because of updates In Windows go to Administrative Tools gt Services to verify the status of the service Performance Profile modusGate measures average component performance for the delivery processing time of messages passing through the system in the last second If no messages were processed in the last second the values will be zero O COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 126 APPENDIX A WEB APPLICATIONS 6 APPENDICES System Info The System Info panel provides version and update information for the various system components Click on a logo for information about each individual component e modusGate version license expiry number of mailboxes license limit e Windows Server version last reboot SCA spam engine version and last update e Norman McAfee where applicable version and last virus engine update Reporting This feature allows administrators to schedule and view system domain and user level statistical data The reports can be printed exported to PDF and Excel formats and emailed With the except
54. ceived Date Gren 4 gt Find Results Select which search string s to match Select Containing Beginning With or Exact Match and enter the text to search Wildcards can be used 4 Select to search All Domains or This Domain and enter the name You can optionally browse the domain list using the ellipsis button 5 Click Find to display the results in the Find Results window Double clicking an item in the results list will open the Quarantine panel to display the properties of the selected message The same Find Results will also be displayed in the Quarantine gt Find Results tab COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 111 SECTION 5 TROUBLESHOOTING TROUBLESHOOTING 5 TROUBLESHOOTING Troubleshooting This section provides help for the more common issues you may encounter with modusGate Vircom also maintains detailed information on its Knowledge Base site at http kb vircom com Kbase Connection Problem modusGate does not seem to be able to connect to Active problems with Directory Or when another LDAP Browser is used a connection still Exchange AD cannot be made Resolution There may be a network problem such as a firewall or network translator not set up properly To quickly rule out these problems is to telnet from the modusGate machine to the AD Port 389 or 3268 If something is preventing the connection the following error will appear Connect
55. ch as product renewal increasing users purchasing add on programs etc are updated via your license key and validated automatically by system Validate can be used to manually update changes but it is not necessary to do so Browse use this function to locate and select your license key text file if doing a manual validation The Users section displays the current number of licensed users and how many seats remain available An automatic process runs daily to synchronize the user names between modusGate and your authentication server such as Active Diretory LDAP and to remove any invalid addresses or those that are no longer active on the authenication server NOTE In some cases administrators flag certain mailboxes as inactive on the authentication server but must continue to keep and or receive mail for them These addresses may be automatically removed by modusGate s synchronization process To prevent their removal from modusGate do the following Inthe Console go to Users gt select the username that must be kept Inthe General properties tab enable Keep this user permanently gt Apply You may optionally use Disable Account to stop message filtering but keep the account in place Synchronize Now can be used to manually synchronize the user names Threshold Warning modusGate issues a warning notice when the number of users approaches 95 of the limit allowed by your license You may adjust this threshold to rec
56. coming mail setting this is required when configuring modusGate with a local internal mail server e Route for outgoing mail is only used if connecting to a mail server that is external to your network 4 Click Add Route enter the IP or machine name of your mail server Do not change the port number unless your mail server uses a different SMTP port Click OK to display the Properties screen the server s IP name and port number are displayed in the Route mail to host or IP address and Port boxes 5 Automatically populate user list this is an authentication method that checks if the recipient address exists on the mail server or not and dynamically populates the Users list as mail flows through modusGate All methods offer this security except SMTP Choose one of the following e SMTP use this only if none of the other options apply This is the least secure method as no authentication can be performed thus invalid addresses will be created in the user list and count against your user license Alias addresses are also unsupported and will be created as additional users When selected the adjoining boxes to the right should contain the same IP hostname and port as those entered in Step 4 e SMTP_VRFY is supported by most mail servers but must only be used if the mail server is protected by a firewall with no direct public access Without a firewall the list of valid user accounts can be easily obtained over the Internet
57. constraints the default maximum number of results is 100 This setting limits all searches It can be changed when performing searches but be aware that the higher the number the longer the search will take to execute COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 131 APPENDIX A WEB APPLICATIONS 6 APPENDICES Search Results The search results view can be configured to provide up to eight columns of information e Click on Settings to select which attributes to present in the search results Message Audit Column Settings Show Attributes in Message Audit M Sender T Source M Subject M Received M Size M Attachments M Scan Results M Status e To view the Message Audit Log details click on a particular entry to open the detailed view In addition to the information available in the search results view the log detail view provides the full transaction history for a particular message Log Detail View Sender errr Oe vircom com Message ID BO0000000730 msq Attachments Recipients Sege B vircom com Subject spamtrigg3rextreme Sent 11 19 2007 10 03 31 AM Scan Results Clean Source dina 127 0 0 1 Status Scanning 11 19 2007 SMTPRS Moved to spool invirus 11 19 2007 10 03 31 AM MODUSCAN Locked for processing i 11 19 2007 10 03 31 AM MODUSCAN Message BOOOOO00730 NSG 11 19 2007 10 03 32 AM MODUSCAN Clean 11 19 2007 10 03 32 AM MODUSCAN Scanning for forbidden 11
58. crypted with a password e Enabling this features ensures all zip files that have been password protected are blocked from entering your mail system Automatically quarantine messages with attachments larger than When enabled all messages with attachments larger than the specified size Cin KB will be quarantined A value of O means that there is no limit Forbidden This screen provides a ready made list of attachments that will Attachments automatically be blocked by modusGate such as BAT EXE and other files that often carry viruses and other malware However the contents of this can be completely customized The files are grouped by severity Normal Strong and Extreme to correspond to the filter aggression levels Expand the groups to see the file names As with all other filters the scan aggressiveness level for forbidden attachments can be adjusted at the system domain and user levels COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 85 FORBIDDEN ATTACHMENTS F A 4 MODUSGATE ADMINISTRATION However the list of file attachments can only be configured in this system level panel How to customize the list Use Add to enter a new attachment type and to select the filter level e Wildcards are accepted in the names Import will import a list from a text file e Using Import will overwrite the current list e This file must contain text strings with wildcards separated by a
59. d an alert notice can be sent to the second address in the x_mailer line e g to mydomain com In the Administration Console s Quarantine these messages will be tagged TRequires Your Approval in the subject field The WebQuarantine Quarantine view will display the subject specified in the script e g You have mail waiting for your approval The moderator is able to release the message and it will be delivered to the original recipient s with an additional header of X Sieve Moderate Cascading Sieve Scripts The sieve engine allows for multiple sieve scripts to be executed in cascading style Therefore the order in which your sieve scripts are listed in the Console is important Sieve script filtering for a given message ends because of three conditions e The message is rejected by the system either through a reject redirect or discard sieve command e A stop command is encountered in one of the scripts e The last sieve script in the list is executed completely Severity The Severity of a sieve script corresponds to how drastic the filter is when blocking spam There are three severity levels COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 93 RULES 4 MODUSGATE ADMINISTRATION Normal Will block less spam but ensure fewer false positives than scripts of higher severity Strong Will stop more spam but may increase the risk of false positives Extreme Ensures the capture of a
60. d Blocked Senders are the addresses from which you never want to receive Senders email Enable Blocked Senders List Click to create a list of domains and email addresses that will always be blocked regardless of the content Click Add to enter addresses e Domain names and email addresses are supported e Wildcards are supported e g domain com e It is possible to block an entire domain but allow mail from a specific address in that same domain EXAMPLE Blockall addresses from xyz com by entering xyz com to the Block List Then add john xyz com to the Trusted Senders List COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 79 SPAM 4 MODUSGATE ADMINISTRATION When a message is received from a Blocked Sender Select one of the following message handling options e Delete the message e Send to quarantine e Send to recipient with tag Enter text to be added to subject line and the message will be delivered instead of blocked SURBL Spam Links SURBLs differ from most other RBLs in that they are used to detect spam based on message body URLs these are links usually websites Unlike most other RBLs SURBLs are not used to identify soam senders Instead they allow you to identify messages that have spam hosts mentioned in the message bodies The lookup of email URLs is performed randomly in case spammers bracket spam links in the list with legitimate links at either end of the list To use thi
61. d password Click Next 6 Select the modus database and click Next Click Finish and Test Data Source to confirm a successful connection COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 25 SECTION 4 MODUSGATE ADMINISTRATION THE ADMINISTRATION CONSOLE 4 MODUSGATE ADMINISTRATION The administration console Navigating the console The Administration Console is designed to provide a high level of flexibility and control over the modusGate server configuration It gives you the option to set system level parameters that can be applied to all users or to customize particular settings for select domains and or users who require special mail handling rules To navigate through modusGate click on the Toolbar buttons at the top of the console You will then find a series of tabs or panels within each screen modusGate ASV N Version 5 1 LI mydomain com cae cesar r Search For I Domains Containing C Beginning With Exact Match Q F Users OOO M m User Alli 2 T sarai Maximum Results 100 fiai All domains C This domain 3 El Results 0 Items in Find Results Open Views The Sites View displays the machine name where modusGate is installed The Domains View lists the domains for which modusGate is filtering and or relaying mail e The list of domains Cif multiple is created dynamically once the Connections or routes
62. dentification section e Base DN enter your domain name using this format DC domain DC com EXAMPLE The domain is xyz com enter DC xyz DC com e User DN and Password enter the email address and password of the Administrator or mgate user as instructed in the Getting Started gt Exchange Server xx on page xx This format is sup ported by both AD and LDAP It is recommended to use the mgate account because its access to user information is restricted and therefore more secure If the mgate user has not been created yet enter the Administrator s information temporarily and then change it in the console s Connection screen afterward Repeat the above steps if required for each additional domain or mail server Test the connections After configuring a domain and route perform a telnet test to confirm that the connection works Use the following instructions Step 1 Action On the modusGate server go to a Command Prompt Start gt Run type cmd lt enter gt At the command prompt type telnet xxx xxx xxx x 25 lt enter gt where xxx the modusGate IP address Type helo x lt enter gt Type mail from xxx xxx com lt enter gt where xxx a legitimate sender s email address Type rcpt to yy yourdomain com lt enter gt where yyy an email address on your domain Type data lt enter gt Type subject this is a test lt enter gt Type from xxx xxx com lt enter gt where xxx the same email
63. e Disk Usage statistics so be aware of this when scheduling the Disk Usage report Questionable Activities Provides information about questionable email activities and can help identify potential abuse Highest Volume Senders Local Lists the top ten email senders by email address for all domains on modusGate The Unique Address Count measures the number of recipients per message Ifa message is sent to a mailing list the list is expanded to count the number of recipients and only applies to legitimate mail and spam that is tagged and passed Messages that are quarantined or deleted for spam F A or virus content are counted as one recipient It also can be used to help recognize spamming activity l e if one message is sent to 1 000 recipients it is likely soam Login Authentication Failures by IP Including Web Logins Lists the top ten failed authentication logins both internal and external by IP address Includes the authentication type the number of rejections and the failure rate This feature can help to determine if there were attempts to hack into modusGate COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 129 APPENDIX A WEB APPLICATIONS 6 APPENDICES Login Authentication Failures by Email Address Including Web Logins e Lists the top ten failed authentication logins both internal and external by email address i e who has attempted to log in e Includes the authe
64. e key If you do not yet have one please contact your Vircom Sales Representative at sales vircom com COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 12 INSTALLING MODUSGATE 3 INSTALL MODUSGATE Installing modusGate Overview The installer includes the following three components 1 The server application including the email gateway services and the Administration Console 2 The directQuarantine server application which enables users to access and control their quarantined messages from within Outlook This is an add on program that is licensed separately but is available for trial purposes and fully licensed users 3 The web components including WebQuarantine WebMonitor WebAdmin and WebPolicy Cif applicable to your license These can optionally be installed on a separate web server Install modusGate Follow the procedure below to install the modusGate Server application server Step Action 1 Log into the server using an Administrator account Click the exe file to launch the installation Accept the licence agreement and click Next to enter your license key Click Validate gt Next 4 Choose a Standard or Custom install Select Standard to install all components on the local server including the server application directQuarantine and the web components See the Custom options in Step 5 otherwise continue at Step 6 COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PRO
65. e system level These switches allow you to turn filters on or off system wide to force certain settings for all users or to set special permissions for select users In general modusGate checks for and applies the scan controls in this order 1 User 2 Domain and 3 Server However custom filters or sieve scripts can be configured in the Rules section to run before all scanning to ensure that user settings do no bypass company policies COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 67 VIRUS 4 MODUSGATE ADMINISTRATION Virus The Virus controls are separated into 2 layers of tabs Properties and Preferences seen at the bottom of the panel This section begins with the Preference settings which is where you set the scan levels and message handling rules Options Virus scanning is automatically enabled to scan inbound messages from the Internet Messages are always scanned for dangerous content prior to spam scanning For better performance attachments are filtered first before viruses however this order can be changed in the System gt Scanning Order settings e If you also wish to scan users outbound email you must configure your Exchange or other mail server to route these message to modusGate prior to sending to the Internet Options Alert Sender Alert Recipients Y Enable message scanning for Viruses Force these settings for all Domains and all Users Virus Scan
