Home

PureMessage for Microsoft Exchange 2013 startup guide

Contents

1. To do this set up spam quarantine digest email and schedule times when PureMessage should send it out 1 Inthe console tree click Configuration Users and groups and click End user spam digest email 2 Inthe End user spam digest email dialog box enter a subject in the Digest subject text box 3 In the Digest body text panel edit the digest as appropriate or accept the default text To enter or edit a substitution symbol right click and select a substitution symbol from the drop down menu 4 Inthe Send digests on panel select the days and times you want to send out digests Click OK to save your changes 5 In the Manage Changes menu click Save changes PureMessage now sends quarantine digest emails to users at specific times startup guide 11 Monitoring system activity The dashboard shows the system status and displays current statistics that provide the information about the health of all the servers on the system In the console tree click Dashboard DENIES System console Ja Prstem Sever Go Ruming N A waxsut E waksme System status amp Statishcs for server W2K8H1 Transport SMTP Scanning Message volume Virus volume Spam volume Average daily message volume Top viruses Quarantine Quarantine database size bytes M Me be Viruses 4 Quarantine folder size bytes volume Quarantine Quarantine database size 3 bytes 8 Oct g g WOck n s d B D
2. jdegoS3v9 26 b1 s2022 Suspected s E Save changes 19 06 2007 spameorsi t 26 b19s2022 AutoMaler Suspicious A DOSiWindows execu E Discard changes 19 06 2007 psskkrbbhg 1260102022 Suspected s k 19 06 2007 wp 4200 26 b1 s202r2 Congrabdati Suspected s Help ry 19 06 2007 poksASe1 26 b1 s2002 Suspected s cated 19 06 2007 spamzors t 26 b1 s2022 AutoMaler Suspidous A DOS Windows execu 19 06 2007 elabethtol elwabethtolbert From Ms Suspected s 19 06 2007 jwwpl_sAZ00 26 b1 s202 2 Congratuati Suspected s 19 06 2007 inscgiypht 26 b1 s202r2 Re snotty Suspected s 61 19 06 2007 spamzors t 26 b1 s2022 AutoMader Suspicous A postwindows execu 18 19 06 2007 spameorst t 26 b1 5202r2 AutoMaller Suspicious A lbosiwindows execu 8 19 06 2007 gennisdeba bugbear reques Information Suspected s 7 19 06 2007 Rockedrebiw 26 b1 s202r2 Suspected s fso p jar manaa alenwindsbe tab acn camina 2e e ae etten err a kt sl Gotopage T of 1 gt gt Actions What would you le to do with the selected messages DelvevFawad G From this pane you can enter search criteria in the Search panel searching on subject sender recipient message ID reason for quarantine or any combination of these You can also filt
3. Berkeley 3 21 94 The compilation of software known as FreeBSD is distributed under the following terms Copyright c 1992 2013 The FreeBSD Project All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the DOCUMENTATION and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION 45 PureMessage for Microsoft Exchange 2013 46 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The 4 4BSD and 4 4BSD Lite
4. Exchange server that is only accessible to a single user A database on an Exchange server that is accessible to multiple users Automatic interception and scanning of email attachments as they are sent or received A scan that is scheduled to take place automatically at a particular time An internet standard for email transmission across IP networks Email server software uses SMTP to send and receive mail messages A program that installs itself onto a user s computer by stealth subterfuge or social engineering and sends information from that computer to a third party without the user s permission or knowledge A transmission from an end user toward the server A known email server that sends or forward emails to the server on which PureMessage is installed 43 PureMessage for Microsoft Exchange 2013 44 20 Technical support You can find technical support for Sophos products in any of these ways Visit the SophosTalk community at community sophos com and search for other users who are experiencing the same problem Visit the Sophos support knowledgebase at www sophos com en us support aspx Download the product documentation at www sophos com en us support documentation aspx Open a ticket with our support team at https secure2 sophos com support contact support support query aspx startup guide 21 Legal notices Copyright 2013 2015 Sophos Limited All rights reserved No part of this publication
5. In the Manage changes menu click Save changes Filtering blocked phrases regular expressions To define a regular expression as a blocked phrase 1 OOA OW In the console tree click Configuration Transport SMTP Scanning Policy and then click Content Inthe Content filtering dialog box ensure that the status icons for inbound outbound and internal messages title bars are Green and display ON Under Internal messages select the On blocked phrase check box Under Internal messages On blocked phrase click Define On the Regular expression tab click Add Click in the Phrase box and type the following regular expression 0 79 4 27 L03 44 70 9114 710 3114 This expression will match credit card numbers in both 1234 1234 1234 1234 and 1234123412341234 formats Make sure that the Attachment check box is selected Click OK to save your changes and return to the Content filtering dialog box Under Internal messages On blocked phrase click Alert In the Alert configuration dialog box select one or more check boxes to specify who will be notified in the event of PureMessage quarantining a suspicious attachment Click OK to save your changes and return to the Content filtering dialog box In the Manage changes menu click Save changes You can find more information about creating regular expressions at http www regular expressions info 18 18 1 startup guide Appendix F D
6. PureMessage do as follows 1 Double click the PureMessage icon on your desktop 2 Inthe PureMessage console the left hand pane console tree gives you access to the features you can configure The right hand pane details displays information or configuration options G28 PureMessage PureMessage Server Group Dashboard Activity monitor E Y amp Configuration A System 6 Users and groups E pa Transport SMTP scanning policy Gia Filtering p Anti virus BZ Anti spam G Content gt Disdaimers Be Exchange store scanning policy Quarantine Reports i Help and information If you set up a mail domain and upstream email relay during installation see Connect to Active Directory page 14 If you have not yet set up a mail domain see Set up a mail domain and upstream trusted relay page 13 4 2 Set up a mail domain and upstream trusted relay For PureMessage to determine inbound outbound and internal mail correctly you should configure your mail domains and any upstream trusted relays 13 PureMessage for Microsoft Exchange 2013 14 4 3 For information on configuring upstream trusted relays see Appendix B How to configure upstream trusted relays page 31 1 In the console tree click Configuration System and then click Routing 2 In the Routing dialog box do as follows a Click Add and enter an address in the Mail domains panel such as mycompany com Note You need not specify sub doma
7. THE AUTHOR WILL NOT BE LIABLE FOR DATA LOSS DAMAGES LOSS OF PROFITS OR ANY OTHER KIND OF LOSS WHILE USING OR MISUSING THIS SOFTWARE 5 Installing and using the UnRAR utility signifies acceptance of these terms and conditions of the license 6 If you don t agree with terms of the license you must remove UnRAR files from your storage devices and cease to use the utility Thank you for your interest in RAR and UnRAR 55 PureMessage for Microsoft Exchange 2013 56 Alexander L Roshal XPExplorerBar Copyright 2004 2005 Mathew Hall All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LI
8. THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The Institute of Electrical and Electronics Engineers and the American National Standards Committee X3 on Information Processing Systems have given us permission to reprint portions of their documentation In the following statement the phrase this text refers to portions of the system documentation Portions of this text are reprinted and reproduced in electronic form in the second BSD Networking Software Release from IEEE Std 1003 1 1988 IEEE Standard Portable Operating System Interface for Computer Environments POSIX copyright C 1988 by the Institute of Electrical and Electronics Engineers Inc In the event of any discrepancy between these versions and the original IEEE Standard the original IEEE Standard is the referee document In the following statement the phrase This material refers to portions of the system documentation This material is reproduced with permission from American National Standards Committee X3 on Information Processing Systems C
9. an alert to the Administrator Now configure scanning of Exchange stores Configure scanning of Exchange stores Note The Exchange Store is made up of both public and private stores A public store is a database that is accessible to multiple users A private store example a mailbox is usually only accessible to a single user You can configure PureMessage to run background scans at scheduled times on both the private and public stores 1 In the console tree click Configuration Exchange store scanning policy and then click Change exchange siore scan settings startup guide 2 In the Exchange store scan settings dialog box on the Exchange 2013 tab select the Enable background scanning check box in the Exchange private store panel Exchange public store panel or both Note On access and proactive scanning options are not supported on Exchange Server 2013 3 If you want background scanning to be enabled only outside office hours select the Enable background scanning only for out of working hours check box and select your working days and times 4 Click OK to save your changes 5 In the Manage Changes menu click Save changes PureMessage now scans items as configured by your settings 21 PureMessage for Microsoft Exchange 2013 10 10 1 22 Dealing with quarantined items Depending on your configuration PureMessage can quarantine mail that is infected is spam or suspected spam is enc
10. by PureMessage Cadete Number of kemsin view 35 T Sender is Number of temsin quarantine 35 I Recipient is Tne Sender Recipients Subject Resson Infections Content violations T Message ID 19 06 2007 231800 rb sophos com DOD POA Suspected s Cnt as 19 06 2007 jeleabethtol elzabethtobert FROM Mrs Suspected s F From Ce 19 06 2007 whtney708 26 b1 s202r2 Suspected 5 1906 2007 genrisdeba bugbearreques Infarmatio Suspected ito rqeieoee z 19 06 2007 gokpyahoo 26 b1 s202r2 Fuk Paris H Offensive la Fuck fucking Sort by By time new to okt bd 19 06 2007 brandon22t 26 b1 5200r2 Suspected s Servers T 19 06 2007 otyugin4308 26 b1 s200r2 Fuckyourp Offensive la Ruck fuck fucked FU aan uR 19 06 2007 spamzorstBt 26 b10Ds2022 Autodtader Suspicious A DOS Windows execu 19 06 2007 tsnker yah 126 5192022 Re upperd Suspected s Configuration R 19 06 2007 Ipxmog chi 26 b1 s2022 Suspected s 19 06 2007 neksormorg inekormorgsnt GOO S WORK Suspected s Change quarantine settings 19 06 2007 genhayezud 26 b1 5202r2 Suspecteds Be Configure end user spam does emal 19 06 2007 pok64581 26 b1 s202r2 Suspected s 19 06 2007 johrmachy bruce clrke so Youve won Suspected s Manage changes ia 19 06 2007
