GFI MailEssentials Administrator Guide
Contents
1. Connect to a Microsoft Exchange Server mailbox store Retrieves spam from a Microsoft Exchange mailbox Specify the logon credentials in the next screen Do not update Spam in the Bayesian Spam profile skip retrieval of spam emails Skip to step 8 Click Next to continue 7 After the wizard connects to the source select the folder containing the list of spam emails and click Next 8 Click Next to start retrieving the sources specified This process may take several minutes to complete GFI MailEssentials 14 Appendix Bayesian Filtering 290 9 Click Finish to close the wizard Step 3 Import the Bayesian Spam profile When the wizard is not run on the GFI MailEssentials server import the Bayesian Spam Profile bsp file to GFI MailEssentials 1 Move the file to the Data folder in the GFI MailEssentials installation path 2 Restart the GFI MailEssentials AS Scan Engine and the GFI MailEssentials Legacy Attendant services GFI MailEssentials 14 Appendix Bayesian Filtering 291 15 Glossary Active Directory A technology that provides a variety of network services including LDAP directory services AD See Active Directory Anti virus software Software that detects malware such as Trojan horses in emails files and applications Auto reply An email reply that is sent automatically to incoming emails Background Intelligent Transfer Service A component of Microsoft Windows operating systems that2. I User administrator Password Get Database List Database CC E Screenshot 35 Configuring SQL Server Database backend 4 Select SQL Server 5 Select Detected server and select the automatically detected SQL Server from the list If the server is not detected select Manually specified server and key in the IP address or server name of the Microsoft SQL Server 6 Key in the credentials with permissions to read write to the database 7 Click Get Database List to extract the list of databases from the server 8 From the Database list select the database created for GFI MailEssentials Reporting 9 Click Apply Configuring database auto purging You can configure GFI MailEssentials to automatically delete auto purge records from the database that are older than a particular period By default Auto Purging is configured to delete data older than 12 months To enable auto purging GFI MailEssentials 4 Monitoring status 70 1 Navigate to Reporting gt Settings and select Auto purge tab 2 Select Enable Auto Purging and specify how long items in database should be stored in months 3 Click Apply NOTE Auto purging is applied only to the current database configured in the Reporting tab 4 2 8 Maillnsights report Maillnsights is a reporting facility that uses the data in the reporting database to deliver information related to email usage and trends GFI MailEssentials provides the Communication Flo
3. gfi com cleverbridge com faxmaker com faxmaker com gfi ch gfi co uk gfi com gficom at ogfihispana com ogfisoftware com ogftsoftware de fa 2 Page 1 of 2 items 1 to 15 of 20 ARPRABRRAABASD SB Specify the full path and filename of the file to use for importing Note Import of list data cannot be performed unless the import listis on the server where GFI MailEssentials is installed Screenshot 80 Whitelist tab 2 From the Whitelist tab configure the email addresses and domains to whitelist Select Unselect Enable email whitelist to enable disable whitelist Perform the following actions GFI MailEssentials 6 Anti Spam 139 Add a whitelist entry Remove whitelist entries Search for a whitel ist entry Show Statistics Import whitelist entries Export whitelist entries 1 In Email Address Domain provide the email address domain to whitelist For example companysupport com or edu 2 35 4 1 2 1 2 In Email Type specify the email header field to match for the emails to be whitelisted NOTE For more information about the difference between SMTP and MIME refer to http go gfi com pageid ME_DifferenceSMTPMIME Optional In Description add a description to the entry Click Add Select one or more whitelist entries from the Whitelist list Click Remove In Search key in the details of the whitelist entry to search for Click Search to d
4. 1 Go to Anti Spam gt SpamTag GFI MailEssentials 6 Anti Spam 158 Buttons Advanced Rs GFI MailEssentials SpamTag Configuration GFI MailEssentials SpamTag is a Microsoft Outlook add on which provides end users with buttons for classifying spam and legitimate email For instructions on deploying the SpamTag click here Configure the functionality provided to end users in SpamTag V Enable SPAM button The SPAM button is used for training the Bayesian filter using SPAM email v Move processed SPAM to Junk Email folder Specify which Personal Blocklist options to allow Allow setting sender in Personal Blocklist Allow setting sender domain in Personal Blocklist Not Spam Button Enable NOT SPAM button The NOT SPAM button is used for training the Bayesian filter with legitimate email V Move processed legitimate email to Inbox folder Specify which Personal Whitelist options to allow Allow setting sender in Personal Whitelist Allow setting sender domain in Personal Whitelist Allow setting discussion list address in Personal Whitelist 2 From the Spam Button area configure the features related to false negatives that is when spam emails are not detected as spam Enable SPAM button The Spam button is shown in SpamTag and when clicked the selected email trains the Bayesian Analysis filter Move processed SPAM to Junk When clicking Spam the selected email
5. 10 1 Administrator email address 2 0 2 2 0 0 0 ee eee 233 10 2 Enabling Disabling scanning modules 2 2 2 2 20 22 0 ec ec ceccecc ec ceccecceccecceceeeeees 233 10 3 Proxy settings 0000000000000000 00000000000000 000a 0 cece e cece cece LALLA cence A ALAA Aaaa naana naaa 234 10 4 Local domains cose occ dcsccdcesic cescckdgenccsdaceavecbesshcdeeadicsicbeveldsdasanicddcesdeicaiees 236 10 5 Managing local Users 22 20 20 cece cece ccc cece ec ceccecceceeccescesencensecseteteseesees 237 TO G LIGSNSING oo oo oe bone r doeciesce dees data ticde a a e a Ae a A vactabereieesdivecenatels 237 10 7 SMTP Virtual Server bindings 1 22 2 0 0 20 c ccc cc cece ccecceccecceccecceceectesseseeee 238 10 8 Product Updates 2 20 0 2 0 2 c cece cec ce ceececeececeecectececseseces 239 10 9 Access Control 241 10 0 1 Perimeter SMTP Server Settings SMTP servers that relay emails to the GFI MailEssentials server must be specified 1 From the GFI MailEssentials Configuration go to General Settings gt Perimeter SMTP Servers GFI MailEssentials 10 General Settings 231 Perimeter SMTP Servers Specify which SMTP servers receive emails directly from the internet This is the only SMTP server which receives emails from the internet The following SMTP servers receive email directly from the internet and forward them to this server SMTP Server IP CIDR Add SMTP Server SMTP Server list Server Description N
6. VI Total spam captured per spam filter Screenshot 87 Spam digest properties Administrator spam digest 2 From the Administrator Digest tab click Send administrator spam digest to enable spam digest 3 Configure the desired sending frequency Daily Weekly Monthly and specify a date and a time when email is sent 4 Specify the digest content that will be sent in the email either a Total count of processed email and spam or Total spam captured per spam filter or both 5 Finalize settings by selecting Apply 6 5 2 Configuring spam digests Recipient spam digest 1 Go to Anti Spam gt Spam Digest GFI MailEssentials 6 Anti Spam 150 Administrator Digest Recipient Digest Recipient List SA Enable and configure the recipients spam email digest The recipient spam digestis an email sent to inbound domain recipients which contains for the recipients email the total email processed the total spam blocked per spam filter and the details of each spam email W Send recipient spam digest Options Frequency Day Time ay for00 Digest Contents v Total count of processed email and spam v Total spam captured per spam filter type E List of blocked spam date time sender subject Screenshot 88 Recipient spam digest 2 From the Recipient Digest tab select Send recipient spam digest to enable spam digest 3 Configure the desired sending frequency Daily Weekly Monthly and specify a date
7. lt GFI MailEssentials installation path gt GFI MailEssentials Antispam DebugLogs lt GFI MailEssentials installation path gt GFl MailEssentials EmailSecurity DebugLogs lt GFI MailEssentials installation path gt GFI MailEssentials WwwConf DebugLogs lt GFI MailEssentials installation path gt GFl MailEssentials ActionServices DebugLogs lt GFI MailEssentials installation path gt GFI MailEssentials Attendant DebugLogs lt GFI MailEssentials installation path gt GFI MailEssentials Backend DebugLogs To enable or disable Tracing 1 Launch the GFI MailEssentials Switchboard from Start gt Programs gt GFI MailEssentials gt Switchboard and select Tracing tab N GFI MailEssentials Switchboard ul Mode Troubleshooting Tracing Quarantine Other Configure tracing options M Tracing Options Tracing is a means of creating log files which are helpful for debugging purposes IV Tracing enabled Tracing logs folders C Program Files x86 GFI M ailE ssentials D ebugLogs Program Fil ssenti tispam debuglogs curitySDebugLogs Conf DebugLogs FI MailE ssentia tionServices debuglogs GFI MailE ssentia endant debuglogs GFINMailE ssentials B ackend debuglogs Program Files Email C Program Fil GFIN MailEssentia Program Fil Program Fil Program Files x86 M Clear tracing logs folders The contents of the folders to which tracing logs are wr
8. 2 Key in an email address that can send newsletters and click Add Email The email address is added to the list 3 A newsletter password secures access to newsletter in case someone else makes use of the email client or account details of a permitted user Enable passwords by selecting the Password required checkbox and providing a password GFI MailEssentials 9 Email Management 227 NOTE When sending emails to the newsletter users must authenticate themselves by including the password in the email subject field Password must be specified in the subject field as follows PASSWORD lt password gt lt Subject of the email gt Example PASSWORD letmepost Special Offer If password is correct the list server automatically removes the password details from subject and relays email to newsletter subscribers 4 Click Apply Manually adding subscribers to the list Manually add users to newsletters discussions without any action on their behalf NOTE It is highly recommended that users subscribe themselves to the list by sending an email to the subscribe newsletter discussion address Ensure that you have users authorization before manually adding them to the list 1 Open an existing or create a new list and go to the Subscribers tab 2 Key in the subscriber details in Email Address required First name Last name and Company fields and click Add Email The new subscriber email address is added to list 3 To re
9. GFI MailEssentials installed on Microsoft Exchange Server 2007 2010 1 In the failedmails folder change the extension of TXT files to EML NOTE To automatically change the extension of all TXT files in the failedmails folder to EML files from command prompt change the directory to the failedmails folder and run the following command ia vore SIMUL 2 Move renamed files to the following folder lt drive gt Program Files Microsoft Exchange Server TransportRoles Replay GFI MailEssentials installed on Microsoft Exchange Server 2003 Move emails in txt format from the failedmails folder to the following folder lt Microsoft Exchange installation path gt Exchsrvr Mailroot vsi 1 PickUp GFI MailEssentials installed on Gateway server Move emails in txt format from the failedmails folder to the following folder lt drive gt Inetpub mailroot Pickup 11 4 2 Failed emails notifications GFI MailEssentials can be configured to notify the administrator when an email fails processing The administrator s email address can be configured from GFI MailEssentials General Settings node For more information refer to Administrator email address page 233 1 Launch the GFI MailEssentials Switchboard from Start gt Programs gt GFI MailEssentials gt Switchboard and select Other tab GFI MailEssentials 11 Miscellaneous topics 249 N GFI MailEssentials Switchboard Ul Mode Troubleshooting T
10. a Use this page to configure GFI MailEssentials RSS Feeds GFI MailEssentials uses RSS Really Simple Syndication feeds to notify you on newly quarantined items To receive RSS Feeds use an RSS feed reader and subscribe to a feed Copy the URL of orange RSS button to the left of the Quarantine folder to monitor and create a new subscription in the RSS feed reader NOTE Only users with Access privileges are allowed to subscribe to the Quarantine RSS Feeds For a list of free RSS Feed Readers that are known to work well with GFI MailEssentials Quarantine RSS Feeds refer to http www gfi com link entry aspx page skynet amp id KBID002661 V Enable Quarantine RSS Feeds If unselected no feeds are generated regardless of any individual filter settings RSS Feeds 15 To subscribe to all enabled feeds copy the URL associated with the orange OPML button Default quarantine folder ES Today LE Yesterday LEE This Week EE All Items Screenshot 116 Quarantine RSS feeds 2 Select the Enable Quarantine RSS Feeds checkbox GFI MailEssentials RSS Feed Status Interval Disabled Disabled Disabled Disabled 10 minutes 100 10 minutes 100 10 minutes 100 10 minutes 100 Edit Maximum Items Edit Edit Edit Edit 8 Quarantine 209 3 From the RSS Feeds area click Edit to the right of the quarantine search folder for which to enable RSS feeds 4 Select Enable Quarantine RSS feeds on this folder chec
11. rulemgmtres dll rulemgmt exe rule dll gfi_log dll 3 From the Microsoft Exchange Server open command prompt and change the directory to the location where the Rules Manager files were copied 4 In command prompt type regsvr32 rule dlli 5 On confirmation click OK Launch Rules Manager 1 From the Microsoft Exchange Server navigate to the location where Rules Manager files were copied and open rulemgmt exe 2 Select a Microsoft Outlook profile MAPI profile or create a new profile to login when using the Rules Manager the first time only 3 Click OK to launch the Rules Manager 4 The main window of the rules manager displays all the mailboxes enabled on the Microsoft Exchange Server The color of the mailboxes indicates the status of that mailbox Blue mailbox has rules configured Black mailbox has no rules configured GFI MailEssentials 11 Miscellaneous topics 257 Setting new rules 1 Check the mailboxes to set a rule on and click Configure NOTES 1 New rules can be added to mailboxes which already contain rules 2 Select multiple mailboxes to configure the same rule applicable to all mailboxes 2 In the Rule Condition text box type the tag given to the spam email in the GFI MailEssentials spam actions 3 Specify the Rule action Select Delete to delete an email which has a subject that contains the rule condition Select Move to to move spam email to
12. Features that are synchronized in the Multi Install network Reporting and Quarantine data Transfer the Reporting and Quarantine data from this server to the Multi Install network to view reports and manage quarantine from one central location Transfer data from this server to the Multi Install network M When disabling this feature reports and quarantine must be managed from this server and data will not be sent to the Multi Install network Filtered Settings Settings v Global Whitelist Global Blocklist v Personal Whitelist and Blocklist v Auto Whitelist iv Attachment Filtering Rules e Advanced Content Filtering Rules v Keyword Filtering Rules iv Decompression Engine From the filtered settings area select the settings to sync Available settings are Global Whitelist Global Blocklist Personal Whitelist and Blocklist Auto Whitelist Attachment Filtering Rules Advanced Content Filtering Rules Keyword Filtering Rules Decompression Engine Click Apply 12 GFI MailEssentials Multi Server 280 12 2 4 Configuring Reporting and Quarantine data centralization GFI MailEssentials provides you with the facility to centralize reporting and quarantine data recorded from all the various GFI MailEssentials instances within a Multi Server network Through this feature you will gain a better understanding of what your Multi Server network is processing IMPORTANT A computer must be designated as the Reporting and Quara
13. GF MailEssentials Administrator Guide ao U M GFI The information and content in this document is provided for informational purposes only and is provided as is with no warranties of any kind either express or implied including without limitation any warranties of merchantability fitness for a particular purpose and non infringement GFI Software disclaims and in no event shall be liable for any losses or damages of any kind including any consequential or incidental damages in connection with the furnishing performance or use of this document The information is obtained from publicly available sources Though reasonable effort has been made to ensure the accuracy of the data provided GFI makes no warranty promise or guarantee about the completeness accuracy recency or adequacy of information contained in this document and is not responsible for misprints out of date information or errors GFI reserves the right to revise or update its products software or documentation without notice You must take full responsibility for your use and application of any GFI product or service No part of this documentation may be reproduced in any form by any means without prior written authorization of GFI Software If you believe there are any factual errors in this document please contact us and we will review your concerns as soon as practical GFI and GFI MailEssentials are trademarks or registered trademarks of GFI Software
14. How to use the Dashboard to monitor status of GFI MailEssentials in real time status gt How to generate mail usage statistical and graphical reports For more information refer to Monitoring status page 53 User Actions Explains what domain users not domain administrators can do with GFI MailEssentials Configuring personal whitelists and blocklists Maintaining quarantined emails For more information refer to End User Actions page 20 Email Security Explains how to configure anti malware scanning engines For more information refer to Email Security page 73 Anti Spam How to configure anti spam filters What to do with emails identified as spam Sorting the scanning order by filter priority General anti spam settings How users classify emails directly from their mailbox Public Folder Scanning For more information refer to Anti Spam page 106 Content Fil Describes how to configure engines that scan email content tering For more information refer to Content Filtering page 172 Quarantine Describes how administer and use the GFI MailEssentials Quarantine For more information refer to Quarantine page 198 GFI MailEssentials 1 Introduction 11 Email Man How to use the tools in the Email Management Tools console agement Disclaimers Auto replies List server gt Email Monitoring For more information refer to Email Management page 219 NOTE From the Email Management console y
15. If GFI MailEssentials is installed on the perimeter server you can use the anti spam filters that run at SMTP level Directory Harvesting and Greylist NOTE In Microsoft Exchange Server 2007 2010 environments mail relay servers in a DMZ can be running Microsoft Exchange Server 2007 2010 with the Edge Transport Server Role NOTE Configure the IIS SMTP service to relay emails to your mail server and configure the MX record of your domain to point to the gateway machine For more information refer to Installing on an email gateway or relay perimeter server page 26 2 6 End User Actions GFI MailEssentials uses Active Directory groups to determine what is displayed to logged in users when they log into GFI MailEssentials If the currently logged in user is part of the Administrators group then GFI MailEssentials loads with all the configuration options that enable setting up GFI MailEssentials If the currently logged in user is part of the users group then GFI MailEssentials loads with only a limited number of options that enable the currently logged on user to administer his her own quarantine and the personal whitelist blocklists The url used to log into GFI MailEssentials is always the same one regardless of whether the currently logged on user is part of the administrator or user Active Directory group GFI MailEssentials 2 About GFI MailEssentials 20 NOTE User actions are only available if GFI MailEssentials is configur
16. Multi Install Network Multi Install network status Vi Server Type 805 Slave 2 Select Enable Multi Install mode option and choose Master Server 3 Key in the GFI MailEssentials Administrator Credentials If the default port used by GFI MailEs sentials is used by another application modify the Port to synchronize value to an unused port GFI MailEssentials 12 GFI MailEssentials Multi Server 276 NOTE The username and password provided must exist in the Access Control List for all the GFI MailEssentials installations including Slave Servers that are part of the multi server network The password should not expire It is recommended that this account is created solely for this purpose For more information refer to Access Control List page 246 4 Optionally select Synchronize Quarantine and Reporting data with the Multi Install network option and select the computer that will host the Quarantine and Reporting data NOTE The Configuring Reporting and Quarantine data host does not necessarily have to be the master server Any GFI MailEssentials installation within the Multi Server network can serve as the Configuring Reporting and Quarantine data host 5 Click Test to test your new connection 6 Click Apply 12 2 2 Configuring a slave server A slave server is a server that is part of the GFI MailEssentials multi server environment Slave servers get the synchronized configuration settings from the master server an
17. s mailbox in Inbox Junk E mail folder or a custom folder instruct the individual email users to periodically review spam emails 2 There may be cases where legitimate emails are incorrectly identified as spam false positives For more information refer to Managing legitimate email page 169 3 There may also be cases where spam emails are not detected false negatives For more information refer to Managing spam page 170 Managing legitimate email As with any anti spam solution GFI MailEssentials might require some time until the optimal anti spam filtering conditions are achieved In cases where this is not yet achieved there might be instances where legitimate email is identified as spam In such cases users should add emails incorrectly identified as spam to Add to whitelist and This is legitimate email folders to teach GFI MailEssentials that the email in question is not spam GFI MailEssentials 6 Anti Spam 169 NOTES 1 In Microsoft Outlook dragging and dropping email moves the email to the selected folder To retain a copy of the email hold down the CTRL key to copy the email rather than moving it 2 Detailed information how to create the GFI AntiSpam folders is included in this manual For more information refer to Enabling Public Folder Scanning page 166 Adding senders to the whitelist 1 In the public folders list of the mail client example Microsoft Outlook locate the GFI AntiSpam Folde
18. Check for recursive archives This filter allows you to quarantine or delete emails that contain recursive archives Recursive archives also known as nested archives are archives that contain multiple levels of sub archives that is archives within archives A high number of archive levels can indicate a malicious archive Recursive archives can be used in a DoS Denial of Service attack since recursive archives consume machine resources when they are being analyzed To configure this filter 1 Navigate to Content Filtering gt Decompression node 2 From the list of available filters click Check for recursive archives 3 To enable this filter select Check for recursive archives 4 Specify the maximum number of recurring archives in the Maximum number of recurring archives text box If an archive contains more recurring archives than the specified number the email is triggered as malicious 5 Specify what to do when an email contains an archive that triggers this filter Popo Description Quarantine Quarantines blocked emails Automatically Delete Deletes blocked emails GFI MailEssentials 7 Content Filtering 194 NOTE When GFI MailEssentials is installed on same machine as Microsoft Exchange 2003 GFI MailEssentials may not be able to block outbound emails but instead replaces the blocked content with a threat report 6 Select Send a sanitized copy of the original email to recipient s to choose whether to forward a c
19. Click Add 9 Repeat steps 7 and 8 to add all the performance counters needed 10 Click Close The counters of added processes are now displayed in the Performance Monitor 11 13 2 Performance counter in Windows 2008 Server NOTE In a Microsoft Exchange Server 2007 2010 environment the VSAPI performance monitor counters are only available on machines with the Mailbox Server Role installed To add and view the performance monitor counter in Windows 2008 Server follow these steps 1 Go to Start gt Control Panel gt Administrative Tools gt Reliability and Performance Monitor 2 In the monitor dialog expand Monitoring Tools and select Performance Monitor 3 From the viewing pane click Add to load the Add Counters dialog GFI MailEssentials 11 Miscellaneous topics 269 Add Counters Ed gt Available counters A Added counters Select counters from computer Er lt Local computer gt X Browse MSExchangeIS Virus Scan Files Cleaned sec Virus Scan Files Quarantined Virus Scan Bytes Scanned virus Scan Files Cleaned Virus Scan Files Quarantined sec virus Scan Files Scanned virus Scan Files Scanned sec Virus Scan Folders Scanned in Background Viruie Sean Mace snec Clasned xl Instances of selected object Add gt gt Remove lt JV Show description Help pees Description Total number of separate files processed by virus scanner a Screenshot 149 Adding