66. e two substitutions that will insert text based on the message being scanned and the results of the scan e Insert the sender name of the infected message enter i s Insert the scan report from the anti virus engine enter 2 s Properties settings The following sections describe the settings in the Properties tab bottom of the Virus panel Properties provide details about the virus scan engine and the update process General This panel provides general information about the virus scan engine including the last online update check and when the last download of the virus definitions occurred m Norman Anti Virus Information The last update check was performed on 12 6 2007 6 57 58 AM Result No update received The virus definitions file was last updated on 12 5 2007 7 49 15 4M Engine 5 91 0008 virus 5 90 12 4 2007 macro virus 5 90 11 8 2007 View last update info J Accept automatic high priority virus definition updates Warning Updates will be sent immediately before any quality assurance testing COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 70 VIRUS 4 MODUSGATE ADMINISTRATION The information you see in this panel will depend on your licensed version and may display update details for the Norman engine the McAfee engine or both View last update info e This opens a text file which provides the URL for new virus signature information on the Norman
67. e written to the quarantine database If none of modusGate s filters detect suspect content the message is sent to the Incoming directory to begin the delivery process Incoming In modusGate L where Invirus does not exist this directory holds messages received by the SMTP receiver In all other versions it receives messages that have first undergone scanning The SMTP Delivery Agent also places messages here such as non delivery reports Holding The SMTP Delivery Agent moves messages from the Incoming directory into this directory when attempting to deliver the messages COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 116 TROUBLESHOOTING 5 TROUBLESHOOTING Domains e When a message is moved into the Holding directory the Delivery Agent creates a subdirectory within the domains directory for each domain to which a message is addressed e g gmail com yahoo com etc e Ifthe message is for a local user it creates a subdirectory called local e Each subdirectory stores routing information and information about the message recipients on that domain The message itself stays in the holding directory until it can be sent to the destination address Dead e This directory stores messages addressed to the Postmaster but which cannot be delivered e It also collects messages that have caused a mail loop e A text file describing the reason for their death is provided with the mes
68. eceiveConn 2 If you are using Exchange 2007 or 2010 it must be configured to accept mail relay from modusGate Please use this Microsoft Technet article for configuration instructions http exchangepedia com 2007 01 exchange server 2007 how to allow relaying html 3 Ensure that you have an account with Read permissions on the Active Directory Global Catalog this account and its password will be required when configuring modusGate You may use your Administrator SA account but it is recommended to create a new account for this purpose Follow the steps below to create a new account 4 Log into the Domain Controller Server and go to Start gt Programs gt Administrative Tools gt Active Directory Users and Computers Expand your domain name right click Users and select New gt User 6 Enter mgate in First name copy it to User logon name and click Next Configure the Password uncheck User must change password at next logon check Password never expires and click Next through the remaining screens to finish creating the user Click on View gt Advanced Features Select Security click on Add and enter mgate 10 Under the Allow column check Read and click Apply COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 10 SECTION 3 INSTALL MODUSGATE BEFORE YOU BEGIN 3 INSTALL MODUSGATE Before you begin Preinstallation Before beginning the installation please review the follow
69. ect a message in the Results list to view the message details in Properties Message Shows the body of the quarantined message in the window along with the From To Cc Subject Sent date and any attachments Headers Shows the complete message header details Raw Source Allows you to safely view the contents of a message to determine if it should be released or not without risk to your mail server Using Quarantine Results Click on the tabs to browse messages in Spam Attachments Viruses and Phishing each line in the Results window represents a blocked message Refresh e Refreshes the list of messages in quarantine e When users delete items from their WebQuarantine there is a slight delay before the value is registered in the Results window Release e Releases messages from quarantine and delivers them to the intended recipient s e Viruses cannot be released by default but the option can be enabled by making a change in the registry Open the Registry Editor Go to HKEY_LOCAL_MACHINE SOFTWARE Vircom VOPMail Create anew DWORD named ScanAllowedVirusesRelease Assign one of the following values 0 default No virus can be released from quarantine 1 Only viruses identified as Possible virus can be released 2 All viruses can be released If any other value is used O will be assumed NOTE Allowing the virus release affects only the console and administrative actions end users are never allo
70. ed from both the quarantine folder and the database when the expiry date is reached or when the maximum total size is reached whichever comes first You may optionally modify these settings e Messages expire after enter the number of days e Max Total Size enter the number of KB Postmaster You can optionally notify the system Postmaster when a forbidden attachment is detected e Enter the name of the postmaster default is Postmaster Enter the email address for the postmaster account This must be a valid account on the system Preference settings Use the bottom tabs to access the Preference settings to configure the system level scan controls Options Set the scan level and message handling rules for the attachment blocking engine Detect forbidden attachments within compressed files e Scans compressed files for forbidden attachments Force scanning these Settings for all Domains and all Users e Overrides the individual settings for users and domains and forces all users mail to be scanned at the selected level Attachment Scanning Level e Used to select the level of aggressiveness for attachment scanning Normal Strong or Extreme e If Disabled is selected attachment scanning is turned off Set the message handling options COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 87 FORBIDDEN ATTACHMENTS F A 4 MODUSGATE ADMINISTRATION Alert Sender Alert Recipients
71. efore spam scanning x Line 1 Column 1 Filter by Fron To if header contains from user annoying com discard stop if header contains to user annoying com discard stop On the same line if header contains from to user annoying com discard stop Filters by subject if header contains subject Viagra for less discard stop x gt 2 Enter the script Name and Description where indicated 3 Set the Security Level Normal Strong or Extreme COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 90 RULES 4 MODUSGATE ADMINISTRATION Step Action Set the Scan Sequence e Before all scanning After security checks are passed these rules have the highest priority and are run before ALL scan filters including trusted and blocked sender lists AND Virus and Attachment filters This option should therefore be used rarely and with caution e Before spam scanning default setting Rules are applied after virus and attachment scanning but before any Trusted Blocked sender lists and other filters are run e After all scanning These rules are applied last after all other filters have run Type the text directly into the window or copy and paste existing text Click Compile to verify for syntax errors e If there are no errors No errors will appear lf there are errors an error message will appear e g Line 8 Column 11
72. eive these warnings earlier using a lower percentage e g 80 or later using a higher percentage e g 98 EXAMPLE _ if the maximum number of mailboxes is 500 and the threshold is set to 95 a warning message appears when there are 475 users on your system COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 39 SYSTEM 4 MODUSGATE ADMINISTRATION Footer Domain controls Footer User controls Footer Settings From this panel you can enter footer or disclaimer text to be inserted at the end of every outbound message sent from the mail server To use this feature you must configure your mail server to route outbound messages i e to non local email addresses through modusGate Footer settings can be customized per domain e Go to Domains gt domain name gt Footer Enable Override default message settings and Append this message to the end of each outgoing message e Enter your text select Format and click Apply Footer settings can also be customized per user e Go to Users gt user name gt Footer Enable Override Domain Default Settings and Append this message to the end of each outgoing message e Enter your text select Format and click Apply This panel contains general server settings such as the directories for the mail spool and system logs Mail Spool Directory this is the location of the message spool or queue The spool can optionally be moved to another drive o
73. ename the Quarantine inbox folder to Quarantine inbox old In Services start the MODUSADM service modusGate should start processing the backlog CAUTION The problem will likely occur again if you continue using an MS Access database e Using an SQL Server or SQL Server Express database is recommended Inthe interim if users consent a work around is to delete spam instead of sending it to Quarantine e Inthe Console go to Spam gt Preferences gt Options e Select Delete the message immediately Sieve script mistakenly capturing test messages If test messages are being captured and sent to Quarantine check that your custom sieve scripts are set up properly NOTE Do not set your Quarantine to Delete Soam when testing custom sieve scripts This setting will not effectively determine if the sieve scripts are causing problems Third Party anti virus blocks messages and locks files Some customers run third party anti virus software on the same machine as modusGate This can cause problems on modusGate versions that provide scanning because the other AV program often locks files as modusGate attempts to scan them interfering with message processing COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 118 TROUBLESHOOTING 5 TROUBLESHOOTING To avoid this situation ensure that your third party anti virus package does not scan the following folders and their sub folders e modusGate Spool
74. er Active Directory Windows SQL and Microsoft Outlook are either registered trademarks or trademarks of Microsoft Corporation in the United States and or other countries All other products or services mentioned in this document are identified by the trademarks or service marks of their respective companies or organizations modusGate is based on the Professional Internet Mail Services product licensed from the University of Edinburgh Certain algorithms used in parts of this software are derived from the RSA Data Security Inc MD5 Message Digest Algorithm Copyright 1995 2011 Vircom Inc Vircom Inc 460 St Catherine W Suite 600 Montreal QC Canada H3B 1A7 For more information contact Customer Support at 1 514 845 8474 Toll free at 1 888 484 7266 Sales at 1 514 845 1666 Ext 1 or visit our website at www vircom com COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 2 SECTION 1 INTRODUCTION ABOUT THIS MANUAL 1 INTRODUCTION About this manual Intended audience Purpose and scope Formatting conventions This document is written for administrators installing and configuring the modusGate application in a Windows Server environment It is assumed that the reader is familiar with e Microsoft Windows operating system e Vircom concepts e Microsoft SQL servers This document is designed to provide you with instructions to install and configure modusGate S
75. er SMTP_VRFY or Exchange Active Diectory These aliases are usually detected and added to the users properties automatically Configuring Global Aliases Should you need to use this feature follow the directions below Step Action 1 Click Insert to add an alias Insert Global Alias f xj Mask Map Io cmos EXAMPLE You want mail addressed to domainA com to be redirected to domainB com 2 Enter the alias address in Mask i e domainA com from the example above Wildcards are accepted e g domainA com 3 Enter the destination address in Map To i e domainB com from the example above and click OK This must be an actual address on the system it cannot be an alias Wildcards are accepted e g domainB com 4 Use the Up and Down buttons to set the priority Aliases are processed in the order listed Wildcards must be placed at the end of the list COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 43 SYSTEM 4 MODUSGATE ADMINISTRATION Step Action 5 Optional use Import to populate the list using a text file You must enter a single alias destination pair per line using the format mask address map to address Enter a space before and after the colon EXAMPLE domainA com domainB com 6 Use the Find button to search the list Wildcards are supported Domain controls Domain alias names can be configured in the console Aliases Inthe toolbar click D
76. ernal email domain in its primary SMTP address attribute Exchange re routes the message to the user s specified external account COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 138 APPENDIX C INTERACTING WITH EXCHANGE 6 APPENDICE T n Example Local domain mymaildomain com Domain configured in modusGate mymaildomain com Local user s primary email attribute user mymaildomain com External user s primary email attribute value user2 hismaildomain com External user s secondary email attribute value user2 mymaildomain com If mail is sent to userl the message is processed normally and delivered to userl s mailbox If mail is sent to user2 the external account is added as an alias to the account hosted in modusGate so that mail is delivered to user2 s mailbox Users with external accounts cannot log into WebQuarantine with their alias addresses They can only log into WebQuarantine with an account entered in the users directory COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 139 APPENDIX D TRUSTED AND BLOCKED SENDERS BEHAVIORS 6 APPENDICES Appendix D Trusted and Blocked Senders Behaviors This section provides information about the behaviors for the Trusted and Blocked Senders lists including the way various security checks are processed Trusted and Blocked Senders lists can be created at the system domain and user levels The foll
77. erver and its web applications The following formatting conventions are used in this document The text attribute Is used for Bold New terms defined for the first time Hyperlink Clickable links to the referenced topic Italic Titles used in cross references and other Vircom documents Franklin Gothic Book All output text labels from a graphic user interface font and for anything you would type into the user interface lt Key gt Keyboard keys like lt Ctrl gt lt Alt gt lt Shift gt lt Del gt etc Product names The following product names are used in this guide The term Means modusGate L Email relay gateway with network level security only does not include anti virus or anti spam protection modusGate AS Email relay gateway with anti spam protection including phishing and attachment blocking custom sieve scripts and a full year of SCA spam engine updates modusGate AV Email relay gateway with anti virus protection Comes with a full year of virus protection from McAfee or Norman Data Defense modusGate ASV Email relay with both anti spam protection and anti virus protection including spam phishing virus and forbidden attachment blocking Comes with a full year of virus protection from McAfee or Norman Data Defense COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED HELP AND SUPPORT 1 INTRODUCTION Help and support Contact Vircom Ifyou have specific questions concernin
78. erveraddress webmonitor login aspx System Health The System Health screen provides the following information e System Status Hardware resource usage and networking information Click on a graph icon to see performance trend graphs for the last hour the last 24 hours and the last week COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 124 APPENDIX A WEB APPLICATIONS 6 APPENDICES System Activity Inbound and Outbound connections Processing and Message Delivery queues WebQuarantine connections Cif installed on a separate server this will not be available Performance Profile Average performance rates for messages processed in the last second System Info Version and update information for all systems Service Status Indicates the status of the various services Virus Filter Trend Graph Display localhost modus System Health Reports Logout Service Status Receiver Delivery Modusscan ModusAdmin Quarantine Manager There are 3 graphs depicting trends Mailboxes used 3 6 Memory Usage 5 5 System Disk Free 0 0 Mailbox Disk Free _ 0 10 Inbound Connections Outbound Connections Spool Disk Free Quarantine Disk Free s 5 Networking o o gt 10 o amm 10 pepee T Processing Queue Message Delivery Queue pes DNS Response o secs z o RBL Response 0 secs g 10 ces n WebQuarant
79. ether or not it is running e start starts the SMTPRS server e stop stops the SMTPRS server COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 137 APPENDIX C INTERACTING WITH EXCHANGE 6 APPENDICES Appendix C Interacting with Exchange This section explains how modusGate interacts with Exchange and Active Directory Disabled user objects e When an account is disabled in Active Directory it can no longer access the server to use server and network resources e Mailbox attributes assigned to the disabled account may be kept e When modusGate performs a lookup on an AD object it does not check the status of the account enabled or disabled It looks for specific flags to determine if the user s mailbox is enabled This ensures that if Exchange is routing mail for the object modusGate creates an account for the object and route mail to the Exchange server for processing Secure LDAP with AD e When modusGate performs LDAP authentication over a SSL secured link with a Domain Controller AD only accepts User DN values in the form of username domain local When modusGate searches for account information while performing user authentication it uses the user principal name as the default authentication account e Ifthe user principal name is not used you will need to fill in this account Forwarded accounts e When an email enabled account in Active Directory specifies an ext