11. click Content Inthe Content filtering screen ensure the status icon for inbound mail title bar is Green and displays ON Select the On suspicious attachment checkbox Click Define to view and edit file types predefined by Sophos as suspicious attachments In the Inbound messages Suspicious attachment type dialog box click the Attachment types tab In the Attachment types tab the attachment types in the Executable and Object Code groups are selected by default On the Attachment names tab the Block multiple extensions option is selected by default Check the Block potentially unwanted applications PUAs except checkbox If you wish to allow users access to otherwise blocked applications click Add to enter a PUA that you want to allow PUA names can be found at http www sophos com security analyses Click OK to save your changes and return to the Content filtering pane Inthe Content filtering dialog box under the Inbound messages bar in the On suspicious attachment panel select Quarantine message from the drop down menu Under the Inbound messages bar in the On suspicious attachment panel click Alert In the Alert configuration dialog box check one or more checkboxes to specify who will be notified in the event of PureMessage quarantining a suspicious attachment Click OK to save your changes and return to the Content filtering pane In the Manage changes menu click Save changes Note F
12. may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner Sophos and Sophos Anti Virus are registered trademarks of Sophos Limited and Sophos Group All other product and company names mentioned are trademarks or registered trademarks of their respective owners Common Public License The Sophos software that is referenced in this document includes or may include some software programs that are licensed or sublicensed to the user under the Common Public License CPL which among other rights permits the user to have access to the source code The CPL requires for any software licensed under the terms of the CPL which is distributed in object code form that the source code for such software also be made available to the users of the object code form For any such software covered under the CPL the source code is available via mail order by submitting a request to Sophos via email to support sophos com or via the web at http www sophos com en us support contact support contact information aspx A copy of the license agreement for any such included software can be found at http opensource org licenses cpl1 0 php crt FreeBSD COPYRIGHT 8 2
13. this code cannot simply be copied and put under another distribution license including the GNU Public License Protocol Buffers libprotobuf Copyright 2008 Google Inc All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of Google Inc nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TOR
14. 0 startup guide 16 In the Company Information dialog box you can enter details relating to the size location and market sector of your company or organization This valuable feedback helps SophosLabs analyse email security trends Click Next 17 In the Start Copying Files dialog box ensure the settings are correct If they are not use the back button to return to previous dialog boxes and change the settings When they are correct click Next 18 PureMessage displays the installation progress and installs Sophos Anti Virus and Sophos AutoUpdate if not already installed Sophos AutoUpdate automatically downloads updates to virus data and anti spam rules Note In certain circumstances the installation may require you to restart the server The installation will continue after restarting 19 When installation is complete the InstallShield Wizard Complete dialog box is displayed Click Finish If you also want to install a separate PureMessage administration console see Installing a PureMessage console on a separate computer page 11 Note If you have Microsoft Exchange server installed on your network you may need to disable or exclude files from scanning For more information see the Sophos support knowledgebase article http Avww sophos com support knowledgebase article 40065 html To start using PureMessage see Getting started with PureMessage page 13 Installing a PureMessage console on a separate computer The P
15. A MIRRORING ROLE ALL 6 Point the mirror server instance s partner to the principal server instance Mirror gt ALTER DATABASE SavexCnfg SET PARTNER TCP lt hostname gt lt port gt Mirror gt ALTER DATABASE SavexDir SET PARTNER TCP lt hostname gt lt port gt Mirror gt ALTER DATABASE SavexQuar SET PARTNER TCP lt hostname gt lt port gt Mirror gt ALTER DATABASE SavexRprt SET PARTNER TCP lt hostname gt lt port gt lt hostname gt must be replaced with the fully qualified DNS hostname of the principal server lt port gt must be replaced with a TCP port number to be used for the endpoint e g 7022 39 PureMessage for Microsoft Exchange 2013 40 7 Point the principal server instance s partner to the mirror server instance Principal gt ALTER DATABASE SavexCnfg SET PARTNER TCP lt hostname gt lt port gt Principal gt ALTER DATABASE SavexDir SET PARTNER TCP lt hostname gt lt port gt Principal gt ALTER DATABASE SavexQuar SET PARTNER TCP lt hostname gt lt port gt Principal gt ALTER DATABASE SavexRprt SET PARTNER TCP lt hostname gt lt port gt lt hostname gt must be replaced with the fully qualified DNS hostname of the mirror server lt port gt must be replaced with a TCP port number to be used for the endpoint e g 7022 For more information on setting up database mirroring using Windows authenticatio
16. AL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The views and conclusions contained in the software and documentation are those of the authors and should not be interpreted as representing official policies either expressed or implied of the FreeBSD Project UnRAR The source code of UnRAR utility is freeware This means 1 All copyrights to RAR and the utility UnRAR are exclusively owned by the author Alexander Roshal 2 The UnRAR sources may be used in any software to handle RAR archives without limitations free of charge but cannot be used to re create the RAR compression algorithm which is proprietary Distribution of modified UnRAR sources in separate form or as a part of other software is permitted provided that it is clearly stated in the documentation and source comments that the code may not be used to develop a RAR WinRAR compatible archiver 3 The UnRAR utility may be freely distributed It is allowed to distribute UnRAR inside of other software packages 4 THE RAR ARCHIVER AND THE UnRAR UTILITY ARE DISTRIBUTED AS IS NO WARRANTY OF ANY KIND IS EXPRESSED OR IMPLIED YOU USE AT YOUR OWN RISK
17. An item will be rescanned only if a more up to date virus signature has been released by Sophos Background scanning Exchange server background scanning continuously navigates the entire Exchange Store As items that have not been scanned are encountered they are submitted to PureMessage for scanning Background scanning is disabled by default for both private and public information stores As background scanning has a performance impact on the Exchange server we recommend that you schedule it to run during periods of low server activity Background scanning schedules can be defined in the Exchange store scan settings dialog Note The scanning process will be reset if a virus signature update is received from Sophos For large message stores this can mean that background scanning will not complete a full scan of the store For information on defining background scanning periods and enabling background scanning see Configure scanning of Exchange stores page 20 17 17 1 get al startup guide Appendix E Filtering attachments containing unwanted content PureMessage can analyse content within common document types This enables you to search for phrases within those documents when they are attached to messages as files and apply policy rules accordingly PureMessage can extract content from the following file types Plain text TXT HTML Rich text RTF PDF Microsoft Office documents DOC DOCX PPT PP
18. F LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE OpenSSL Cryptography and SSL TLS Toolkit The OpenSSL toolkit stays under a dual license i e both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit See below for the actual license texts Actually both licenses are BSD style Open Source licenses In case of any license issues related to OpenSSL please contact openssl core openssl org OpenSSL license Copyright 1998 2011 The OpenSSL Project All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http Awww openssl org 4 The names OpenSSL Toolkit and OpenSSL Project must not be used to
19. L SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE strcasestr c Copyright 1990 1993 The Regents of the University of California All rights reserved This code is derived from software contributed to Berkeley by Chris Torek Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR P
20. MITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
21. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Simple ECMAScript Engine SEE Copyright 2003 2004 2005 2006 2007 David Leonard All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 Neither the name of David Leonard nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLAR
22. SE SavexCnfg FROM DISK lt path gt SavexCnfg bak WITH NORECOVERY Mirror gt RESTORE DATABASE SavexDir FROM DISK lt path gt SavexDir bak WITH NORECOVERY Mirror gt RESTORE DATABASE SavexQuar FROM DISK lt path gt SavexQuar bak WITH NORECOVERY Mirror gt RESTORE DATABASE SavexRprt FROM DISK lt path gt SavexRprt bak WITH NORECOVERY lt path gt must be replaced with a path to a folder where the backup is held If the path names of the principal and mirror databases differ then it will be necessary to use the MOVE option of the RESTORE command e g Mirror gt RESTORE DATABASE SavexCnfg FROM DISK lt path gt SavexCnfg bak WITH NORECOVERY MOVE SavexCnfg TO C Program Files Microsoft SQL Server MSSQL 1 MSSQL DATA SavexCnfg mdf MOVE SavexCnfg_log TO C Program Files Microsoft SQL Server MSSQL 1 MSSQL DATA SavexCnfg_1 LDF For more information on preparing a mirror database for mirroring see http technet microsoft com en us library ms189047 aspx 4 Create a mirroring endpoint on the principal server instance Principal gt CREATE ENDPOINT Mirroring STATE STARTED AS TCP LISTENER_PORT lt port gt FOR DATA MIRRORING ROLE PARTNER lt port gt must be replaced with a TCP port number to be used for the endpoint e g 7022 5 Create an endpoint on the mirror server instance Mirror gt CREATE ENDPOINT Mirroring STATE STARTED AS TCP LISTENER_PORT lt port gt FOR DAT