20. Configurations fi Server DominoSrv Acme i Release 8 5 3 on Windows Longhom 64 6 1 E Server Current Server Document ff All Server Documents T Configurations H Connections E Programs E Etemal Domain Network Information Screenshot 2 Lotus Domino Administrator click Configurations option 2 After configuration section is selected main window will show the configuration of the server Select desired server and click Edit configuration G add Configuration P Edit Configuration Delete Configuration Screenshot 3 Click Edit Configuration From the configuration document page select Router SMTP tab and ensure that Basics is selected Double click on content to enable edit mode Select Relay host for messages leaving the local internet domain and enter the IP Address of the machine that GFI MailEssentials is installed Click Save and Close to save configuration document Lotus Domino LDAP Settings From Lotus Domino enable Directory Catalog and Directory Assistance In the Directory Assistance database click Add Directory Assistance to create a new Assistance document In the document one must enable the LDAP clients under Make this domain available to as follows Basics Naming Contexts Rules Domino Domain type Notes si z F Domain name t 6 Company name J Searchorder ao o S Make this domain M Notes Clients amp Internet Authentication Authorization available to M LDAP Client
21. Email list Current emails Remove Screenshot 83 New Senders Exceptions 3 From Exceptions tab configure recipients whose emails are excluded from the New Senders check Enable New Senders exception list Select this option to enable the exceptions list Add exception Key in an email address to exclude and click Add Repeat for each address to add Edit exception 1 Select an exception from the Email list 2 Edit the email address 3 Click Update Delete exception Select an exception from the Email list and click Remove 4 Click Actions tab to select the actions to perform on messages identified as spam For more inform ation refer to Spam Actions What to do with spam emails page 144 5 Click Apply 6 2 Spam Actions What to do with spam emails The Actions tab in the Anti Spam filters properties define what should be done with emails marked as spam Different actions can be defined for each of the spam filters GFI MailEssentials 6 Anti Spam 144 For Example Delete emails detected by SpamRazer filter but do not delete emails marked as spam by the Email Blocklist filter 6 2 1 Configuring Spam Actions In the Actions tab select an option that defines which action to take on emails marked as spam General Exceptions Actions S Select the action to perform when this filter blocks a spam email Actions Quarantine email Delete email Perform the following action s V Deliv
22. H Header checking 17 107 129 130 234 Hub Transport 13 18 26 92 IIS 20 21 23 26 30 33 40 127 217 236 238 242 244 261 263 283 285 IMAP 36 166 283 Inbound mail filtering 15 Internal email 29 51 71 Internet 15 23 27 32 44 149 232 234 256 285 290 IP_27 33 43 70 103 118 120 123 125 127 132 140 216 232 234 235 252 274 275 277 285 288 IP Blocklist 17 106 118 IP DNS Blocklist 17 25 106 146 154 ISP 33 256 K Kaspersky 16 49 73 81 Keyword checking 17 107 133 155 234 L LDAP lookups 216 Legitimate email 18 49 107 136 138 Licensing 237 284 Lotus Domino 19 25 26 28 31 32 35 166 Lotus Notes 28 35 M MAPI 166 257 Microsoft Exchange 25 146 221 249 256 MSMQ 24 N Net framework 161 New Senders 15 18 107 142 147 234 Newsletter 224 225 227 0 Outbound mail filtering 15 P Performance 28 50 70 140 250 268 288 Index 299 perimeter server 19 26 104 127 Phishing 17 25 48 106 110 234 258 POP2Exchange 31 53 61 252 261 263 POP3 29 252 283 Post Installation 43 262 264 Q Quarantine 16 20 31 42 46 51 55 60 75 79 82 86 89 95 100 146 176 182 188 193 198 209 210 217 233 242 244 245 261 263 273 274 277 279 281 284 R Remote commands 16 155 284 RSS Feeds 209 242 247 S Sender Policy Framework 17 106 107 123 234 285 SMTP Server 25 26 42 126 127 231 283 SMTP
23. Inbound Outbound and Internal out of all emails processed Email Direction Chart graphically shows total emails processed for each email direction Inbound Outbound and Internal Email Direction shows total emails processed for each email direction Inbound Outbound and Internal User Report shows the number of blocked and allowed emails for each email address Spam Filter shows the total number of emails blocked by each anti spam filter Spam Filter Graph graphically shows the total number of emails blocked by each anti spam fil ter Click View Report Preview to preview how report looks like Date filtering Select report date range When selecting Custom date range specify the period to display data for from the Custom From and Custom To calendar controls Email directions Select a particular email direction to display data for or select All email directions inbound out filtering bound internal to display data for all directions Email address Key in an email address to display report information for that particular email address only filtering Report Group Specify how to group data Available options are ing Group by Day Group by Week Group by Month Group by Year 4 Optionally enable Send every checkbox and configure a date time combination to have the report generate at a specific date and time Click Add Rule to save report generation time NOTE To delete a rule sel
24. POP2Exchange WV Enterprise Transfer A Email Statistics View charts for Last7Days O O Z O Email Scanning Timeline Scan Statistics 1 000 500 R Z y N y Q O os 2 gt Processed 1809 W Legitimate 710 W Malware 0 V Content Filtering 381 V Spam 718 Screenshot 21 The GFI MailEssentials Dashboard To open the Dashboard go to GFI MailEssentials gt Dashboard This page displays statistics status of services and a graphical presentation of email activity More details on these sections are provided below GFI MailEssentials 4 Monitoring status 54 Services A GFI MailEssentials Services vW AVScan Engine WY AS Scan Engine Y Quarantine Action YW Backend vV Autoupdater v Legacy Attendant v Attendant v List Server vV POP2Exchange WY _ Enterprise Transfer Screenshot 22 The GFI MailEssentials Services The Services area displays the status of GFI MailEssentials services v Indicates that the service is started Click this icon to stop service 0 Indicates that the service is stopped Click this icon to start a stopped service You can also start or stop services from the Microsoft Windows Services console To launch the Services console go to Start gt Run type services msc and click OK Quarantine Statistics A Quarantine Statistics Quarantined Malware Emails 381 Malware Quarantine Size 57 55 MB Quarantined Spam Emails 365 Spam Quarantine Size 107 16 MB
25. Program Files x86 GFI MailEssentials EmailSecurity logs ipre log Screenshot 41 Virus scanning engine actions 6 From Actions tab choose the action to take when an email is blocked GFI MailEssentials 5 Email Security 78 Quarantine email Stores all infected emails detected by the selected Virus Scanning Engine in the Quarantine Store You can subsequently review approve delete all the quarantined emails For more information refer to Quarantine page 198 Delete email Deletes infected emails Send a sanitized copy Choose whether to send a sanitized copy of the blocked email to the recipients of the original email to recipient s 7 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options Foption Description Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin istrator istrator email address page 233 Notify local Notify the email local recipients about the blocked email user 8 To log the activity of this engine to a log file select Log occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are stored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log GFI MailEssentials 5 Email Security 79 General
26. Quarantine Other Gh Specify options which aid in troubleshooting Enable Disable Email Processing When troubleshooting it is sometimes necessary to enable disable email processing without needing to uninstall the product o Enable Disable Email backup before after processing When troubleshooting it is sometimes necessary to keep a backup copy of emails before and after being processed by GFI MailEssentials IV Keep a copy of every email before and after email processing Backup copies of the emails will be copied to the following folders C Program Files amp 86 GFI MailEssentials Antispam SourceArchives C Program Files amp 86 GFI MailEssentials Email Security SourceArchives Screenshot 147 The GFI MailEssentials Switchboard Troubleshooting 2 Select unselect Keep a copy of every email before and after email processing checkbox to store a copy of each email processed All emails are stored in the following locations lt GFI MailEssentials installation path gt GFI MailkEs sentials AntiSpam SourceArchives lt GFI MailEssentials installation path gt GFI MailkEs sentials EmailSecurity SourceArchives GFI MailEssentials 11 Miscellaneous topics 266 NOTE Some services are temporarily stopped while performing this operation This may affect mail flow and or email scanning 3 Click OK 4 In the Service Restart Required dialog click Yes to restart services 5
27. To Tuesday March 27 2012 Screenshot 31 Emails blocked graph report Report functions GFI MailEssentials User All Direction All E Total Emails E spam E Malware amp Content Filtering Use the report top toolbar to do the following functions Function Icon Description Print l Print current 95 page Navigate Page of 1 Save B por GFI MailEssentials Click to print report Click to print the page that is currently displayed Use this toolbar to navigate through report pages Select format to save report in and click Save Specify location where to save report 4 Monitoring status 64 4 2 3 Custom reports Custom reports enable you to save specific report parameters for example a report type for a specific time date period and to have it generated on a schedule Use this feature to automate report generation Configuring custom reports 1 From GFI MailEssentials configuration go to GFI MailEssentials gt Reporting gt Reports 2 Select Custom Reports tab and click New 3 Configure the following options Foption Description O Report type Select the type of report to generate Emails Blocked shows total emails blocked by anti spam and anti malware filters for each email direction Inbound Outbound and Internal out of all emails processed Emails Blocked Graph graphically shows total emails blocked by anti spam and anti malware fil ters for each email direction
28. You can also import or export lists of keywords from to an XML file Enable email subject keyword whitel Select this option to check for keywords in the email subject which qualify an ist email as valid Add keywords to the Subject Keywords list You can also import or export lists of keywords from to an XML file Match whole words only word When selecting this option only whole words from the keyword whitelist are s phrases in subject body matched that qualify an email as valid 5 From the IP Whitelist tab configure GFI MailEssentials 6 Anti Spam 140 Foption Description Enable IP Whitelist Select to allow emails received from specific IP addresses to be whitelisted Add IP Whitelist entries 1 Specify Single computer CIDR Key in asingle IP address or arrange of IP addresses using CIDR notation Group of computers Specify the Subnet Address and Subnet Mask of the group of IPs to whitelist 2 Optional Add a Description 3 Click Add Remove IP Whitelist Select the IPs to remove and click Remove entries 6 Click Actions tab to enable disable logging of whitelist occurrences to a file Provide a path folder where to store the generated log file 7 Click Apply Personal Whitelist The personal whitelist is an additional whitelist that compliments global whitelist Disabled by default the personal whitelist can be enabled for users allowing them to add specific email addresses to a personal
29. even if there is other content such as attachments that do not trigger this rule GFI MailEssentials 7 Content Filtering 188 NOTE When GFI MailEssentials is installed on same machine as Microsoft Exchange 2003 GFI MailEssentials may not be able to block outbound emails but instead replaces the blocked content with a threat report 3 Select Send a sanitized copy of the original email to recipient s to choose whether to send a copy of the blocked email to the recipients but with the malicious content removed 4 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options option Description Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin istrator istrator email address page 233 Notify local Notify the email local recipients about the blocked email user 5 To log the activity of this engine to a log file select Log occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are stored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log Step 3 Specifying users to whom this rule applies 1 By default the rule is applied to all email users GFI MailEssentials however allows you to apply this rule to a cus
30. g0 gfi com pageid ME_ RetrieveAndCountUsers 10 7 SMTP Virtual Server bindings GFI MailEssentials always binds to the first SMTP virtual server configured in IIS In case of multiple SMTP virtual servers GFI MailEssentials may be required to be bound to a new or a different SMTP Virtual Server NOTE The SMTP Virtual Server Bindings tab is not displayed if you installed GFI MailEssentials on a Microsoft Exchange Server 2007 2010 machine 10 7 1 Binding GFI MailEssentials to another other SMTP Virtual Server NOTE Some services are temporarily stopped while performing this operation This may affect mail flow and or email scanning 1 Go to General Settings gt Settings and click Bindings tab 2 Select the SMTP Virtual Server to bind GFI MailEssentials to GFI MailEssentials 10 General Settings 238 3 Click Apply 4 GFI MailEssentials will ask to restart services for the new settings to take effect 10 8 Product Updates The Product Updates feature verifies if there are any software patches available for your version of GFI MailEssentials by directly connecting to the GFI Update Servers By default GFI MailEssentials downloads updates automatically on a preset schedule NOTE It is highly recommended to check have this feature to download updates automatically to keep GFI MailEssentials updated 10 8 1 Viewing and installing downloaded updates To view or install downloaded updates 1 Navigate to General S
31. if they are available 5 Select the check box next to the name s that you want to add to the list and click OK NOTE To remove entries from the list select the user user group public folder you want to remove and click Remove 6 Repeat steps 3 to 5 to add all the required users to the list 7 Click Apply 7 3 2 Removing Rules 1 From Content Filtering gt Advanced Content Filtering select rule to remove 2 Click Remove Selected 7 3 3 Enabling Disabling Rules 1 From Content Filtering gt Advanced Content Filtering select rule to enable disable 2 Click Disable Selected to disable rule or Enable Selected to enable 7 3 4 Sorting Rules Advanced Content Filtering rules are applied in the same order from top to bottom as they are listed in the Advanced Content Filtering page that is rule with priority value 1 is checked first To change the sequence priority of rules 1 Navigate to the Content Filtering gt Advanced Content Filtering node 2 Click the up or down arrows to respectively increase or decrease the priority of the rule 3 Repeat step 2 until rules are placed in the desired sequence 7 4 Decompression Engine The Decompression engine extracts and analyzes archives compressed files attached to an email The following is a list of checks performed by the decompression engine Password protected archives Corrupted archives Recursive archives GFI MailEssentials 7 Content Fil
32. selecting a blocklist and clicking on the Up or Down buttons Enable Selected Select a URI DNS Blocklist and click Enable Selected to enable it NOTE It is recommended to disable all other URI DNS Blocklists when enabling multi surbl org as this might increase email processing time Disable Selected Select a URI DNS Blocklist and click Disable Selected to disable it Remove Selected Select a URI DNS Blocklist and click Remove Selected to remove it GFI MailEssentials 6 Anti Spam 122 3 Click Actions tab to select the actions to perform on messages identified as spam For more inform ation refer to Spam Actions What to do with spam emails page 144 4 Click Apply 6 1 8 Sender Policy Framework This filter uses SPF records to stop email sent from forged IP addresses by identifying if the sender IP address is authorized The Sender Policy Framework filter is based on a community based effort which requires that the senders publish the IP addresses of their mail servers in an SPF record Example If an email is sent from xyz CompanyABC com then companyABC com must publish an SPF record in order for SPF to be able to determine if the email was really sent from the companyABC com network or whether it was forged If an SPF record is not published by CompanyABC com the SPF result will be unknown For more information on SPF and how it works visit the Sender Policy Framework website at http www openspf org The SPF filter is
33. 11 Specify how often you want GFI MailEssentials to check download updates for this engine by spe cifying an interval value in hours 12 From Update options area select Enable email notifications upon successful updates to send an email notification to the administrator whenever the engine updates successfully NOTE An email notification is always sent when an update fails 13 To check for and download updates immediately click Download updates 14 Click Apply 5 2 Information Store Protection When GFI MailEssentials is installed on the Microsoft Exchange server machine Information Store Protection allows you to use the Virus Scanning Engines to scan the Microsoft Exchange Information Store for viruses NOTE When GFI MailEssentials is installed on a Microsoft Exchange Server 2007 2010 machine Information Store Protection is available only when both the Mailbox Server Role and Hub Transport Server Role are installed NOTE Information Store Protection VSAPI is not supported on Microsoft Exchange Server 2013 because VSAPI was removed from Microsoft Exchange Server 2013 This section will show you how to enable Information Store Scanning and select the scan method used by VSAPI Virus Scanning API 5 2 1 Information Store Scanning 1 Go to Email Security gt Information Store Protection GFI MailEssentials 5 Email Security 92 Information Store Virus Scanning VSAPI Settings SG Configures Inform
34. 20 0 0000 0 e eee cee cece eee ee eee neeeeeeeeeneees 186 7 4 Decompression Engine 2 000000000 occ ccc c cece cece cece cece eeceeccuceeeceeeeeceeeees 191 7 1 Keyword Filtering Keyword Filtering enables you to set up rules that filter emails with particular keywords or a combination of keywords in the body or subject of the email A rule is composed of Keywords to block in the email body subject or attachment Actions to take when a keyword is found The users to which a rule applies To configure content rules navigate to Content Filtering gt Keyword Filtering This page allows you to view create enable disable or delete rules 7 1 1 Creating a Keyword Filtering rule To create a Keyword filtering rule follow the steps listed below Step 1 Configuring basic rule setting Step 2 Configuring terms to block Step 3 Configuring the actions to take on detected emails x gt Step 4 Specifying the users to whom to apply this rule Step 1 Configuring basic rule settings 1 Go to Content Filtering gt Keyword Filtering and select Add Rule 2 Specify a name for the rule in the Rule name text box 3 Select whether to scan inbound outbound and or internal emails Check Inbound emails Select this option to scan incoming emails Check Outbound Select this option to scan outgoing emails emails GFI MailEssentials 7 Content Filtering 172 Foption Description Check Internal emails Select this o
35. 389 636 on your Firewall Use Select to configure your LDAP settings if GFI MailEssentials is installed in SMTP mode If your LDAP LDAP lookups server requires authentication unmark the Anonymous bind option and enter the authentication details that will be used by this feature NOTE Specify authentication credentials using Domain User format for example master domain administrator NOTE In an Active Directory the LDAP server is typically the Domain Controller 3 In Block if non existent recipients equal or exceed specify the number of nonexistent recipients that will qualify the email as spam Emails will be blocked by Directory Harvesting if all the recipients of an email are invalid or if the number of invalid recipients in an email equals or exceeds the limit specified NOTE Avoid false positives by configuring a reasonable amount in the Block if non existent recipients equal or exceed edit box This value should account for users who send legitimate emails with mistyped email addresses or to users no longer employed with the company It is recommended that this value is at least 2 4 Provide an email address and click Test to verify Directory Harvesting settings Repeat the test using a non existent email address and ensure that Active Directory lookup fails 5 Click Actions tab to select the actions to perform on messages identified as spam For more inform ation refer to Spam Actions What to do with spam emails pa
36. 7 Quarantine Store Location and Public URL 2 0 oo 0 0c ccc ence cece eee 217 8 1 Important Notes 1 To quarantine spam or malicious emails change the filters and engines actions to Quarantine email 2 The Quarantine Store requires disk space to retain the organization s spam email or malware for a number of days The amount of disk space required depends on The quantity received How long it is retained 3 On average 100 000 spam or malware emails of 5 KB each will require approximately 600 MB of disk space to store the email and its metadata 4 If the free disk space where the Quarantine Store is saved is 512 MB or less GFI MailEssentials stops quarantining spam and malware it is instead tagged and delivered to recipients mailboxes until free disk space increases to more than 512 MB This ensures that the disk will not run out of space 8 2 Searching the quarantine The Quarantine Store is accessible from the GFI MailEssentials interface and allows management of quarantined emails To access the GFI MailEssentials Quarantine Store go to GFI MailEssentials gt Quarantine There are various ways how to search for content in the GFI MailEssentials Quarantine GFI MailEssentials 8 Quarantine 198 Searching though quarantined Malware and Spam Searching through Malware emails only Search through Spam emails only Search through both Malware and Spam 1 Go to GFI MailEssentials gt
37. ATTE 2 toes na oh AT pee Ae gine ee nll ot innate Bboy waged dn Se Nera et Bee ale 203 8 4 Working with Quarantined emails 2 0 0 0 20 c cece cece ccccccceccecceceeceeceeceeceessesesees 205 8 5 Quarantine RSS Feeds _ 20 2 0 eee cette LLALL ee eeeeeeeee 209 8 6 Quarantine Options 22 2 2 c cece cece eee AALALA AAL Laa nananana 210 8 7 Quarantine Store Location and Public URL _ 222 80 217 9 Email Management aaan cece cc ccc ccc nc cnc cnccecceceeceeseeceeceeseeteeneetettseteetseesess 219 91 Disclaimer S eensaam tea ooh gga se a a Ck iste os tot gene a iat sewn aa 219 O NTLO E BI accesececnerssee nnn dekh neee eas tte Mle A bt te ashen ea Or A hacen ere 223 O SrLISE SEN Vel aea ac rors aaa the Mee eI a eo eee cr tea ha ete 224 9 4 Mail Monitoring o oo cece cece cece ccc ec ccc cecececeececeeeneeceeneeeseeseesetssesesetseeses 228 10 General Settings 2000 0 00 o oo cc ccc cc ence eccccceceeceeseeecececaceneeneeteeneetseteeeseeseess 231 10 1 Administrator email address o n anaana annaa anaana ahaaa eeeeeees 233 10 2 Enabling Disabling scanning modules 20 2 00 20 c cece ceecceccecceccccceceeceeseeseeseees 233 TOS PROXY SELEINGS 2 4duc 22 28 notes aaa enol ies tee adc eens heehee hse se a nes set eres eeoe ne Ne 234 1054 LoGal dO MAINS 2 8 2 228mm 3 ne Lee senvee aaa ve wei aa a ssn wt aus yeu a aa a demoed ay 236 10 5 Managing local users 00 20 2 e eee eee ccc ceccececcceceeseeseessenecncenetnee
38. Check corrupted archives 4 Specify what to do when an email contains an archive that triggers this filter Foption Description Quarantine Quarantines blocked emails Automatically Delete Deletes blocked emails GFI MailEssentials 7 Content Filtering 193 NOTE When GFI MailEssentials is installed on same machine as Microsoft Exchange 2003 GFI MailEssentials may not be able to block outbound emails but instead replaces the blocked content with a threat report 5 Select Send a sanitized copy of the original email to recipient s to choose whether to send a copy of the blocked email to the recipients 6 Click the Actions tab to configure further actions 7 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options Foption Description Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin istrator istrator email address page 233 Notify local Notify the email local recipients about the blocked email user 8 To log the activity of this engine to a log file select Log occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are stored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log 9 Click Apply
39. Configuration navigate to General Settings gt Settings and select the General tab GFI MailEssentials 10 General Settings 233 Scanning Manager Select which scanning modules will process emails V Enable Email Security V Enable Anti Spam V Enable Content Filtering Screenshot 129 Scanning Manager 2 Enable or disable scanning modules option Description Enable Email Security gt gt gt Enable Anti Spam gt gt gt gt gt gt gt gt gt Enables Disables the following scanning engines Virus Scanning Engines Information Store Protection Trojan amp Executable Scanner Email Exploit Engine HTML Sanitizer Enables Disables the following anti spam filters SpamRazer Anti Phishing Directory Harvesting Email Blocklist IP Blocklist IP DNS Blocklist URI DNS Blocklist Sender Policy Framework Anti Spoofing Greylist Language Detection Header Checking Spam Keyword Checking Bayesian Analysis Whitelist New Senders Enable Content Filtering Enables Disables the following content filtering engines gt gt gt gt 3 Click Apply 10 3 Proxy settings Keyword Filtering Attachment Filtering Decompression Engine Advanced Content Filtering GFI MailEssentials automatically checks for and downloads updates for example virus definitions updates and SpamRazer definitions from the Internet If the server