80. from modusGate You will need a copy of your modusGate installation file and the modusGate license key Step 1 2 Action Log into the server using an Administrator account Copy the modusGate exe file to this server and click to launch the installation Enter the same license key you used on the modusGate server and click Validate gt Next NOTE The license key must match that of the modusGate server or the web components will not work Select Custom and ensure that only Administration and Reporting Services are selected Verify the installation path and click Next Note that all web files will be installed together Click Next to complete the installation Follow the instructions below to ensure that each of the web components communicates properly with modusGate Modify the web WebQuarantine configuration files Step 1 Action Open Windows Explorer to the Vircom Web Quarantine directory Locate the WebMailSvr ini file and open it with Notepad Locate the host xxx xxx xxx xxx and verify that it shows the IP address of the local Web server Locate the SmtpServer xxx xxx xxx xxx address and change this to the IP of the modusGate server The POP3 and IMAP address default to the localhost leave these as is they are not used Locate DomainName machine_name mydomain com change this to match the primary domain as it appears on the modusGate Console Save the changes COPYRIGHT 2011 BY VIRCOM REPR
81. g the use of one of our products Technical Support Please contact the Technical Support team at Vircom Inc team Web E mail Phone Toll free Fax Working hours http www vircom com support vircom com 1 514 845 8474 1 888 484 7266 1 514 845 6922 Regular business hours 7 30 AM to 6 00 PM EST Monday Friday Knowledge Base For additional information please see Vircom s Knowledge Base at http kb vircom com kbase The Knowledge base contains the most recent versions of all modusGate documents bulletins fixes and patches known issues and configuration how to s Related documents The documentation set for modusGate includes the following WebQuarantine User Guide directQuarantine Administration Guide They can be found in the modusGate Documents directory Vircom modusGate Documents and in the Knowledge Base COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 5 SECTION 2 GETTING STARTED CONFIGURATION REQUIREMENTS 2 GETTING STARTED Configuration requirements modusGate integration Deployment scenarios modusGate is a comprehensive email security gateway server that is compatible with Windows Server 2003 Windows Server 2008 2008 R2 and Virtual Machines VM It integrates with Microsoft Exchange Lotus Domino and any standard SMTP server Because modusGate was designed primarily to work with Microsoft Exchange this section of the documen
82. he host machine COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 147 GLOSSARY 7 GLOSSARY COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 148
83. he modusGate server the WebQuarantine URL should display http localhost quarantine If WebQuarantine is installed in a separate server enter the URL as above but replace localhost with the web server s IP Or if you prefer enter the web address according to your configuration in IIS e g http www mycompany com quarantine Click Test to ensure that a URL test successful message appears in a web browser on the modusGate server The test must succeed for the quarantine reports to function properly COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 36 SYSTEM 4 MODUSGATE ADMINISTRATION Step Action Select from the following access control functions Allow one click release allows users to release their quarantined mail using the links within the Quarantine Report Add a link to permit Users to disable Quarantine Reports allows users to opt out of receiving the Quarantine Report e To enable this function you must first go to the Web section of the console gt Allowed User Properties gt Edit enable Reporting Frequency and click Apply Users must login to change blocked trusted lists and quarantine report settings this forces users to authenticate before making any changes to these settings Allow users to access their report settings provides a link in the Quarantine Report that provides users with direct access to their settings in WebQuarantine COPYRIGHT 2011 BY
84. hem to the Security gt Trusted Address List gt SMTP Security Trusted Address settings Perform a lookup for SMTP host in the Real time Whitelist Servers Enable any of the specified Real time Whitelist servers available for use with modusGate Ifthe sender s server information is approved by the Whitelist servers it bypasses the modusGate connection settings However the content is still subject to soam and virus scanning Cif applicable Real Time Blacklist This feature allows you to connect to a Real Time Blacklist RBL to verify if mail senders are blacklisted RBLs are 3rd party databases that contain lists of IP addresses belonging to known spam sources modusGate checks incoming mail against these RBLs and if a sending server s address is found on any of the lists its mail will be blocked Select the RBL servers where the look up will be made e Click on RBL Servers to enter the IP address or DNS server name for the RBL s RBLs can be aggressive and may cause legitimate mail to be blocked from entering your mail system For a list of recommended RBLs and their aggression levels see http kbase vircom com kbase default asp id 1553 amp SID amp Lang 1 Select the host IP s that will be excluded from the look up e P Exclusion enter the IP addresses that will bypass the RBL lookup Ifyou must allow email from an RBL listed server add its IP to the exclusion list to ensure mail delivery Alte
85. his frequency e These updates only affect the filters that Vircom supplies Any custom scripts you create will remain intact Auto Cleanup These settings allow you to specify when a message is deleted from the spam quarantine Messages are removed from both the quarantine folder and the database when the expiry date is reached or when the maximum total size is reached whichever comes first You may optionally modify these settings e Message expires after enter the number of days e Max Total Size enter the number of KB e Start job at enter a time using the format hh mm Domain controls Most spam scan preferences can be configured in the Domain properties in Spam the console but there are some exceptions COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 81 SPAM 4 MODUSGATE ADMINISTRATION e Enabling Force scanning for all Domains and all Users in the System level Spam settings will block the use of Domain overrides e Auto trust sender settings are available at the System level only e SURBL settings are available at the System level only To configure Domain overrides Go to Domains gt select domain name gt Spam Trusted Senders Blocked Senders Enable Override server default settings and configure your preferences NOTE The Domain level Trusted Senders panel provides an additional option for Exchange Server users Trust Exchange Users Contact Lists This setting enables
86. ich forged messages are handled is left to the discretion of the receiving server s administrator COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 65 SECURITY 4 MODUSGATE ADMINISTRATION While DKIM does not prevent email abuse it allows abusive domains to be tracked and detected thus helping to prevent fraud By identifying the sender s domain domain based trusted and blocked senders lists are more effective as is detecting phishing The absence of a DKIM signature indicates that email could be forged i e a forged source email address or domain Please consult the following RFC for more information http www rfc editor org rfc rfc4871 txt COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 66 CONTENT FILTERS 4 MODUSGATE ADMINISTRATION Content Filters Overview of content filtering The following sections describe the content filter controls applicable to modusGate AS AV and ASV versions Each filter type allowed by your license virus attachment and or spam is enabled system wide when modusGate is installed and set to the highest level of security Domain and User settings exist for all filter types except if you have an unlimited license Scan aggression levels can be configured per domain or per user providing greater flexibility and user control Administrators have ultimate control over all filters however through the use of master switches at th
87. il from or rcpt to fields e g lt user domain com gt e Standardized email clients such as Outlook Outlook Express and Netscape support this format Validate Sender Addresses e Performs a reverse DNS check on the sender s address e Recommendation set Cache Size to 9000 and Keep in Cache to 240 Enable Bounce Address Tag Validation BATV BATV checks for backscatter soam or misdirected bounces Backscatter occurs when a mail server receives spam and legitimate email and sends bounced messages to the recipient However with spam the original MAIL FROM field usually contains a legitimate but forged email address During a spam wave a mail server may generate bounces to the forged MAIL FROM addresses thus redirecting the mail to the legitimate email address who is the real target of the soammer This could result in the server s IP address being placed on DNS blacklists When BATV is enabled SMTPDS adds an encrypted tag to the MAIL FROM field of all outgoing messages If a bounce returns without a tag then we know it did not originate from modusGate The message is either rejected or quarantined depending on your settings Additionally e Validation is performed after the RCPT TO command so that messages are blocked before their content is transferred e If an address is invalid modusGate processes it as a permanent failure by returning a 550 response to the SMTP command containing the address COPYRIGHT
88. ine connections PAO Lh Current refresh rate is 1 sec s Monitoring D8 Query O secs Spam Filter o secs 0 secs Sieve DS Query Moans um 4718 2012 Quarantine D3 Query License Limit 50 e Last hour average readings at 20 second intervals e Last 24hrs average readings at 8 minute intervals e Last week average readings at hourly intervals modusGate ASV N Version 5 0 Version 5 0 916 0 License Expiry COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 125 APPENDIX A WEB APPLICATIONS 6 APPENDICES Activity Gauges The activity gauges provide a reading of the number of connections or messages that are being processed and the number of messages in the delivery queue at the time of reading Since the page refreshes every second the gauges display the most current system information The gauge increments are determined dynamically and always in round numbers i e 10 100 or 1000 depending on the amount of traffic on the system e The lower threshold is rounded down to the lowest number of activity experienced by the system in the last 24 hours e The highest threshold will be rounded up to the highest number of activity experienced in the last 24 hours e Example If in the past 24 hours the lowest number of inbound messages is 9 and the highest is 367 then the Inbound Connections activity gauge increments are between O and 400 Anarrow that is left of center indi
89. ing To 192 168 0 112 Could not open a connection to host on port 389 Connect failed Problem The Exchange Server and modusGate are not working properly when installed on the same PC Resolution Open the Exchange System Manager Go to Servers gt ComputerName gt Protocols gt SMTP gt SMTP Virtual Server Right click on SMTP Virtual Server gt Properties Make sure the All unassigned is selected in the list box and that the port number is changed to something other than Port 25 under the Advanced tab If you absolutely need to define an IP address enter the IP address that is specified in modusGate s Connection panel in the Console when you are configuring the connection Otherwise the Exchange service will not be reachable Problem Is my Domain Controller using the Global Catalog Resolution On your Active Directory Domain Controller click on Start gt Programs gt Administrative Tools gt Active Directory Sites and Services e Expand the site name by default this will be called default first site name Expand the Servers folder Expand the server to be verified Named vs Default e Right click on NTDS Settings and select Properties COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 113 TROUBLESHOOTING 5 TROUBLESHOOTING e Check whether the Global Catalog checkbox is enabled Problem Aliases from other domains are not working or cause unwanted results Resolution
90. ing checklist of checklist configuration requirements These will ensure that modusGate is fully functional after completing the install Item Action 1 The server must be configured with a static IP and at least 1 DNS server address Go to Local Area Connection settings gt Properties gt Internet Protocol TCP IP gt Properties 2 The domain name must be specified in the Network Identification properties Go to My Computer gt Properties gt Network Identification gt Properties Confirm that the computer name appears in the Computer name field Click on More gt Primary DNS suffix for this computer and enter your domain name The server must be rebooted after this change NOTE If this information is missing the modusGate installer will automatically prompt you to enter it at the end of the install process and launch a server reboot 3 IIS 6 0 or above is already installed Both NET Framework versions 3 5 SP1 and 4 0 Extended are installed 5 Microsoft s built in SMTP service is either disabled or set to manual required to prevent conflicts on port 25 Go to Administrative Tools gt Services and set Simplified Mail Transport Services to Stop 6 Verify that the following ports are open to allow for automatic spam virus and license key updates and Web component access e Port 80 for HTTP e Port 443 for HTTPS e Ports 31804 31805 and 31806 for the Web components License key Verify that you have your licens
91. ion about the Auto Trusted List It can only be configured at the system level e ls disabled by default e Auto trusted addresses are added to each user s trusted senders list but are not visible to the users COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 78 SPAM 4 MODUSGATE ADMINISTRATION e Because auto trusted entries cannot be viewed or edited blocked senders lists take priority during scanning e An X SCA Stop header X SCA Stop autotrust appears when a message is auto trusted and is used by moduscan to display the sieve script execution results e When the maximum number of addresses is reached the record with the oldest timestamp is removed e The mail server s IP address must be listed in the routing table in modusGate Console see Connections e When recipients reply to messages sent from local users the originating IP address will be compared to the routing table to establish trusted local users and build their auto trusted lists Enable System Trusted Senders List Create a list of trusted domain names and email addresses that will bypass the custom Blocked Senders List the Vircom filter engine and your custom sieve scripts This is especially useful if you experience false positives e Addresses in this list apply system wide Click Add to enter addresses e Domain names and email addresses are supported e Wildcards are supported e g domain com System Blocke
92. ion of the System Overview panel statistical data presented is for the previous day However statistics can be shown for a particular day week month or year The date and time of report generation is displayed with the report title System Overview The System Overview provides a snapshot of the system activity for the previous day the previous week and the previous month Mail Traffic Spotlight displays the previous day s most active sender and recipient of legitimate messages spam and viruses Trend Watch presents a statistical comparison for the past day week and month for the following measures e Mail Traffic Overview Provides information for the total messages scanned with a percentage breakdown for legitimate and blocked messages e Blocked Content Breakdown Provides blocked content information in percentages for messages blocked by each filter COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 127 APPENDIX A WEB APPLICATIONS 6 APPENDICES e Security Overview Provides the number of total connections received by modusGate with a percentage breakdown for connections accepted and connections blocked by all security measures System This section provides the following statistical information for the modusGate system Domain Users Y Mail Filter Statistics Security Statistics B Sender Statistics E Recipient Statistics Q Disk Usage Statistics P Questionable Ac
93. iruses so you may want to use those features instead of the notification process Enable Alert Notifications to Recipients e This must be turned on at the server level to be able to set individual controls at either the domain or user levels Recipients receive notification e This server level override function allows you to reset individual domains and or users settings to force everyone to receive alerts e Enter the Name Address and Subject for the alert messages Select the message to be used for the alert e Use the default message Use message from file create a custom TXT or HTML file containing the notification text and browse to select the file name e Use current message plain text enter your text in the window below COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 69 VIRUS 4 MODUSGATE ADMINISTRATION Attach cleaned message e When enabled a copy of the cleaned message without the virus will be sent as an attachment to the notification email e If the virus cannot be removed the message will be quarantined e When disabled the recipient will only receive notification of the email message and the original will be quarantined Encoding e Specify the text format either Text plain or Text HTML Remember to enter the HTML code in the message body or specify an HTML file if you are pointing to a file Alert Substitutions In the alert notifications you may us