23. SOPHOS Security made simple PureMessage for Microcom Exchange 3 Startup guide Product version 4 0 Document date June 2015 Contents 1 About this QUIDG ic noi ihe end Boe ene ea ei ed eee N EGT 4 2 Planning your PureMessage GeployMent cceecceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeneeeeeeeeeneaeeeeeeeeeaeeees 5 2 1 Deploying PureMessage to a single Exchange Servel cccceeeeeeteeeeeeteeteeeeetenee 5 2 2 Deploying PureMessage to multiple Exchange Servels ccccseceeseeeseeeeeeeeneeeeneee 5 3 Installing PUreMGSSAG 6 x25 svete dve ade akokr AARRE AKRE EE SASETAREN 7 3 1 System require Ment ceccccccececeeeeeeeecaeeeeeeeeeceaeeeeeaaeecaeesseaaeeseeeeeeeaaaessaeeeeeaaeesenes 7 3 2 Preparing for installation cccceeeeeeeeeeeeeeeeeeeceeeeeeeeaeeseaeeeeeaaeeseeeeesaaaeseeeeeessaaeenenes 7 3 3 Preconfiguring UPCates cccccccceeceeeeeecceeeeeeeeeeceaeeeeeaaeeeeaeeeesaaeeseeeeesaaeseeeeeesiaaeesenes 8 3 4 Installing PUreMeCSS QEC cccceceeceeeeeeceeeeeeeeeee cease eeeaaeeseaeeeesaaeeseaeeeesaaaeseeeeeetiaaeesines 8 3 5 Installing a PureMessage console on a separate COMPUTEL cceeeeeeeeeeeeteeeeees 11 3 6 PureMessage Configuration Group ccccccccccseeeeeeeecceeeeeeeesecaeeeeaeesecueeesaaeeeeeeees 12 4 Starting and configuring PUreMeSSQQE ccceeceeeeeeeeeneeeeeneeeeeaeeeeeaeeesaeeeeeaeeeseeeestaaeeesaees 13 4 1 Getting started with PureMessa
24. T INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Code generated by the Protocol Buffer compiler is owned by the owner of the input file used when generating it This code is not standalone and requires a support library to be linked with it This support library is itself covered by the above license pstdint Copyright c 2005 2007 Paul Hsieh All rights reserved startup guide Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the DOCUMENTATION and or other materials provided with the distribution 3 The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO
25. T ON ENDPOINT Mirroring TO lt user gt Witness gt GRANT CONNECT ON ENDPOINT Mirroring TO lt user gt lt user gt must be replaced with the SAM name of account running the accessing SQL Server startup guide 11 If necessary e g if the servers are under heavy load increase the ping timeout for the connections as follows Principal gt ALTER DATABASE SavexCnfg SET PARTNER TIMEOUT lt integer gt Principal gt ALTER DATABASE SavexDir SET PARTNER TIMEOUT lt integer gt Principal gt ALTER DATABASE SavexQuar SET PARTNER TIMEOUT lt integer gt Principal gt ALTER DATABASE SavexRprt SET PARTNER TIMEOUT lt integer gt lt integer gt must be replaced with the required timeout in seconds The default time out used by SQL Server is 10 seconds 41 PureMessage for Microsoft Exchange 2013 42 19 Glossary Active Directory synchronization Active Passive cluster adware and PUAsS background scanning dashboard demilitarized zone DMZ downstream email relay Exchange Store failover information store malware node non delivery report NDR A one way synchronization of Active Directory users and groups with the PureMessage cache A two node cluster where the Active node owns the services and the Passive node remains inoperative Adware displays advertising for example pop up messages which affects user productivity and system efficiency A potentially unwanted applicatio
26. TX XLS XLSX etc Microsoft Project m Microsoft Visio Filtering blocked phrases within attachments This section contains two examples of how you can define policies to filter attachments which contain blocked phrases 1 Identify attachments containing the word Confidential You do this by defining a string of text as a blocked phrase 2 Identify attachments containing credit card numbers in the format 1234 1234 1234 1234 or 1234123412341 234 You do this by defining a regular expression as a blocked phrase Filtering blocked phrases strings of text To define a string of text as a blocked phrase 1 In the console tree click Configuration Transport SMTP Scanning Policy and then click Content 2 In the Content filtering dialog box ensure that the status icons for inbound outbound and internal messages title bars are Green and display ON Under Outbound messages select the On blocked phrase check box Under Outbound messages On blocked phrase click Define On the String wildcards supported tab click Add Click in the Phrase box and type Confidential Make sure that the Attachment check box is selected Click OK to save your changes and return to the Content filtering dialog box on Oo KR w 35 PureMessage for Microsoft Exchange 2013 17 1 2 36 9 10 Under Outbound messages click the On blocked phrase drop down list and select Quarantine message and deliver
27. TY OF NON INFRINGEMENT AND C ANY WARRANTY WITH RESPECT TO THE QUALITY ACCURACY EFFECTIVENESS CURRENCY OR COMPLETENESS OF THE SOFTWARE INNO EVENT SHALL IEEE OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE AND REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE THIS SOFTWARE USES STRONG CRYPTOGRAPHY WHICH MAY BE SUBJECT TO LAWS AND REGULATIONS GOVERNING ITS USE EXPORTATION OR IMPORTATION YOU ARE SOLELY RESPONSIBLE FOR COMPLYING WITH ALL APPLICABLE LAWS AND REGULATIONS INCLUDING BUT NOT LIMITED TO ANY THAT GOVERN YOUR USE EXPORTATION OR IMPORTATION OF THIS SOFTWARE IEEE AND ITS CONTRIBUTORS DISCLAIM ALL LIABILITY ARISING FROM YOUR USE OF THE SOFTWARE IN VIOLATION OF ANY APPLICABLE LAWS OR REGULATIONS Info ZIP Copyright 1990 2007 Info ZIP All rights reserved startup guide For the purposes of this copyright and license Info ZIP is defined as the following set of individuals Mark Adler John Bush Karl Davis Harald Denker Jean Michel Dubois Jean loup Gailly Hunter Goatley Ed Gordon lan G
28. URPOSE ARE DISCLAIMED IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE startup guide Udis86 Copyright c 2002 2009 Vivek Thampi All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTI
29. Y OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE SQLCipher Copyright 2008 2012 Zetetic LLC 53 PureMessage for Microsoft Exchange 2013 54 All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of the ZETETIC LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY ZETETIC LLC AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTA
30. age at hitp www sophos com support updates You will need credentials to download products and documentation Browse to the PureMessage page and download the PureMessage for Microsoft Exchange installer package you require Choose Anti virus and anti spam or Anti virus only as your license permits Using Windows Explorer browse to your download folder and start the installer package The installation wizard begins Note Ensure that the installer is not run from a network share In the Welcome dialog box click Next In the License Agreement dialog box read the agreement If you agree with the terms click accept the terms of the license agreement and click Next In the Select Features dialog box select the components you want to install and click Next In the Choose Destination Location dialog box you see the default folder where PureMessage will be installed If you want to install it in a different folder click Browse and select a folder Click Next In the Sophos Download Credentials dialog box enter the User name and Password that were supplied by Sophos If you access the internet via a proxy click Proxy Details and enter your proxy settings Otherwise click Next PureMessage for Microsoft Exchange 2013 10 10 In the PureMessage Database settings dialog box specify the database SQL Server where PureMessage will store reporting data central quarantine and policy configuration information Click Next PureMe
31. als Accordingly the foregoing paragraph of those BSD Unix files containing it is hereby deleted in its entirety William Hoskins Director Office of Technology Licensing University of California Berkeley dtoa c The author of this software is David M Gay Copyright 1991 2000 by Lucent Technologies Permission to use copy modify and distribute this software for any purpose without fee is hereby granted provided that this entire notice is included in all copies of any software which is or includes a copy or modification of this software and in all copies of the supporting documentation for such software THIS SOFTWARE IS BEING PROVIDED AS IS WITHOUT ANY EXPRESS OR IMPLIED WARRANTY IN PARTICULAR NEITHER THE AUTHOR NOR LUCENT MAKES ANY REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE IEEE Software Taggant Library This software was developed by The Institute of Electrical and Electronics Engineers Incorporated IEEE through the Industry Connections Security Group ICSG of its Standards Association Portions of it include software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org and those portions are governed by the OpenSSL Toolkit License 47 PureMessage for Microsoft Exchange 2013 48 IEEE License Copyright c 2012 IEEE All rights reserved Redistribution and use in source and binary form
32. am or suspected spam 1 In the console tree click Configuration Transport SMTP scanning policy Anti spam and then Change anti spam settings 2 Inthe Anti spam settings dialog box use the slider controls to adjust the threshold above which PureMessage regards an email as spam or suspected spam Note Sophos recommends you set your ratings above 50 to avoid legitimate mail being classed as spam or suspected spam 3 Ensure the Check reputation of message relays against external DNS block lists checkbox is checked Enabling this option will check incoming messages against the IP addresses of known spam sources and will filter out any messages coming from these IP addresses 4 Inthe Anti spam settings dialog box you can check the Check reputation of first external relay only checkbox only after configuring upstream trusted relays correctly This option will only check the first external relay for more deterministic spam scoring 5 If you want to add the spam score as a SCL rating check the Add spam score to message as Microsoft Spam Confidence Level SCL rating checkbox Messages delivered to end users with a SCL rating higher than a particular value are diverted into the user s Junk mail folder in Microsoft Outlook Click OK to save your changes 6 In the Manage changes menu click Save changes For optimal spam detection ensure PureMessage has up to date information regarding the addresses of any upstream trusted relay
33. anning is enabled follow these steps 1 In the console tree click Configuration Transport SMTP scanning policy and then click Anti virus 2 Inthe Anti virus screen ensure that the scanning status icons in the inbound outbound and internal message title bars are Green and display ON Anti virus Inbound messages Onintection Except whentecipiert ix C saes ieoa i Alon P Add Remove Incteaseptiony 4 Deciease priory Oninfection eee Onenciypted message f Alat D lt _ _ _ _ _ _ _ _ _ Onenctypted attachment Alet Note You can define separate policies for each direction of mail and you can define specific policies for exempt users and groups For more information see the PureMessage for Microsoft Exchange user manual PureMessage now protects against viral threats Next see Blocking files which may contain threats page 18 17 PureMessage for Microsoft Exchange 2013 18 Blocking files which may contain threats Sophos recommends that you block inbound email attachments that are most likely to contain threats The On suspicious attachment policy rule is preconfigured to block file types that are commonly used to transport email threats such as executable files exe scr com pif etc By default this rule is turned off 1 In the console tree click Configuration Transport SMTP scanning policy and then