40. Free Disk Space 18 01 GB Screenshot 23 Quarantine statistics The Quarantine Statistics area displays the following statistical information Quarantined Malware Number of emails blocked by Email Security and Content Filtering engines and stored in the Emails Malware Quarantine Store Malware Quarantine Size on disk of the Malware Quarantine Store database Size Quarantined Spam Number of emails blocked by anti spam engines and stored in the Spam Quarantine Store Emails Spam Quarantine Size Size on disk of the Spam Quarantine Store database Free disk space Free space on the disk where quarantine stores are saved GFI MailEssentials 4 Monitoring status 55 Charts A Email Statistics View charts for Last7Days sd Email Scanning Timeline Scan Statistics 1 000 500 j S Ss S Qs CA O Op Os V Processed 1809 v Legitimate 710 v Malware 0 v Content Filtering 381 v Spam 718 Screenshot 24 Dashboard charts The Charts area displays graphical information about emails processed by GFI MailEssentials Select the time period from the drop down list to display information for that period in the charts View charts for Enables you to select a period for which to view charts Available options are Last 6 hours Last 24 hours Last 48 hours Last 7 days Email scanning Shows a time graph in
41. General tab perform any of the following actions Enable SpamRazer Enable or disable SpamRazer engine Enable SpamRazer SPF Enable or disable Sender Policy Framework It is recommended to enable this option and to Recommended have this filter running after to the Email Whitelist GFI MailEssentials 6 Anti Spam 108 General Updates Actions Qs Automatic SpamRazer Updates Automatic update options Configure the automatic update options m Automatically check for updates Update interval for spam detection rules minutes min 5min max 30min Update interval for SpamRazer engine hours min 1hr max 24hr Update options Enable email notifications upon successful updates V Enable email notifications upon failed updates Last attempt 02 09 2013 15 30 02 Last attempt result Successful Current Verson 2013 09 02 10 47 45 Click the button below to force the updater service to download the most recent updates Download updates now Screenshot 64 SpamRazer Updates tab 3 From the Updates tab perform any of the following actions Automatically check Configure GFI MailEssentials to automatically check for and download any SpamRazer updates for updates Specify the time interval in minutes when to check for spam detection rule and SpamRazer engine updates NOTE It is recommended to enable this option for SpamRazer to be more effective in detecting the latest spam trends
42. MSScriptControl ScriptControl ActiveX scripting High alert 13 Office XP ActiveX control exploit Suspicious Screenshot 59 Email Exploit List 2 Select the check box of the exploit s to enable or disable 3 Click Enable Selected or Disable Selected accordingly GFI MailEssentials Status Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled 5 Email Security 102 5 5 HTML Sanitizer The HTML Sanitizer scans and removes scripting code within the email body and attachments It scans the email body of emails that have the MIME type set to text html all attachments of type htm or html 5 5 1 Configuring the HTML Sanitizer 1 Go to Email Security gt HTML Sanitizer HTML Sanitizer Whitelist Domain lP Exclusions La Configure HTML Sanitizer This filter removes all scripting code from the HTML of emails and attachments htm html only Content layout and formatting are not altered Emails are guaranteed to be received free of HTML Scripting code and are therefore safe for viewing V Enable the HTML Sanitizer Email checking Select the emails you want the HTML Sanitizer to scan and clean WV Scan Inbound SMTP Email V Scan Outbound SMTP Email Screenshot 60 HTML Sanitizer configuration page 2 Enable the HTML Sanitizer by selecting Enable the HTML Sanitizer checkbox 3 Select direction of emails Scan inbou
43. Mail OK Cancel Apply Screenshot 148 Changing Remoting ports 2 In the Remoting Ports area change the number of the Remoting port to a one that is not utilized by other applications 3 Click Apply NOTE Some services are temporarily stopped while performing this operation This may affect mail flow and or email scanning 4 Click Yes to restart the displayed services 5 Click OK 11 13 Monitoring Virus Scanning API When GFI MailEssentials is installed on the Microsoft Exchange machine you can monitor Virus Scanning API performance using the Performance Monitor MMC GFI MailEssentials 11 Miscellaneous topics 268 NOTE Information Store Protection VSAPI is not supported on Microsoft Exchange Server 2013 because VSAPI was removed from Microsoft Exchange Server 2013 11 13 1 Performance counter in Windows 2003 Server To add and view the performance monitor counter in Windows 2003 Server follow these steps 1 Go to Start gt Control Panel In the Control Panel window double click Administrative Tools Double click Performance to start the Performance monitor MMC From the System Monitor viewing pane click Add to load the Add Counters dialog 2 3 4 5 From the Performance object dropdown list select MSExchangelS 6 Click Select counters from list 7 Select any Virus Scan counter you need to add For more information refer to Performance monitor counters page 271 8
44. NOT enabled by default and it is recommended to enable this option and to have this filter running prior to the Email Whitelist so to block forged senders before these are whitelisted GFI MailEssentials does not make it a requirement to publish any SPF records To publish SPF records use the SPF wizard at http www openspf org wizard html Prerequisites Before enabling the Sender Policy Framework filter on a non gateway server installation 1 Go to General Settings gt Perimeter SMTP Servers 2 Click Detect in the Perimeter SMTP setup option to perform a DNS MX lookup and automatically define the IP address of your perimeter SMTP server Enabling the Sender Policy Framework 1 Select Anti Spam gt Anti Spam Filters gt Sender Policy Framework GFI MailEssentials 6 Anti Spam 123 General IP Exceptions Email Exceptions Actions on The Sender Policy Framework SPF fights spam by detecting emails with forged senders Block Level The Sender Policy Framework SPF filter identifies and blocks spam with forged senders Itis recommended to run the SPF filter before Whitelist This can be configured in the Filter Priority node Disabled Enabled Recommended Blocks emails identified as having a forged sender if SPF check result is FAIL This denotes that the sender is definitely not authorized to use the sender domain For more information refer to http go qfi com pageid ME_SPFfilter Advanced Ad
45. Only 1 Go to GFI MailEssentials gt Quarantine GFI MailEssentials 8 Quarantine 201 Search for Spam Only A General Date Any date time A Search by sender Search by recipient Search for text in subject Spam Search by anti spam filter 2 From the Quarantine page select Spam Only from Search for dropdown Screenshot 111 Spam Only search area 3 Specify the required search criteria Available options are SEARCH CRITERIA DESCRIPTION Date Select the date range when the email was quarantined Available date ranges are Any date time Since yesterday Last 7 days Last 30 days Custom date range Search by sender Specify a sender who sent the email that was quarantined Search by recipient Specify a recipient for whom an email was quarantined Search for text in subject Specify the text to search for within quarantined email subject Search by anti spam filter Select the anti spam filter that identified the email to search for as Spam 4 Click Search NOTE Use the search results to review quarantined emails You can approve false positives for delivery to recipients For more information refer to Working with Quarantined emails page 205 GFI MailEssentials 8 Quarantine 202 8 3 Search Folders A Search Folder is a folder that has a custom search query associated to it and displays all quarantined emails that match the search query Examples of search folders A search folder
46. Server Settings page 231 3 Configure the Master Server The master server is tasked with synchronizing the data within the GFI MailEssentials Multi Server environment For more information refer to Configuring the master server page 275 4 Configure Slave Servers Slave servers are members of the multi server environment Slave serv ers get the synchronized configuration settings from the master server and other peers in the multi install network A slave server may also be the Reporting and Quarantine host For more inform ation refer to Configuring a slave server page 277 5 Configure which configuration settings to sync GFI MailEssentials provides you with the facility to sync either all the configuration settings or a set of configuration settings For more information refer to Configuring the settings to sync page 279 6 Configure Reporting and Quarantine sync Synching the Reporting and Quarantine data enables you to centralize all your reporting to a single location as well as enables you to have a single loc GFI MailEssentials 12 GFI MailEssentials Multi Server 274 ation your quarantined emails are stored For more information refer to Configuring Reporting and Quarantine data centralization page 281 12 2 1 Configuring the master server The master server is the server that will be in charge of synchronizing the data between all the GFI MailEssentials instances within the multi server network You can onl
47. Software Installation 9 Right click Computer Configuration gt Policies gt Administrative Templates and select All Tasks gt Add Remove Templates 10 Click Add browse to the shared folder containing spamtag adm 11 Click Close 12 Go to Computer Configuration gt Policies gt Administrative Templates gt Classic Administrative Templates ADM gt GFI MailEssentials SpamTag 13 From the right pane double click DefaultWebServiceUrl policy and select Enabled In GFI MailEs sentials Portal Website Address key in the public url of GFI MailEssentials Machines that will have SpamTag deployed must be able to connect to this url via their web browser otherwise SpamTag will not be able to connect with GFI MailEssentials 14 Optionally click Previous Setting to change the SpamTag default language Click Enabled and modify the Default Language value 15 Click OK GFI MailEssentials 6 Anti Spam 163 Step 3 Verify installation The set up should now be complete SpamTag will be installed the next time each client machine is started To check installation verify that the SpamTag toolbar is visible in Microsoft Outlook and that it connects successfully to GFI MailEssentials Installing SpamTag via GPO on Windows Server 2003 Step 1 Prepare MSI and ADM files 1 From the GFI MailEssentials server go to the GFI MailEssentials installation folder and open the Outlook sub folder 2 Copy the MSI and the ADM files to a
48. Spam gt Anti Spam Settings GFI MailEssentials 6 Anti Spam 153 DNS Server Public Folder Scanning Remote Commands Anti spam logging Global Actions Perimeter SMTP Servers Ss Specify global actions to be performed Actions Configures the actions that will be performed when spam cannot be moved to a users Exchange folder because the user does not exist on the Exchange server Delete Forward to email address Administrator domaina tcv Move to specified folder C Program Files x86 GFI MailEssentials Antispam globalactions m Log occurrence to this file C Program Files x86 GFI MailEssentials Antispam logs antispamglobal log Screenshot 91 Global actions 2 Select Global Actions tab and choose whether to gt Delete the email x RA gt Forward it to an email address Move it to a specified folder Ww Select Log occurrence to this file to log these occurrences to a log file Click Apply 6 6 3 DNS Server Settings DNS Server settings are very important in GFI MailEssentials since a number of anti spam filters such as IP DNS Blocklist URI DNS Blocklist and SpamRazer perform domain lookups when filtering spam 1 From the GFI MailEssentials Configuration go to Anti Spam gt Anti Spam Settings GFI MailEssentials 6 Anti Spam 154 DNS Server Public Folder Scanning Remote Commands Anti spam logging Global Actions Perimeter SMTP Servers Specify the DNS server
49. VSAPI performance monitor counters in Windows 2008 Server 4 From the Select counters from computer dropdown list select the computer to monitor 5 From the list of available counters expand MSExchangelS 6 Select any Virus Scan counter you need to add For more information refer to Performance monitor counters page 271 7 Click Add 8 Repeat steps 6 and 7 for each process to monitor 9 Click Ok to apply changes The counters of added processes are now displayed in the Performance Monitor GFI MailEssentials 11 Miscellaneous topics 270 3 Reliability and Performance Monitor File Action view Favorites Window Help e93 m HmHm Reliability and Performance ge Monitoring Tools ES Performance Monitor E Reliability Monitor Data Collector Sets Reports 20 te KF Maw 11 44 25 AM 20 0dI A 11 43 15 AM 11 43 45 AM 11 44 24 AM Last 164 000 Average 164 000 Minimum 164 000 Maximum 164 000 Duration 1 40 penler I Seale counter limeta Parent obet f cometer _Total WWINSERYB WWINSERYB Processor MSExchangelS MSExchangelS MSExchangels o Processor Time Virus Scan Files Cleaned sec Virus Scan Files Quarantined Virus Scan Files Scanned WINSERVB Screenshot 150 Monitoring Virus Scan Files Scanned in Windows Server 2008 Performance Monitor 11 13 3 Performance monitor counters The following V
50. a separate machine commonly installed in the DMZ In this environment a server also known as a gateway perimeter server is set to relay emails to the mail server GFI MailEssentials is installed on the gateway perimeter server so that spam and email malware is filtered before reaching the mail server This method enables you to filter out blocked emails before these are received on the mail server and reduce unnecessary email traffic It also provides additional fault tolerance where if the mail server is down you can still receive email since emails are queued on the GFI MailEssentials machine When installing on a separate server that is on a server that is not the mail server you must first configure that machine to act as a gateway also known as Smart host or Mail relay server This means that all inbound email must pass through GFI MailEssentials for scanning before being relayed to the mail server for distribution For outbound emails the mail server must relay all outgoing emails to the gateway machine for scanning before they are sent to destination If using a firewall a good way to deploy GFI MailEssentials in the DMZ GFI MailEssentials will act as a smart host mail relay server when installed on the perimeter network also known as DMZ demilitarized zone GFI MailEssentials 2 About GFI MailEssentials 19 GFI MailEssentials Figure 3 Installing GFI MailEssentials on a separate machine on a DMZ NOTE
51. access to certain files required by GFI MailEssentials Disable third party antivirus and backup software from scanning the following folders 32 bit installations x86 64 bit installations x64 lt Program Files Common Files GFI gt lt Program Files x86 Common Files GFI gt lt GFI MailEssentials installation path gt GFI MailEssentials lt Inetpub mailroot gt if installed on a gateway machine lt Program Files Exchsrvr Mailroot gt if installed on the same machine as Microsoft Exchange 2003 lt Program Files Microsoft Exchange Server TransportRoles gt if installed on the same machine as Microsoft Exchange 2007 lt Program Files Microsoft Exchange Server V14 TransportRoles gt if installed on the same machine as Microsoft Exchange 2010 lt Program Files Microsoft Exchange Server V15 TransportRoles gt if installed on the same machine as Microsoft Exchange 2013 GFI MailEssentials 3 Installation 24 3 1 4 Firewall port settings Configure your firewall to allow the ports used by GFI MailEssentials 53 DNS 20 amp 21 FTP 80 HTTP 9090 9091 Remoting 389 636 LDAP LDAPS Used by the following anti spam filters IP DNS Blocklist SpamRazer URI DNS Blocklist Used by GFI MailEssentials to connect to ftp gfi com and retrieve latest product version information Used by GFI MailEssentials to download product patches and updates for SpamRazer Ant
52. an external email account Step 4 Confirm that test emails are blocked Verify that both inbound and outbound test emails are blocked and quarantined To do this 1 From GFI MailEssentials go to GFI MailEssentials Configuration gt Quarantine gt Today GFI MailEssentials 3 Installation 51 2 Ensure that both inbound and outbound test emails are listed in Malware and Content tab reason being Triggered rule Test rule Malware and Content 3 Use this page to approve or delete emails blocked due to malware content C Date Sender Recipients Subject Module Reason Source E EER administrator tcdomainb com jsmith tcdomainb com eean te ENE inal a O pera administrator tcdomainb com administrator tcdomainb com oe ecco nig O SE administrator tcdomainb com administrator tcdomainb com bug in Pinney ane K pd a baj Mi Page size 10 v 3 items in 1 pages Rescan Screenshot 20 Test email blocked by Test rule NOTE When test is completed successfully delete or disable Test rule created in step 1 GFI MailEssentials 3 Installation 52 4 Monitoring status GFI MailEssentials enables monitoring of your email activity in real time or by generating reports of email activity for a particular time period Monitoring Description marexe le Dashboard The GFI MailEssentials Dashboard provides real time information that enables you to monitor the product To access the Dashboard go to GFI MailEsse
53. and a time when email is sent 4 Specify the digest content that will be sent in the email x gt Total count of processed email and spam Total spam captured per spam filter type List of blocked spam or any combination of options as required GFI MailEssentials 6 Anti Spam 151 Administrator Digest Recipient Digest Recipient List Rs Specify which recipients should or should not receive the spam digestvia email For the recipient digest specify the inbound domain recipients that should or should not receive the spam digest Only users listed below should receive the recipient spam digest All users except the ones listed below will receive the recipient spam digest Email Address List See oaa OO Screenshot 89 Spam digest recipient list 4 Click on the Recipients list tab add the users to receive the spam digest and select the method used to determine who should receive the spam digest Available options are Only users listed below should receive the recipient spam digest gt All users except the ones listed below will receive the recipient spam digest NOTE The required list of users can also be imported from a file in XML format in the same structure that GFI MailEssentials would export files 6 Select Apply to finalize settings 6 6 Anti Spam settings The following settings are configurable for anti spam filters and emails blocked by anti spam filters only 6 6 1 Log file ro
54. as Search Folder and key in an easily identifiable name for the new Search Folder The newly created search folder is listed in Quarantine gt Search Folders node NOTE To edit or delete a previously created search folder access the search folder and click Edit Search Folder or Delete Search folder 8 3 3 Using the Search Folders node to auto purge quarantined emails The Search Folders node enables you to create Search folders and set an auto purge value in days When a quarantined email exceeds the specified number of days in the quarantine the email is deleted 1 Select Quarantine gt Search Folders node 2 Configure a new search folder for the emails to purge on a regular basis using the instructions in this chapter 3 Select EnableAuto purging and provide the number of days to keep emails for 4 Click Save Folder 8 4 Working with Quarantined emails Within GFI MailEssentials there are a number of actions you can take on quarantined emails GFI MailEssentials 8 Quarantine 205 The Quarantine Store is accessible from the GFI MailEssentials interface and the administrator can manage quarantined emails To access the GFI MailEssentials Quarantine Store go to GFI MailEssentials gt Quarantine 8 4 1 Viewing quarantined emails Searching within the Quarantine or using default or customized search folders yields a list of quarantined emails Malware and Content 381 Spam 365 Use this page to appr
55. below Public folder scanning setup for Microsoft Exchange Servers Configure a dedicated user account for Microsoft Exchange Server 2003 Configure a dedicated user account for Microsoft Exchange Server 2007 2010 Hiding user posts in GFI AntiSpam Folders NOTE You can also use GFI MailEssentials with Lotus Domino For more information refer to Lotus Domino page 31 Public folder scanning setup for Microsoft Exchange Servers 1 From the GFI MailEssentials configuration console go to Anti spam gt Anti Spam Settings Select Public Folder Scanning tab 2 Select Enable Public Folder Scanning and from Poll public folder via list select gt Exchange Server 2003 Select MAPI IMAP or WebDAV Exchange Server 2007 Choose WebDAV or Web Services x x Exchange Server 2010 Choose Web Services Options are described in the table below Foption Description MAPI To use MAPI GFI MailEssentials must be installed on the machine on which Microsoft Exchange Server is installed No other settings are required IMAP Requires Microsoft Exchange IMAP service IMAP enables remote scanning of public folders and works well in environments running firewalls In addition IMAP can be used with other Mail servers that support IMAP Parameters required are Mail server name Port number default IMAP port is 143 Username password Select the Use SSL option to use a secure connec
56. cece eee eee cece eeeeeeeeeeeeeeeeseeeeeere 188 Screenshot 106 Content Filtering Users Folders Tab 0 2 e cece cece cece ee ee ccc eee cece cece ee eeeeeeees 190 Screenshot 107 Add users to a Content Filtering rule 00 2200000 e cece cece cece eeeeeeeeeees 190 Screenshot 108 Decompression engine Checks 22 eee eee cece cece cece cece ee eeeeeeeeeeeeeeeeeeeeees 192 Screenshot 109 Malware and Spam Search Area 2 220000 ccc cece cece cece cece cece ceeeeeeeeeeeeeeeseeeeees 199 Screenshot 110 Malware and Spam Search Area 2 222000 c cece eee aoaaa aoaaa aoaaa oaaao aoaaa aoaaa 200 Screenshot 111 Spam Only search area 2 0 22 ecco c eee cece eee cece eeeeeeeeeeeeceeeeeeeeeee 202 Screenshot 112 Screenshot 113 Screenshot 114 Screenshot 115 Screenshot 116 Screenshot 117 Screenshot 118 Screenshot 119 Screenshot 120 Screenshot 121 Screenshot 122 Screenshot 123 Screenshot 124 Screenshot 125 Screenshot 126 Screenshot 127 Screenshot 128 Screenshot 129 Screenshot 130 Screenshot 131 Screenshot 132 Screenshot 133 Screenshot 134 Screenshot 135 Screenshot 136 Screenshot 137 Screenshot 138 Screenshot 139 Screenshot 140 Screenshot 141 Screenshot 142 Screenshot 143 Screenshot 144 Screenshot 145 Screenshot 146 Screenshot 147 Screenshot 148 Screenshot 149 Default and custom search folders 2 0 2 2 0 2 cece cece cece e cece e cece cece cee
57. do with spam emails page 144 NOTE For more information about settings to verify after import refer to http go gfi com pageid ME_CheckIlmportSettings 6 On completion click Exit 7 GFI MailEssentials automatically attempts to start the services that were stopped in step 1 IMPORTANT There may be other services that are stopped when stopping the IIS Admin service such as the Simple Mail Transfer Protocol SMTP service Restart these services manually from the Services applet 11 9 1 Export Import settings via command line Exporting settings via command line 1 From command prompt change directory to the GFI MailEssentials installation root folder 2 Key in meconfigmgr export c MailEssentials Settings verbose replac Where C MailEssentials Settings location where to export files Replace with the desired destination path verbose instructs the tool to display progress while copying the files gt xreplace instructs the tool to overwrite existing files in the destination folder GFI MailEssentials 11 Miscellaneous topics 262 ih GFI MailEssentials Configuration Export Import Tool Copying C Program Files GFI MailEssentials config mdb gt C MailEssentials Jal ettings config mdb i C Program Files GFI MailEssentials autowhitelist mdb gt C MailEssen tials Settings autowhitelist mdb Done Copying C Program Files GFI MailEssentials Data weights bsp
58. documentation gfi com GFI MailEssentials 13 Troubleshooting and support 287 14 Appendix Bayesian Filtering The Bayesian filter is an anti spam technology used within GFI MailEssentials It is an adaptive technique based on artificial intelligence algorithms hardened to withstand the widest range of spamming techniques available today This chapter explains how the Bayesian filter works how it can be configured and how it can be trained NOTE 1 The Bayesian anti spam filter is disabled by default It is highly recommended that you train the Bayesian filter before enabling it 2 GFI MailEssentials must operate for at least one week for the Bayesian filter to achieve its optimal performance This is required because the Bayesian filter acquires its highest detection rate when it adapts to your email patterns How does the Bayesian spam filter work Bayesian filtering is based on the principle that most events are dependent and that the probability of an event occurring in the future can be inferred from the previous occurrences of that event NOTE Refer to the links below for more information on the mathematical basis of Bayesian filtering http go gfi com pageid ME_BayesianParameterEstimation This same technique has been adapted by GFI MailEssentials to identify and classify spam If a snippet of text frequently occurs in spam emails but not in legitimate emails it would be reasonable to assume that this email is probably