94. ist must be populated in advance either manually or by using SMTP until the list is complete e Exchange 5 5 Using this option requires configuring custom attributes to be used with LDAP and is therefore not recommended It is preferable to use SMTP_VRFY instead which must be configured on the Exchange server Open the Registry Editor on the Exchange 5 5 Server Go to HKEY_LOCAL_MACHINE System CurrentControlSet Services MSExchange Parameters Right click and select New gt DWORD value Enter EnableVRFY Double click EnableVRFY gt Value data and enter 0x1 6 Authentication Requests this is required to validate the login credentials to access the WebQuarantine and WebMonitor programs This setting must be consistent with what was selected for Automatically populate user list The servername IP and port fields must also match the settings above e Use SMTP Auth if either SMTP or SMTP_VRFY was selected above e Use Exchange 2000 2010 if selected above e If OpenLDAP was selected above you may choose either OpenLDAP or SMTP Auth e POP3 is used only in rare circumstances if SMTP Auth is not supported by your mail server If selected you must also enable Strip domain name from Authentication requests COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 21 CONFIGURING ROUTES 3 INSTALL MODUSGATE Step Action If you had selected Exchange or OpenLDAP in Step 5 complete the LDAP I
95. ithout an appended number The older logs are numbered sequentially Maximum File Size the default size ensures that the log can easily be opened with Notepad or another text editor If you change the size simply click Apply there is no need to stop any services Log File Lifetime Enter the number of days a particular log file will be stored on the server At the end of the life span the files are deleted e Ifthe value is set to O the files are never deleted COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 102 LOGS 4 MODUSGATE ADMINISTRATION Below is a summary of the options for each of the log types Log Name Event Description STATISTICS Logs the following counters SMTPRS e SMTPRS NB_CONNECTION Records the total number of connections to the SMTPRS service for all logins e SMTPRS NB_RECEIVED_MSG Records the total number of messages received by the service e SMTPRS NB_SERVICE_START Records the total number of times the service has been restarted SMTPDS SMTPDS NB_MSG_SENT Records the total number of messages that have been sent by the service e SMTPDS NB_LOCAL_DELIVERY Records the total number of messages that have been delivered to local domains and mailboxes by the service e SMTPDS NB_SERVICE_START Records the total number of times the service has been restarted SERVER Services Start and Stop An entry is made whenever a service is started or
96. ld process spam messages and configure the spam filter by category Reporting configure the user s Quarantine Report frequency and content e Trusted Senders manage trusted senders for the user e Blocked Senders manage blocked senders for the user e Language Filter specify how modusGate should process messages with foreign language content and configure blocked languages e Aliases manage aliases for the user e Quarantine manage delete and release the user s quarantined mail by category spam attachments phishing and viruses e Message Audit manage the user s message audit settings COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 136 APPENDIX B FORMAL COMMAND SYNTAX 6 APPENDICES Appendix B Formal Command Syntax The SMTPDS and SMTPRS services may be controlled from a command line by using command line arguments The following options apply for both SMTPRS and SMTPDS Syntax smtprs remove install version ipaddress status start stop Options e install adds the SMTPRS server to the list of installed services remove removes the SMTPRS server from the list of installed services and will delete the SMTPRS server specific configuration information from the Registry version reports the version number of SMTPRS server e ipaddress reports the IP address es used for SMTPRS connections e status reports the current status of the SMTPRS server i e wh
97. les 7 Ifthe message is clean it is then passed to the SMTPDS service for delivery relay to the mail server modusGate is configured to scan messages for Forbidden Attachments prior to scanning the content for Viruses This order is designed to reduce processing load on the server and increase the speed of message handling You may optionally reverse this order but you must stop and restart the MODUSCAN service to register this change Multiple databases are configured automatically during the modusGate installation These include the Message Audit Quarantine Monitoring and Sieve containing Vircom s spam definitions and any custom filters you might create All are stored in the Default location however settings can be modified for individual databases EXAMPLE If you have a large number of mailboxes on your system e g 500 or more you should create a separate Quarantine database to ensure better peformance Apply Performance Quarantine Reports Proxy Custom Enrors License Key Agents Footer Scanning Order Services Global Aliases Settings System Databases Mail Delivery r Default Database Settings Message Audit Quarantine Database Monitoring Database Sieve Database Use Default Database Use Default Database Use Default Database Use Default Database Database Type Microsoft SQL Server Server or IP Address SQLEXPRESS Database Name Modus oa User Name Modus Pas
98. lmost all soam within their category but may cause a larger number of false positives Categories A script s category defines a script in more detail Categories are numerous and can include such things as e phishing viruses e phishing diet e phishing piracy Levels of Severity Scripts belonging to the same category but with different levels of severity are complementary To receive full protection against soam in the phishing viruses category for instance enable all three sieve scripts e phishing viruses normal e phishing viruses strong e phishing viruses extreme Language Filter The language filter can be set to block spam based on foreign languages and character sets This feature enables you to select which languages to block from a pre set list By default all languages are allowed Message handling options include e Delete message immediately e Block message into Quarantine e Tag message with a subject message and allow it to pass through COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 94 RULES 4 MODUSGATE ADMINISTRATION Performance Select language content to block e Click on to add a language to the Blocked Languages list e Click on to remove language from the Blocked Languages list Foreign Language Behavior e Scanning for language content occurs After virus and attachment scanning After the trusted and blocked lists Before spam scanning by the
99. m sending zombies are unlikely to resend mail e Basic Mode provides a strong defense against text and image spam In fact because the temporary error is sent before the body of the message is received this mode does not discriminate if the message contains text or image spam Vircom Extended Mode recommended modusGate sends a temporary error to the sender after the END of DATA command CRLF CRLF Extended Mode is designed to protect against spam and is intended to work in conjunction with Vircom s SCA engine While the SCA engine is very effective at blocking image spam the speed with which spammers create variants of their images has required us to increase our spam blocking efforts How it works A spam tactic is to send 1000 s of copies of a single image spam containing randomly modified versions of the image during a short period of time Soammers do this by taking advantage of a delay between the time the new image spam variant is detected and the time it takes Vircom to create a new signature for the image In as little as a few seconds before new signatures can be created the soammer can count on at least a small COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 54 SECURITY 4 MODUSGATE ADMINISTRATION percentage of the variant image spam making their way to the users inboxes The extended mode adds protection by reducing the window of opportunity that the soammer uses to send variants
100. mber Of Records Per Page 10 gt Page L G0 oF1 Domain View The Domain panel provides access to the following configuration panels All settings available in the Console are also available here e Aliases manage aliases for the domain Domain Keys View the domain key and enable DKIM for outbound messages e Virus override the system defaults for virus handling e Attachments override the system defaults for processing messages containing forbidden attachments e Phishing override the system defaults for processing phishing messages e Spam override the system defaults for processing spam messages COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 134 APPENDIX A WEB APPLICATIONS 6 APPENDICES e Trusted Senders manage the trusted senders list for the domain e Blocked Senders manage the blocked senders list for the domain e Language Filters override the system defaults for processing messages with foreign language content and configuring blocked languages e Reporting override the system defaults for the Quarantine Report frequency content and settings Quarantine manage delete and release quarantined mail by category spam attachments phishing and viruses e Message Audit override the system defaults for message audit logging modus Web Administration ag 8 Domains domain1 com Users liases Virus domaini com Domain Keys a S Click Save
101. message accepted by SMTP e The message will be rejected if the number of recipients exceeds this limit Slowdown the IP Connections e When the set message threshold is reached a slowdown is enforced between each subsequent message from the sending IP e Enter the number of seconds for which the connection will be slowed e Enter the number of valid and invalid recipients per message after which the connection will be slowed COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 52 SECURITY 4 MODUSGATE ADMINISTRATION Slowdown IP Connections v Force a slowdown on IP Connections Slowdown for HO seconds J After the number of valid recipients reaches per message After the number of invalid recipients reaches per message Block IP Addresses e Used to block IP connections that violate the threshold e Enter the number of minutes for which the connection will be blocked e Enter the number of valid and invalid recipients per message after which the connection will be blocked e To prevent a dictionary spam attack use the Block IP option and enter a low number 3 5 for invalid recipients NOTE The Slowdown the IP Connections and Block IP Addresses settings should not be used at the same time The Slowdown settings will override and disable the Block settings Caching e Set the maximum cache size e Enter the maximum number of IP addresses that will be kept by the s
102. messages for each of the Error types listed in the dropdown menu If nothing is entered in these fields the default error messages are used COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 45 SYSTEM 4 MODUSGATE ADMINISTRATION Custom error messages will only appear in your own error logs External servers receive only default errors Preferences These settings enable you to configure how long to cache SMTP authentication information for modusGate This allows validated senders to maintain open connections to the server for the time you set before having to re authenticate Cache Size specify the number of entries to keep in cache Cache Entry lifetime specify the number of seconds to keep the cache entry Keep SMTP Connection Alive For specify the number of seconds to keep the connection open COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 46 SECURITY 4 MODUSGATE ADMINISTRATION Security Security overview modusGate s security tools provide full flexibility to prevent soam attacks and security breaches on your mail system Every security feature was designed to help businesses maintain system integrity All security settings affect the system as a whole they cannot be modified per domain or per user Please follow the guidelines and proceed with caution when modifying the settings If you have any questions or need further details please do not hesitate to contact o
103. ministrator 5 In the modusGate console go to Domains gt domain name gt Trusted Senders gt Trust Exchange Users Contact Lists Exchange Contacts and Safe Senders Settings 6 Enter the Administrator s User Name and Password The User Name must be in the format of domain username COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 83 SPAM 4 MODUSGATE ADMINISTRATION User controls Spam Step Action 7 Enable Trust addresses contained in users Contacts list and enter the URL for the Exchange Web Service EXAMPLE https 192 168 11 44 EWS exchange asmx e Option is available for both Exchange 2007 and 2010 8 Enable Trust addresses contained in users Safe Senders list and enter the URL for the Exchange Remote PowerShell EXAMPLE _ http 192 168 11 44 powershell e Available for Exchange 2010 only 9 Click Close to start the synchronization process automatically Optional The synchronization reoccurs automatically once per day but you can use Start Synchronization to force a manual update Details of the synchronization process can be seen in the Operations OPR log located in the Vircom modusGate log directory NOTE Users cannot bypass the spam scanner by adding their own email addresses to their Contacts or Safe Senders lists To configure User overrides for soam settings Go to Users gt select user name gt Spam e Enable Override domain default set
104. modusGate supports alias aggregation across multiple domains i e cross domain alias support modusGate considers the primary SMTP address as the mailbox The domain specified in the primary address will be the only mailbox listed in modusGate All subsequent entries regardless of the domain will be specified as aliases in the user s alias list in modusGate This keeps mailbox counts accurate and on par with Exchange Server and further consolidates all soam messages into a single quarantine If the primary address is specified as an internal Active Directory domain e g oca you must either specify your primary SMTP email domain as primary or add an entry for that domain address in the modusGate Connections panel in the Console The SMTP address information can be found in the Active Directory Users and Computers MMC as well as the Recipient policy in the Exchange Service Manager Mail delivery If modusGate is unable to send outbound mail to the Internet use the problems following information to try to resolve the problem 1 To rule out an invalid DNS setting perform an nslookup of the domain to which users are attempting to send mail EXAMPLE resolve vircom com Atacommand prompt type nslookup lt enter gt e At gt type set q mx lt enter gt to query the MX record COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 114 TROUBLESHOOTING 5 TROUBLESHOOTING e At gt type Microsoft Wind
105. n Limits SPF Greylisting Protocol Filter NOTE IP addresses entered here must also exist in the Mail Relay gt Accept mail for relay from these hosts field Scanning Trusted Address This setting is available only to the modusGate versions that provide spam scanning It is used to allow mail from local IPs to bypass all soam scanning Cincluding custom rules on outgoing mail bound for the Internet Virus and attachment scanning if available will not be bypassed Incoming Internet mail will continue to be scanned according to your configuration NOTE IP addresses entered here must also exist in the Mail Relay gt Accept mail for relay from these hosts field Use this panel to configure encryption and certificate settings to add an extra level of protection to your mail system Encrypt Message Transmission Using certificates will ensure that your mail transmission connections are protected against unauthorized access Different certificates can be used per domain or IP to ensure unique encryption signatures and improve security Note that this method protects the communication channel between servers but not the message content To use this feature you must first purchase server certificates For more information visit company websites such as www thawte com www verisign com or www entrust com Use the following directions to configure modusGate to use certificates COPYRIGHT 2011 BY VIRCOM REPRODUCTI
106. n the modusGate server but placing it on a network shared drive is not recommended If you move the spool you must enter the new directory here and stop restart all modusGate services NOTE Thespool must not be placed on a separate server from modusGate System Log Directory this is the location of the system logs such as operational and error logs This directory can be moved to another drive including a network shared drive If you move the log directory you must enter the new location here and stop restart all modusGate services Language used to select the language for the Quarantine Reports The default is English The language can be customized per domain see Domain controls Quarantine Report or per user see User controls Quarantine Report COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 40 SYSTEM 4 MODUSGATE ADMINISTRATION Send delivery failure notices to this email address displays the email address entered during installation if enabled You may change this address at any time Advanced options Advanced Settings r Settings Limit Internal Transmit Buffer to m Options J Consider these SMTP errors as fatal I Use high performance DNS client IV Close SMTP Socket Connection Gracefully J Insert Status Field in POP3 Header for Compatibility With Some Mail Clients IV Close POP3 Socket Connection Gracefully Authenticated ETRN SMTP RS Banner Greeting J