34. art so schedule the installation for a time when restarting the server will cause the least inconvenience If you want to use spam blocking Make sure that you have a valid anti spam license and download credentials from Sophos so that you can download anti spam updates Make sure that PureMessage is installed on a computer with Internet access as anti spam updates are only available direct from Sophos If you use Sophos Enterprise Console to protect your PureMessage server make sure that the server is configured to download anti spam updates directly from Sophos as described in Preconfiguring updates page 8 If you are installing PureMessage on multiple servers make sure that your SQL server is set up for remote access See the PureMessage for Microsoft Exchange release notes for further details Preconfiguring updates If you use PureMessage for spam blocking it needs to update regularly with the latest rules for detecting spam These spam rules can only be downloaded directly from Sophos via the internet If you are going to install PureMessage on a computer that does not already have Sophos Anti Virus installed updating will be set up for you and you need take no further action Go to Installing PureMessage page 8 If you are going to install PureMessage on a computer already running Sophos Anti Virus and managed by Sophos Enterprise Console you must follow the instructions below Note You will need the username a
35. atabase Mirroring Database mirroring is a feature of SQL Server available only in the Standard and Enterprise editions of SQL Server since SQL Server 2005 SP1 that provides high availability without the need for a single copy cluster To use mirrored databases with PureMessage you must perform the following Prepare SQL Server instances page 37 Install PureMessage with database mirroring page 38 Configure PureMessage for database mirroring page 38 Prepare SQL Server instances Before installing PureMessage you must prepare the SQL Server instances that will be used A mirrored SQL database requires two or three SQL Server instances 1 A principal server instance data source 2 A mirror server instance failover partner 3 Optionally a witness server instance For information on SQL Server preparation for mirroring see http www microsoft com technet prodtechnol sql 2005 dbmirror mspx http msdn microsoft com en us library ms 190941 aspx Note Ensure that the SQL Server instances are authenticated to access each other This means that the accounts under which a SQL Server instances run must be granted access to the other SQL Server instances used in the mirror set and that remote connections e g over the TCP IP protocol must be enabled The principal and mirror server instances should host the same edition of SQL Server and it should be an edition that supports mirroring For automatic failov
36. d so that the replication settings on the server are updated To maintain Exchange availability during the re install of PureMessage the mailbox databases hosted on the server should be moved to an alternative server in the DAG If you have separated Mailbox and Client Access servers then install PureMessage first to the Mailbox server and then to the Client Access server Uninstalling PureMessage from a cluster All PureMessage administration consoles if running need to be closed from all servers before uninstalltion Follow instructions in Uninstalling PureMessage page 27 Administering PureMessage on a cluster Several PureMessage servers may be arranged into a group and administered together from a single PureMessage console All PureMessage servers in a group have the same policy settings applied to them that is when a policy change is made it is automatically applied to all the servers in the group Requirements and limitations The number of PureMessage servers in a group is limited by users network bandwidth and by SQL Server database resource limits All group members need to also be members of the same domain The ability to administer PureMessage servers from the remote console is directly dependant on the reliability of user network and database server connections Using the PureMessage administration console In order to manage a group of PureMessage servers the PureMessage console should connect to any s
37. e This Sophos product may include certain Microsoft software licensed to Sophos for inclusion and use herein Mersenne Twister mtl993 7ar c Copyright c 1997 2002 Makoto Matsumoto and Takuji Nishimura All rights reserved 49 PureMessage for Microsoft Exchange 2013 50 Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 The names of its contributors may not be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY O
38. e message is internal 4 Is the internal IP address on the list of trusted relays Yes the message is inbound No the message is internal 32 16 Loud 16 1 1 16 1 2 16 1 3 startup guide Appendix D About PureMessage mail scanning PureMessage scans all SMTP inbound outbound and internal email messages and Exchange store emails and includes threat reduction technology to protect against new or unknown email borne threats SMTP scanning SMTP filtering The SMTP filtering options in PureMessage perform recipient validation and use custom block lists to block hosts and messages in order to reduce the processing overhead on the server and save bandwidth Recipient validation Organisations receive a lot of spam messages that are addressed to non existent users Recipient validation allows you to discard messages addressed to non existent users This option requires a connection to a directory server or custom users and groups to provide the email addresses which are used to validate recipients Typically this will be an Active Directory server Block lists Block lists allow you to specify hosts and senders from whom PureMessage should not accept any messages Note For information on enabling recipient validation and creating block lists see the PureMessage for Microsoft Exchange user manual Anti virus policies You can define separate anti virus policies for inbound outbound and internal mail For i
39. eMessage on an Exchange server that is configured as a mailbox only role the PureMessage Mailbox Role Settings dialog box is displayed Select the Exchange transport server which PureMessage should use to send alert email messages Click Next 14 In the PureMessage Administration Settings dialog box enter an Administrator email address PureMessage will send alerts to this email address You can change this address later too Click Next Note PureMessage creates a security group in Active Directory called Sophos PureMessage Administrators which includes all PureMessage administrators By default the current user will be added to this group 15 In the PureMessage Routing settings dialog box do as follows a Enter your company s email domain s such as mycompany com in the top panel Note You need not specify sub domains When you specify a domain the sub domains are included automatically b Enter the IP addresses of any trusted email relays such as your ISP s SMTP server and any email gateway server or appliance upstream of your Exchange servers Click Next Note PureMessage uses the upstream relays configuration to determine mail direction Not configuring an upstream relay can cause PureMessage to classify mail from upstream relays as internal and hence skip spam scanning for those messages For information on configuring upstream trusted relays see Appendix B How to configure upstream trusted relays page 31 3
40. ed from the binary or disabled 3 Altered versions including but not limited to ports to new operating systems existing ports with new graphical interfaces versions with modified or added functionality and dynamic shared or static library versions not from Info ZIP must be plainly marked as such and must not be misrepresented as being the original source or if binaries compiled from the original source Such altered versions also must not be misrepresented as being Info ZIP releases including but not limited to labeling of the altered versions with the names Info ZIP or any variation thereof including but not limited to different capitalizations Pocket UnZip WiZ or MacZip without the explicit permission of Info ZIP Such altered versions are further prohibited from misrepresentative use of the Zip Bugs or Info ZIP e mail addresses or the Info ZIP URL s such as to imply Info ZIP will provide support for the altered versions 4 Info ZIP retains the right to use the names Info ZIP Zip UnZip UnZipSFX WiZ Pocket UnZip Pocket Zip and MacZip for its own source and binary releases Lua The Sophos software that is described in this document may include some software programs that are licensed or sublicensed to the user under the Lua License A copy of the license agreement for any such included software can be found at http www lua org copyright html Microsoft softwar
41. eees 31 Appendix C How does PureMessage route Mail 0 cccccceceeeeeeeeeeeeceeeeeaeeseeeeeesaaeeteeneess 32 Appendix D About PureMessage mail SCANning ccceceeeeeeeeeeeeeeeeneeeeeeenaeeeeeetaeeeeeee 33 16 1 SMTP Sc aNNNG ionian soe teen cea iiki ellie Rakes een elie nov aa 33 16 2 Exchange Store SCanning inano iaeaea e test ceviss pended Pa aa raaa iana Ae 34 Appendix E Filtering attachments containing unwanted content seeseeeeseeeeseeeeeesren 35 17 1 Filtering blocked phrases within attachment cceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeneees 35 Appendix F Database MiIrroring eeccceeeeeeeeeeeeeeeeeeeeeeeaeeeeeeeeeaeeeeeeeaaaeeeseeeaaeeeeeeeaaeeeeeseaas 37 18 1 Prepare SQL Server instances cccceecceceeeeeeeeeee sees eeeeaeeseeeeeesaaeseeeeeetaaeeneeeeees 37 18 2 Install PureMessage with database MiIrrOring eccceeeeeeeeeeeeeeeeeeeeeeeteeeeeeeeeeeeaees 38 18 3 Configure PureMessage for database MiIrrOring ccceecseccessesceeeeesseteeeeessseaaes 38 GIOSS ANY A AE E E EE ETE A cas teat pens A ATA E AE 42 TechmicalSUPPOrt tee a aa E TE AEA AEAEE A E ANEAN E AEEA 44 Legal NOCO aore E a E i en eee eee 45 PureMessage for Microsoft Exchange 2013 1 About this guide This guide tells you how to do the following install PureMessage 4 0 for Microsoft Exchange 2013 start PureMessage integrate PureMessage with Active Directory set up alerts ensure that anti virus
42. endorse or promote products derived from this software without prior written permission For written permission please contact openssl core openssl org 5 Products derived from this software may not be called OpenSSL nor may OpenSSL appear in their names without prior written permission of the OpenSSL Project 6 Redistributions of any form whatsoever must retain the following acknowledgment startup guide This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http Awww openssl org THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE This product includes cryptographic software written by Eric Young eay cryptsoft com This product includes software written by Tim Hudson tjh cryptsoft com Origina