59. domain name and hit Enter The MX record should return the IP addresses of the mail relay servers Step 7 Test your new mail relay server Before proceeding to install GFI MailEssentials verify that your new mail relay server is working correctly Test IIS SMTP inbound connection 1 Send an email from an external account example from a Gmail account to an internal email address user 2 Ensure that intended recipient received the test email in the respective email client Test IIS SMTP outbound connection 1 Send an email from an internal email account to an external account example to a Gmail account 2 Ensure that the intended recipient external user received the test email NOTE You can also use Telnet to manually send the test email and obtain more troubleshooting information For more information refer to http go gfi com pageid ME_TelnetPort25 GFI MailEssentials 3 Installation 29 3 2 3 Microsoft Exchange 2003 Clusters This topic contains instructions on how to install and uninstall GFI MailEssentials on Microsoft Exchange 2003 clusters A cluster is a group of servers technically known as nodes working collectively as a single server Such environment provides high availability and fail over mechanisms to ensure constant availability of resources and applications including email infrastructures If one of the nodes in the cluster fails is not available resources and applications swi
60. domaina tcv administrator domaina tcv administrator domaina tcv spam spamdomain com dhe gkl nu jsmith domaina tcv spam spamdomain com Subject Energy Issues DJ FERC To Lower Price Cap In Calif PwrOrder Commissioners Energy Issues Test Subject RE This is a blocked outbound email RE This is a blocked outbound email blocked by content filtering This is a blocked outbound email Size 188803 8854 175289 903 5633 4982 3965 4039 Page 95 of 95 items 1505 to 1520 of 1520 Close 5 To export the report to another format select format and click Export 4 2 7 Configuring reporting database By default GFI MailEssentials uses a Firebird database reports fdb located in lt GFI MailEssentials installation path gt GFI You can also use a Microsoft SQL Server database for reports Configuring a Firebird database backend Configuring a Microsoft SQL Server database backend Configuring database auto purging GFI MailEssentials MailEssentials data 4 Monitoring status 68 Configuring a Firebird database backend Reporting Auto Purge e Configure reporting database Use this node to enable and use GFI MailEssentials Reporting This enables you to use the data collected oy GFI MailEssentials and generate various reports W Enable Reporting Current Database Settings Current type Firebird Current location C Program Files x86 GFi MailEssentia
61. email address etc or Active Directory fields name title telephone numbers etc Select the variable to add and click Add NOTE The recipient display name and email address variables will only be included if the email is sent to a single recipient If emails are sent to multiple recipients the variables are replaced with recipients 7 Specify the encoding to be used for the plain text disclaimer if the email body s character set is not plain text option Description Convert to Unicode Converts both email body and disclaimers to Unicode so that both are properly dis played Use character set of the email Disclaimer is converted to the email body s character set body NOTE If this option is selected some of the disclaimer text might not be displayed properly 8 From the Exclusions tab specify any senders or recipients for whom not to apply this disclaimer Key in an email address or click Search to look up email addresses from Active Directory Click Add to add email address to the exclusion list NOTE All recipients must be included in the exclusion list to not add a disclaimer in the email 9 Click Apply to save settings 9 1 2 Disabling and enabling disclaimers By default disclaimers are automatically enabled To disable or enable a disclaimer 1 Go to Email Management gt Disclaimers 2 Select the disclaimers to disable enable and click Disable selected or Enable selected to perform the desired actio
62. email sent to a par Create an inbound rule and specify the recipient s email address or select user if using AD ticular user in the recipient field Click All Domains in the sender s field Mail sent by a particular Create an outbound rule specify sender or select user if using AD in the sender field Key user to an external in external recipient email in the recipient field recipient GFI MailEssentials 9 Email Management 229 Mail sent to a particular Create an inbound rule and specify external sender email address in the sender field Key user by an external in email address or select user if using AD in the recipient field sender Mail sent by a particular Create an outbound rule and specify sender or select user if using AD in the sender field user to a company or Specify the domain of the company in the recipient field domain Mail sent to a particular Create an inbound rule and specify domain of the company in the sender field Select user by a company or domain when clicking on the sender button and enter username or user email address in domain the recipient field 9 4 3 Enabling Disabling email monitoring rules 1 Go to Email management gt Mail Monitoring 2 Select the rule to enable disable 3 Click Enable Selected or Disable Selected to enable or disable the selected rule respectively 4 Click OK to save changes GFI MailEssentials 9 Email Management 230 10 General Settings Topics in this chapter
63. facilitates transfer of files between systems using idle network bandwidth Bayesian Filtering An anti spam technique where a statistical probability index based on training from users is used to identify spam BITS See Background Intelligent Transfer Service Blocklist A list of email addresses or domains from whom email is not to be received by users Botnet A network of infected computers that run autonomously and are controlled by a hack er cracker C CIDR See Classless Inter Domain Routing Classless Inter Domain Routing An IP addressing notation that defines a range of IP addresses GFI MailEssentials 15 Glossary 292 Decompression engine A scanning module that decompresses and analyzes archives for example zip and rar files attached to an email Demilitarized Zone An internet facing section of a network that is not part of the internal network Its purpose typically is to act as a gateway between internal networks and the internet Directory harvesting Email attacks where known email addresses are used as a template to create other email addresses Disclaimer A statement intended to identify or limit the range of rights and obligations for email recip ients DMZ See Demilitarized Zone DNS See Domain Name System DNS MX See Mail Exchange Domain Name System A database used by TCP IP networks that enables the translation of hostnames to IP addresses and provides other domain related in
64. feuded A oes MA Wiebe an 56 Email processing logs 0 0 0 0 c cece cece cece cece cece cece cece cece ce ceeeeeeeceeeeceeeeeeeeeeees 57 Email processing logs filter 2 020000 c cece eee cece eee ee cece eeeeeceeeeeeeceeees 58 Virus scanning engines updates 2 2 2 2 c eee cece cece cece cece eee ce a naaa oraaa 59 EVEN LOGS 2 5 he opie tide eh oS celui Bel eos EE Lites falas 60 POP2Exchange log 1 2 0 eon e eee ee eee eee eee eee ENESE EAEN E EEE EE 61 Creating a report 2200 cece cece cece cece cece cece cece cece cece cece eeeeeteeeeeeeeeees 62 Emails blocked graph report 2 0000 cece cece e cece cece cece cece cece eeeececeeceeeeceeseeees 64 Searching the reporting database 00222 0 00 cece cece cece cece cece eee eececeeeeeeeeees 67 Reports database search results 2 22220 2 2200 e eect ee ee eneeeees 68 Configuring a Firebird database backend 0 0 00 22 0 ccc eee ence eee eee e eee eens 69 Configuring SQL Server Database backend 2 2 22 2222 e eee eee eee ence eee e eee eee 70 Screenshot 36 Screenshot 37 Screenshot 38 Screenshot 39 Screenshot 40 Screenshot 41 Screenshot 42 Screenshot 43 Screenshot 44 Screenshot 45 Screenshot 46 Screenshot 47 Screenshot 48 Screenshot 49 Screenshot 50 Screenshot 51 Screenshot 52 Screenshot 53 Screenshot 54 Screenshot 55 Screenshot 56 Screenshot 57 Screenshot 58 Screenshot 59 Screenshot 60 Scree
65. is also possible for Bayesian Analysis to be trained from emails sent or received before GFI MailEssentials is installed by using the Bayesian Analysis wizard This allows Bayesian Analysis to be enabled immediately This wizard analyzes sources of legitimate mail for example a mailbox sent items folder spam mail for example a mailbox folder dedicated to spam emails Step 1 Install the Bayesian Analysis wizard The Bayesian Analysis wizard can be installed on A machine that communicates with Microsoft Exchange to analyze emails in a mailbox A machine with Microsoft Outlook installed to analyze emails in Microsoft Outlook To install the Bayesian Analysis wizard 1 Copy the setup file Bayesian Analysis Wizard exe to the chosen machine This is located in GFI MailEssentials installation path AntiSpam BSW 2 Launch Bayesian Analysis Wizard exe GFI MailEssentials 14 Appendix Bayesian Filtering 289 3 In the initial screen choose the language and review the End User License Agreement Click Next 4 Select the installation folder and click Next 5 Click Install to start installation 6 Click Finish when installation is complete Step 2 Analyze legitimate and spam emails To start analyzing emails using the Bayesian Analysis wizard 1 Load the Bayesian Analysis wizard from Start gt Programs gt GFI MailEssentials gt GFI MailEssentials Bayesian Analysis Wizard 2 Click Next in the welcome sc
66. is automatically moved to the Microsoft Email folder Outlook Junk E mail folder Allow setting sender in Personal A sub option is shown under Spam button that enables users to add the sender s Blocklist email address to their Personal Blocklist To use this option the Personal Blocklist must be enabled Allow setting sender domain in A sub option is shown under Spam button that enables users to add the sender s Personal Blocklist domain to their Personal Blocklist To use this option the Personal Blocklist must be enabled GFI MailEssentials 6 Anti Spam 159 3 From the Not Spam Button area configure the features related to false positives that is when legitimate emails are incorrectly identified as spam option f peseription Enable NOT SPAM button Move processed legitimate email to Inbox folder Allow setting sender in Personal Whitelist Allow setting sender domain in Per sonal Whitelist Allow setting discussion list address in Personal Whitelist The Not Spam button is shown in SpamTag and when clicked the selected email trains the Bayesian Analysis filter When clicking Not Spam the selected email is automatically moved to the Inbox folder A sub option is shown under Not Spam button that enables users to add the sender s email address to their Personal Whitelist To enable this option the Personal Whitelist must be enabled A sub option is shown under Not Spam button that enables users to add the
67. machine Emails sent from certain users or sent to certain users are not monitored 13 5 GFI SkyNet Disclaimers are only added to outbound emails originating from domains protected by GFI MailEssentials Disclaimers are not added when Emails are sent from domains that are not specified in local domains list Emails are sent to domains that are in the local domains list as these will be considered as internal emails Ensure that all local domains are specified in the Inbound email domains dialog For more information refer to Local domains page 236 Configure Microsoft Outlook not to use automatic encoding and force GPO to use correct encoding For more information how to solve this issue refer to http go gfi com pageid ME_Outlook2003Encoding Emails sent to the List server are converted to plain text emails only when the original format of the email is RTF Send email in HTML format to retain original format For more information how to use the List Server feature if GFI MailEssentials is installed on a gateway refer to http go gfi com pageid ME_ListServerGateway Email monitoring rules do not monitor emails sent from or to the GFI MailEssentials administrator and the email address to which the monitored emails are being sent to Email monitoring rules are also not applicable for emails sent between internal users of the same information store GFI maintains a comprehensive knowledge base repository which i
68. manually key in an email address or select User to look up If sender is Specify the email address of the sender to monitor Click All Domains to monitor emails sent by all users and recipient is Specify the email address of the recipient to monitor Click All Domains to monitor emails received by all users 4 Click Add to add the configured rule 5 Repeat the above steps to specify multiple filters 6 From the Exceptions tab specify users and email addresses for whom the rule shall not apply The available options are option peseription Except if sender Excludes the specified senders from mail monitoring is For inbound monitoring rules key in non local email addresses For outbound monitoring rules all addresses in this list are local Click Search User to find local email addresses and click Add Except if recip Excludes the specified recipients from the list ient is For inbound monitoring rules all addresses in this list are local Click Search User to find local email addresses and click Add For outbound monitoring rules key in non local email addresses 7 Click Apply 9 4 2 How to use Mail Monitoring Refer to the below table for information on how to configure mail monitoring for different requirements and scenarios All email sent by a par Create an outbound rule and specify sender email or select user if using AD in the sender ticular user field Click All Domains in the recipient s field All
69. newsletter com E EA sexymailer com Specify the full path and filename of the file to use for importing Note Import of list data cannot be performed unless the import list is on the server where GFI MailEssentials is installed Legend O Email CO MIME D SMTP E Sender Recipient Screenshot 67 Email blocklist 2 From the Blocklist tab configure the email addresses and domains to block OPTION DESCRIPTION Enable Select Unselect to enable disable email blocklist Email Blocklist GFI MailEssentials 6 Anti Spam 116 OPTION DESCRIPTION Add Remove Import Export Search Add email addresses email domains or an entire domain suffix to the blocklist 1 Key in an email address domain for example spammer com or an entire domain suffix for example tv to add to the blocklist 2 Specify the email type to match for the emails to be blocklisted NOTE For more information about the difference between SMTP and MIME refer to http go gfi com pageid ME_DifferenceSMTPMIME 3 Optional You can also add a description to the entry in the Description field 4 Click Add Select a blocklist entry and click Remove to delete Import a list of blocklist entries from a file in XML format NOTE A list of entries can be imported from a file in XML format in the same structure that GFI MailEssentials would export the list of entries Export the list of blocklist entries to a f
70. of Specify options which aid in troubleshooting Enable Disable Email Processing When troubleshooting it is sometimes necessary to enable disable email processing without needing to uninstall the product J Enable Disable M Email backup before after processing When troubleshooting it is sometimes necessary to keep a backup copy of emails before and after being processed by GFI MailEssentials IV Keep a copy of every email before and after email processing Backup copies of the emails will be copied to the following folders p C Program Files K86 GFI MailEssentials Antisipam SourceArchives C Program Files amp 86 GFI MailEssentials EmailSecunty SourceArchives Screenshot 146 The GFI MailEssentials Switchboard Troubleshooting 2 Click Enable or Disabled to enable or disable email processing NOTE Some services are temporarily stopped while performing this operation This may affect mail flow and or email scanning 3 In the Service Restart Required dialog click Yes to restart services 4 Click OK GFI MailEssentials 11 Miscellaneous topics 265 11 11 Email backup before and after processing IMPORTANT Use this option for troubleshooting purposes only 1 Launch the GFI MailEssentials Switchboard from Start gt Programs gt GFI MailEssentials gt Switchboard and select Troubleshooting tab N GFI MailEssentials Switchboard Ul Mode Troubleshooting Tracing
71. on using an account with administrative privileges The machine where GFI MailEssentials is going to be installed meets the specified system require ments For more information refer to System requirements page 22 Configure your firewall to allow GFI MailEssentials to connect to GFI servers For more inform ation refer to Firewall port settings page 25 Disable third party antivirus and backup software from scanning folders used by GFI MailEssentials For more information refer to Antivirus and backup software page 24 If installing GFI MailEssentials on an email gateway or relay perimeter server configure that machine to act as a gateway For more information refer to Installing on an email gateway or relay perimeter server page 26 Save any pending work and close all open applications on the machine 6 GFI MailEssentials installation restarts Microsoft Exchange or Microsoft IIS SMTP services This is required to allow GFI MailEssentials components to register correctly It is recommended to install GFI MailEssentials at a time when restarting these services has the least impact on your network 3 3 2 Running the installation wizard 1 Run the GFI MailEssentials setup program 2 Select the language to use with this installation of GFI MailEssentials Accept the terms and con ditions and click Next NOTE Language selection is not reversible You will need to reinstall GFI MailEssentials to change t
72. outbound emails The list of users can also be managed from the GFI MailEssentials General Settings node For more information refer to Managing local users page 237 5 Configure the Administrator Email Address and the SMTP Server Configuration GFI MailEssentials 3 Installation 41 Foption Description O Administrator Specify the administrator email adress to use for notifications about product status Email Address SMTP Server Setup Select the SMTP Server that GFI MailEssentials binds to By default GFI MailEssentials binds to your Default SMTP Virtual Server If you have multiple SMTP virtual servers on your domain you can bind GFI MailEssentials to any available SMTP virtual server NOTES 1 If you are installing on a Microsoft Exchange Server 2007 2010 2013 machine this option is not shown since Microsoft Exchange has its own built in SMTP server 2 After installation you can still bind GFI MailEssentials to another SMTP virtual server from the GFI MailEssentials Configuration For more information refer to SMTP Virtual Server bind ings page 238 GFI MailEssentials Web Server Configuration GFI Mailessentials for Exchange SMTP needs to create two virtual directories for Configuration and RSS access Select the two names of the virtual directories to create and the IIS website where to create them IS Website Default Web Site X Configuration Path MailEssentials Screenshot 13 SMTP server and v
73. path and file name including txt extension to a custom location on disk where to store the log file Alternatively specify the file name only including txt extension and the log file will be stored in the following default location lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt filename gt txt 10 Click Apply GFI MailEssentials 8 Quarantine 216 8 7 Quarantine Store Location and Public URL Use the GFI MailEssentials Switchboard to configure the Quarantine Store location and the Quarantine Public URL The Quarantine Store location is the Quarantine Store location where quarantined emails are stored By default this is located in the GFI MailEssentials installation path This might however need to be moved to an alternate location in cases where for example you might be running out of disk space The Quarantine Public URL provides access to the Quarantine Page from an external location By default this is based on the GFI MailEssentials IIS Virtual directory settings you provided during installation This however might need to be changed if you are sending quarantine digest emails or notifications that are accessed outside of the internal network When this is the case the URL should be changed to be reached through Internet 1 Launch the GFI MailEssentials Switchboard from Start gt Programs gt GFI MailEssentials gt Switchboard N GFI MailEssentials Switchboar
74. saved to the EmailSecurity Data folder by default Audit files are saved with the current year number appended to the specified filenames e g quarantineaudit_2012 log Screenshot 119 Quarantine Mode 2 From Quarantine Mode tab select Send quarantine approval forms by email checkbox to enable the sending of Quarantine Approval Forms 3 From the Select recipient area specify the recipient of the Quarantine Approval Forms Send to admin Sends Quarantine Approval Forms to the administrator as configured in General Settings node istrator For more information refer to Administrator email address page 233 Send to the fol Sends Quarantine Approval Forms to another email address Key in the recipient in the text box lowing email provided address 4 Optional Select Save quarantine audit to this file and configure a filename where to save a copy of the quarantine log 5 Click Apply Nonexistent Recipients The GFI MailEssentials Nonexistant recipients feature scans emails for non existing local email addresses before these are stored to the Quarantine Store If an email contains non existing local GFI MailEssentials 8 Quarantine 214 email addresses it is permanently deleted This reduces the number of emails for administrative reviewing Configuring Nonexistent Recipients The Nonexistent Recipients filter requires access to the list of local addresses This is done either via Active Directory or if communication
75. shared folder that is accessible by all users that will have SpamTag installed Ensure that users have at least Read permissions to the folder Step 2 Deploy SpamTag 1 From command prompt load mmc exe to launch the Microsoft Management Console 2 Go to File gt Add Remove Snap in and click Add 3 Select Group Policy Object Editor snap in and click Add 4 Click Browse and select the domain policy to edit 5 Select the domain policy and click OK 6 Click Finish to close Select Group Policy Object dialog Click Close to close Add standalone Snap in dialog and click OK to close Add Remove Snap in dialog to return to the Microsoft Management Console 7 Navigate to Console Root gt lt domain policy gt gt User Configuration right click Administrative Templates and select Add Remove Templates 8 Click Add and browse for the ADM file located in the folder shared in step 1 Click Open 9 Click Close to return to the Microsoft Management Console 10 Expand Console Root gt lt domain policy gt gt User Configuration gt Administrative Templates gt GFI Applications 11 From the right pane double click DefaultWebServiceUrl policy and select Enabled Key in the public url of GFI MailEssentials Machines that will have SpamTag deployed must be able to connect to this url via their web browser otherwise SpamTag will not be able to connect with GFI MailEs sentials 12 Optionally click Pr
76. than the Whitelist module For more information refer to Sorting anti spam filters by priority page 147 13 Troubleshooting and support 285 Issue encountered Solution Emails sent from whitelisted senders are blocked Spam not delivered to Microsoft Exchange sub folder or Spam is not being delivered to the designated sub folder in Outlook in a Microsoft Exchange Server 2010 environment 1 Whitelisted emails can be blocked if they contain content or attachments that violate the Anti Malware rules since these have a higher order of priority than the whitelist Ensure that blocked emails do not violate Anti Malware rules 2 Ensure that the filter priories are set so that the whitelist is above any kind of filter that is catching the desired email For more information refer to http go gfi com pageid ME_BlockedWhitelistedSenders 1 Confirm that this feature is configured correctly For more information refer to Move spam to Exchange 2010 folder page 258 2 Refer to http go gfi com pageid ME_Autodiscoverlssues for detailed information on how to solve this issue 13 4 Email Management Issue encountered Solution No disclaimers are added to outbound emails Some characters in disclaimer text are not displayed correctly Emails sent to the list server are converted to Plain Text Internal users receive a non delivery report when sending email to list server when GFI MailEssentials is installed on a Gateway
77. that displays only outbound emails quarantined by the Virus Scanning Engines A search folder that displays inbound emails quarantined in a particular date range and addressed to a particular user A search folder that displays emails that meet specific search criteria A search folder that displays the results of a previously defined search query To display emails in a particular search folder 1 Go to Quarantine node Default Search Folders Search Folder Name Malware and Content Spam Today 0 130 Yesterday 0 0 This Week 0 130 All Malware and Content Items 381 N A All Spam Items N A 365 Custom Search Folders Search Folder Name Malware and Content Spam Auto purging Spam Deletion 381 365 Disabled Screenshot 112 Default and custom search folders 2 Click a search folder displayed in the Default Search Folders or Custom Search Folders areas Alternatively select one of the search folder nodes under the Quarantine and Quarantine gt Search Folders node NOTE Use the search results to review quarantined emails You can approve false positives for delivery to recipients For more information refer to Working with Quarantined emails page 205 8 3 1 Default Search Folders Default Search Folders are preconfigured search folders that enable you to access quarantined emails according to specific time periods or by a specific quarantined email type To use the default search folders GFI MailEssentials 8 Quarantine 203