107. nd retrieving mail over the Internet Unlike IMAP where mail resides on the server POPS moves messages from the server to the users computers COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 145 GLOSSARY 7 GLOSSARY Quarantine Mail that has been blocked because of suspicious content viruses or forbidden attachments RBL Real time Black List A DNS based Blackhole List DNSBL also known as Real time Blackhole List or RBL is a means by which an Internet site may publish a list of IP addresses in a format which can be easily queried by computer programs on the Internet A free service offered by some organizations such as ORBS or MAPS that provides a list of known spammers updated in real time This term is used interchangeably with DNSBL Reverse DNS A process to determine the hostname associated with a given IP address This feature ensures that users are from legitimate domains Sieve Simple scripting language used to filter email One of the more powerful features of sieve is filtering spam Sieve is defined in RFC3028 SMTP Simple Mail Transport Protocol The protocol used to deliver email to its destination SNMP Simple Network Management Protocol SNMP is part of the TCP IP protocol SNMP applications run in a network management station NMS and issue queries to gather information about the status configuration and performance of external network devices Spam Unsolicited
108. ng permission Inthe Console go to Web gt Privileges gt Allowed User Properties gt Edit enable Reporting Content and click Apply e Users will then have access to these settings by logging into WebQuarantine and can make any desired adjustments Domain controls Override settings for the Quarantine Report language and content controls Quarantine Report are also available in the Domain properties in the Console e Inthe toolbar click Domains gt select the domain name gt Reporting Enable Override server default settings and make any necessary adjustments e Inthe Domain tab enable Override to select a language for the Quarantine Report The default is English COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 38 SYSTEM 4 MODUSGATE ADMINISTRATION User controls Override settings for the Quarantine Report language and content controls Quarantine Report are also available in the User properties in the Console e In the toolbar click Users gt select the user name gt Reporting Enable Override domain default settings and make any necessary adjustments e Inthe General tab enable Override to select a language for the Quarantine Report The default is English License Key This panel provides important information about your license key including the expiry date your current build and patch versions and the number of licensed users Validate any license changes authorized by Vircom su
109. ning Level E Normal gt Customize When a Virus is detected Delete message immediately Block message into Quarantine Force scanning for all Domains and all Users e Overrides individual settings for users and domains and forces a virus scan on all messages e Do not use this function if you plan to allow domains and users override privileges Virus Scanning Level Used to select the scanning level Normal Customized or Disabled e With Customized selected click on the Customized button to determine the scanning level for viruses and corrupted unscannable files COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 68 VIRUS 4 MODUSGATE ADMINISTRATION e If Disabled is selected virus scanning is turned off When a virus is detected Choose one of the following options when a virus is found e Delete message immediately e Block message into Quarantine Alert Sender This feature enables you to specify if and how to notify the sender that the message contained a virus CAUTION Due to current behavior of soam and malware that spoof sender addresses do NOT use this option If enabled false notifications are likely to be sent to people who did not actually send the virus Alert Recipients This feature allows you to specify if and how to notify the recipients when a message contains a virus NOTE Both directQuarantine and or Quarantine Reports clearly label the messages that contain v
110. ns and recommended settings for each of the Toolbar panels beginning with the core System settings NOTE Any references to scanning filtering and quarantine operations in the following sections do not apply to the modusGate L version The availability of soam and virus operations depend on your license Services From this panel you can start stop and configure the modusGate services e Click on a service to select it e Click on Start Stop or Settings e If Settings is not available the configuration cannot be modified for this service These services can also be started and stopped in the Administrative Tools gt Services panel and are set to start automatically SMTPRS The SMTP Receiver Service is responsible for performing the following actions e Receiving all incoming email from the Internet e Applying all security settings on incoming messages and either accepts or blocks them according to your rules e Performing mailbox validation to ensure that the message recipient has a valid account on your system When the address is invalid the message is rejected thus reducing the load on the mail server Click Settings to configure the Transmission and Submission ports Transmission the standard port is 25 This is the port used by external mail servers to communicate with your server Do not change this port unless you do port mapping via a proxy server or firewall Submission this port is used when local users are c
111. nt and header field line rewrapping Testing Mode use this feature to signal to the receiving server that you are testing the signature The receiving server treats unsigned messages with the same importance as signed messages e Receiving servers must not treat messages from signers in testing mode differently from unsigned email even should the signature fail to verify Notes you can add comments to the public key string which will not be interpreted by the receiving server limit of 265 characters e This tag should be used sparingly because the DNS server has space limitations Signed unsigned you can configure modusGate so that all users are either signed or unsigned e You can specify an exception list by clicking Add How DKIM Works When a message is sent out through modusGate DKIM adds a header DomainKeys Signature that contains a digital signature of the message contents The receiving SMTP server uses the name of the sending domain the _domainkey string and a selector from the header to perform a DNS lookup In turn the returned data includes the domain s public key Immediately after the DomainKeys Signature header the receiving mail server decrypts the hash value in the header and recalculates the hash value for the message contents If the two values are a match it proves cryptographically that the email message originated from the intended domain and that the message was not altered in transit The way in wh
112. ntication type the number of rejections and the failure rate e This feature can help identify if local users are experiencing login problems or determine if there were attacks on modusGate Domain This section provides statistical information for individual domains on modusGate Administrators can retrieve the Mail Filter and Disk Usage statistics by entering the domain name in the Domain field There is an auto complete mechanism in place for this Users Provides statistical information for individual users Administrators can retrieve the Mail Filter statistics by entering the complete email address in the Email field Using the calendar Click on Year Month Week or Day to open the particular calendar and make your selection for each of the measures listed above Printing and Exporting Reports All reports can be printed and exported to PDF and Excel Report Schedules Administrators can schedule modusGate to email system reports to the addresses of their choice All system reports can be delivered in both Excel and PDF formats and on a daily weekly or monthly basis Additionally administrators can use the Email Now feature to generate an immediate email message for the scheduled report s COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 130 APPENDIX A WEB APPLICATIONS 6 APPENDICES Report Schedules Report Name Status Recipients Frequency Disk Usage Statistics Enabled
113. o be added to the Subject line of a message e g Spam This option is useful for those who prefer to receive all messages but have their own filtering or rules mechanisms enabled in the mail client The email rules can then determine what to do with messages based on the subject tag Disable scanning for messages sent by trusted source e This function is used specifically for users who authenticate using SMTP Auth to allow their outgoing mail to the Internet to bypass spam filtering including the Vircom filter and custom scripts Incoming Internet mail will be scanned according to your settings e Attachment and virus scanning in the modusGate versions that support these functions will continue Trusted senders are the people who are well known to you and whose email content you trust These settings enable you to specify these known senders allowing their mail to bypass spam scanning and be delivered Messages from trusted senders will continue to be scanned for viruses and forbidden attachments however Enable Auto Trusted List Trusted Sender settings exist at the system domain and user levels These lists must be manually created and updated which can be tedious and difficult to maintain COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 77 SPAM 4 MODUSGATE ADMINISTRATION The Auto Trusted List instead provides an automated method for creating and maintaining the addresses based
114. ocated in the WVircom modusGate Documentation folder COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 101 LOGS 4 MODUSGATE ADMINISTRATION Logs File Config This tab contains the core settings for the modusGate log files where the files are stored limits for controlling the log size and for determining how long they are kept Settings Log File Directory Ic Program Files Vircom modusG ate lag BI Maximum File Size 40000 KB m Log File Lifetime Server Log File maa Days Spam Log File Fo Days Error Log File pooo Days Authentication Log File pooo Days Statistics Log File pooo Days Virus Log File Po Days Operation Log File Poo Days Sieve Log File pooo Days Expiry Log File pooo Days Logs are text files that can be stored anywhere within your network including a shared drive To change the location enter the full path in Log File Directory click Apply and stop restart all modusGate services to register the change The naming format for the files is TTTyyyymmdd LOG where e TTT represents a log type e g OPR Operation log ERR Error log etc e yyyy represents the four digits of the year mm represents the month expressed as a number from 1 to 12 dd represents the day of the month e When a log reaches its maximum size it is renamed with an appended number e g OPRyyyymmdd 1 log and a new active log begins The active log is the one w
115. odusGate can be set to check only inbound messages for a DKIM signature or optionally to add a signature to outgoing messages Enable DKIM for inbound messages set this option to verify that incoming messages have a valid DKIM signature e Unsigned messages will not be blocked the verification results will be added to the header under Domain Keys e Signed incoming messages are identified by one of three domain key statuses Good the domain signature was properly verified Bad the domain signature verification failed Unknown verification did not occur e g DNS lookup failed bad signature syntax etc e No status is given to incoming messages that do not have a signature Use the following instructions to configure DKIM signatures on outbound messages COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 62 SECURITY 4 MODUSGATE ADMINISTRATION Step 4 KR I W ND Action Click Enable DKIM signing for outbound messages In Domain Key Configuration click Add Enter your Domain Name e g domain com where indicated In the Selector box enter a word of your choice This will be used as a secondary identifier for the domain For security reasons do not use the same word for more than one domain The Edit button can be used to change the selector but you MUST also replace the DNS string on the DNS server after doing so When you click OK your public key appears in the Domain Key
116. of greylisting policies e This log entry only occurs when message is not re sent within the default 4 hour time frame Failure to re send within a 4 hour limit results in blacklisting the IP address for a 4 hour period Sender Validation SPF support Sender Policy Framework helps detect email sent with faked or forged sender addresses SPF support only works for those domains that put SPF definitions in their DNS For more information about SPF see http www openspf org Perform a look up for the SMTP host in the DNS Enables Reverse DNS lookup this allows you to check if the IP of the sender s server resolves to the given domain name e This option is processor intensive you should monitor system performance when using it Reject Connection Immediately On Lookup Failure when enabled messages are rejected when the reverse lookup fails This setting works together with the Lookup Timeout the connection can also be rejected when the DNS lookup reaches the specified timeout limit Postpone the rejection until authentication modusGate looks for an SMTP AUTH connection before performing the reverse lookup COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 56 SECURITY 4 MODUSGATE ADMINISTRATION Do not reject connection Accept all hosts the results of the DNS lookup are logged but the message is processed whether the lookup fails or not To exclude IP addresses from Reverse DNS add t
117. om so that adjustments can be made to the filters if necessary e Block the message sender the email address or domain name can be added to the Blocked List e Delete all messages deletes only the messages contained in the current report e Customize the report content and schedule if enabled in the console users can log into WebQuarantine to see their quarantine report content settings and schedule and make adjustments WebQuarantine This web based application enables users to log in to see a live updated view of their quarantined messages and to make adjustments to their settings including filter levels quarantine report contents and schedule and Trusted and Blocked Sender lists All report actions listed above are also available in the WebQuarantine modus Check Mail Settings Statistics Logoff Quarantine 4 Message s Search Q My Folders EAT ya Delete amp Purge Empty Select Action lt Page M1 Quarantine mpo Category From Subject Date 7 Size O py Adult edeanelv saeca com Enhancement pills 2 58 PM 4 5 KB E Health elizshawna backw BEST quality generi 2 41 PM 4 5 KB gy SHealth wqbn jyso com Buy now Viagra Cial 1 48 PM 6 7 KB O m money tavqskui afmbc org Exclusive Bonus Off 1 20 PM 2 6 KB Users cannot change any of the filter settings or other controls without the administrator s permission Permission controls are located in the Console in Web gt
118. omains gt select domain name gt Aliases e Click Add and enter the alias name e Aliases are used when you want mail addressed to domainA com to be redirected to domainB com These addresses must exist on your system User controls User alias names can be configured in the console Aliases e Inthe toolbar click Users gt select user name gt Aliases e Click Add and enter the alias name e Aliases are used when you want mail addressed to userA domain com to be redirected to userB domain com These addresses must exist on your system Depending on your alias configuration in Exchange Active Directory user aliases are usually detected automatically and dynamically created in the Console Agents An Agent calls an external program such as a script or batch file that runs every time the server receives a message It can be used to redirect copy archive or to delete messages NOTE If your modusGate version supports the use of sieve scripts it is recommended that they be used instead of agents especially when archiving messages Agents process messages before content filters are applied thus messages containing malware will also be archived Please see the following Knowledge Base articles for more details COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 44 SYSTEM 4 MODUSGATE ADMINISTRATION Proxy Custom Errors 1 When to use sieve scripts vs agents http kbase vircom com
119. on users email behavior e When a person replies to an email that was originally sent from a local user who has an account on your modusGate server the responding address is automatically added to that user s Trusted Senders List e Auto trusted addresses are not added to the System list To support the auto trusted feature the Default database configured for use with modusGate must be a SQL or SQL Express Server Access and PostgreSQL are not supported To verify the Default database go to System gt System Databases gt Default Database Settings Enable automatic cleanup of old records This option applies only if the Auto trusted feature is enabled e It automatically maintains the auto trusted list to keep only the active addresses e Cleanup occurs once daily when a user s maximum limit has been reached e Addresses in the auto trusted list are time stamped upon reply and the automatic cleanup feature deletes the data with oldest time stamps e Reoccurring addresses are time stamped as they enter the database e There is a second automatic cleanup process whereby modusGate looks for mailboxes that have been deleted and removes all auto trusted entries associated with them This process occurs every 90 days and is not configurable in the Console Maximum number of auto trusted addresses allowed per user e Enter the maximum number of addresses permitted per user The default is 1 000 Additional informat