43. er a witness server is required For high availability the SQL Server instances must be installed on different physical servers and use synchronous mode If any firewalls exist between the SQL Servers they must be configured to allow the SQL servers to communicate over the TCP port chosen for mirroring It is recommended that SQL installations use the same SQL instance name and file paths on all servers 37 PureMessage for Microsoft Exchange 2013 18 2 16 3 38 Install PureMessage with database mirroring Database mirroring is enabled in PureMessage by selecting the Remote database option and supplying the names of both the principal and mirror server instances during installation The names should be entered in the PureMessage Database settings dialog box separated with a semi colon Example Server1 lnstance1 Server2 lnstance1 If PureMessage has already been installed without mirroring then these changes can be made retrospectively For information contact Sophos Technical Support Configure PureMessage for database mirroring Once the PureMessage installation is completed the databases and PureMessage login will have been created on the principal server instance The PureMessage login is named lt domain gt SophosPureMessage where lt domain gt is the domain of the PureMessage Server or the machine name for a server that is in a workgroup The following steps can all be performed from the SQL Server Mana
44. er your search by date using the To and From fields 2 The list of quarantined messages is displayed in the details pane Double click an item for more details such as reasons for quarantining 3 To deal with an item highlight it select an action from the drop down menu in the Actions pane and then click Go You can delete a quarantined item or remove the virus es and deliver it If you believe mail to be wrongly classified please submit the item to Sophos for analysis If you selected Deliver Forward go to step 4 otherwise the selected action is performed 4 lf you choose Deliver Forward from the drop down Actions menu the Deliver message s dialog box appears In the Deliver messages dialog box you can deliver the selected message s to intended recipients or to specified recipients You can use this feature to forward quarantined items to an administrator to review the content of the email For more information see the PureMessage for Microsoft Exchange user manual 5 Note that PureMessage delivers a copy of the email The original file remains in the quarantine folder for the number of days specified in the Quarantine settings dialog box unless you choose to Automatically delete message s from quarantine after delivery 23 PureMessage for Microsoft Exchange 2013 10 3 10 4 24 6 If you want to add the sender to your list of trusted senders check the Add sender to allowed list skip spam scanning for this sender c
45. erver in the group When policy changes are made they will be automatically applied to 29 PureMessage for Microsoft Exchange 2013 all services in the group Additionally the activity monitor and dashboard screens will display status information for all the servers in the group RRS eR nnn renee 298 8H OH Oe elele sielaicie alalaialalalalai S woo aooo 9 9 9 9 1602009 172637 Quarerened message CVINZKIG a eee ae enone a Veen toes 14 5 2008 17 28 33 Ostected erenyted eroagted smal mp n TV Pha SRA DOOI Mir 3k Stave Sori tery Areke voela v te operes Laser xchg test soohost In order to manage a different group of PureMessage servers from the same console it is necessary to disconnect from the current group and reconnect to a server from the new group To do this on the PureMessage toolbar click on the Select server Exi icon 30 14 14 1 startup guide Appendix B How to configure upstream trusted relays You should configure any upstream trusted relays to improve your email scanning speed and spam detection By default PureMessage will run a reputation check on each email server address specified in an email When a server is added to the upstream trusted relay list the reputation check for that server is skipped Because a lower volume of reputation checks has to be carried out this improves the email scanning speed Upstream trusted relays also enable the spam engine t
46. et By default the servers are listed in alphabetical order on the dashboard unless one or more registers a system failure In this case the System Status traffic light becomes red the faulty server is marked with a warning icon and the server is displayed at the top of the list For each server the System console panel displays the following information Whether Transport SMTP Scanning is Running Stopped by user or Unavailable If the status is unavailable an alert is displayed Whether Exchange Store scanning is Running Stopped by user or Unavailable If the status is unavailable an alert is displayed 25 PureMessage for Microsoft Exchange 2013 26 Whether the last update succeeded and if so the time and date it took place If it did not succeed an alert is displayed Whether there is a virus outbreak and if so on which server For the selected server the Summary statistics for today panel displays scanning and quarantine information for today that is since midnight and shows the trends for each main category of information in the form of a graph The information includes The current day s transport SMTP scanning statistics including message volume spam and viruses The current day s Exchange store scanning statistics including attachments processed and viruses detected The current day s quarantine statistics All information is refreshed every two minutes sta
47. ge ccccccccseceeeeeececeeeeeeeeeeceeeeeaeeseeeeeeeeaaeseeeeeess 13 4 2 Set up a mail domain and upstream trusted relay ccescceeeeeeeeeeeeteeeeeeseeeeeeeeeees 13 4 3 Connect to Active DireCtOry ccccceeccececeeceeceeeeeeeeeesaaeseeaaeeeeeaeeeeaaeeseceeeeaaesneneeess 14 5 Setting Up ASKS rresia hs Apu casca sale ceuhes da sce ewelatedevast cats easacdeeds dan dh vededact abeceteeleees 16 5 1 Setting up an address for Alerts ccccceececeeeeeneeeeeeeeeeaeeseeeeeesaeeeeeeeeeseaeeseeneeeeaas 16 5 2 Setting up a template for email alerts ec eeeeeceeeeeeeeeeeeeeeeeeeeaeeeeeeeeeseaeeeeeeeeeas 16 6 Ensuring anti virus Scanning iS CNADIEC eee ceee eset eeeeeecneee eee eaeeee ee etaaeeeeeeeaaeeeeeetaeeeeene 17 7 Blocking files which may contain threats c cccececceeeeeeeeeee cesses eeeeeeeesaeeeeeeeeeseeeseeaeeeeaees 18 8 BIOCKING Spaanse cel dite ele seein ste ddeeed EE 19 8 1 Change anti spam SettingS ccccccccceseseeeceteeeeeeeeeeeaeeeeeaaeeeeeeeeesaaeesseneeeseaeesseneeetaas 19 9 Scanning Exchange Message Stores ccccccceeeeceeeeeeeeeeeeeceeeeeeaaeeeeeeeeesaeeeeeeeeeceeesseaeeseaees 20 9 1 Enable store scanning and Alerts eecccceceeeeneeeeeeeneeeeeeeaaeeeeeeeaeeeeeeeaaeeeeeneaas 20 9 2 Configure scanning of Exchange Stores ccccccceeeeeeeeeeeeseeeeeeeeaeeeeeeeeesceeeteneeesas 20 10 Dealing with quarantined Items cece cece ee eeeeeeeeeeeeeeeeeeesaeeeeeeesae
48. gement Studio application or by issuing the SQL commands provided For more information on using SQL Server Management Studio see http technet microsoft com en us library ms175134 aspx 1 Create the PureMessage login on the mirror server instance Mirror gt CREATE LOGIN lt domain name gt SophosPureMessage FROM WINDOWS lt domain name gt must be replaced with the actual domain of your PureMessage server or with the machine name if in a workgroup For more information on setting up login accounts see http technet microsoft com en us library ms366346 aspx 2 Perform a full backup for each of the four PureMessage databases from the principal server Principal gt BACKUP DATABASE SavexCnfg TO DISK lt path gt SavexCnfg bak Principal gt BACKUP DATABASE SavexDir TO DISK lt path gt SavexDir bak Principal gt BACKUP DATABASE SavexQuar TO DISK lt path gt SavexQuar bak Principal gt BACKUP DATABASE SavexRprt TO DISK lt path gt SavexRprt bak lt path gt must be replaced with a path to a folder where the backup is to be stored For more information on preparing a mirror database for mirroring see http technet microsoft com en us library ms189047 aspx startup guide 3 Make the database backup available on the mirror server and restore each database to the mirror server instance This will set the mirrored databases to Mirror Synchronized Restoring state Mirror gt RESTORE DATABA
49. heckbox 7 Click OK to save your changes Enabling end users to access the spam quarantine website There are two ways to enable end users access the spam quarantine website You can set a task to send all users with quarantined spam mail an email notification so they can click a link to access the website See Setting up quarantine digest emails to users page 24 Alternatively if you use Active Directory users can visit the spam quarantine website directly at any time using a web browser such as Internet Explorer at the following address http servername port Where servername is the name of the server on which PureMessage is installed and port is the port number for the quarantine digest website port 8081 by default When the user accesses the website Internet Information Services IIS will authenticate the user with Windows Authentication If the user owns multiple email addresses aliases the soam quarantine website will show email messages quarantined for all the addresses If you want to distribute written instructions to your users that explain how to access the spam quarantine website see the PureMessage for Microsoft Exchange user manual Setting up quarantine digest emails to users PureMessage can send each user a message informing them that some of their email has been quarantined as spam The user can follow a link to the web based spam quarantine where they can delete unwanted mail or retrieve wanted mail
50. ins When you specify a domain the sub domains are included automatically b To add an upstream trusted relay click Upstream trusted relays 3 In the Upstream trusted relays dialog box click Add to specify an upstream trusted relay address or range of addresses 4 In the Specify Host IP Addresses dialog box enter a single IP address or a range of addresses You can also enter a comment for administrative use and click OK 5 In the Upstream trusted relays dialog box click OK to save your relay s 6 In the Manage changes menu click Save changes PureMessage now recognizes your specified mail domains and upstream trusted relays Now connect to Active Directory See Connect to Active Directory page 14 Connect to Active Directory You can configure PureMessage to integrate with Microsoft Active Directory You can then use recipient validation features and create message policies based on users and groups already configured in the directory server If you do not need to use these features skip this section Note To configure directory server settings when using ADAM AD LDS see the PureMessage for Microsoft Exchange user manual 1 In the console tree click Configuration Users and groups and click Active Directory 2 Inthe Active Directory dialog box click Detect Active Directory The directory server settings should be filled in automatically If not you may need to fill in the directory server settings manual