78. the configuration files with the files found in this folder GFI MailEssentials Configuration Export Import Tool Copying C MailEssentials Settings config mdb gt C Program Files GFI MailEs entials config mdb File exists overwritten Copying C MailEssentials Settings autowhitelist mdb gt C Program Files GFIN MailEssentials autowhite list mdb File exists overwritten Copying C MailEssentials Settings weights bsp gt C Program Files GFI MailEs sentials Data weights bsp File exists overwritten Copying C MailEssentials Settings userlist mdb gt C Program Files GFI MailE ssentials userlist mdb File exists overwritten Copying C MailEssentials Settings reports mdb gt C Program Files GFI MailEs sentials data reports mdb File exists overwritten Importing Validating lidating Anti spam Action paths lidating Anti spam Action paths Validating Done one press lt Enter gt to continue ao i Ji S Il Screenshot 145 Importing settings via command line 4 Restart the services stopped in step 1 NOTE Some imported settings may not be appropriate for the installation of GFI MailEssentials may need to be re configured This is possible for example DNS settings domains list and perimeter servers are different from the server from which settings were exported Click Yes to launch the GFI MailEssentials Post Installation wizard to e onemi
79. this engine This option will NOT download the available updates auto matically Check for Select this option if you want GFI MailEssentials to check for and automatically download any updates updates and available for this engine download 10 Specify how often you want GFI MailEssentials to check download updates for this engine by spe cifying an interval value in hours 11 From Update options area select Enable email notifications upon successful updates to send an email notification to the administrator whenever the engine updates successfully NOTE An email notification is always sent when an update fails 12 To check for and download updates immediately click Download updates 13 Click Apply 5 1 4 Avira 1 Go to Email Security gt Virus Scanning Engines gt Avira General Actions Updates R Avira AntiVirus Options Enable Gateway Scanning SMTP Scan Inbound SMTP Email Scan Outbound SMTP Email Scan Internal and Information Store Items Screenshot 46 Avira configuration 2 Select Enable Gateway Scanning SMTP check box to scan emails using this Virus Scanning Engine 3 Select whether to scan inbound and or outbound emails using this Virus Scanning Engine GFI MailEssentials 5 Email Security 84 Foption Description Scan Inbound SMTP email Select this option to scan incoming emails Scan Outbound SMTP email Select this option to scan outgoing emails 4 If you installed
80. to newsletters add a web form asking for name and email address and automatically generate an email where the sender is the email address of the new user and the recipient is lt newslettername gt subscribe yourdomain com 9 3 3 Configuring advanced newsletter discussion list properties After creating a new list further options can be configured which enable the customization of elements and behavior of the list These options include x gt Creating a custom footer for the list x gt Setting permissions to the list x gt Manually adding subscribers to the list Importing subscribers to the list database structure Creating a custom footer for the list 1 From the Footer tab configure a custom discussion list footer A footer is added to each email sent to the list 2 Use the HTML editor to add an HTML version of the footer To add variable fields in the list footer navigate to Insert gt Variables Select the variable to add and click Add List 3 You can also enter a plain text footer for plain text lists Click Variable to add variable fields 4 Click Apply Tip You can use footers to show how users can subscribe unsubscribe from list and or to promote your social media channels Setting permissions to newsletters Specify the users who can submit newsletters NOTE Permissions are not configurable for discussion lists 1 Open an existing or create a new list and go to the Permissions tab
81. 1 Go to Quarantine node k Use this page to search for quarantined emails Search for All Emails A General Date Any date time A Search by sender Search by recipient Search for text in subject Default Search Folders Search Folder Name Malware and Content Spam Today 0 130 Yesterday 0 0 This Week 0 130 All Malware and Content Items 381 N A All Spam Items N A 365 Custom Search Folders Search Folder Name Malware and Content Spam Auto purging Spam Deletion 381 365 Disabled Screenshot 113 Default search folders 2 Select a search folder from the Default Search Folders area or from a node beneath Quarantine node to access the search folder GFI MailEssentials will automatically search for and display all quar antined emails that satisfy the default search folder search criteria Available default search folders are GFI MailEssentials 8 Quarantine 204 Time based e Today e Yesterday e This week Category based e All Malware and Content Items e All Spam Items NOTE Use the search results to review quarantined emails You can approve false positives for delivery to recipients For more information refer to Working with Quarantined emails page 205 8 3 2 Creating editing and removing Custom Search Folders from Searches 1 Go to Quarantine node 2 Create a new search for quarantined emails For more information refer to Searching the quar antine page 198 3 In the results page click Save
82. 3 1 123 Click Add and select the GFI MailEssentials email relay server Click OK Click Add select SMTP and click OK 4 5 6 Go to Address Space tab 7 8 Enter domain name and click OK 9 Select Allow messages to be relayed to these domains 10 Click OK Lotus Notes For more information on how to setup Lotus Domino routing refer to Installation Guide Domino GFI MailEssentials 3 Installation 28 SMTP POP3 mail server Configure your mail server to route all inbound and outbound email through GFI MailEssentials In the configuration program of your mail server use the option to relay all outbound email via another mail server this option is usually called something similar to Forward all messages to host Enter the computer name or IP of the machine running GFI MailEssentials Save the new settings and restart your mail server Step 6 Update your domain MX record to point to mail relay server Update the MX record of your domain to point to the IP of the new mail relay server If your DNS server is managed by your ISP ask your ISP to update the MX record for you NOTE If the MX record is not updated all emails will be routed directly to your email server hence bypassing GFI MailEssentials Verify that MX record has been successfully updated To verify whether MX record is updated 1 From command prompt key in nslookup and hit Enter 2 Key in set type mx and hit Enter 3 Specify your mail
83. 3c 4254020 hon neilcth a onets gostei a a ad ec e A a e aa 287 14 Appendix Bayesian Filtering 2 2 2 0 0 00 ccc cece ccc ec cece cc cecccececsetcetsenceeseesees 288 US GIOSSALY oen cere a oe eh aS ee ce ie tte a ss oat eee eR 292 16 Index List of Figures Screenshot 1 Screenshot 2 Screenshot 3 Screenshot 4 Screenshot 5 Screenshot 6 Screenshot 7 Screenshot 8 Screenshot 9 Screenshot 10 Screenshot 11 Screenshot 12 Screenshot 13 Screenshot 14 Screenshot 15 Screenshot 16 Screenshot 17 Screenshot 18 Screenshot 19 Screenshot 20 Screenshot 21 Screenshot 22 Screenshot 23 Screenshot 24 Screenshot 25 Screenshot 26 Screenshot 27 Screenshot 28 Screenshot 29 Screenshot 30 Screenshot 31 Screenshot 32 Screenshot 33 Screenshot 34 Screenshot 35 Verifying the MX record of the DNS 0 0 22 eee eee eee e ee ee ee 33 Lotus Domino Administrator click Configurations option 20 22 220 cece cece eee ees 34 Click Edit Configuration oorsien e lend e oie So eA 34 Lotus Domino LDAP Settings 000 000 00 2c ccc ccc cece cece cece cece cece ee eeeceeeeceeeeeeeeeeeees 34 Enable Anonymous Authentication 22 2 ec ccc cccc eee cccccceececcccccceeececcceceeeesccceeeeees 35 Create a new database 2 2 2 ce eee eee eee ee eeeeeeeeeee 36 Load convert result 22cc2ic 202 aisa iiaia stone bee a d aea epa gea daaa ae Eai 36 Copy to the clipboard a link to the cur
84. 805 Slave 2 Select Enable Multi Install mode option and choose Slave Server 3 Key in the Master Server URL and the GFI MailEssentials Administrator credentials NOTE The username and password provided must exist in the Access Control List for all the GFI MailEssentials installations including Slave Servers that are part of the multi server network The password should not expire It is recommended that this account is created solely for this purpose For more information refer to Access Control List page 246 GFI MailEssentials 12 GFI MailEssentials Multi Server 278 4 Click Advanced and ensure that both the port used to synchronize data and the port used for quar antine and reporting data are correct 5 Click Test to test setup 6 Click Apply 12 2 3 Configuring the settings to sync GFI MailEssentials provides you with the facility to configure which settings to sync between all the computers in the Multi Server network NOTE The information in this topic relates only to synching configuration settings For more information on synching Reporting and quarantine data refer to Configuring Reporting and Quarantine data sync To configure the settings to sync 1 On the machine configured as the Master Server locate and click the Multi Server node 2 Click Configuration Sync tab GFI MailEssentials 12 GFI MailEssentials Multi Server 279 GFI MailEssentials Multi Server Setup Configuration Sync 2
85. 9 Anti Phishing options 0 0 000000 a cece cece cece cece eee eeeeeeeeeeeeeceeeseeeeeereeees 111 Directory Harvesting page 22 cece ccc c eee e cece cece cece ceccecesceeeees 113 Email blocklist 2222 0000 22 e ence eee eeeeeeeeees 116 Personaliblocklist 253s 34 020 322 eA soe pope E E og Cn nee Ee C00 One SKS 118 IP BlOGKISt rent ces ce uses sean Ais A eet tte tat a Sd de Sergey e Netti eas 119 IP DNS Block list ene onaniaa EEE ee a Oe Soe ee nes Se mene nat ek 121 URI DNS Blocklist 22 2 0 0 20 0 c ccc ccc eee cece cece cece cece ceceeceeeeeceeeeecceteeeceeeeees 122 Enable and configure the Sender Policy Framework 022 2200 222eceee eee cence 124 GFI MailEssentials Anti Spoofing filter 20 000 00000000 c cece cece eee eeeeeeeeeees 126 Screenshot 74 Email Exclusions e cece cece cece cece cence eee ae aa a a e Aaaa 128 Screenshot 75 Language Detection options _ 1 2 2 2 2 000 c cece cece cece cece cece cece oaaao aaroo aoaaa 130 Screenshot 76 Header checking options 0 0 000000 e cece cece cece cece cece eee ceeeeeeeeeeeeeeeseseeeeees 131 Screenshot 77 Language Detection 20 2 o coco ccc e cece cece cece cece ee eeeeeeeeeeceeeseeeeeeeeeees 133 Screenshot 78 Spam Keyword checking properties 00 2 cece eee e cece ccc c eee cececeeeeeeeceeeeeeeeeees 134 Screenshot 79 Bayesian analysis properties 0 000 222 cece cece cece eee cece cece e cece eeeeeee
86. Actions Updates Q Configure the Automatic Updates For This Profile Automatic update options Configure the automatic update options W Automatically check for updates Downloading option Check for updates and download Y Download time interval hour s Last update 06 04 2014 18 35 42 Update options Wi Enable email notifications upon successful updates NOTE Notifications for unsuccessful updates will always be sent Click the button below to force the updater service to download the most recent updates Download updates Update Status No updates currently in progress Screenshot 42 Engine Updates tab 9 From Updates tab select Automatically check for updates to enable automatic updating for the selected engine 10 From Downloading option list select one of the following options Only check for Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates updates are available for this engine This option will NOT download the available updates auto matically Check for Select this option if you want GFI MailEssentials to check for and automatically download any updates updates and available for this engine download GFI MailEssentials 5 Email Security 80 11 Specify how often you want GFI MailEssentials to check download updates for this engine by spe cifying an interval value in hours 12 From Update options area select
87. Address 192 168 1 132 gt set type mx gt devtest com Server megateway devtest com Address 192 168 1 132 devtest com MK preference 14 mail exchanger megateway devtest com megateway devtest com internet address 192 168 1 132 Screenshot 1 Verifying the MX record of the DNS 4 Test the new mail relay server Before proceeding to install GFI MailEssentials verify that the new mail relay server is working correctly 5 Test the IIS SMTP inbound connection of the mail relay server by sending an email from an external account to an internal user use web mail for example mail live com if you do not have an external account available Verify that the email client received the email 6 Test the IIS SMTP outbound connection of your mail relay server by sending an email to an external account from an email client Verify that the external user received the email NOTE Alternatively instead of an email client send email manually through Telnet This will give you more troubleshooting information For more information refer to http support microsoft com support kb articles Q153 1 19 asp GFI MailEssentials 3 Installation 33 Configuring Lotus Domino to send outbound emails through GFI MailEssentials To direct all outgoing emails to the server where GFI MailEssentials is installed Lotus Domino needs to be configured as below 1 From the Lotus Domino Administrator click Configuration tab and select Server gt
88. Apply 7 4 2 Enable disable decompression filters To enable or disable decompression filters 1 Navigate to Content Filtering gt Decompression node 2 From the Decompression engine page select the checkbox of the filters to enable or disable 3 Click Enable Selected or Disable Selected accordingly GFI MailEssentials 7 Content Filtering 197 8 Quarantine The GFI MailEssentials Quarantine feature provides a central store where all emails detected as spam or malware are retained This ensures that users do not receive spam and malware in their mailbox and processing on the mail server is reduced Administrators and mail users can review quarantined emails by accessing the quarantine interface from a web browser GFI MailEssentials can also send regular email reports to email users to review their blocked emails Refer to the following sections for more information on configuring the GFI MailEssentials Quarantine 8 1 Important Notes 0 00000000000000 ccc ccc cn cece cence ence eee eee eee eee 0200020222222 198 8 2 Searching the quarantine 22 2 0 o oo c cece ncn cccccecceceececcetseesseeenee 198 8 3 Search Folders lt 2 20 2 2ccssh ec ccascccesi E bug aE Lh iLi 203 8 4 Working with Quarantined emails 2 2 20 o oo cece cece ccc ec ccc ccccecceeceseceeees 205 8 5 Quarantine RSS Feeds _2 2 0 0 ne eee e ee eeee eens 209 8 6 Quarantine Options 2 2 2 2 c cece cece nce 00 cece cece eee ceeeeeeeeseees 210 8
89. Click OK 11 12 Remoting ports Remoting ports enable modules in GFI MailEssentials to communicate with each other By default GFI MailEssentials uses ports 9090 used by the GFI MailEssentials Backend service 9091 used by the GFI MailEssentials Attendant service 8015 used by the GFI MailEssentials AutoUpdater service Ensure that no other applications except GFI MailEssentials are listening on these ports If these ports are used by some other application change these port numbers to ports that are not used by other applications To change the Remoting ports 1 Launch the GFI MailEssentials Switchboard from Start gt Programs gt GFI MailEssentials gt Switchboard and select Other tab GFI MailEssentials 11 Miscellaneous topics 267 N GFI MailEssentials Switchboard Ul Mode Troubleshooting Tracing Quarantine Other FO 4 Configure other advanced options Remoting Ports Remoting ports enable the different GFI MailEssentials modules to communicate with each other Ports which are used by third parties will result in loss of functionality and conflicts Current Ports 3030 GFI MailEssentials Backend 9091 GFI MailEssentials Attendant feo 5 GFI MailE ssentials Autoupdater m Failed Mail Notifications This option sends notifications to the administrator s email address when emails fail to be scanned for Malware and Content Filtering V Send Notifications on Failed
90. Configuring Directory Harvesting properties 1 Go to Anti Spam gt Anti Spam Filters gt Directory Harvesting GFI MailEssentials 6 Anti Spam 112 General Actions This plug in checks ifthe SMTP recipients of incoming mail are real users or the result of a directory harvesting attack Enable directory harvesting protection Lookup options Use native Active Directory lookups Use LDAP lookups LDAP Settings sees 1 Port El use SSL Version C Base DN v Anonymous bind Update DN list Password For security reasons the length in the password box above does not necessarily reflect the true password length Block if non existent recipients equal or exceed 1 Email address test Email address E Screenshot 66 Directory Harvesting page 2 Enable Disable Directory Harvesting and select the lookup method to use Enable dir Enable Disable Directory Harvesting ectory har vesting protection GFI MailEssentials 6 Anti Spam 113 Foption Description OOO O Use native Select option if GFI MailEssentials is installed in Active Directory Active Dir ectory look NOTE ups When GFI MailEssentials is behind a firewall the Directory Harvesting feature might not be able to connect directly to the internal Active Directory because of Firewall settings Use LDAP lookups to connect to the internal Active Directory of your network and ensure to enable default port
91. Enable email noti Select this option to be informed via email when new updates are downloaded fications upon suc cessful updates GFI MailEssentials 6 Anti Spam 109 Foption Descriptio Enable email noti Select this option to be informed via email when a download or installation fails fications upon failed updates Download updates Click to download updates now NOTE You can download updates using a proxy server For more information refer to Proxy settings page 234 4 Click Actions tab to select the actions to perform on messages identified as spam For more inform ation refer to Spam Actions What to do with spam emails page 144 5 Click Apply 6 1 2 Anti Phishing Blocks emails that contain links in the message body pointing to known phishing sites or if they contain typical phishing keywords Phishing is an email based social engineering technique aimed at having email users disclose personal details to spammers A phishing email is most likely crafted to resemble an official email originating from a reputable business for example a bank Phishing emails will usually contain instructions requiring users to reconfirm sensitive information such as online banking details or credit card information Phishing emails usually include a phishing Uniform Resource Identifier URI that the user is supposed to follow to key in some sensitive information on a phishing site The site pointed to by the phishing URI might be a re
92. Enable email notifications upon successful updates to send an email notification to the administrator whenever the engine updates successfully NOTE An email notification is always sent when an update fails 13 To check for and download updates immediately click Download updates 14 Click Apply 5 1 3 Kaspersky 1 Go to Email Security gt Virus Scanning Engines gt Kaspersky General Actions Updates K Kaspersky AntiVirus Options Enable Gateway Scanning SMTP Scan Inbound SMTP Email Scan Outbound SMTP Email Scan Internal and Information Store Items Screenshot 43 Kaspersky configuration 2 Select Enable Gateway Scanning SMTP check box to scan emails using this Virus Scanning Engine 3 Select whether to scan inbound and or outbound emails using this Virus Scanning Engine Foption D peseription Scan Inbound SMTP email Select this option to scan incoming emails Scan Outbound SMTP email Select this option to scan outgoing emails 4 If you installed GFI MailEssentials on a Microsoft Exchange machine you will also have the option to scan internal emails and the Information Store Select Scan Internal and Information Store Items NOTE To use the Information Store Virus Scanning feature you must enable the option from Information Store Protection node For more information refer to Information Store Protection page 92 GFI MailEssentials 5 Email Security 81 NOTE In this page y
93. Engine 3 Select whether to scan inbound and or outbound emails using this Virus Scanning Engine Scan Inbound SMTP email Select this option to scan incoming emails Scan Outbound SMTP email Select this option to scan outgoing emails 4 If you installed GFI MailEssentials on a Microsoft Exchange machine you will also have the option to scan internal emails and the Information Store Select Scan Internal and Information Store Items GFI MailEssentials 5 Email Security 77 NOTE To use the Information Store Virus Scanning feature you must enable the option from Information Store Protection node For more information refer to Information Store Protection page 92 NOTE In this page you can also review the antivirus engine licensing and version information 5 BitDefender can also be used to block emails with attachments that contain macros Enable this feature from the Macro Checking area by selecting Block all documents containing macros NOTE IF Macro Checking is disabled GFI MailEssentials still scans for and blocks Macro Viruses an Virus Scanner Actions Actions Select the actions to perform when a virus is detected Quarantine item Delete item C Send a sanitized copy of the original email to recipient s NOTE Sanitization does not work for Information Store VSAPI items Notification options T Notify administrator C Notify local user Logging options Log occurrence to this file C
94. Essentials 7 Content Filtering 196 6 Select Send a sanitized copy of the original email to recipient s to choose whether to send a copy of the blocked email to the recipients 7 Click the Actions tab to configure further actions 8 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options Foption Description Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin istrator istrator email address page 233 Notify local Notify the email local recipients about the blocked email user 9 To log the activity of this engine to a log file select Log occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are stored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log 10 Click Apply Scan within archives You can configure GFI MailEssentials to apply Keyword and Attachment Filtering of files within archives 1 Navigate to Content Filtering gt Decompression node 2 From the list of available filters click Scan within archives 3 To enable scanning within archives select Apply Attachment and Content Filtering rules within archives For more information refer to Content Filtering page 172 4 Click
95. GFI MailEssentials 3 Installation 48 Install GFI MailEssentials as if installing for the first time For more information refer to Installation procedure page 39 For upgrades on Microsoft Exchange 2007 amp over the Post Installation wizard is displayed after the installation It displays the list of Microsoft Exchange server roles detected and the GFI MailEssentials components required Click Next to install the required GFI MailEssentials components and Finish to complete Post Install wizard 3 5 Post Install actions To ensure GFI MailEssentials scanning and filtering system is effectively up and running perform the following post install actions Table 1 Post install actions Add GFI MailEssentials Data Execution Prevention DEP is aset of hardware and software technologies that scanning engines to the perform memory checks to help prevent malicious code from running on asystem Windows DEP Exception If you installed GFI MailEssentials on an operating system that includes DEP you will List need to add the GFI MailEssentials scanning engine GFiScanM exe and the Kaspersky Virus Scanning Engine kavss exe executables NOTE This is required only when installing on Microsoft Windows Server 2003 SP 1 or SP 2 For more information refer to Add engines to the Windows DEP Exception List page 49 Launch GFI MailEssentials Go to Start gt Programs gt GFI MailEssentials gt GFI MailEssentials Configuration Configuratio
96. GFI MailEssentials on a Microsoft Exchange machine you will also have the option to scan internal emails and the Information Store Select Scan Internal and Information Store Items NOTE To use the Information Store Virus Scanning feature you must enable the option from Information Store Protection node For more information refer to Information Store Protection page 92 NOTE In this page you can also review the antivirus engine licensing and version information n Virus Scanner Actions Actions Select the actions to perform when a virus is detected Quarantine item Delete item F Send a sanitized copy of the original email to recipient s NOTE Sanitization does not work for Information Store VSAPI items Notification options F Notify administrator E Notify local user Logging options I lt Log occurrence to this file C Program Files x86 GFI MailEssentials EmailSecurity logs vipre log Screenshot 47 Virus scanning engine actions 5 From Actions tab choose the action to take when an email is blocked GFI MailEssentials 5 Email Security 85 Quarantine email Stores all infected emails detected by the selected Virus Scanning Engine in the Quarantine Store You can subsequently review approve delete all the quarantined emails For more information refer to Quarantine page 198 Delete email Deletes infected emails Send a sanitized copy Choose whether to send a sanitized
97. General tab select whether to scan inbound and or outbound emails Scan inbound SMTP emails Select this option to scan incoming emails Scan outbound SMTP emails Select this option to scan outgoing emails GFI MailEssentials 5 Email Security 99 General Actions Updates Email Exploit Actions Actions Selectthe actions to perform when an exploitis detected Quarantine email Delete email Notification options Notify administrator J Notify local user Logging options Log occurrence to this file C Program Files x86 GFI MailEssentials EmailSecurityogs EmailExploit log Screenshot 57 Email Exploit Actions 3 From Actions tab choose the action to take when an email is blocked Quarantine Stores all infected emails detected by the Email Exploit Engine in the Quarantine Store You can sub item sequently review approve delete all the quarantined emails For more information refer to Working with Quarantined emails page 205 Delete Deletes infected emails item 4 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options Foption Description Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin istrator istrator email address page 233 Notify local Notify the email local recipients about the blocked email user 5 To log the activity of this