120. onfigured to send outbound mail through modusGate to the Internet The standard port used for this purpose is 587 e You can configure your mail server to use port 587 to route outbound mail to modusGate for scanning prior to delivery to the destination addresses or configure the users mail client settings to use port 587 as the SMTP server port COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 30 SYSTEM 4 MODUSGATE ADMINISTRATION SMTPDS The SMTP Delivery Service is responsible for the following actions e Relaying mail to your mail server for local delivery to the mailboxes e Handling mail for delivery to external non local email addresses e Processing only the messages that have passed security and content checking Click Settings to configure an IP address for outbound messages if necessary This is only used if you use separate IPs for incoming and outgoing mail traffic MODUSCAN The modusGate Scanning Service does the following e Handles messages after they have been verified and accepted by the SMTPRS security checks Runs attachment spam scanning and or virus scanning where applicable e When spam and or dangerous content is found it handles messages according to your preferences e g quarantine delete or tag and pass If messages are considered legitimate they are passed to SMTPDS for delivery Click Settings to configure the auto restart options If MODUSCAN
121. ons Attachment Levels Attachment Actions Attachment Alerts Spam Levels Spam Actions Trusted Senders Blocked Senders Blocked Senders Actions Blocked Senders Max Size Message Audit Domain Keys Allowed User properties There are two sets of privilege levels for this feature that affect both the WebAdmin and WebQuarantine applications e Administrators i e System and or Domain Administrators These settings determine the user level properties that administrators can modify using the WebAdmin program All properties listed below are enabled by default except Message Audit e Normal Users These settings determine what users can modify using the WebQuarantine program Users do not have access to Reporting Frequency Reporting Content Generate Reports Virus Levels Message Audit Attachment Alerts Spam Levels Spam Actions Language Filter COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 107 WEB 4 MODUSGATE ADMINISTRATION Virus Actions Language Filter Actions Virus Alerts Trusted Senders Phishing Levels Blocked Senders Phishing Actions Blocked Senders Actions Attachment Levels e Aliases Attachment Actions Message Audit Admin list only Reset overriding for all Domains Click to reset all domain specific overrides to the default system wide settings This removes all domain overrides from the Domains panel
122. or several of its features If you do not have requirements 4 database server installed the modusGate installation process includes Microsoft SQL Server 2005 Express with advanced services Note that Full Text Indexing is required for some features Firewall If you plan to use a firewall Vircom recommends that you do not use configuration Windows Firewall as it can cause problems with internal communication required by modusGate Instead use a hardware firewall to protect your network from unauthorized external access COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 9 CONFIGURATION REQUIREMENTS 2 GETTING STARTED Exchange Active Before you begin the modusGate installation verify the following settings on Directory your Exchange Active Directory server to ensure proper communication configuration with modusGate Step Description 1 If using Exchange 2007 or 2010 check whether the Hub Transport or Edge Transport server role is installed If either role exists you must change the following message throttling settings under Set ReceiveConnector MaxinboundConnectionPercentagePerSource Change the value to 20 MaxinboundConnectionPerSource Change the value to 1000 NOTE For complete details see the following Microsoft KB articles Exchange 2007 http technet microsoft com en us library bb232205 EXCHG 80 aspx Exchange 2010 http technet microsoft com en us library bb232205 aspx R
123. ores and organizes information about a computer network s users and network shares and allows network administrators to manage users access to the shares Resources include email addresses computers and peripheral devices There are a number of directory services that are used including Active Directory and LDAP COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 143 GLOSSARY 7 GLOSSARY DNSBL DNS Block List See RBL ESMTP Extended SMTP See SMTP False Negative A false negative occurs when spam is not recognized by a spam solution and delivered to a mail inbox False Positive A false positive occurs when legitimate mail is incorrectly recognized by a spam solution and not delivered to a mail inbox Filter Scripting Advanced filtering logic method to block many or all spam tactics Fingerprinting Smart file type detection A technology that scans email attachments in search of forbidden file formats e g exe in order to prevent them from concealed with modified file extensions Headers The top portion of a message that contains the sender s name date the message was sent recipients names title routing details message priority and other information LDAP Lightweight Directory Access Protocol Standard protocol for the exchange of directory entries between servers LDIF LDAP Data Interchange Format The format used by an LDAP server when returning information for
124. owing is the sequence of events that occurs once modusGate receives a message e Check the connection limits total connections amp maximum connection rate and the total simultaneous connections from the same IP address amp simultaneous connection rate from the same IP address Bypass this test if a host is in the trusted list or in transparent mode i e when modusGate hides a source IP address e Check for required authentication If SMTP authentication is enabled and is forced and the host is in the list of forced authentication IP addresses authentication is required Security gt SMTP Security e Reject all connections from hosts in the Reject all incoming mail from list Security gt Connections e Simultaneously start reverse and RBL lookups if the following conditions are met Reverse DNS or RBL lookup or both are enabled Security gt Sender Reputation and Real Time Blacklist The host is not in the trusted list RBL lookup is enabled and the host is not in the IP address exclusion list for RBL lookups The connection does not come from one of the routed IP addresses in modusGate and modusGate is configured to hide a protected server i e placed in front of the mail server e Place the RBL lookup result in the envelope of the received message e If reverse DNS is enabled and fails the connection is refused with the default message This system is configured to reject mail from host IP address DNS
125. ows Version 5 2 3790 lt C Copyright 1985 2663 Microsoft Corp H gt ns lookup Default Server ns2 mtotelecom com Address 216 94 188 2 gt set q mx gt vircom conm Server ns2 mtotelecom com Address 216 94 186 2 Non authoritative answer i com MK preference mail exchanger gate vircom com com MX preference 16 mail exchanger smtp vircom com com MX preference 26 mail exchanger smtp2 vircom com com p mydyndns com com com X vircom com nameserver igate vircom com internet ad smtp vircom com internet addr 18 73 smtp2 vircon internet 64 18 73 15 nsi mydyndns or internet y 63 208 196 92 ns2 mydyndns or internet 204 13 249 82 ns3 mydyndns or internet 264 13 256 82 ns4 mydyndns r internet 213 155 150 206 ns5 mydyndns or internet 63 208 196 93 The results show that mail goes to gate vircom com pref level O anad if gate vircom com is down mail is redirected to smtp vircom com pref level 10 2 If the DNS server still has problems when resolving names perform a lookup using an external DNS server Cin this case Vircom s to verify if your domain can resolve outside DNS servers e Atacommand prompt type If DNS is properly configured there could be a network connection problem e The mail firewall could cause problems By default some firewalls such as Cisco Pix block the extended SMTP commands required when using SMTP_VRFY or SMTP AUTH connection methods 3
126. problems with the authentication server Possible causes for the backlog e Authentication failing for local domains COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 119 TROUBLESHOOTING 5 TROUBLESHOOTING If your authentication server AD or LDAP is down or stops responding delivery to local mailboxes will fail On the modusGate server open a telnet session to the mail server to check if it responds to Port 25 Inthe telnet session open a connection to the modusGate server on Port 25 and try to send a message to a valid user If the authentication server is unavailable an error message will appear stating that there is a problem with your user authentication e Contact Customer Support at support vircom com Invirus Buildup and or Server Freezes at Regular Intervals Symptom Server seems to freeze at regular intervals making the machine unresponsive for short periods of time less than a few seconds In extreme cases this can cause spool backlogs Cause modusGate updates information in the Registry These write operations to the Registry are cached in a file called software log By default the OS will purge the cache and write the operations to the Registry hive every 5 seconds for Windows Server 2003 or every 5 minutes Windows 2000 Server During these intervals the system appears to freeze This behavior is not normal The root cause is usually a poorly configured RAID controller
127. r Messages rejected by the protocol filter Reject Address Messages rejected because their address was blocked Reject Host Messages rejected because the host was banned Banned IP Messages rejected because the originating IP was banned SPF Results of the SPF lookups SURBL Messages rejected because of SURBL lookups COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 105 LOGS 4 MODUSGATE ADMINISTRATION Log Name AUTH VIRUS SPAM MESSAGE AUDIT Event Description Logs configured from this panel pertain to end user logins to the web applications Valid Login Logs all valid logins Invalid Login Logs all invalid logins Detected viruses Logs information about messages containing viruses and the name of the virus Discarded messages Logs information about messages filtered by the scan engine System wide Enables Audit logging for the entire system Log expires in Specify when the log will expire in days Enable Audit Log Auto Shutdown Temporarily stops auditing in the event of a high load on the server or a database failure e When the audit log is shutdown new messages will not be audited until the load decreases or the database problem is resolved e Messages received immediately before the shutdown will be audited but may not be found in the database Set Audit Content Click to select which of the following audit events to log e Select Logging Template
128. r this change 12 Delivery failure notices if the DNS Suffix prompt does not appear you will instead be asked to provide an email address for delivery failures This must be a valid address the primary mail server it is recommended to use your postmaster address 13 Clicking Next will launch both the Route Wizard and the What s Next HTML page containing configuration guidelines COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 17 CONFIGURING ROUTES 3 INSTALL MODUSGATE Configuring routes Using the route After modusGate is installed the Route Wizard launches automatically to wizard Quickly and easily guide you through setting up the connection or route to your mail server If you have multiple domains and or mail servers or if your mail server type is not specified in the dropdown list it is recommended to configure the settings manually click the Switch to Manual button to close the Route Wizard and follow the directions in the next section Using the console Connections on page 19 Step Action 1 Enter your Domain name 2 Select the appropriate Mail server type from the dropdown list If your server type is not listed select SMTP SMTP_VRFY or click the Switch to Manual button and use the Console Connections screens to configure your settings Please note the following important issues e The SMTP option cannot validate mail recipients therefore invalid addresses will be created in
129. rate Control Scripts The following provides examples of corporate control scripts The moderator feature can be used as a parental control mechanism or a communications policy for companies to forward messages to the moderator s quarantine mailbox for approval while preserving header information if not envelope matches X Sieve Moderate if header contains to suspiciousstaff domain com if header contains subject job offers x moderate moderator mydomain com Send alert x mailer from mydomain com to mydomain com text Subject You have mail waiting for your approval Please check your moderator s QT Stop if not envelope matches X Sieve Moderate if envelope contains Local Status outbound if body raw contains source code v1 0 x moderate moderator mydomain com Send alert x mailer from mydomain com to mydomain com COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 92 RULES 4 MODUSGATE ADMINISTRATION text Subject You have mail waiting for your approval Please check your moderator s QT stop Explanation When a message meets the filter criteria it is quarantined to the account specified in the x_moderate line This should be an account used solely for moderation purposes so that the messages are not lost among the other quarantined mail The alert portion of the script is optional When a message is filtere
130. ringServerAddress Ensure that the Temp and LogDir values point to the correct location for these files If changes are made to the custom config file stop and start WEBMAILSVR in the modusGate Console and IISAdmin on the server Folder Permissions Ensure that the appropriate permissions are granted Windows 2000 Server In Windows Explorer go to Program Files Vircom Web Right click the Web folder and select Properties gt Security gt Add Select IUSR_Machine and ASPNET Accounts Click OK For the two new Groups User Names give Modify permission Click on Advanced to replace permission entries on all child objects Windows Server 2003 and Server 2008 In Windows Explorer go to Program Files Vircom Web Right click on the Web folder and select Properties gt Security Server 2003 click Add Server 2008 click on Edit gt Add At Select Users or Groups click on Advanced COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 121 TROUBLESHOOTING 5 TROUBLESHOOTING e Click on Find Now Select IUSR_Machine and Network Service Click on OK 2x e For the two new Groups User Names give Modify permission Click on Advanced to replace permission entries on all child objects Click on OK e Stop start the IIS service Performance modusGate supplies a number of Performance Counter objects to help counters diagnose performance issues and to help you monitor your system more
131. rnately add the IP address to Security gt Trusted Address List gt SMTP Security Trusted Address Reject connection immediately if the host is blacklisted RBL runs at the beginning of the connection and blocks any server found on the list s This option is recommended to optimize speed If disabled the connection will only be severed after the RCPT TO command COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 57 SECURITY 4 MODUSGATE ADMINISTRATION Perform RBL check after mailbox authentication modusGate waits until the sender s email address can be validated through SMTP Auth before determining whether to block the server or not e This benefits users who may have legitimate accounts in modusGate but whose sending IP addresses are listed on an RBL With this setting modusGate first verifies the address and accepts and processes mail only if it is legitimate otherwise the connection will be closed Caching Allows you to specify how many RLB lookups will be kept in cache and for how long Possible RBL connection issues Using RBLs may affect system performance therefore you should monitor the server when using this feature Vircom has no affiliation with any RBL nor does it have control over their content and availability If an RBL goes down or is no longer in service mail flow will slow down or may be halted entirely as no DNS resolution can occur Vircom is never warned of issues with RB
132. rs audit logging and filter controls where applicable including language preferences for the Quarantine Report and the WebQuarantine interface NOTE Overrides do not apply to an unlimited user license Because Domain and User level properties are not stored on the local server in this format overrides are unavailble in the Administration Console Server Level Configuration changes made at the server level are propagated to all domains and users e Users and domains are able to override settings unless Forced options are enabled i e for scan functions Domain Level e Configuration changes made at the domain level affect all users within that domain Domain level settings will override the server settings if permission to override was granted User Level e Configuration changes affect only the individual user COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 28 THE ADMINISTRATION CONSOLE 4 MODUSGATE ADMINISTRATION e User level changes override the server and domain settings if permission to override was granted In general modusGate checks for and applies settings in this order 1 User 2 Domain and 3 Server Exceptions to this rule do exist and will be highlighted where applicable COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 29 SYSTEM 4 MODUSGATE ADMINISTRATION System This following sections in this document describe the configuration optio