51. l SSLeay license Copyright 1995 1998 Eric Young eay cryptsoft com All rights reserved This package is an SSL implementation written by Eric Young eay cryptsoft com The implementation was written so as to conform with Netscape s SSL This library is free for commercial and non commercial use as long as the following conditions are adhered to The following conditions apply to all code found in this distribution be it the RC4 RSA Ihash DES etc code not just the SSL code The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson tjn cryptsoft com Copyright remains Eric Young s and as such any Copyright notices in the code are not to be removed If this package is used in a product Eric Young should be given attribution as the author of the parts of the library used This can be in the form of a textual message at program startup or in documentation online or textual provided with the package Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distributi
52. ly 3 Enter the user name and password in the Logon Credentials pane if you are synchronizing with an instance of ADAM AD LDS or if you are synchronizing with the Active Directory Global Catalog Server Otherwise PureMessage will log on using the SophosPureMessage service account 4 Click Verify settings PureMessage will attempt to log on to your directory server 5 Ensure the Synchronize with Active Directory checkbox is checked You can then configure PureMessage to synchronize with Active Directory refresh its local copy automatically or periodically PureMessage keeps a local copy cache of the users and groups from Active Directory for performance reasons 6 Click Synchronize now to start the synchronization process instantly If you have selected Automatic synchronization and if a change is made to an entity in Active Directory it may take about 15 minutes for the change to reflect in PureMessage startup guide Before you can set up your transport SMTP and Exchange store configuration you need to set up alerts See Setting up alerts page 16 15 PureMessage for Microsoft Exchange 2013 16 5 Setting up alerts alk eZ In order to receive PureMessage administrator alerts you must configure this feature You can also set up a template for alerts Setting up an address for alerts 1 2 In the console tree click Configuration System and then click Alert configuration In the Email addresses tab of
53. n PUA is an application that is not inherently malicious but is generally considered unsuitable for the majority of business networks A form of scanning in which the Exchange Store is scanned when the Exchange server has periods of low activity An at a glance view of the status of the PureMessage servers A network area protected by firewalls that sits between an organization s internal network and an external network usually the internet A transmission from an information server toward an end user A type of server used to pass email from one point of the internet to another Every email contains a list of the email relays it passes through on the internet including the relay that was used to send the email The mailbox and public folders stored on an Exchange server In an Active Passive cluster the capability to switch services automatically to the Passive node upon the failure or abnormal termination of the Active node See Exchange store Short for malicious software Software designed specifically to damage or disrupt a system such as a virus worm or Trojan A server that is part of a cluster An automated electronic mail message from a mail system to a sender indicating failed message delivery private store public store real time scanning scheduled scan Simple Mail Transfer Protocol SMTP spyware upstream upstream trusted relay startup guide A database usually a mailbox on an
54. n see http technet microsoft com en us library ms179306 aspx If a witness server is required then it can be configured as follows Witness gt CREATE ENDPOINT Mirroring STATE STARTED AS TCP LISTENER_PORT lt port gt FOR DATA_MIRRORING ROLE WITNESS lt port gt must be replaced with a TCP port number to be used for the endpoint e g 7022 If a witness server is required on the principal server set the witness for each database Principal gt ALTER DATABASE SavexCnfg SET WITNESS TCP lt hostname gt lt port gt Principal gt ALTER DATABASE SavexDir SET WITNESS TCP lt hostname gt lt port gt Principal gt ALTER DATABASE SavexQuar SET WITNESS TCP lt hostname gt lt port gt Principal gt ALTER DATABASE SavexRprt SET WITNESS TCP lt hostname gt lt port gt lt hostname gt must be replaced with the fully qualified DNS hostname of the witness server lt port gt must be replaced with a TCP port number to be used for the endpoint e g 7022 For more information on adding a database mirroring witness using Windows authentication see http technet microsoft com en us library ms190430 aspx Depending on the permissions of the accounts running the SQL servers it may be necessary to explicitly grant permissions to the accounts for accessing the endpoints as follows Principal gt GRANT CONNECT ON ENDPOINT Mirroring TO lt user gt Mirror gt GRANT CONNEC
55. nd password that you use for downloads from the Sophos website 1 Go to the computer running Enterprise Console and start Enterprise Console 2 Ensure that the computer s running PureMessage are in a group of their own or have their own policy setting 3 Create an Updating policy or edit the existing policy for the group 4 In the Updating Policy dialog box click the Secondary server tab 5 In the Secondary server dialog box select Specify secondary server details Then in the Address field click the drop down arrow and select Sophos Enter your username and password 6 If necessary enter proxy details You have preconfigured updating and are ready to install PureMessage Installing PureMessage To install PureMessage do as follows startup guide Note The following services and any dependent services may be stopped and started during the installation of PureMessage Internet Information Services IIS Microsoft Exchange Transport service Microsoft Exchange Frontend Transport service Microsoft Exchange Information Store service Distributed File System Replication DFSR service Log on to the server as an administrator based on your environment If you are in a domain log on with domain administrative privileges If you are in a workgroup log on with local administrative privileges Note Make sure you are a member of the Exchange Organization Management group Visit the Sophos product download p
56. nformation on configuring anti virus scanning see Ensuring anti virus scanning is enabled page 17 Anti spam policy If your license permits you can define an anti spam policy PureMessage applies the anti spam policy only to inbound messages The anti spam policy is On by default and applies to all users but you can configure exceptions For information on defining an anti spam policy see Blocking spam page 19 33 PureMessage for Microsoft Exchange 2013 16 1 4 16 1 5 16 2 16 2 1 34 Content filtering policies PureMessage scans inbound outbound and internal mail and filters unwanted content such as administrator defined phrases and offensive language You can define policies to filter content in a message header subject body and or attachment Note For information on defining content filtering policies see Appendix E Filtering attachments containing unwanted content page 35 Attachment blocking PureMessage can block suspicious or unwanted attachments and PUAs according to user defined attachment types For information on blocking attachments and PUAs see Blocking files which may contain threats page 18 Exchange Store scanning PureMessage provides background scanning of Exchange private and public information stores using the Exchange Web Services API EWS API Each time an item is scanned it is stamped with an ID which indicates the virus signature version number atthe time of scanning
57. nstallation involves the following steps Checking the system requirements Preparing for installation Preconfiguring updates Sophos Enterprise Console customers only Installing PureMessage Installing a PureMessage console on a separate computer optional System requirements PureMessage 4 0 can be installed on Microsoft Exchange Server 2013 The minimum requirement for the database is Microsoft SQL Server 2008 For a full list of PureMessage system requirements see http www sophos com en us support knowledgebase 1 18640 aspx Preparing for installation Note If you are running Windows 2008 or Windows 2008 R2 Server read http www sophos com support knowledgebase article 109664 html before installing PureMessage Before you begin installation you should do the following a Read the PureMessage for Microsoft Exchange release notes for details of new features and known issues The release notes are published at http www sophos com en us support documentation puremessage for microsoft exchange aspx Make sure that a backup has been made of the mailboxes and databases PureMessage for Microsoft Exchange 2013 Se 3 4 Make sure that the Exchange Autodiscover service is configured correctly The service is used by PureMessage during scanning of Exchange stores For more information see http www sophos com en us support knowledgebase 1 19506 aspx PureMessage installation may require a rest
58. o match an email server s address against the known list of spamming email servers with more precision A higher spam score can therefore be allocated to the email when a match is found Which upstream relays should be defined as trusted You should define as an upstream trusted relay any email relay that sends or forward emails to PureMessage and that meets one of the following criteria as in Figure 3 a Your ISP s SMTP server a Any email relays located on your network which are upstream to your PureMessage server s A server which delivers mail to other servers in a cluster For more information see Set up a mail domain and upstream trusted relay page 13 ISP Local IIS Exchange SMTP email server server relay eee rer ee se upstream upstream aes relay relay DK PureMessage Figure 2 Trusted upstream relays 31 PureMessage for Microsoft Exchange 2013 15 Appendix C How does PureMessage route mail PureMessage uses the configured mail domains trusted upstream relays and IP address of the connecting host to distinguish between inbound outbound and internal mail 1 Is the recipient domain on the configured mail domain list No the message is outbound Yes go to step 2 2 Is the sender s IP address external Yes the message is inbound No go to step 3 3 Is the sender s IP address internal or unavailable Internal go to step 4 Unavailable th