98. I MailEssentials is installed on the same machine as Microsoft Exchange GFI MailEssentials retrieves the Active Directory users that have a mailbox on the same Microsoft Exchange Server 10 5 3 GFI MailEssentials installed in SMTP mode When you choose to install GFI MailEssentials in SMTP mode the list of local users is stored in a database managed by GFI MailEssentials To populate and manage the user list when GFI MailEssentials is installed in SMTP mode go to General gt Settings and select the User Manager tab The User Manager tab displays the list of local users and allows you to add or remove local users The list of local users is used when configuring user based rules such as Attachment Filtering rules and Content Filtering rules NOTE GFI MailEssentials automatically populates the list of local users using the sender s email address in outbound emails To add a new local user 1 Enter the email address in the Email address box 2 Click Add 3 Repeat to add more local users and click Apply To remove a local user 1 Select the local user you want to remove from the Local Users list and click Remove 2 Repeat to remove more local users and click Apply 10 6 Licensing Purchase a license that is equivalent to the number of mailboxes or users protected by GFI MailEssentials GFI MailEssentials 10 General Settings 237 Key in the purchased license key during installation or from the GFI MailEssentials Conf
99. IP DNS Blocklist to less reliable lists GFI MailEssentials maintains a cache with the results of queries to the IP DNS Blocklist to avoid querying the IP DNS Blocklists multiple times for the same IP addresses Items remain in the cache for 4 days and are cleared on GFI MailEssentials AS Scan Engine service restart This filter can be configured to execute when the full email is received or at SMTP level that is emails are filtered while they are being received SMTP level filtering terminates the email s connection and therefore stops the download of the full email economizing on bandwidth and processing resources In this case the connection is terminated immediately and emails are not required to go through any other anti spam filters For more information refer to SMTP Transmission Filtering page 148 This filter is enabled by default on installing GFI MailEssentials Important notes 1 The DNS server must be properly configured for this feature to work If this is not the case time outs will occur and email traffic will be slowed down For more information refer to http go gfi com pageid ME_ProcessingSlow 2 Querying an IP DNS Blocklist can be slow depending on your connection so email can be slowed down a little bit 3 Ensure that all perimeter SMTP servers are configured in the Perimeter SMTP servers dialog so that GFI MailEssentials can check the IP address that is connecting to the perimeter servers For more informat
100. NS Blocklist Filtering on receiving full email NOTE The Greylist anti spam filter can only be executed during SMTP transmission Screenshot 86 SMTP Transmission Filtering properties 2 Click Switch to toggle the Directory Harvesting filtering between Filtering on receiving full Filtering is done when the whole email is received email Filtering during Filtering is done during SMTP transmission If this option is chosen the filter is always run SMTP transmission before the other spam filters NOTE The Greylist filter runs at SMTP Transmission level only 3 Click Apply GFI MailEssentials 6 Anti Spam 149 6 5 Spam Digest The spam digest is a short report sent to an administrator or user via email This report lists the total number of emails processed by GFI MailEssentials and the number of spam emails blocked over a specific period of time since the last spam digest 6 5 1 Configuring spam digests Administrator spam digest 1 Go to Anti Spam gt Spam Digest Administrator Digest Recipient Digest Recipient List a Enable and configure the administators spam email digest The administrators spam digestis an email sentto the administrator containing the total email processed and the total spam blocked per spam filter W Send administrator spam digest Options Frequency Day Time Dy ECS OTs C lt SC C dSW Digest Contents Total count of processed email and spam lt
101. Quarantine General Date Any date time Search by sender Search by recipient Search for text in subject 2 From the Quarantine page select All Emails from Search for dropdown Screenshot 109 Malware and Spam Search Area 3 Specify the required search criteria SEARCH CRITERIA DESCRIPTION Date Select the date range when the email was quarantined Available date ranges are Any date time Since yesterday Last 7 days Last 30 days Custom date range Search by sender Specify a sender who sent the email that was quarantined Search by recipient Specify a recipient for whom an email was quarantined Search for text in subject Specify the text to search for within quarantined email subject 4 Click Search NOTE Use the search results to review quarantined emails You can approve false positives for delivery to recipients For more information refer to Working with Quarantined emails page 205 GFI MailEssentials 8 Quarantine 199 Search for Malware and Content only 1 Go to GFI MailEssentials gt Quarantine Search for Malware and Content Only General Date Any date time Search by sender Search by recipient Search for text in subject Malware and Content Quarantine Reason Item Source An Item Direction An Quarantined By An E Only 2 From the Quarantine page select Malware and Content Only from Search for dropdown Screenshot 110 Malware and Sp
102. Remove 6 Repeat steps 3 to 5 to add all the required users to the list 7 Click Apply 7 1 2 Enabling disabling Rules To enable disable content filtering rules 1 Go to Content Filtering gt Keyword Filtering 2 From the Content Filtering page select the checkbox of the rule s to enable or disable 3 Click Enable Selected or Disable Selected accordingly 7 1 3 Removing content filtering rules WARNING Deleted rules are not recoverable If in doubt it is recommended to disable a rule 1 Go to Content Filtering gt Keyword Filtering 2 From the Content Filtering page select the checkbox of the rule s that you want to remove 3 Click Remove Selected 7 1 4 Modifying an existing rule 1 Go to Content Filtering gt Keyword Filtering 2 From the Content Filtering page click the name of the rule to modify 3 Perform the required changes in the rule properties and click Apply 7 1 5 Changing rule priority Content Filtering rules are applied in the same order from top to bottom as they are listed in the Content Filtering page that is rule with priority value 1 is checked first To change the GFI MailEssentials 7 Content Filtering 178 sequence priority of rules 1 Go to Content Filtering gt Keyword Filtering 2 From the Content Filtering page click the up or down arrows to respectively increase or decrease the priority of the selected rule 3 Repeat step 2 until rules are placed in the des
103. SAPI Performance Monitor counters are available Virus Scan Messages Processed Virus Scan Messages Processed sec Virus Scan Messages Cleaned Virus Scan Messages Cleaned sec Virus Scan Messages Quarantined Virus Scan Messages Quarantined sec Virus Scan Files Scanned Virus Scan Files Scanned sec Virus Scan Files Cleaned Virus Scan Files Cleaned sec GFI MailEssentials A cumulative value of the total number of top level messages that are processed by the virus scanner Represents the rate at which top level messages are processed by the virus scanner Total number of top level messages that are cleaned by the virus scanner Rate at which top level messages are cleaned by the virus scanner Total number of top level messages that are put into quarantine by the virus scanner Rate at which top level messages are put into quarantine by the virus scanner Total number of separate files that are processed by the virus scanner Rate at which separate files are processed by the virus scanner Total number of separate files that are cleaned by the virus scanner Rate at which separate files are cleaned by the virus scanner 11 Miscellaneous topics 271 Virus Scan Files Quarantined Total number of separate files that are put into quarantine by the virus scanner Virus Scan Files Quarantined sec Rate at which separate files are put into quarantine by the virus scanner Virus Scan Bytes Scanned Total number of bytes in all of the f
104. Select one of the available options Windows Windows authentication enables GFI MailEssentials to make use of the credentials of the currently logged on Mode user and does not provide log off and automatic timeout of the user interface session Forms Default Forms authentication provides the ability for users to log off It also enables you to configure an Mode automatic timeout from the user interface session This is recommended if end users are accessing their GFI MailEssentials user console especially if used from public computers 5 Click OK to save settings 11 4 Failed emails There may be instances where the GFI MailEssentials email security or content filters cannot scan an email for example emails containing corrupted header information In this case GFI MailEssentials GFI MailEssentials 11 Miscellaneous topics 248 blocks the email since it may contain malicious content and moves it to the following folder lt GFI MailEssentials installation path gt EmailSecurity failedmails 11 4 1 Reprocessing legitimate emails that fail It is recommended to contact GFI Support when a number of emails are being moved to the failedmails folder When the issue is resolved emails can be re scanned by GFI MailEssentials to determine if they are safe to be delivered NOTE Files with extension PROP in the failedmails folder are used for troubleshooting purposes When reprocessing failed emails these files can be deleted
105. Sores vas salad ee aoe eo An sean T A A 88 Virus scanning engine actions 000000000000000 e cece cece cece oaaao adana aonana 89 Engine Updates tab s 2 2 eso 2 AE E A EEE EAE eke ch Sed eS 91 Information Store Protection node 0 0 2 ccc cece cece eee e eee e eee e eee eeceeeceeeceeeeeeeenees 93 VSAPI SOREINGS et rr tthe tht ATES Sill Nb GSE Sta oists wath Rae Attala ae apna Eee St etek 94 Trojan and Executable Scanner General Tab 2 0022002220 e eee cece eee eee eee 96 Engine Updates tab 2 00 cos laeeca see se sade heise satonanac Ses nen need cesesaang eos ieee eaae 98 Email Exploit configuration 2 2 2 2 a c cece cece cece cece eeceeeeeceeeeeeeeeeess 99 Email Exploit ACtions e a dale ooo lee oakley esis sa Se die eels eeu ee loess 100 Engine Updates tab 2002 0 c cece c cece cece cece eeeeeeeeeeeeveeeeseeeeeess 101 EmailvEXploit LiSt eusann Sve cbbnnes Sees eae ie ose oso tte at lade aed O nts sane stay 102 HTML Sanitizer configuration page 0 22 cece eee ee cece eee cece e cee ee eeeeeeeeeeeees 103 HTML Sanitizer Whitelist page 0000000000 c cece cece ccc cece eee ec cece eeeeceeeeeeeeeseeeees 104 Domain IP EXCLUSIONS 3 dacs a eseccues Asatiddeee ute Sr usus toh raiissle She 2 tess capac dese eae cock 105 SpamRazer Properties 1 2 2 0 2 222 cece cece cece cece eee cece ccc cece e cece cece cece araea enrera 108 SpamRazer Updates tab AE E S EEE c cece cece cece eee eeeeeeeeeeereeeseess 10
106. Tag plugin for Microsoft Outlook helps you easily tag spam ham emails and pass this information to GFI MailEssentials such that GFI MailEssentials will learn from your actions Installation langauge Efa English English v I have read and agree to the License Terms and Conditions o Screenshot 93 SpamTag installation language and license terms 6 Read the License Terms and Conditions and if you agree select I have read and agree to the License Terms and Conditions Click Next 7 Key in the URL used to connect to GFI MailEssentials For example http 192 168 1 2 MailEssentials or http myg fiserver mydomin com MailEssentials Wait for the installer to verify connection with GFI MailEssentials via the specified URL and click Next 8 Specify the location where to install SpamTag and click Install 9 On completion click Finish 10 Start Microsoft Outlook and key in the user s credentials SpamTag is now available in the Microsoft Outlook Home ribbon version 2007 onwards or in the toolbar version 2003 For more information click Help from SpamTag 6 7 4 Installing SpamTag via GPO This section will help you install GFI MailEssentials SpamTag on numerous machines automatically via GPO Choose your domain controller environment Windows Server 2008 amp 2012 Windows Server 2003 GFI MailEssentials 6 Anti Spam 162 Installing SpamTag via GPO on Windows Server 2008 amp 2012 Step 1 Prepa
107. This may take some time given that a large volume of data may be required to be transferred Important All GFI MailEssentials machines in a multi server environment must have their IP address listed in the Perimeter SMTP Server Settings This ensures that emails processed by a GFI MailEssentials server is not reprocessed by another server For more information refer to Perimeter SMTP Server Settings page 231 12 2 Setting up Multi Server Configuring the GFI MailEssentials Multi Server feature is a multi stage process 1 Plan your Multi Server installation See which GFI MailEssentials servers will form part to the GFI MailEssentials Multi Server setup and which one will be designated as the master server If syn chronizing the reporting and quarantine data also decide which computer will be the Reporting and Quarantine host 2 Install GFI MailEssentials on all the computers All computers within the GFI MailEssentials multi server installation must have the same version and build of GFI MailEssentials installed on them We recommend upgrading to the latest version of GFI MailEssentials For more information refer to Installation page 22 Important All GFI MailEssentials machines in a multi server environment must have their IP address listed in the Perimeter SMTP Server Settings This ensures that emails processed by a GFI MailEssentials server is not reprocessed by another server For more information refer to Perimeter SMTP
108. This tab is only shown when GFI MailEssentials is installed on Microsoft Exchange 2010 server 3 Click Specify user account to specify the dedicated user 4 Select one of the following options option Description Move spam using an Let GFI MailEssentials automatically create a user with all the required rights automatically created user Move spam using the Use a manually created user Specify the credentials Domain username and Password of a following user account dedicated user and click Set access rights to assign the required rights to the specified user NOTE The manually specified user credentials must be dedicated to this feature only Username password and other properties must not be changed from Microsoft Exchange or Active Directory else feature will not work 5 Click Finish to apply settings 6 Click OK 11 9 Exporting and importing settings manually GFI MailEssentials includes a Configuration Export Import tool to export settings from one installation and import them in another NOTE Settings can also be imported and or exported from command line For more information refer to Export Import settings via command line page 262 Step 1 Export existing settings 1 Go to lt GFI MailEssentials installation path gt GFI MailEssentials and launch meconfigmgr exe GFI MailEssentials 11 Miscellaneous topics 259 E GFI MailEssentials Configuration Export Import Tool Use this tool t
109. Update Status No updates currently in progress Screenshot 48 Engine Updates tab 8 From Updates tab select Automatically check for updates to enable automatic updating for the selected engine 9 From Downloading option list select one of the following options Only check for Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates updates are available for this engine This option will NOT download the available updates auto matically Check for Select this option if you want GFI MailEssentials to check for and automatically download any updates updates and available for this engine download GFI MailEssentials 5 Email Security 87 10 Specify how often you want GFI MailEssentials to check download updates for this engine by spe cifying an interval value in hours 11 From Update options area select Enable email notifications upon successful updates to send an email notification to the administrator whenever the engine updates successfully NOTE An email notification is always sent when an update fails 12 To check for and download updates immediately click Download updates 13 Click Apply 5 1 5 McAfee 1 Go to Email Security gt Virus Scanning Engines gt McAfee General Actions Updates Mj McAfee AntiVirus Options Enable Gateway Scanning SMTP Scan Inbound SMTP Email Scan Outbound SMTP Email Scan Internal and Information S
110. Virtual Server 27 42 238 Spam actions 144 260 264 SpamRazer 17 25 106 107 145 234 285 U Updates 25 48 53 59 60 73 76 80 83 87 91 98 101 107 111 137 234 238 239 283 Upgrade 39 47 URI DNS Blocklist 17 106 121 V Virtual directory 13 42 166 244 245 W WebDAV 166 Whitelist 16 18 21 103 107 108 118 123 125 132 138 141 142 147 155 158 165 169 234 273 280 285 Wizard 27 40 43 47 48 123 137 236 289 GFI MailEssentials Index 300 USA CANADA AND CENTRAL AND SOUTH AMERICA 4309 Emperor Blvd Suite 400 Durham NC 27703 USA Telephone 1 888 243 4329 Fax 1 919 379 3402 ussales fi com UK AND REPUBLIC OF IRELAND Magna House 18 32 London Road Staines upon Thames Middlesex TW18 4BP UK Telephone 44 0 870 770 5370 Fax 44 0 870 770 5377 sales gfi co uk EUROPE MIDDLE EAST AND AFRICA GFI House Territorials Street Mriehel BKR 3000 Malta Telephone 356 2205 2000 Fax 356 2138 2419 sales gfi com AUSTRALIA AND NEW ZEALAND 83 King William Road Unley 5061 South Australia Telephone 61 8 8273 3000 Fax 61 8 8273 3099 sales gfiap com FI
111. a database name and location GFI MailEssentials automatically creates a database Access Microsoft Specify SQL server name database and logon credentials used to store newsletter discussion subscribers SQL Server list Click Test to ensure that GFI MailEssentials can connect with the specified Microsoft SQL Server NOTE You can use Microsoft Access for lists of up to a maximum of 5000 members 4 Customize your distribution list For more information refer to Configuring advanced news letter discussion list properties page 227 5 Click Apply 9 3 2 Using Newsletters Discussions After creating a newsletter discussion list users must subscribe to be part of the list Subscribing to list Ask users to send an email to lt newslettername gt subscribe yourdomain com Completing sub On receiving the request list server sends a confirmation email back Users must confirm their scription process subscription via a reply email to be added as a subscriber NOTE The confirmation email is a requirement and cannot be turned off Sending a news Members with permissions to send email to the list are required to send the email to the letter discussion post newsletter list mailing address lt newslettername gt yourdomain com Unsubscribing from To unsubscribe from the list users must send an email to list lt newslettername gt unsubscribe yourdomain com GFI MailEssentials 9 Email Management 226 NOTE To enable users to easily subscribe
112. a folder in the mailbox Key in the folder path where to save the spam email If you specify Inbox Spam then a spam folder will be created in the Inbox folder If you specify just Spam then the folder will be created at the top level same level as Inbox 4 Click Apply to save the set rules Managing multiple rules More than one rule can be set on the same mailbox Example Delete emails tagged with Phishing and move emails tagged with SPAM to Inbox Spam folder 1 Double click on a mailbox to launch the Rules dialog 2 A list of rules applicable to the selected mailbox is displayed Click Add rule to add a new rule x Select a rule and click Edit rule to change settings of the selected rule x gt Select a rule and click Delete rule to delete the selected rule ies Click Apply to save settings 11 8 Move spam to Exchange 2010 folder When GFI MailEssentials is installed on a Microsoft Exchange 2010 server a dedicated user must be created for using the Deliver email to mailbox In Exchange mailbox sub folder anti spam action Configure the dedicated user from the GFI MailEssentials Switchboard NOTE If a user is not configured spam cannot be moved to a mailbox sub folder To configure a dedicated user 1 Launch GFI MailEssentials Switchboard from Start gt Programs gt GFI MailEssentials gt Switchboard 2 Select Move to Exchange tab GFI MailEssentials 11 Miscellaneous topics 258 NOTE
113. abase is automatically renamed to reports_ lt date gt mdb and a new reports mdb database is created For more information how to solve this issue refer to http go gfi com pageid ME_ReportDB Refer to http go gfi com pageid ME_esentutl for more information how to use esentutl exe to repair the Quarantine Store database This error occurs when emails are relayed from the IIS SMTP server to the Microsoft Exchange server This happens because Microsoft Exchange Server versions 4 0 5 0 and 5 5 are not able to handle 8 bit MIME messages For instructions how to turn off 8BITMIME in Windows Server 2003 refer to http go gfi com pageid ME_TurnOff8bitMIME Cause When GFI MailEssentials is not able to scan incoming emails these emails are not delivered to the recipient s since they may contain malicious content GFI MailEssentials moves these emails to the following folder lt GFI MailEssentials installation path gt GFl MailEssentials EmailSecurity failedmails Solution If any legitimate emails are moved to the failedmails folder these can be manually re processed for delivery For more information refer to Failed emails page 248 For more information of failed emails refer to http go gfi com pageid ME_FailedMails Information on licensing is available on http go gfi com pageid ME_ adminManualEN The online version of this manual is available from http go gfi com pageid GFI_Manuals 13 Troubleshooting and supp
114. ables customizing how many emails per page are currently displayed Choose a number to view a max imum number of items per page 2 Click a row to access the individual email details Item Information From spam spam2domain com Date 07 09 2013 11 40 17 To Administrator domaina tcv Module Keyword Filtering Subject IEP news 4 9 Source Gateway SMTP Attachments Quarantined item has no attachments to display Message Text Text Body Please click here to see quarantined content The message body might contain malicious content Instead of displaying the message body the threat description is being shown The following table shows the threat details for this message body To view the actual message body please click the link above Plugin Threat Keyword Filtering Words in body triggered rule threat content Words found energy Screenshot 115 Quarantined Items details From the Quarantined Items details page review the email details and perform the following actions GFI MailEssentials 8 Quarantine 207 Approve Approve email For more information refer to Approving Quarantined Emails page 208 Sanitize and Sanitize email and approve For more information refer to Approving Quarantined Emails page 208 Approve Rescan Rescans emails using current antivirus signatures which may be more up to date than the antivirus sig natures that quarantined the email in the first place Delete Delet
115. age bodies with multiple parts and header information in non ASCII char acter sets NDR See Non Delivery Report GFI MailEssentials 15 Glossary 295 Non Delivery Report An automated electronic mail message sent to the sender on an email delivery problem Perimeter server gateway The host in a LAN that is directly connected to an external network In GFI MailEssentials peri meter gateway refers to the email servers within the company that first receive email from external domains PGP encryption A public key cryptosystem often used to encrypt emails Phishing The process of acquiring sensitive personal information with the aim of defrauding individuals typically through the use of fake communications POP 2Exchange A system that collects email messages from POP3 mailboxes and routes them to mail server POP3 See Post Office Protocol ver 3 Post Office Protocol ver 3 A client server protocol for storing emails so that clients can connect to the POP3 server at any time and read the email A mail client makes a TCP IP connection with the server and by exchanging a series of commands enable users to read the email Public folder A common folder that allows Microsoft Exchange user to share information Q Quarantine A email database where emails detected as spam and or malware are stored in a controlled enviornment Quarantined emails are not a threat to the network enviorment Quarantine Store A central repository wit
116. ailEssentials Online enable checkbox Emails are also filtered by For more information refer to http go g fi com pageid ME_MAXMPME Click Next GFI MailEssentials 3 Installation 45 2 GFI MailEssentials Post Installation Wizard SJE Es Default anti spam action Select the default action when an email is detected as spam Select default anti spam action Move to Outlook junk email folder A Ensure that the Junk E mail folder is enabled on all Microsoft Outlook email clients Spam will not be moved to the Junk E mail folder if an email client other than Microsoft Outlook is used The selected actions will only apply to anti spam functionality Malware 1 filtering makes use of the Quarantine action by default Screenshot 18 Selecting the default anti spam action to use 6 In the Default anti spam action dialog select the default action to be taken when emails are detected as spam This action applies to anti spam filters only Malware filters automatically quar antine blocked emails For more information refer to Email scanning and filtering engines page 16 NOTE When installing on Microsoft Exchange 2010 and the default action selected is Move to sub folder in recipient s Exchange mailbox a user with impersonation rights must be created Select whether to let GFI MailEssentials automatically create the user or manually specify the credentials and click Set access rights to assign the required rights to t