133. s NOTE The filter file name must be SPAMFLTO TXT and must be located in your modusGate directory To add a new filter string Step Action 1 Click Insert to add a new string x Field subject Map Io moneyfast J Set as a comment Cancel In the Field box select the element to be filtered In the Map To box enter the string you want to block Use wildcards to block variants of the string EXAMPLE You want to block subjects like Make money fast Enter money fast This will capture messages containing random characters before and after the subject a trick to evade filters COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 48 SECURITY 4 MODUSGATE ADMINISTRATION SMTP Security Step Action Click OK to save the entry and repeat the process to create as many entries as necessary Optional Set as a comment inserts a pound sign to tell the filter to ignore that particular string Use Edit to change an existing filter Use the Up and Down buttons to change the priority filters are applied in order from top to bottom Stop and restart the SMTPRS service to register any changes This panel provides several SMTP authentication mechanisms Force authentication for these IP addresses Used to specify a list of IP addresses required to use SMTP authentica tion when relaying email It forces users to authenticate prior to sending mail through modu
134. s feature Click Enable SURBL gt select a server gt click Enable gt Apply You may optonally Add Remove and Edit SURBL servers and use the Up and Down arrow keys to move a server name in the list SURBL Spam Links vi BL SURBL Servers Fi multi surbl org Add Edit Enable Remove JV Add Message Header Text X Headers to messages scanned Caching The last e00 look up results will be cached each for a eo minute s period Add Message Header Text X Headers to messages scanned X Headers can be added when a message matches a DNS blacklist entry and when it fails a validation test e These headers are used by the spam scanner COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 80 SPAM 4 MODUSGATE ADMINISTRATION e This function is enabled by default Caching Configure how many lookup results will be cached and for how long Properties Settings General This panel provides update and version information for Vircom s proprietary spam filter called Sequential Content Analyzer SCA e The spam definitions used by the SCA engine are updated automatically by Vircom and are not customizable Auto Updates The spam engine and its definition files are updated automatically by modusGate It is set to look for new definitions every 15 minutes which are applied automatically as they become available e You may optionally change t
135. s option is automatically selected if a connection can be detected If you do not have a SQL Server select Install SQL Server Express with Advanced Services Clicking Next will direct you to the Microsoft download site to launch the SQL installer NOTE You must manually restart the modusGate installer after the SQL setup completes and continue with Step 8 modusGate ASV N Installation J VIRCOM modusGate D COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 15 INSTALLING MODUSGATE 3 INSTALL MODUSGATE Step Action 8 Click Next to enter the SQL Server connection details e SQLServer name or IP if using SQL Express include sqlexpress after the IP or name Do not enter spaces either before or after the backslash e SQL Administrator Account enter the SA account name or one with equivalent rights and the Password e Click Connect to both test the database connection and get the list of existing database names e Database name select where to install the modusGate databases Either choose an existing name from the dropdown menu or enter a new name and click Next sa modusGate ASV N Installation U vircom modusGate modusGate needs a SQL server database to function Please specify what server and which database name should be used SQL Administrator account credentials will be required to configure this new database SQL Server name or IP address fi 92 168 30 112 SG
136. sGate Users must have SMTP Auth enabled on their mail clients Without authentication message transmission will be blocked Do not advertise SMTP Auth for these IPs SMTP Auth is normally advertised or displayed as an available authentication method when the EHLO command is issued in the message header Soammers can potentially hack users accounts by collecting passwords that are transmitted to the server in clear text via PLAIN or AUTH LOGIN mechanisms It is recommended to use this feature and to enter Used to support email clients who force the use of SMTP Auth when they see SMTP Auth as advertised NOTE When authenticating via SMTP AUTH the authentication is only valid for the current SMTP session Once the session is closed for subsequent attempts the same user will not be authenticated by default This eliminates the possibility of spoofing Force usage of fully qualified addresses in SMTP commands The system will reject messages that do not use a proper email address format e g user domain com in either the mail from or rcpt to fields This feature helps to block mass mailed messages sent to unspecified addresses or lt Undisclosed Recipient gt COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 49 SECURITY 4 MODUSGATE ADMINISTRATION Reject malformed addresses e Used to reject messages where addresses are not contained within angled brackets lt gt in either the ma
137. sGate and the responses received are logged in the operation log file e This information creates huge log files and should be used for debugging purposes only e Atno time should you enable this feature for everyday use Dialup Connections Not applicable to modusGate Scanning Operations Logs all operations of the scanning engine COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 104 LOGS 4 MODUSGATE ADMINISTRATION Log Name Event Description ERROR Protocol Command Failures SMTP failed commands sent and responses received are logged Authentication Failures Failed authentication attempts using SMTP AUTH server are logged Network I O Failures Failed network I O operations are logged File 1 0 Failure Failed file I O operations are logged DNS Failures Failed DNS operations are logged General Errors Other failure types are logged Scanning Errors All errors involving the MODUSCAN engine are logged All items can also be logged in the Windows Event Viewer SECURITY This information ties in with the features found in the Security panel see Security on page 47 Reverse DNS Messages rejected due to a failed DNS Lookup RBL Messages rejected after RBL Lookup Anti Bulk Messages rejected because of the Block Scan Attack feature Relay Messages rejected because of anti relaying protection MX Messages rejected for not having a valid associated MX record Protocol filte
138. sages Diagnosing problems using spool directory contents After mail passes through the security checks modusGate processes the messages according to the configured scan settings and follows your quarantine rules Resolving an Invirus backlog In Windows Explorer go to Vircom modusGate Spool Invirus to verify if there is a backlog of MSG and RCP files Use the Refresh function to verify if the messages are flowing through the Invirus directory in a timely manner A backlog with the MODUSCAN engine can be caused by the following Quarantine is slow or corrupt e There could be a backlog of messages in spool spam or spool virus COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 117 TROUBLESHOOTING 5 TROUBLESHOOTING e Using MS Access for the Quarantine database could cause a problem MS Access has a size limitation of 2GB and if the database nears 2GB the MODUSCAN service will spike to 100 CPU Consider using SQL Server or SQL Server Express for the Quarantine database e If you choose to continue using MS Access you may need to replace your database Go to Vircom modusGate mailbox quarantine If the mailstore mdb file is at or close to 2GB you must Inthe Console go to System gt Services Stop the MODUSADM service In Windows Explorer go to the mailbox Quarantine folder Rename the mailstore mdb file to mailstore old a new one will be recreated R
139. should stop for any reason these settings determine what happens to new incoming messages Service MODUSCAN x m If the modusScan service crashes or is stopped C Let the messages be delivered JV Auto Restart the service When Auto Restart the service is enabled MODUSCAN will automatically restart in the event that it crashes or stops processing messages It will attempt to restart 10 times every 30 minutes Canco Block the messages in the InVirus folder will store new unscanned messages in the message queue until the service restarts COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 31 SYSTEM 4 MODUSGATE ADMINISTRATION When this option is enabled Auto Restart the service must also be enabled This ensures that potentially dangerous messages do not bypass the scanner Let the messages be delivered will ensure that mail continues to flow whether MODUSCAN is running or not however it will also potentially allow dangerous content to get through MODUSADM This is the server administration service responsible for automatic updates of the spam and or virus engines filter definitions and the quarantine database It is also responsible for a number of internal functions MODUSMON This service is used by the WebMonitor application to provide updated server statistics and maintain the monitoring database MODUSCFG This service is
140. specific time If an unusually large number of messages begin queuing for a particular domain you can attempt to force delivery using one of two methods Force automatic retry for these domains Click Domain List enter the domain name s and set a Retry count this will be the total number of retry attempts Enter the domain names for immediately delivery enter the domain name s or a wildcard in the text box and click Deliver Now NOTE Neither of these methods guarantee delivery Serious connection issues Can occur on the recieving end that prevent successful delivery Global Aliases This feature allows you to create global aliases for your system such that mail sent to one address can be redirected another For example you want mail addressed to domainA com to be redirected to domainB com When not to use Global Aliases You should note that this is a legacy feature that has been kept to support certain older systems that require it Alias settings exist in both the Domain and User properties which are recommended for use instead See Domain controls Aliases and User controls Aliases COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 42 SYSTEM 4 MODUSGATE ADMINISTRATION Do not use this feature if any of the following situations apply to you e You plan to enable Quarantine Reports for your users e You have aliases already configured on your mail server and your routes are configured to use eith
141. stem performance e Enter the maximum file size in KB Postmaster Youcan optionally specify a Postmaster mailbox to receive notifications when a virus is detected e Send Notifications to Postmaster Enable to enter a postmaster mailbox This must be a valid address on your mail server Domain controls Virus settings can be configured at the Domain level in the Console Virus Go to Domains gt select domain name gt Virus COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 72 VIRUS 4 MODUSGATE ADMINISTRATION Enable Override server default settings e Override cannot be selected if Force scanning for all Domains and all Users is checked in the system settings under Virus gt Preferences gt Options e Configure your preferences for scanning level message handling and recipient notifications Do NOT enable Senders Receive Notification see Alert Sender User controls Virus Virus settings can be configured at the User level in the Console Go to Users gt select domain name gt Virus Enable Override domain default settings e Override cannot be selected if Force scanning for all Domains and all Users is checked in the system settings under Virus gt Preferences gt Options e Configure your preferences for scanning level message handling and recipient notifications e Do NOT enable Senders Receive Notification see Alert Sender COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLO
142. sword mmm Test Connection r Database Settings Database Name Password Edit Test Connection COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 33 SYSTEM 4 MODUSGATE ADMINISTRATION If you wish to modify a particular database follow the steps below Step Action 1 Select the database name and click Edit 2 Enable Override default database if applicable Note that the Default database can also be modified and has its own Edit controls Message Audit Override default database Database Type Microsoft SQL Server Server Address J Use custom port Database Name User Name Password 3 Use the dropdown menu to select the Database Type The menu will display different options depending on the database format supported NOTE Access and Postgres PostgreSQL are considered legacy platforms and are no longer recommended In addtion if you plan to use the Greylisting feature in the Security settings the Default database must be SQL neither Access nor Postgres is supported 4 Enter the Server Address use either the IP or server hostname Enable Use custom port if necessary modusGate dynamically determins the port for SQL Server but change it manually if it is incorrect 6 Enter the new Database Name Complete the User Name and Password fields If this account does not yet exist on the database server the necessary access rights will be configured automatically 8
143. t is set to 10 Maximum connection rate allowed for this server Used to limit the total number of connections allowed per second e The default is set to 50 Maximum simultaneous connection rate allowed from same IP Used to limit the number of new connections allowed per second per IP e The default is set to 10 These settings allow you to block connections from specific IP addresses If a user has been identified for abusive email practices he she can be prohibited from using the mail system Reject all incoming mail from these hosts e Enter the addresses to be prohibited from sending mail to your server Both IP addresses and domain names can be entered here Reject all incoming mail from these addresses e You can use this list to enter specific email addresses to be blocked from sending mail to your server These settings allow you to enter the IP addresses that are considered trusted or allowed by your mail server COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 59 SECURITY 4 MODUSGATE ADMINISTRATION Encryption amp Certificates SMTP Security Trusted Address Mail sent from the IP addresses entered here bypass the following list of security checks This affects both inbound and outbound messages therefore you should limit the list to internal and well known sources only Block Scan Attack Reverse DNS Real Time Blacklist Banned IP Addresses Connectio
144. t will focus on its configuration with Exchange and Active Directory NOTE For deployment with Lotus Domino and other SMTP servers please see our Knowledge Base for details http kbase vircom com kbase default asp id 1265 amp Lang 1 amp SID Scenario 1 modusGate in the DMZ With this method modusGate resides in the DMZ while the Exchange Server and other network resources are protected behind a firewall DMZ l LAN i Email Ly a SMTP Port 25 i Router i modusGate 1 LDAP Port 389 3268 Domain Controller Port 389 3268 Scenario 2 modusGate on the same subnet as Exchange Here the firewall provides Network Address Translation NAT or simple port filtering After modusGate is installed and configured change the NAT rule to route mail to modusGate instead of directly to Exchange LAN ai LDAP modusSate Port 389 3268 Email SMTP Port 25 Domain Controller Port 389 3268 COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 7 CONFIGURATION REQUIREMENTS 2 GETTING STARTED Scenario 3 modusGate installed on the Exchange Server Note that this setup is not recommended but can suffice if mail traffic is quite low In this option modusGate must be configured to receive mail on Port 25 while Exchange must be modified to use a different port e g 2525 Receiver Service LDAP Port25 Port 389 3268 LAN Mail Flow H LDAP Request Domain Controller
145. te for which you want to configure encryption Right click and select Properties Go to Directory Security gt Edit Select the appropriate encryption strength e Require Secure Channel SSL forces users to use a secure connection HTTPS when connecting to the modusGate Web application e Require 128 bit encryption forces users to use a stronger encryption method In Client Certificates ensure Ignore client certificates is selected COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 61 SECURITY 4 MODUSGATE ADMINISTRATION Domain Keys Encrypt Message Content The Console settings are used ONLY if you have the PGP Email Gateway server For configuration details see the Knowledge Base article http kbase vircom com kbase default asp id 1691 amp SID amp Lang 1 Sieve script method for other encryption servers If you use a non PGP server to encrypt message content and wish to use modusGate to filter outbound messages contact Vircom s Support team at support vircom com They will help you create a custom sieve script for this purpose From this panel you can configure DKIM Domain Key Identified Mail for modusGate Domain Keys is a method of authentication that uses public keys and the DNS to establish the origin and contents of an email message It allows for near end to end integrity from a signing to a verifying Mail Transfer Agent MTA and is independent of SMTP routing m
146. the user list and count against your user license In addition if alias email addresses are used they will be added to the user list and total user count e SMTP_VRFY is supported by most mail servers but must only be used if the mail server is protected by a firewall with no direct public access Without a firewall the list of valid user accounts can be easily obtained over the Internet Alias email addresses are supported by SMTP_VRFY they will not be counted against the user license 3 Enter the Mail server name or IP 4 The SMTP Port number automatically displays 25 change this only if you use a different number If your mail server type is either SMTP or SMTP_VRFY click Next and go to Step 9 for the remaining instructions If you had selected Exchange as the mail server type click Next and enter your Active Directory LDAP server information 5 Enter the Server name or IP address for your Active Directory or LDAP server COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 18 CONFIGURING ROUTES 3 INSTALL MODUSGATE Step Action 6 Verify the Port number e If using Exchange 2000 2010 port 3268 is automatically configured for the Global Catalog this provides access to the entire list of users mailboxes Selecting Use SSL TLS will auto reset the port to 3269 e If using Exchange 5 5 LDAP port 389 is set e You may optionally enter a custom port 7 The Base DN is auto filled according to