59. ocal clustered virtual SQL Server instance A remote SQL Server instance a A remote MSDE or SQL Server Express instance Note In cluster scenarios remote MSDE is not supported due to performance issues More than one PureMessage group or cluster can share a remote database Installation requirements When installing PureMessage on nodes in a cluster make sure that you meet the following requirements The path to the installation folder must be identical on each node The IIS websites present on each node of the cluster must be identical In particular the allocated port numbers of each site must be the same across nodes los 13 4 139 13 9 1 13 92 startup guide Installation procedure on DAGs Database Availability Groups DAGs are used for implementing high availability in Exchange 2013 For DAGs PureMessage uses DFS Replication DFSR to copy quarantine files between nodes If you are using DAGs with Exchange 2013 in a high availability environment with multiple Transport Servers these servers must be part of a Microsoft cluster This allows PureMessage to replicate quarantine files using DFSR Do not install on different DAG members concurrently The PureMessage service should be installed on each DAG member one after another but not simultaneously f a DAG member has PureMessage installed and if it is added or removed from the DAG then PureMessage must be reinstalled on that server This is require
60. omputer and Business Equipment Manufacturers Association CBEMA 311 First St NW Suite 500 Washington DC 20001 2178 startup guide The developmental work of Programming Language C was completed by the X3J11 Technical Committee The views and conclusions contained in the software and documentation are those of the authors and should not be interpreted as representing official policies either expressed or implied of the Regents of the University of California NOTE The copyright of UC Berkeley s Berkeley Software Distribution BSD source has been updated The copyright addendum may be found at fttp ftp cs berkeley edu pub 4bsd README Impt License Change and is included below July 22 1999 To All Licensees Distributors of Any Version of BSD As you know certain of the Berkeley Software Distribution BSD source code files require that further distributions of products containing all or portions of the software acknowledge within their advertising materials that such products contain software developed by UC Berkeley and its contributors Specifically the provision reads 3 All advertising materials mentioning features or use of this software must display the following acknowledgement This product includes software developed by the University of California Berkeley and its contributors Effective immediately licensees and distributors are no longer required to include the acknowledgement within advertising materi
61. on 3 All advertising materials mentioning features or use of this software must display the following acknowledgement This product includes cryptographic software written by Eric Young eay cryptsoft com The word cryptographic can be left out if the routines from the library being used are not cryptographic related 4 If you include any Windows specific code or a derivative thereof from the apps directory application code you must include an acknowledgement This product includes software written by Tim Hudson tj h cryptsoft com 51 PureMessage for Microsoft Exchange 2013 52 THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The license and distribution terms for any publically available version or derivative of this code cannot be changed i e
62. or information on configuring the content settings of your policy see the PureMessage for Microsoft Exchange user manual PureMessage now blocks and quarantines inbound messages with suspicious attachments sends alerts to those you specified Now you can enable spam blocking scan the Exchange message store and tell users about quarantined mail These functions are described in the sections that follow 8 Gal startup guide Blocking spam You can configure PureMessage to deal with spam unwanted incoming email A typical anti spam setting would be to delete spam and quarantine suspected spam 1 In the console tree click Configuration Transport SMTP scanning policy and then Anti spam 2 Inthe Anti spam screen in the Inbound messages bar ensure the ON OFF icon displays ON If it displays OFF click the icon to turn it on 3 Inthe On spam panel select Delete message or your preferred setting from the drop down menu 4 Inthe On suspected spam panel select Quarantine message or your preferred setting from the drop down menu 5 In the Manage changes menu click Save changes Next you specify which mails you will categorise as spam and suspected spam by setting the spam ratings for PureMessage Change anti spam settings PureMessage gives each email a spam rating The higher the rating the more likely the email is to be spam PureMessage uses this rating to decide whether the email should be treated as sp
63. orman Chris Herborth Dirk Haase Greg Hartwig Robert Heath Jonathan Hudson Paul Kienitz David Kirschbaum Johnny Lee Onno van der Linden Igor Mandrichenko Steve P Miller Sergio Monesi Keith Owens George Petrov Greg Roelofs Kai Uwe Rommel Steve Salisbury Dave Smith Steven M Schweda Christian Spieler Cosmin Truta Antoine Verheijen Paul von Behren Rich Wales Mike White This software is provided as is without warranty of any kind express or implied In no event shall Info ZIP or its contributors be held liable for any direct indirect incidental special or consequential damages arising out of the use of or inability to use this software Permission is granted to anyone to use this software for any purpose including commercial applications and to alter it and redistribute it freely subject to the following restrictions 1 Redistributions of source code must retain the above copyright notice definition disclaimer and this list of conditions 2 Redistributions in binary form compiled executables and libraries must reproduce the above copyright notice definition disclaimer and this list of conditions in documentation and or other materials provided with the distribution The sole exception to this condition is redistribution of a standard UnZipSFX binary including SFXWiz as part of a self extracting archive that is permitted without inclusion of this license as long as the normal SFX banner has not been remov
64. reMessage Configuration Group If several PureMessage Servers are required to implement the same policy then they should be installed to the same PureMessage group This is achieved by selecting the same database and PureMessage group name during installation Once the first PureMessage server has been installed in a group the group name becomes available from the PureMessage Configuration Group dialog box so that additional servers can be easily installed to the same group Sophos PureMessage InstallShield Wizard x PureMessage Configuration Group Choose a PureMessage configuration group SX This server needs to be added to a new or existing PureMessage configuration group Please enter the name of the group below PureMessage configuration group InstallShield lt Back Cancel All PureMessage servers in a group should be in the same Windows domain or workgroup If your Exchange servers are in separate domains or workgroups they should be managed separately For more information on installing PureMessage to an Exchange cluster see Appendix A Deploying PureMessage to Exchange clusters page 28 startup guide 4 Starting and configuring PureMessage This section tells you how to Start PureMessage Configure PureMessage to acknowledge your mail domain and upstream trusted email relay if not done during installation Connect to your directory server 4 1 Getting started with PureMessage To start
65. ronments it is recommended that you perform anti spam scanning on the edge server to filter soam and install the anti virus only version of PureMessage on your back end servers that do not require anti spam scanning Example Separate Exchange Edge Transport server and Exchange Mailbox server This example illustrates how PureMessage can be installed on several Exchange servers with dedicated roles Note Install the appropriate version of PureMessage on each server For PureMessage system requirements see knowledgebase article 118640 PureMessage for Microsoft Exchange 2013 Exchange 2007 2010 or 2013 SP1 Edge Transport server Exchange 2013 Mailbox server External Internal firewall lt firewall lt optional J j DK PureMessage Figure 1 Separate Exchange Edge Transport server and Exchange Mailbox server 3 3 1 3 2 startup guide Installing PureMessage This section describes how to install PureMessage Note If you are installing PureMessage to an Exchange cluster check the system requirements and then go to Appendix A Deploying PureMessage to Exchange clusters page 28 The PureMessage product consists of two components The PureMessage service The PureMessage administration console This section tells you how to install both on a single server and also how to install a separate administration console in order to manage remote PureMessage servers I
66. rtup guide 12 Uninstalling PureMessage To uninstall PureMessage do as follows 1 If the PureMessage Administration console is open on any server close it At the taskbar click Start Settings Control Panel In Control Panel double click Add Remove Programs Inthe Add Remove Programs dialog box select Sophos PureMessage and click Remove In the Confirm Uninstall message box click Yes oR wo PD A progress bar is displayed Wait for uninstallation to complete 27 PureMessage for Microsoft Exchange 2013 13 13 1 192 13 2 1 13 2 2 28 Appendix A Deploying PureMessage to Exchange clusters How PureMessage works with Exchange clusters PureMessage incorporates a cluster aware service that can be installed across multiple nodes This allows PureMessage to be used with clustered Microsoft Exchange servers and to take advantage of the increased resilience that a cluster offers Clustered systems are inherently more complicated than non clustered systems and we recommend that you read the whole of this section before starting to install PureMessage on a cluster If you still have questions about installing PureMessage on a cluster after reading this section contact Sophos technical support Before you install Database requirements For cluster server installations PureMessage cannot use a local MSDE or SQL Server Express instance Alternatively you may connect to any one of the following A l