117. ally unsubscribe NDRs and move NDR to the following folder PT Screenshot 126 Creating a new list 2 Configure the following options Display Name Key in a friendly name for the new list List type Select the type of discussion list to create Newsletter Used for creating subscription lists for company or product newsletters to which users can either subscribe or unsubscribe Discussion Enables groups of people to hold discussions via email with each member of the list receiving the email that a user sends to it GFI MailEssentials 9 Email Management 225 Foption Description List Name The list name is used in the list email address fields For example if the list name is MyNewsletter the list email address is MyNewsLetter mydomain com List domain The domain to use for the list The list of domains is extracted from the Local Domains list The list server utilizes this domain for the list addresses displayed in the List email addresses box Automatically unsubscribe NDRs and When an NDR is received from a subscriber of the list the subscriber is auto move NDR to the following folder matically unsubscribed and the NDR is moved to a custom folder 3 From the Database tab select Microsoft Access or Microsoft SQL Server MSDE as database Con figure the database type selected to store the newsletter discussion subscribers list The available options are option Description Microsoft Specify
118. am Search Area 3 Specify the required search criteria GFI MailEssentials 8 Quarantine 200 SEARCH DESCRIPTION CRITERIA Date Search by sender Search by recip ient Search for text in subject Quarantine Reason Item Source Item Direction Quarantined by 4 Click Search NOTE Select the date range when the email was quarantined Available date ranges are Any date time Since yesterday Last 7 days Last 30 days Custom date range Specify a sender who sent the email that was quarantined Specify a recipient for whom an email was quarantined Specify the text to search for within quarantined email subject Key in the reason for which the email to search for was quarantined Select the source from where email was identified as Malware and quarantined Available options are Information Store VSAPI Gateway SMTP Information Store Transport Select the direction of the quarantined email to search for Any Inbound Outbound NOTE This option is available only if Gateway SMTP is selected in Item Source Select one of the GFI MailEssentials filters that quarantined the email Select Only checkbox to search for emails quarantined only by a specific filter Use the search results to review quarantined emails You can approve false positives for delivery to recipients For more information refer to Working with Quarantined emails page 205 Search for Spam
119. am and email malware is filtered before reaching the mail server GFI MailEssentials uses the IIS SMTP service as its SMTP Server and therefore the IIS SMTP service must be configured to act as a mail relay server To do this Step 1 Enable IIS SMTP Service Step 2 Create SMTP domains for email relaying Step 3 Enable email relaying to your Microsoft Exchange server Step 4 Secure your SMTP email relay server Step 5 Enable your mail server to route emails via gateway Step 6 Update your domain MX record to point to mail relay server Step 7 Test your new mail relay server Step 1 Enable IIS SMTP Service Windows Server 2003 GFI MailEssentials 3 Installation 26 1 Go to Start gt Control Panel gt Add or Remove Programs gt Add Remove Windows Components 2 Select Application Server and click Details 3 Select Internet Information Services IIS and click Details 4 Select the SMTP Service option and click OK 5 Click Next to finalize your configuration Windows Server 2008 1 Launch Windows Server Manager 2 Navigate to the Features node and select Add Features 3 From the Add Features Wizard select SMTP Server NOTE The SMTP Server feature might require the installation of additional role services and features Click Add Required Role Services to proceed with installation 4 In the following screens click Next to configure any required role services and features and click Install to start the installati
120. ames to your domain The sentials is installed in majority of the email addresses are non existent an Active Directory environment Email Blocklist The Email Blocklist is a custom database of email addresses and domains Yes from which you never want to receive emails IP Blocklist The IP Blocklist is a custom database of IP addresses from which you No never want to receive emails IP DNS Blocklist IP DNS Blocklist checks the IP address of the sending mail server against Yes a public list of mail servers known to send spam URI DNS Blocklist Stops emails that contain links to domains listed on public Spam URI Yes Blocklists Sender Policy Frame This filter uses SPF records to stop email sent from forged IP addresses No work by identifying if the sender IP address is authorized Anti Spoofing Checks emails received with a sender email address claiming to ori No ginate from your own domain against a list of IP addresses by GFI MailEs sentials If the sender IP address is not on the list of own domain server IP addresses email is blocked Language Detection Determines the language of the email body text and configurable to No block certain languages Header Checking The Header Checking filter analyses the email header to identify spam No emails Spam Keyword This filter enables the identification of Spam based on keywords in the No Checking email being received Bayesian analysis An anti spam filter that can be trained to accurately determine i
121. and check Enable log file rotation Specify the rotation condition by time or file size 6 3 Sorting anti spam filters by priority In GFI MailEssentials the order in which the anti spam checks are applied to inbound messages can be customized NOTE The order of all available filters can be customized except for the New Senders filter which is always automatically set to the lowest priority This is due to its dependency on the results of the Whitelist checks and the other anti spam filters Default priority is recommended in most situations 1 Go to Anti Spam gt Filter Priority GFI MailEssentials 6 Anti Spam 147 Filter Priority SMTP Transmission Filtering P Configure the priority of spam filter execution Specify Filter Priority Name Priority Filter Level Greylist 1 SMTP Data t IP Whitelist 2 Full Email t IP Blocklist 3 Full Email t Anti Spoofing 4 Full Email t Sender Policy Framework 5 Full Email t Whitelist 6 Full Email t Personal Whitelist T Full Email t Directory Harvesting 8 Full Email t Anti Phishing 9 Full Email t SpamRazer 10 Full Email t Keyword Whitelist 11 Full Email t Email Blocklist 12 Full Email t Personal Blocklist 13 Full Email t IP DNS Blocklist 14 Full Email t URI DNS Blocklist 15 Full Email t Bayesian Analysis 16 Full Email t Header Checking 17 Full Email t Spam Keyword Checking 18 Full Email t Default Settings Screenshot 85 Assigning filter prioriti
122. anguage filter is different than the Language Detection filter since it analyzes the encoding character set of the email header The Language Detection analyzes the language of the email body text Results of the Language Detection filtering engine are generally more reliable GFI MailEssentials 6 Anti Spam 132 General Languages Actions E Ga Configures the Language Settings Se Languages V Block mail that use these languages character sets Block the list below 2 Block all except the list below Languages C Arabic L Japanese L Armenian L Korean Baltic L Simplified Chinese L Central Europe E Thai L Cyrillic C Traditional Chinese l Georgian C Turkic L Greek C vietnamese L Hebrew L Western Europe and United States Indic Screenshot 77 Language Detection 4 Select Block the list below to select the languages to block or Block all except the list below to block all languages except the ones selected 5 Select the languages to block allow from the Languages area 6 Click Actions tab to select the actions to perform on messages identified as spam For more inform ation refer to Spam Actions What to do with spam emails page 144 7 Click Apply 6 1 13 Spam Keyword Checking This filter enables the identification of Spam based on keywords in the email being received This filter is NOT enabled by default on installing GFI MailEssentials NOTE This filter only c
123. anual GFI MailEssentials 2 About GFI MailEssentials 21 3 Installation The scope of this chapter is to help you install GFI MailEssentials on your network with minimum configuration effort Topics in this chapter 3 1 System requirements _ 22 2 2 eee 3 2 Pre installation actions 2 0 0 020 020 3 3 Installation procedure _ 2 20 2 2 20 2 2 3 4 Upgrading a previous version 2 2020cccccecececececeeeeeeees 3 5 Post Install actions 000000000 a oaaao oaoa cccccceeeeees 3 1 System requirements 3 1 1 Hardware requirements The minimum hardware requirements for GFI MailEssentials are Processor Minimum 2Ghz Recommended 2GHz with multiple cores Available Memory RAM Minimum 1 2GB Recommended 1 5GB Free Disk Space Minimum 6GB Recommended 10GB NOTE Hardware requirements depend on a range of factors including email volume and number of Anti Virus engines enabled in GFI MailEssentials The requirements specified above are required for GFI MailEssentials only GFI MailEssentials 3 Installation 22 3 1 2 Software requirements Supported Operating Systems Windows Server 2003 Standard or Enterprise x86 or x64 including R2 or later including Microsoft Windows Server 2012 Standard and DataCenter editions Windows Small Business Server 2003 2008 2011 Supported Mail Servers GFI MailEssentials can be installed on the following mail se
124. aseeds 99 5 5 HTML Sanitizer se nee en on I eo PCR ae OEP aT 103 5 1 Virus Scanning Engines GFI MailEssentials uses multiple antivirus engines to scan inbound outbound and internal emails for the presence of viruses GFI MailEssentials ships with Vipre and BitDefender Virus Scanning Engines You can also acquire a license for Kaspersky Avira amp McAfee This chapter describes how to configure Virus Scanning Engines updates actions and the scanning sequence 5 1 1 Vipre 1 Go to Email Security gt Virus Scanning Engines gt Vipre 7 General Actions Updates Y VIPRE AntiVirus Options Enable Gateway Scanning SMTP Scan Inbound SMTP Email Scan Outbound SMTP Email Scan Internal and Information Store Items Screenshot 37 Vipre configuration 2 Select Enable Gateway Scanning SMTP check box to scan emails using this Virus Scanning Engine 3 Select whether to scan inbound and or outbound emails using this Virus Scanning Engine GFI MailEssentials 5 Email Security 73 Foption Description Scan Inbound SMTP email Select this option to scan incoming emails Scan Outbound SMTP email Select this option to scan outgoing emails 4 If you installed GFI MailEssentials on a Microsoft Exchange machine you will also have the option to scan internal emails and the Information Store Select Scan Internal and Information Store Items NOTE To use the Information Store Virus Scanning feature you m
125. ation Store Virus Scanning Enable Information Store Virus Scanning If enabled Microsoft Exchange Information Store contents are scanned for viruses using the Microsoft Exchange Virus Scanning API VSAPI Only Virus Scanning Engines are used for Information Store Protection Information Store Virus Scanning Engines Status Engine Status License Priority VIPRE Anti Virus Enabled Licensed 1 BitDefender Anti Virus Enabled Licensed 2 K Kaspersky Anti Virus Enabled Licensed 3 fa Avira Anti Virus Enabled Licensed 4 WU McAfee Anti Virus Enabled Licensed 5 Screenshot 52 Information Store Protection node 2 From Information Store Virus Scanning tab select Enable Information Store Virus Scanning 3 Click Apply The status of the Virus Scanning Engines used to scan the Information Store is displayed in the table You can also disable a particular antivirus engine from Information Store Scanning Navigate to the Virus Scanning Engines page select the antivirus engine and disable Scan Internal and Information Store Items 5 2 2 VSAPI Settings The method used by GFI MailEssentials to access emails and attachments in the Microsoft Exchange Information Store is VSAPI Virus Scanning Application Programming Interface GFI MailEssentials allows you to specify the method to use when scanning the Information Store 1 Go to Email Security gt Information Store Protection 2 Select VSAPI Settings tab GFI MailEssentials 5 Emai
126. b Remove Selected No file selected Import Screenshot 100 Attachment Filtering General Tab Specify the full path and filename of the file to use for importing 3 Specify a name for the rule in the Rule name text box 4 Select whether to scan inbound outbound and or internal emails Check Inbound emails Select this option to scan incoming emails GFI MailEssentials 7 Content Filtering 180 Foption Descriptio OOOO Check Outbound Select this option to scan outgoing emails emails Check Internal emails Select this option to scan internal emails NOTE This option is only available when GFI MailEssentials is installed on the Microsoft Exchange server 5 In the Attachment Blocking area specify the types of attachments to block option Descriptio Block all Block all email attachments of any type Block this list Block a custom list of attachment types Key in a filename and or attachment type to block in the Enter filename with optional wildcards text box and click Add Repeat this step for all file names and or attachment types to block Do not block attach Select this option to allow attachment types in the list that are smaller than a particular size ments smaller than Specify the size in KB in the text box provided the following size Block all except this Block all attachments except the ones specified in the list Key in a filename and or attach list ment type to allow in the Enter filena
127. block in the Edit condition box You can also use conditions AND OR AND NOT and OR NOT to use a combinations of keywords 4 To add the keyword or combination of keywords keyed in click Add Condition To modify an entry in the Conditions list select it and make the required changes in the Condition entry box To remove an entry from the Conditions list select it and click Remove Click Update to apply changes GFI MailEssentials 7 Content Filtering 174 Options Match whole words only E Apply above conditions to attachments Attachment filtering amp Check all attachments having file extensions in this list Check all except attachments having file extensions in this list E Remove Export No file selected Screenshot 97 Content Filtering Body Tab configuring other options 5 Optional From the Options area configure the following settings option Description Match whole words Block emails when the keywords specified match whole words only Apply above con Select this option to apply this rule also to text in attachments In the Attachment filtering area ditions to attach specify the attachments file extension for example doc to apply or exclude from this rule ments 6 Select the Subject tab to specify keywords to block in the email subject 7 From the Condition entry area key in keywords to block in the Edit condition box You can also use conditions AND OR AND NOT and OR NOT to use a
128. ce and click Next 9 Set all available nodes to possible owners and click Next 10 Click Next 11 Set service name to listserv and click next 12 Click Finish 13 Repeat steps 7 to 12 with the following details GFI MailEssentials 3 Installation 30 GFI MailEssentials AS Scan Engine gfiscans GFI MailEssentials Attendant gfimesattendant GFI MailEssentials Autoupdater gfimesavupdate GFI MailEssentials AV Scan Engine GFIScanM GFI MailEssentials Backend gfimesbackend GFI MailEssentials Enterprise Transfer gfimetrxsvc GFI MailEssentials Legacy Attendant gfiasmsecatt GFI MailEssentials Quarantine Action Services gfimesqashost GFI POP2Exchange gfipop2exch 14 On completion bring the GFI MailEssentials group online 15 Shut down this node and start a new node 16 Repeat steps 1 and 2 for all cluster nodes Uninstalling GFI MailEssentials in a cluster environment Ensure that only one cluster node is turned on the rest should all be turned off 1 Stop all GFI services Backup all the contents of theGFl MailEssentials installation folder to a different location Delete all GFI Services from the Cluster Resources from the group GFI MailEssentials Start all GFI services and ensure all cluster services and Exchange services are up and running Uninstall from first Node n uo KR W N Open the Services applet to ensure that there are no GFI MailEssentials services which were not deleted For each service that is st
129. cece eee cece aaora aaao aiana nanana 13 2 2 Inbound mail filtering 22 2 2c cc2sc0cc cc pi sets cd cade hoe sse dui nous etedebaccnsesceJeseeatabekeseetactes 15 2 3 Outbound mail filtering 22 22 02 e cee ecceceececcececsececseees 15 2 4 Email scanning and filtering engines 22 2222 20 occ c ccc ccc eee c ec ceccecceceeeceseecees 16 2 5 Typical deployment scenarios _ 2 2 2 2 cence c ec ec cee sees 18 2 6 End User ACtIONS osecao ae onae diene satnce chert i aR E ease at SAER Einin 20 2 1 GFI MailEssentials components 2 1 1 GFI MailEssentials scan engine The GFI MailEssentials scan engine analyzes the content of inbound outbound and internal emails using a number of engines and filters The result of the analysis identifies whether an email is to be blocked or allowed NOTE When installing GFI MailEssentials on Microsoft Exchange server 2003 it scans the Microsoft Exchange information store If installed on a Microsoft Exchange Server 2007 2010 machine with Hub Transport and Mailbox Server Roles it will also analyze internal emails 2 1 2 GFI MailEssentials web interface Through the GFI MailEssentials web interface you can Monitor email scanning activity Manage scanning and filtering engines Review and process quarantined emails Configure email management features Generate reports 2 1 3 GFI MailEssentials Switchboard Use the GFI MailEssentials Switchboard to configure How t
130. cessing load on the Microsoft Exchange server depending on the amount of items stored in the Information Store It is recommended to enable this option only during periods of low server activity such as during the night 4 Select a VSAPI scan method Scan Description Method On New items in the Information Store are scanned as soon as they are accessed by the email client This intro access duces a short delay before the email client displays the contents of a new message scanning GFI MailEssentials 5 Email Security 94 Scan Description Method Pro act New items added to the Information Store are added to a queue for scanning This is the default and ive scan recommended mode of operation since in general the delay associated with on access scanning is avoided ning NOTE In the event that an email client tries to access an item that is still in the queue it will be allocated a higher scanning priority so that it is scanned immediately 5 Click Apply 5 3 Trojan and Executable Scanner The Trojan and Executable Scanner analyzes and determines the function of executable files attached to emails This scanner can subsequently quarantine any executables that perform suspicious activities such as Trojans How does the Trojan amp Executable Scanner work GFI MailEssentials rates the risk level of an executable file by decompiling the executable and detecting in real time what the executable might do Subsequently
131. change node and select the Dialup tab 2 Select Receive mails by Dial Up or Dial on Demand GFI MailEssentials 11 Miscellaneous topics 254 POP3 Dialup Rs Configure connection for POP3 downloading Receive mail by Dial Up or Dial on Demand Dialup Settings If not connected dial Process only when already connected Dial on demand router Username Doo Ee Process every minutes Schedule Send every Monday x at Everyday at 00 00 Remove Everyday at 01 00 Everyday at 02 00 Everyday at 03 00 Everyday at 04 00 Everyday at 05 00 Everyday at 06 00 Everyday at 07 00 Everyday at 08 00 Everyday at 09 00 Screenshot 142 Dialup options 3 Select a dial up networking profile and configure a login name and password The following options are available Use this Dial Up Choose the Dial up Networking profile to use Networking pro file If not con GFI MailEssentials will only dial up if there is no connection nected dial Process only GFI MailEssentials will only process email if a connection already exists when already connected GFI MailEssentials 11 Miscellaneous topics 255 Foption Description OOO O Dial on demand In case of an Internet connection that is automatically established such as a dial on demand router router select this option GFI MailEssentials will pick up email at the specified interval without triggering a dial up connection Username amp Enter credentials used to lo
132. ck Check size of uncompressed files in archives 3 To enable this filter select Check size of uncompressed files in archives 4 Specify the maximum size of uncompressed archives in the Maximum size of uncompressed files in archive in MB text box If an uncompressed archive s size is bigger than the specified value the email is triggered as malicious 5 Specify what to do when an email contains an archive that triggers this filter Foption Description Quarantine Quarantines blocked emails Automatically Delete Deletes blocked emails GFI MailEssentials 7 Content Filtering 195 NOTE When GFI MailEssentials is installed on same machine as Microsoft Exchange 2003 GFI MailEssentials may not be able to block outbound emails but instead replaces the blocked content with a threat report 6 Select Send a sanitized copy of the original email to recipient s to choose whether to send a copy of the blocked email to the recipients but with the malicious content removed 7 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options option Description Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin istrator istrator email address page 233 Notify local Notify the email local recipients about the blocked email user 8 To log the activity of this engine to a log file select L
133. cklist 00 o Global Blocklist Sender s Domain example com Screenshot 95 SpamTag in Microsoft Outlook 2003 6 8 Public Folder Scanning Spamming techniques are continuously evolving and consequently you might encounter instances when spam still makes it through anti spam filters to the recipient s Inbox Through public folder scanning users can manually classify email as spam and teach GFI MailEssentials spam patterns to classify similar email as spam Emails can also be added to the whitelist IMPORTANT It is highly recommended to use GFI MailEssentials SpamTag instead of Public Folder Scanning when network clients use Microsoft Outlook as their email client For more information refer to SpamTag for Microsoft Outlook page 158 How it works GFI MailEssentials 6 Anti Spam 165 1 When an incorrectly classified email false positive or false negative is identified users drag and drop the email to the appropriate GFI AntiSpam public folder For more information refer to Using Public folder scanning page 169 2 Public folder scanning retrieves emails from the GFI AntiSpam public folders and adds them to the HAM SPAM databases The GFI Antispam public folders must be created and configured on the mail server For more information refer to Enabling Public Folder Scanning page 166 6 8 1 Enabling Public Folder Scanning To enable public folders scanning follow the instructions listed in the sections
134. click Add to add a keyword to the Anti Phishing filter Update Enables updating selected keywords Select a keyword from the Current Keywords list make any changes to keyword in Edit Keywords field and click Update Remove Enables removing selected keywords from list Select a keyword from the Current Keywords list and click Remove Export Exports current list to an XML format file Browse Enables importing of a previously exported keyword list Click Browse select a previously exported keyword file and click Import 4 From the Updates tab select any of the following options GFI MailEssentials 6 Anti Spam 111 Foption Description Automatically check for Configure GFI MailEssentials to automatically check for and download any Anti Phishing updates updates Specify the time interval in minutes when to check for updates NOTE It is recommended to enable this option for Anti Phishing to be more effective in detecting the latest phishing trends Enable email notifications Select unselect checkbox to be informed via email when new updates are downloaded upon successful updates Enable email notifications Select unselect to be informed when a download or installation fails upon failed updates Download updates now Click to immediately download Anti Phishing updates NOTE You can download updates using a proxy server For more information refer to Proxy settings page 234 5 Click Actions tab to select the actions
135. col One of the two most commonly used Internet standard protocols for e mail retrieval the other being POP3 LDAP See Lightweight Directory Access Protocol GFI MailEssentials 15 Glossary 294 Lightweight Directory Access Protocol An application protocol used to query and modify directory services running over TCP IP List server A server that distributes emails sent to discussions lists and newsletter lists and manages sub scription requests M Mail Exchange The DNS record used to identify the IP addresses of the domain s mail servers Malware All malicious types of software that are designed to compromise computer security and which usually spread through malicious methods MAPI See Messaging Application Programming Interface MDAC See Microsoft Data Access Components Messaging Application Programming Interface A messaging architecture and a Component Object Model based API for Microsoft Exchange Microsoft Data Access Components A Microsoft technology that gives developers a homogeneous and consistent way of developing software that can access almost any data store Microsoft Message Queuing Services A message queue implementation for Windows Server operating systems MIME See Multipurpose Internet Mail Extensions MSMQ See Microsoft Message Queuing Services Multipurpose Internet Mail Extensions A standard that extends the format of e mail to support text other than ASCII non text attachments mess