147. tings and configure your preferences e Enabling Force scanning for all Domains and all Users in the System level Spam settings will block the use of User overrides Trusted Senders and Blocked Senders also have user level settings Any addesses that users enter manually will be visible in these screens If you had enabled the Auto trust feature those addresses will not be visible here See System Trusted Senders for details COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 84 FORBIDDEN ATTACHMENTS F A 4 MODUSGATE ADMINISTRATION Forbidden Attachments F A You can block attachments by name or type which can help to prevent new types of viruses and unwanted content from entering your system The Forbidden Attachment controls are separated into 2 layers of tabs Properties and Preferences seen at the bottom of the panel This section begins with the Properties settings which is where you can configure the list of attachments to filter Genera From this panel you can set general properties for the attachment scanner Enable Smart File Type Detection Fingerprinting e Used to enable Fingerprinting a method by which the real attachment type of a specific file is detected e This catches questionable attachments that have been renamed EXAMPLE update doc has been renamed to update txt Fingerprinting will be able to detect that the file is actually a Word document Block zip files en
148. tion modusGate does not scan messages from SMTP authenticated users this is configurable but it always scans for forbidden attachments and viruses Checks the scan properties for each recipient e g soam virus amp attachment scanning levels Checks the Trusted and Blocked Senders lists for each recipient COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 141 SECTION 7 GLOSSARY GLOSSARY 7 GLOSSARY Glossary Address Email Harvesting The process of obtaining lists of email addresses for use in bulk mail or spam Alias An alias is an email address that forwards all email it receives to another email account Catch Rate The catch rate measures the efficiency of a spam solution The calculation used is of soam messages caught of total soam messages x 100 Content Filtering Spam scanning plain text for key phrases and the percentage of HTML images and other indications that the message is spam Denial of Service DoS An attempt to make a computer resource unavailable to its intended users Considered an Internet crime Dictionary Attack A system of combining letters and numbers in an attempt to find active email addresses Any addresses to which messages are delivered as opposed to being bounced back are legitimate Directory Service A network service that identifies all resources on a network and makes them accessible to users and applications The software st
149. tivities Year Month Week Day 07 20 2008 Mail Filter Statistics e Provides a graphical analysis of the messages processed by the system in terms of legitimate mail vs threats with a further breakdown of the threat types e If any of the filters are disabled the name will appear in the legend but the value will show N A If the function is active but there are no results the value will be O Security Statistics e Displays the number of connections blocked per security measure enabled in the Console and the top 10 RBL servers used to compare their efficacy Sender Statistics e Identifies the top 10 email message senders local and external Recipient Statistics e Identifies the top 10 local email message recipients COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 128 APPENDIX A WEB APPLICATIONS 6 APPENDICES Disk Usage Statistics Displays the top ten local email addresses that use the most disk storage space for quarantine and mailbox storage Disk usage statistics are compiled daily at 2 00 AM As such the reported values may not reflect the actual values at the time the report is requested Compilation occurs at this time so as not to interfere with other automated processes and because there is likely to be less mail traffic This ensures that the system has sufficient time to count all messages on the server It could take several hours to compile th
150. ur Support Team at support vircom com Using address lists mask lists In most of the following features where address lists are created you can use wildcards and other formatting to accelerate the process of entering IP addresses host names and email addresses Supported formats include Mark Means 7 The wildcard denotes inclusion i e use all variations of the entry EXAMPLE To block all yahoo com addresses enter yahoo com This format is accepted in all lists except where specified The exclamation mark denotes an exclusion i e use all entries except this one This format is accepted in most lists except where specified XX CIDR slash notation or netmask This format is supported by all features where IP addresses are entered to denote and include subnet masks EXAMPLE 192 168 42 23 24 The order of entries in the lists is important as modusGate applies rules from the top of the list downwards To set the priority of a specific entry use the Up or Down buttons Most features allow you to create and store text based lists elsewhere on the server and to specify the file location in the feature settings without having to manually recreate the list in the console However doing so may cause performance issues particularly if lists are quite long It is therefore recommended to import list contents into the console to speed up response times Lists may be updated and reimported at any time over
151. used by the Policy Management WebPolicy application if applicable It is required to provide access to WebPolicy and to communicate with Active Directory MODUSDQ This is the directQuarantine server service which provides end users with a live view of their quararantined messages in Outlook and the content controls WEBMAILSVR This service controls the WebQuarantine server service if installed on the modusGate server When the web components are installed on a separate machine the service appears stopped this is normal behavior Summary message processing sequence This is a very brief overview of how modusGate processes messages 1 A sending mail server opens a connection to modusGate 2 The SMTPRS service responds requesting the sending server s identification and the message header details COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 52 SYSTEM 4 MODUSGATE ADMINISTRATION Scanning order System databases 3 SMTPRS then applies all configured security checks to validate the supplied information If the message fails any security criteria or if the recipient address does not exist on the local system the connection is rejected and closed 4 Message transmission begins after passing all security criteria 5 The MODUSCAN service then begins scanning the message according to applicable options 6 If the message fails the scan it is treated according to the handling ru
152. user name gt Attachments Enable Override domain default settings e Override cannot be selected if Force scanning for all Domains and all Users is checked in the system settings under FA e Configure your preferences for scanning level message handling and whether this user can release attachments from Quarantine e The attachment list cannot be customized here COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 89 RULES 4 MODUSGATE ADMINISTRATION Rules modusGate provides the ability to create custom scripts to better control spam in your environment You can also use scripts to create message handling rules to meet compliancy regulations Language filters are also available to block foreign language spam Custom Filter From this panel you can create custom sieve scripts for your system and place them in the order in which they should be executed NOTE Sieve is an email filtering script language that can be used with all operating systems and mail architectures It is particularly useful for defining spam filtering rules Some script examples are given below but for more examples see the Knowledge Base article http kbase vircom com kbase default asp id 1333 amp SID amp Lang 1 Follow the instructions below to add or modify a sieve script Step Action 1 Click Add to create a new script L Sieve fel x Name Sample Severity Level E Noma o Description Sample Script Scan Sequence je B
153. ve Bonus O Tue 9 6 2011 1 21 PM 3 vircom Deleted Items a Buy now Viagra Cialis Viagra is a new life D Search Folders Sent Tue 9 6 2011 1 51 PM Now medications are accessible and very much more affordable to anyone who buys them online in Our Pharmacy Take advantage of buying medications in our pharmacy The high quality of our FDA approved medications is guaranteed In addition OUR PRICES are more than affordable We try to keep them as low as possible Therefore we have transferred our business to the WEB reducing our maintenance costs by 50 Saving on rent fees employees equipment we are able to sell our medications at very low rates We understand that you don t want to waste your money on brand names That is why we offer you a GENERIC MEDICATION that is the same as a brand name medication in dosage safety strength how it is taken quality performance and intended use m Jesh The directQuarantine Server application is installed automatically with modusGate It is available for use as a 30 day trial and for licensed users The Client application must be installed and configured separately as a Group Policy Object GPO on your Active Directory Server To access the directQuarantine Client installation program and other files go to Start gt Programs gt Vircom gt dQ A detailed description of the Client installation configuration and user interface can be found in the dQ AdminGuide l
154. wed to release viruses Delete Deletes messages from quarantine COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 98 QUARANTINE MANAGEMENT 4 MODUSGATE ADMINISTRATION Mark as unread Marks read quarantined messages as unread False positive e Only for use with spam e Areport is sent to Vircom identifying messages that you consider to be legitimate and improperly quarantined e Vircom s anti spam team adjusts the filters to prevent future false positives User administration Quarantine Reports The Quarantine Reports section described the configuration and scheduling of the reports this section describes the report functionality When enabled Quarantine Reports are emailed to users on a scheduled basis to provide a summary of their quarantine contents The Reports can be configured to always show all quarantined messages or to show only the new messages that have arrived since the last report was issued modus Quarantine Report Created on Tuesday June 21 2011 8 00 25 AM for Customize the report content and schedule Delete All Contents These messages need your attention Category Subject From Date Action Health C O D payment HYDROCODONE 7 rebbecageralyn usit net 6 20 2011 1 48 PM Release Block Miscellaneous Unleash the Power of Your iPh dms businesswatchnetwork com 6 20 2011 10 21AM Release Block Category Subject From Date Action Health C O D Discreet
155. will block messages if there is any modification to the content It will not be activated if the spammer resends the exact same message Because Extended Mode is only activated when the message body contains an image this causes fewer delivery problems for local users Regardless of the mode used the following are not subject to greylisting e Trusted IP Addresses Trusted Address List Authenticated via POP IMAP Auth Senders or SMTP_AUTH e Senders whose domain has a SPF record but only if SPF Support is enabled see SPF Support below e Sender s IP address if found during a whitelist lookup but only if the feature is enabled see Perform a lookup for SMTP host in the Real Time Whitelist servers COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 55 SECURITY 4 MODUSGATE ADMINISTRATION Greylisting database information e To support greylisting the default database see System gt System Databases must be configured to use SQL Server No other database formats can be used e Greylisting database records are automatically expired after 8 hours Log Entries Greylisting will generate two types of log entries in the OPR Operations log 1 Message from lt Sender s IP gt was temporarily rejected because of greylisting policies e This is the most common log entry indicating that the sender was given a temporary error 2 Message from lt Sender s IP gt was rejected because
156. writing the previous lists with the updated entries COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 47 SECURITY 4 MODUSGATE ADMINISTRATION Protocol Filter The protocol filter allows you to block email messages based on header content This filter comes enabled and pre populated with several known header formats that have been used in past attempts to bypass various security measures While this feature is most useful for modusGate L and AV versions where sieve scripts are unavailable it is recommended to leave the filter operational and intact for all modusGate versions How the filter works There are two parts of an email the envelope and the header that contain the sender recipient and other address information The envelope is deleted when the message is delivered successfully The header is part of the message it can be viewed in the mail client In the envelope the sender field is mailfrom and the recipient is rcptto The equivalent fields in the header are from and to respectively The protocol filter is used by specifying a list of text strings that correspond to the envelope header content to be rejected All incoming messages are checked against the filter list and a message gets rejected when a matching entry is found Because the envelope and header addresses can differ it is good practice to a use wildcards and b create duplicate strings for the mailfrom from and rcptto to pair
157. you to automatically trust the addresses that are stored in your users Contacts and Safe Senders lists e Due to access restrictions in older Exchange versions these features are only supported by Exchange 2007 and 2010 where indicated Auto trust Contacts is supported for both Exchange 2007 and 2010 Safe Senders Lists are supported for Exchange 2010 only Follow the instructions below to configure the settings Step Action 1 Verify that modusGate s default database is set to use SQL SQL Express Server see System gt System Databases gt Default Database Settings 2 Configure Impersonation permissions for the account used to connect to Exchange NOTE An Administrator account does not natively have Impersonation permissions These are required to give modusGate remote access to the contents of the Contacts list F 3 Log into the Exchange server with your Administrator account and load the Exchange Management Shell COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 82 SPAM 4 MODUSGATE ADMINISTRATION Step Action 4 For Exchange 2007 run the following PowerShell command Get MailboxDatabase ForEach Object Add ADPermission Identity _ DistinguishedName User domain administrator ExtendedRights ms Exch EPI May Impersonate For Exchange 2010 run this PowerShell command New ManagementRoleAssignment Name impersonationAssignmentName Role Applicationimpersonation User domain ad
158. ystem When the maximum is reached the oldest IP entry in the cache will be removed Maximum Entry Life Time e Enter the lifetime of an entry in the cache e When the maximum is reached the oldest IP entry in the cache will be removed COPYRIGHT 2011 BY VIRCOM REPRODUCTION AND DISCLOSURE PROHIBITED 53 SECURITY 4 MODUSGATE ADMINISTRATION Sender Reputation Sender Reputation System SRS This is Vircom s own RBL service reputation vircom com SRS classifies email based upon who is sending the message rather than its contents Upon establishing a connection to the SMTP receiver service a DNS query is made to Vircom s RBL with the IP address of the computer connecting to the service If the IP address is found in the RBL that computer is considered to be a spammer The connection can either be dropped immediately or the message from that sender can be quarantined Vircom s RBL differs from other RBLs in that it is highly dynamic It is updated every few minutes based on who is sending the most spam to our honeypots Similarly if someone spams our honeypots accidentally they will automatically be removed from the list a few hours after they stop spamming Sender Validation Greylisting Basic Mode default modusGate sends a temporary error to the sender after the DATA command in the SMTP protocol exchange e Upon receipt of a temporary error a valid SMTP compliant mail server will resend mail By contrast soa
Download Pdf Manuals
Related Search
Related Contents
Benutzerhandbuch WOBCOM Mobilfunk 15 4. PROPUESTA DE UNA METODOLOGÍA DE ANÁLISIS DE Smart Solar 25372RM1 Instructions / Assembly les brassards : mode d`emploi SpectraLink SVP010 Network Card User Manual 年 度 2015年度 科 目 名 日本国憲法(遠隔) 配 当 学 年 1年 必 修 ・ 選 Patriot Memory Box Office Media Player instalación - Lincoln Electric SANRISE Universal Storage Platform / SANRISE Network Storage FavorPrep Plant Total RNA Mini Kit User Manual- https://telegra.ph/Calculate-Current-from-Voltage-Drop-65991bae-11-16
- https://telegra.ph/Calculat-Wire-Area-From-Voltage-Drop-71f47307-11-16
- https://telegra.ph/Concrete-Volume-Calculator-for-Steps-abadfe0b-11-17
- https://telegra.ph/Square-Slab-Concrete-Volume-Calculator-d3a7b5a0-11-17
- https://telegra.ph/1-4-8-Concrete-Mix-Calculator-d1e58080-11-13
- https://telegra.ph/Concrete-Volume-Calculator-for-Curbs-Gutters-98db80fd-11-13
- https://telegra.ph/Round-Slab-Concrete-Volume-Calculator-9c56c358-11-13
- https://telegra.ph/Calculat-Wire-Area-From-Voltage-Drop-651cc9ec-11-18
- https://telegra.ph/Calculate-Wire-Resistor-from-Voltage-Drop-ffa70409-11-18
- https://telegra.ph/Calculate-Wire-Resistor-from-Voltage-Drop-29e098a2-11-18