67. rypted or has an encrypted attachment has a suspicious or unwanted attachment contains a blocked phrase or offensive language is unscannable or creates a scanning error Quarantined messages are isolated in a secured format in a central location on disk Administrators can deal with these messages in a number of ways such as disinfect delete or deliver them You can also enable users to access a spam quarantine website where they can review and deal with their quarantined spam messages This section tells you how to do quarantine database housekeeping deal with quarantined messages enable end users to access the spam quarantine website setup digests to tell users about spam and suspected spam Quarantine housekeeping You can specify the number of days to keep quarantined mail before deleting it 1 In the console tree click Quarantine 2 Inthe Configuration menu click Change quarantine settings 3 In the Quarantine settings dialog box specify the number of days you want to keep quarantined mail before deleting it in the Number of days to keep mails in quarantine before deletion box 4 Click OK to save your settings and return to the Quarantine pane 5 In the Manage Changes menu click Save changes startup guide 10 2 Dealing with quarantined messages 1 In the console tree click Quarantine Quarantine SS j ee a Listed below are messages that were quarantined
68. s For more information on configuring the anti spam settings of your policy see the PureMessage for Microsoft Exchange user manual 19 PureMessage for Microsoft Exchange 2013 20 9 9 1 9 2 Scanning Exchange Message Stores You can configure PureMessage to run background scans of both private and public Exchange stores Background scanning is done continuously at off peak times For more information see Exchange Store scanning page 34 Note On access and proactive scanning options are not supported on Exchange Server 2013 Enable store scanning and alerts 1 In the console tree click Configuration Exchange store scanning policy 2 In the Anti virus dialog box in the Exchange store scanning panel ensure the ON OFF icon displays ON If it displays OFF click the icon to turn it on 3 In the On infection panel select Replace attachment with text from the drop down menu The Text button appears If you click the Text button you can edit the text shown when PureMessage replaces an infected attachment 4 In the On infection panel click Alert 5 In the Alert configuration dialog box ensure the Administrator checkbox is checked and click OK to save your changes and return to the Anti virus Exchange store scanning pane 6 In the Manage changes menu click Save changes PureMessage now a scans the Exchange information store for viruses and replaces the attachment with the configured text a sends
69. s with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgment This product includes software developed by the IEEE Industry Connections Security Group ICSG 4 The name IEEE must not be used to endorse or promote products derived from this software without prior written permission from the IEEE Standards Association stds ipr ieee org 5 Products derived from this software may not contain IEEE in their names without prior written permission from the IEEE Standards Association stds ipr ieee org 6 Redistributions of any form whatsoever must retain the following acknowledgment This product includes software developed by the IEEE Industry Connections Security Group ICSG THIS SOFTWARE IS PROVIDED AS IS AND WITH ALL FAULTS IEEE AND ITS CONTRIBUTORS EXPRESSLY DISCLAIM ALL WARRANTIES AND REPRESENTATIONS EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION A THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE B ANY WARRAN
70. scanning is enabled block file types that may contain threats set up spam blocking if your license permits set up Exchange store scanning deal with quarantined items enable end users to access and deal with quarantined items monitor system activity 2 2 ZZ startup guide Planning your PureMessage deployment You can deploy PureMessage to a single or multiple Exchange servers as described below Deploying PureMessage to a single Exchange server If your network has only one Exchange server deploying PureMessage is straightforward install PureMessage on the Exchange server and configure it according to your email security policy Deploying PureMessage to multiple Exchange servers PureMessage can protect both front end hub transport servers and back end mailbox servers If you don t want to expose your Mailbox servers directly to the internet you can use an Edge Transport server in your perimeter network The Edge Transport server role is available in Microsoft Exchange Server 2013 Service Pack 1 SP1 or later Exchange Server 2010 and Exchange Server 2007 You can continue to use an existing or install a new Exchange Server 2007 Exchange Server 2010 or Exchange Server 2013 SP1 or later Edge Transport server For more information see Use an Exchange 2010 or 2007 Edge Transport server in Exchange 2013 or Install the Exchange 2013 Edge Transport role using the Setup wizard Note In such hybrid envi
71. seeeeeneeeaeeeeeneneaeeeensenes 22 10 1 Quarantine NOUSCKEEPING eeece cece eeeeeee cece eeeeaee seas eeeaaeeseeeeesaaaeeeeeeeesiaaeeneeeees 22 10 2 Dealing with quarantined MESSAGES cceeeceeeeeeeeeeeeeeeeeeeeeeeteeeeeeeeeseeeaeeeeeeeeaaees 23 10 3 Enabling end users to access the spam quarantine website ecceeeeeees 24 10 4 Setting up quarantine digest emails to USEIS ccceeeeeeeeeeeeeeeeeteeeeeeeeeeeaeeteeeeees 24 11 Monitoring system Activity cece rennan EAR ER 25 12 Uninstalling PUureMeSSage cccccccccceeeeeeececeeeeeeeeeeeceeeeeaaeeseeeeeesaaeeeeeeeeesaeseseaeeeseeeeeeeeesaas 27 13 14 15 16 17 18 19 20 21 Appendix A Deploying PureMessage to Exchange CIUStErS eeeceeceeeeesteeeeeeentaeeeeeeenas 28 13 1 How PureMessage works with Exchange CIUStEIS cceeeeeeeeeeeeeeeeeeeeeeeeeeeeeees 28 13 2 Before you install eee a a EA ETEA 28 13 3 Installation procedure ON DAGS cccceseceeeceeeeeeeee seer ee eaaeeeeeeeesaaaeeeeeeeesaaeeneeeee 29 13 4 Uninstalling PureMessage from a CIUSHEM cceceeeceeeeeeeeeeeeeeteeeeeeeeeteneeeeeeeseneaees 29 13 5 Administering PureMessage on a CIUSHEDM cceeeeceeeeeeeeeeeeeeteeeeeeeeeeeneaeeeeeeeenaees 29 Appendix B How to configure upstream trusted relayS cceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeaees 31 14 1 Which upstream relays should be defined as truSted cccccseeeeeeeeettteeeeee
72. software is distributed under the following terms All of the documentation and software included in the 4 4BSD and 4 4BSD Lite Releases is copyrighted by The Regents of the University of California Copyright 1979 1980 1983 1986 1988 1989 1991 1992 1993 1994 The Regents of the University of California All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgement This product includes software developed by the University of California Berkeley and its contributors 4 Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL
73. ssage will automatically detect any local SQL database instances If a local database instance is detected you choose it by selecting the Local option If no database is detected and Local is chosen then PureMessage will install a local instance of SQL Server Express To use a database instance located on a different computer choose the Remote option The database Browse dialog displays only SQL Server instances with the current domain Important If a SQL Server instance has previously been used by an earlier version of PureMessage you cannot use it for this version of PureMessage because this version doesn t support upgrading from earlier versions Create a new SQL Server instance for this installation Note For information on how to configure database mirroring see Appendix F Database Mirroring page 37 11 In the PureMessage Service Credentials dialog box click Create and enter a password and confirm it to create a SophosPureMessage user If the user account already exists you will be prompted to enter its password This account is used by Sophos PureMessage services Click Next 12 In the PureMessage Configuration Group dialog box select a group you want to join or create a new group Click Next PureMessage installations can be grouped together to share the same policy configuration and be managed from a single management console For more information see PureMessage Configuration Group page 12 13 If you are installing Pur
74. the Alert configuration dialog box click Add Enter the administrator s email address in the Send administrator alerts to panel Enter an email address in the Sender email address panel The email address will be used for sending out alerts and other PureMessage generated messages Click OK to save your changes Setting up a template for email alerts The default email template for alerts is sufficient for some users needs However you can customize the template as described below 1 4 5 6 In the console tree click Configuration System Alert configuration and then click the Alert template tab Inthe Alert subject panel enter the subject line of the alert Right click in the edit panel to view available substitution symbols Substitution symbols can insert variables such as date or other information specific to the message Inthe Alert body text panel create the main body of your alert Right click within the text field to view substitution symbols In the Text for each incident panel enter any unique per incident text you want to display In the Alert Templates tab click OK In the Manage changes menu click Save changes PureMessage alerting is now configured Now see Ensuring anti virus scanning is enabled page 17 startup guide 6 Ensuring anti virus scanning is enabled By default anti virus scanning is enabled for inbound outbound and internal mail To check that anti virus sc
75. ureMessage administration console can be installed on a computer without the PureMessage service in order to manage remote PureMessage services To install PureMessage console onto a separate computer 1 On the computer where you want to install the console start the PureMessage installer 2 In the Welcome dialog box click Next 3 In the License Agreement dialog box click accept if you agree to the terms 4 Inthe Select Features dialog box clear the PureMessage Service check box and leave the Administration Console check box selected Click Next 5 In the Choose Destination Location dialog box select your preferred destination folder and click Next 6 When installing in a workgroup the PureMessage Service Credentials dialog box will appear Click Create and enter a password and confirm it to create a SophosPureMessage user If the user account already exists you will be prompted to enter its password This account is used to connect to Sophos PureMessage services Click Next 7 Inthe Start Copying Files dialog box click Next 8 When installation is complete the InstallShield Wizard Complete dialog box is displayed Click Finish 9 Double click the PureMessage icon on your desktop to start the PureMessage administration console 11 PureMessage for Microsoft Exchange 2013 12 3 6 In certain circumstances the installation may require you to restart the server The installation will continue after restarting Pu

Download Pdf Manuals

Related Search

Related Contents

市報なめがたNo94(平成25年6月号)【お知らせワイド版】  Operation And Service Manual    2015年度 新学期PC4年間保証規約 - 岡山大学生協：okadai.coop  PDF形式…  Cisco Systems OL-17037-01 User's Manual  Guide rapide d`installation  取扱説明書 - LEDIUS商品データベース  Epson WorkForce WF-2630  INSTALLATION & SERVICE MANUAL ED & PINNACLE SERIES  

Copyright © All rights reserved. Failed to retrieve file