136. combinations of keywords 8 To add the keyword or combination of keywords keyed in click Add Condition To modify an entry in the Conditions list select it and make the required changes in the Condition entry box To remove an entry from the Conditions list select it and click Remove Click Update to apply changes 9 From the Options area configure how keywords are matched Select Match whole words only to block emails where the keywords specified match whole words in the subject Step 3 Configuring the actions to take on detected emails 1 Click the Actions tab to configure what should be done when this rule is triggered 2 To block an email that matches the rule conditions select Block email and perform this action and select one of the following options GFI MailEssentials 7 Content Filtering 175 option f Description Quarantine Stores blocked emails in the Quarantine Store You can subsequently review approve delete all the email quarantined emails For more information refer to Quarantine page 198 Delete Deletes blocked emails email Move to Moves the email to a folder on disk Key in the full folder path where to store blocked emails folder on disk IMPORTANT Actions always affect the whole email containing the blocked content even if there is other content such as attachments that do not trigger this rule NOTE When GFI MailEssentials is installed on same machine as Microsoft Exchange 2003 GFI Mai
137. copy of the blocked email to the recipients of the original email to recipient s 6 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options Foption Description Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin istrator istrator email address page 233 Notify local Notify the email local recipients about the blocked email user 7 To log the activity of this engine to a log file select Log occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are stored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log GFI MailEssentials 5 Email Security 86 General Actions Updates Q Configure the Automatic Updates For This Profile Automatic update options Configure the automatic update options W Automatically check for updates Downloading option Check for updates and download Y Download time interval hour s Last update 06 04 2014 18 35 42 Update options Wi Enable email notifications upon successful updates NOTE Notifications for unsuccessful updates will always be sent Click the button below to force the updater service to download the most recent updates Download updates
138. cription Public Folder Test Server LocalDomainServers Internet Address T public acme com File name r mail public nsf Internet message T No Preference J storage Encrypt incoming mail No Screenshot 10 New mail in database 7 From the Lotus Notes Administrator configure the folder for mail usage Go to People and Groups and select Mail In Database Create a new Mail in Database and in the whole directory path enter the full path for example Mail public nsf 8 Save and close the document 9 From the GFI MailEssentials web interface expand AntiSpam and select AntiSpam Settings 10 On the right hand pane select Public Folder Scanning tab and enable Public Folder Scanning 11 From the IMAP configuration section enter the IMAP server your Lotus Domino server Port and the credentials of the user to access the folder NOTE The test button will not function 12 Click Apply to save modifications GFI MailEssentials 3 Installation 38 DNS Server Public Folder Scanning Remote Commands Anti spam logging Global Actions Perimeter SMTP Servers B Configure use of public folders for classification of emails Public Folder Scanning Settings M Enable Public Folder Scanning Scanning interval Ro hours IMAP configuration Server 192 168 1 205 Port 143 T usessL Username Administrator Password peccccccccccece NOTE IMAP cannot be used to access Exchang
139. d asnesesnnegeneneens rantine Other r Configure Quarantine Store options M Quarantine Store location The Quarantine Store contains all the quarantined items Sometimes it is necessary to move this store to a different location C Program Files GFI MailE ssentials Browse Quarantine Store size 22 5 Megabytes Free disk space 118 2 Gigabytes M Quarantine Public URL The Quarantine Public URL gives access to the Quarantine page from an external location not within the organization Jhttp 74 IN2K3SER V 80 MailE ssentials OK Cancel Apply Screenshot 121 Quarantine Store location and Public URL 2 From Quarantine tab click Browse to select an alternate location for the Quarantine Store GFI MailEssentials 8 Quarantine 217 IMPORTANT Ensure that the disk partition where the Quarantine Store is saved has sufficient disk space Spam emails will not be quarantined if the free disk space is less than 512 MB On reaching 512 MB email quarantine operation will stop and spam will be tagged and delivered to recipients mailboxes until free disk space increases to more than 512 MB 3 Provide an alternate URL as the URL to use to access the quarantine from an external location outside your organization 4 Click OK to save setup GFI MailEssentials 8 Quarantine 218 9 Email Management GFI MailEssentials includes a number of tools that facilitate management of incom
140. d Outbound and Internal out of all emails processed Email Direction Chart graphically shows total emails processed for each email direction Inbound Outbound and Internal Email Direction shows total emails processed for each email direction Inbound Outbound and Internal User Report shows the number of blocked and allowed emails for each email address Spam Filter shows the total number of emails blocked by each anti spam filter Spam Filter Graph graphically shows the total number of emails blocked by each anti spam fil ter Click View Report Preview to preview how report looks like Date filtering Select report date range When selecting Custom date range specify the period to display data for from the Custom From and Custom To calendar controls Email directions Select a particular email direction to display data for or select All email directions inbound out filtering bound internal to display data for all directions Email address Key in an email address to display report information for that particular email address only filtering Report Group Specify how to group data Available options are ing Group by Day Group by Week Group by Month Group by Year 3 Click Generate to build and display the report or Save as Custom to save report settings for reuse at a later time GFI MailEssentials 4 Monitoring status 63 Emails Blocked Graph From Monday February 27 2012
141. d as spam For more inform ation refer to Spam Actions What to do with spam emails page 144 6 Click Apply to save settings 6 1 9 Anti Spoofing Checks emails received with a sender email address claiming to originate from your own domain against a list of IP addresses by GFI MailEssentials If the sender IP address is not on the list of own domain server IP addresses email is blocked This filter is NOT enabled by default WARNING If enabling this feature do not whitelist internal users since this defeats Anti Spoofing check GFI MailEssentials 6 Anti Spam 125 Enabling and configuring Anti Spoofing 1 Go to Anti Spam gt Anti Spam Filters gt Anti Spoofing General Actions CTA p i Anti Spoofing Configuration Anti spoofing is an anti spam filter which blocks emails from one ofthe local domains but which were sent from an unauthorized IP address Options W Enable Anti Spoofing Authorized IP CIDR Description Add SMTP Server Authorized IP address list Server Description No records to display Remove Selected v Use authorized IP addresses from perimeter servers list Recommended lt Do not block authenticated connections Screenshot 73 GFI MailEssentials Anti Spoofing filter 2 Select Enable Anti Spoofing to enable Anti Spoofing filter 3 In the SMTP Server field provide the SMTP server where GFI MailEssentials checks for email recip ient addresse
142. d other peers in the multi install network Slave servers also send reporting and quarantine data to the designated Reporting and Quarantine host A slave server may also be the Reporting and Quarantine host Important All GFI MailEssentials machines in a multi server environment must have their IP address listed in the Perimeter SMTP Server Settings This ensures that emails processed by a GFI MailEssentials server is not reprocessed by another server For more information refer to Perimeter SMTP Server Settings page 231 1 Locate and click the Multi Server node on the GFI MailEssentials console of the computer to des ignate as a slave server GFI MailEssentials 12 GFI MailEssentials Multi Server 277 Multi Server Setup Configuration Sync 0 Use Multi Install mode to synchronize Configuration Reporting and Quarantine on multiple GFI MailEssentials servers Settings configured on a server joined to the Multi Install network are inherited by all other servers Enable Multi Install mode Master Server Coordinator of the Multi Install functionality of GFI MailEssentials There can be only one Master in a Multi Install network A Slave Server Join this instance of GFI MailEssentials as a Slave server to an existing Multi Install network Slave Server hitp servemame MailEssentials GFI MailEssentials Administrator credentials Y Advanced Multi Install Network Multi Install network status vi Server Type
143. d that you hide user posts made on GFI AntiSpam folders This way users will only be able to post to the folders without viewing existing posts not even the ones they posted themselves To configure user privileges and hide posts for unauthorized users Microsoft Exchange 2003 1 From the Microsoft Exchange System Manager expand Folders gt Public Folders node Right click GFI AntiSpam Folders public folder and select Properties Select the Permissions tab and click Client permissions Click Add and select the user group to hide the posts from and click OK 2 3 4 5 Select user group configured earlier to the client permissions list and set its role to Contributor 6 Ensure that only Create items is selected and the radio buttons are set to None 7 Click OK to finalize your configuration 8 From the Microsoft Exchange System Manager right click GFI AntiSpam Folders and select All tasks gt Propagate settings 9 Select Folder rights checkbox and click OK Microsoft Exchange 2007 1 From Microsoft Exchange Management Shell key in the following command GFI MailEssentials 6 Anti Spam 168 ReplaceUserPermissionOnPFRecursive psl Server server TopPublicFolder GFI AntiSpam Folders User Default Permissions Contributor Replace server with the full computer name 2 When prompted key in y to confirm permissions for each folder This command will set the default
144. ding from version 2012 or later To upgrade GFI MailEssentials 2012 or later to the latest version launch the latest installer on the server where GFI MailEssentials is currently installed After accepting the End User License Agreement installer detects existing installation and shows the previous version installation path Click Next to upgrade and Finish on completion A new license key is required when upgrading from a major version to another for example upgrading from GFI MailEssentials 2012 to GFI MailEssentials 2015 Obtain your new key from the GFI Customers Area As from GFI MailEssentials 2015 the Anti spam synchronization agent feature has been deprecated and is now replaced with the GFI MailEssentials Multi Server feature This will need to be reconfigured on upgrade For more information refer to GFI MailEssentials Multi Server page 273 Microsoft Exchange 2007 amp over For upgrades on Microsoft Exchange 2007 amp over the Post Installation wizard is displayed after the installation It displays the list of Microsoft Exchange server roles detected and the GFI MailEssentials components required Click Next to install the required GFI MailEssentials components and Finish to complete Post Install wizard 3 4 2 Upgrade from older versions Information on how to upgrade to the latest version of GFI MailEssentials from GFI MailEssentials versions 12 14 2010 GFI MailSecurity versions 10 1 and 2011 The latest ve
145. down list select the user for whom to delete an email address 3 Select an email address from the list of email addresses Click Remove 4 Click Apply 6 1 5 IP Blocklist The IP Blocklist is a custom database of IP addresses from which you never want to receive emails This filter can be configured to execute when the full email is received or at SMTP level that is emails are filtered while they are being received SMTP level filtering terminates the email s connection and therefore stops the download of the full email economizing on bandwidth and processing resources In this case the connection is terminated immediately and emails are not required to go through any other anti spam filters For more information refer to SMTP Transmission Filtering page 148 The IP Blocklist is NOT enabled by default Configuring Whitelist 1 Go to Anti Spam gt Anti Spam Filters gt IP Blocklist GFI MailEssentials 6Anti Spam 118 General Actions I A custom database of IP addresses from which you never want to receive emails Enable IP Blocklist IP Blocklist Entry Single computer CIDR IP Address PT Group of computers Subnet Address Subnet Mask Description F Address Description No records to display Remove If perimeter servers are configured the verified IP address is the one sending to the perimeter If no perimeters are configured the verified IP address is the IP of the server se
146. e triggered by the New Senders filter This filter is NOT enabled by default GFI MailEssentials 6 Anti Spam 142 Important Enable at least one of the available Whitelists to use the New Senders function In the absence of the Whitelist functions should no spam be detected by the other filters received messages will be delivered to the recipient s Inbox ONLY emails in which no spam was detected and whose senders are not present in the Whitelist are delivered in the New Senders folder Configuring New Senders Filter 1 Go to Anti Spam gt New Senders General Exceptions Actions 25 Configure New Senders The New Senders module automatically identifies emails which have been sent from senders to whom you have never sent emails These emails could be legitimate senders or else spam which were not detected by the GFI MailEssentials spam filters Options V Enable New Senders Note For the New Senders to work there has to be atleast one whitelist enabled from the Whitelist configuration node Screenshot 82 New Senders General tab 2 In the General tab select Enable New Senders to enable check for new senders on all inbound messages GFI MailEssentials 6 Anti Spam 143 General Exceptions Actions O Configure New Senders exception list Configure any MIME TO addresses that should be excluded from the New Senders checks lt Enable New Senders exception list Email Addresses Edit emails
147. e 2007 2010 Public Folders Screenshot 11 Enable Public Folder Scanning 13 From the registry change values to use this function From the registry select HKEY LOCAL _ MACHINE SOFTWARE GFI ME12 ATTENDANT RPFOLDERS 5 and create the following Key String Value as follows Name Value SharedNamespace Public Folders Public Folder FolderDelimiter 3 3 Installation procedure This section describes how to run the installation of GFI MailEssentials 3 3 1 Important notes 1 If you are currently using a previous version of GFI MailEssentials you can upgrade your current installation while at the same time retaining all your existing configuration settings Upgrade is not reversible you cannot downgrade to the previous version you had installed For more information refer to Upgrading a previous version page 47 2 If you are currently on SMA and you want to upgrade access the GFI website customer area to upgrade your current license key GFI MailEssentials 3 Installation 39 NOTE Evaluation is no longer accepted as a license key Access the GFI website customer area to upgrade your license key before starting the upgrade process 3 Download the appropriate GFI MailEssentials build for your type of machine Use GFI MailEssentials 32 bit x86 setup for 32 bit systems and the 64 bit x64 setup for 64 bit systems 4 Before running installation wizard ensure that You are logged
148. e ccc ec ccc cecceccceceeceecetctesetstesseseesees 265 11 11 Email backup before and after processing 0 2 0 0 0 ccc cece cece ceccecceccecceceeseesees 266 T1212 REMOUNG Ports 5 5 doe eo ob hae ee iG Sele 82 aah en 88 2 la son Seal se 267 11 13 Monitoring Virus Scanning API 00 2 0 2 0 2 o cece cece cece nce cece cnc ccecceecceeceeceeesees 268 12 GFI MailEssentials Multi Server 0aaaaaaaa aoaaa aoaaa ahaaha ahahahaha eeeeeeeeee 273 12 1 Features synchronized by Multi Server 2 200 002 00 20 20 ccc cc ceccceccecceccccceceesceseeeeeseess 273 12 2 Setting up Multi Server ooo o 0 cc cece oaaao ccc ceccccceeeeecececseceeneeteeeseeseeseess 274 13 Troubleshooting and support 2 2 0 ooo ccc cc nce eccecceccecceceeseeseeseeeeeteeseeteeee 283 13 1 MEL OGUGTION i m 526 2c a tan oS eon anh eeens na 283 13 2 Common issues aoaaa aoaaa anaana e eee ce cece eeecceenecceeneceeeneceeteeeeetcesetteeeerecceetreeess 283 13 3 Scanning engines amp filters 200 c ccc cc ccc ceccecccccecseseeettettettceteeesees 285 13 4 Email Management 20 2 occ c ccc cc cece cc ceccccceceeceeceesceetneevetneetseeseeseesees 286 18S GFESKYN t sorea te era Sure Ne Feil lice a bald oe Lah ees Waa tet eases 286 1 3 26 WED FORUM ieee secs nee nine teeth en yt ia he SAPO Mat at ales Men ete OEA 286 13 7 Request technical support 20 2 2 c ence ccc cencccceceeceeceeseeseesstsenseees 287 13 8 Doctimentationy lt s2 2
149. e computer sending the data and the Synchronize Quarantine and Reporting data host is lost On connection being re established data is automatically transferred to the Quarantine and Reporting data host GFI MailEssentials 12 GFI MailEssentials Multi Server 282 13 Troubleshooting and support 13 1 Introduction This chapter explains how to resolve any issues encountered during installation of GFI MailEssentials The main sources of information available to solve these issues are This manual most issues can be solved through the information in this section wv Web forum v 13 2 Common issues gt GFI Knowledge Base articles gt Contacting GFI Technical Support Issue encountered Solution Dashboard shows no email is being processed or Only inbound or outbound emails are being processed After installing GFI MailEssentials some emails show a garbled message body when viewed in Microsoft Outlook GFI MailEssentials is configured to move mails blocked as SPAM toa subfolder of the users mailbox Clients connected to Microsoft Exchange via POP3 are not able to view mails blocked as SPAM Auto updates fail however manual download via the GFI MailEssentials configuration works fine GFI MailEssentials 1 Ensure that GFI MailEssentials is not disabled from scanning emails For more information refer to Disabling email processing page 265 2 Check for multiple Microsoft IIS SMTP virtual s
150. e network IIS mode To select the mode 1 Launch the GFI MailEssentials Switchboard from Start gt Programs gt GFI MailEssentials gt Switch board GFI MailEssentials 11 Miscellaneous topics 244 N GFI MailEssentials Switchboard UI Mode Troubleshooting Tracing Quarantine Other a Configure user interface options Configuration user interface mode Select the user interface mode you want to use Local mode Configure and manage GFI MailEssentials from this machine only IIS mode Configure and manage GFI MailEssentials remotely m IIS user interface mode options Website name Defaut Web Site hitp WINSERVB 80 x Virtual directory Mail Essentials Security RSS Virtual directory MailEssentialsRSS IIS mode configuration URL http WINSERVB 80 MailEssentials Screenshot 136 GFI MailEssentials Switchboard UI Mode 2 From the Ul mode area select option Description Local mode GFI MailEssentials loads in an html viewer application accessible from the machine where GFI MailEssentials is installed only NOTE If using Local mode Spam digest links will not work User portal will not be available users will not be able to manage personal whitelists and blocklists and their personal quarantine For more information refer to End User Actions page 20 IIS mode GFI MailEssentials loads in your default web browser using the IIS setup settings con
151. e that un authenticated connections are allowed from the GFI MailEssentials machine to http update gfi com on port 80 For more information refer to http go gfi com pageid ME_AutoUpdatesFail Also check Proxy Server if applicable 13 Troubleshooting and support 283 Configuration data cannot be imported Remote commands do not work Processing of emails is very slow Older data not available in database when using Microsoft Access The Quarantine interface shows error D10 Cannot access the Quarantine Store database Use a database repair tool such as esentutl exe to repair the database Error when receiving emails Body type not supported by Remote Host Legitimate emails are moved to the failedmails folder Do need to upgrade my license key when upgrading to anew ver sion Where is the online version of this manual GFI MailEssentials Ensure that the GFI MailEssentials version and build is identical across both source and target installations For more information how to solve this issue refer to http go gfi com pageid ME_ExpImpBuild Refer to http go gfi com pageid ME_RemoteCommands This may occur when there are DNS problems in the network If DNS is not working correctly the DNS lookups made by some anti spam filters in GFI MailEssentials will timeout For more information refer to http go gfi com pageid ME_ProcessingSlow When reports mdb database exceeds 1 7 GB the dat
152. ect an existing report generation time and click Delete 5 Select whether to send report by email or save it to disk To send report by email select Send by email and provide the email address to where the email is sent To save report to disk select Save GFI MailEssentials 4 Monitoring status 65 to Disk provide a location where file will be saved the format of the file 6 Click Save to save newly created report 4 2 4 Generating custom reports To generate a custom report 1 From GFI MailEssentials configuration go to GFI MailEssentials gt Reporting gt Reports 2 From the Custom Reports tab select a report to generate 3 Click Generate 4 2 5 Deleting custom reports To delete a custom report 1 From GFI MailEssentials configuration go to GFI MailEssentials gt Reporting gt Reports 2 From the Custom Reports tab select a report to delete 3 Click Delete 4 2 6 Searching the reporting database GFI MailEssentials stores some properties of all emails processed in the reporting database GFI MailEssentials enables you to search the reporting database to find processed emails To search the reporting database 1 From GFI MailEssentials Configuration go to GFI MailEssentials gt Reporting gt Search GFI MailEssentials 4 Monitoring status 66 Search Email f u Q Use this page to search for emails in the reporting database Specify search date range Specify the days through which to search f
153. ed domains for the list of the servers to exclude Screenshot 62 Domain IP Exclusions 2 Key in the domain or IP address to exclude and click Add NOTE To remove an entry from the HTML Sanitizer Domain IP Exclusions select an entry and click Remove 3 Optionally select Query the SPF records of the specified domains for the list of the servers to exclude 4 Click Apply GFI MailEssentials 5 Email Security 105 6 Anti Spam The anti spam filters included with GFI MailEssentials help detect and block unwanted emails spam Topics in this chapter 6 1 Anti Spam filters 0 000000000 cedesneacadsescsdesctedaieaesetabeeenstedded seers Males icdsee 106 6 2 Spam Actions What to do with spam emails _ 22 20 0220 0 0 0 e cece eee eee ee eee 144 6 3 Sorting anti spam filters by priority 2 200 020 0 occ cece eee cece eee ceceececees 147 6 4 SMTP Transmission Filtering 2 2 2 0 2 0 c cece cece cccceccecceceestessessessessesees 148 6 5 Spam Digest 2 2 0 0 eee cee eee ee eee eee cence been cece eeeeeneeneeeeersereensees 150 6 6 Anti Spam settings 2 220 000 ec cece cee ec cece ee eeeeeeeeececeecceeeeeceeees 152 6 7 SpamTag for Microsoft Outlook _ 2 2 2 2 20 00 2eoecceccccccececcecc cece cee cececeececcececeeees 158 6 8 Public Folder Scanning 22 22 0 20 e occ ccc cece cnc cccncceccecceceeceeseeseeseesceseeneeneees 165 6 1 Anti Spam filters GFI MailEssentials uses various scanni
154. ed for that particular engine Deleted Email is blocked by an engine or filter with the action set to delete detected emails Failed Email that could not be scanned by GFI MailEssentials Email is moved to one of the following folder lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity FailedMails lt GFI MailEssentials installation path gt GFI MailEssentials AntiSpam FailedMails For more information refer to Failed emails page 248 Filtering the email processing logs A Filters Screenshot 26 Email processing logs filter Filtering the email processing logs simplifies the reviewing process by providing the possibility to find particular emails From the Filter area specify any of the following criteria Sender Specify the full or part of an email address to display only the emails sent by matching senders Recipient Specify the full or part of an email address to display only the emails sent to matching recipients Subject Specify the full or part of an email subject to display only the emails with a matching subject Scan result From the drop down list select whether to display only emails with a particular scan result for example quarantined emails only From amp To Specify a date and time range to display emails processed during that particular period NOTE Click Clear Filters to remove specified filters and to show all email logs GFI MailEssentials 4 Monitoring status 58 4 1 3 Antivirus a
155. ed to use IIS mode For more information refer to User interface mode page 244 List of features available to user accounts Personal Whitelist and Blocklist Quarantine Search SpamTag Mailinsights Users may configure a complimentary list of whitelisted and blocklisted email addresses over and above the list set up by the systems administrator This feature is available only when the Personal Whitelist and or Personal Blocklist are enabled By default these options are not enabled Allows users to access and manage spam emails that were quarantined Users can search through view and then approve or delete quarantined emails To make use of this feature the action of anti spam filters must be configured to quarantine spam emails Users cannot manage quarantined malware emails due to the security risks involved Users can use the SpamTag addon in Microsoft Outlook to manage their preferences in management of spam emails SpamTag must be installed on users machine to be accessible via Microsoft Outlook NOTE This feature is not available to users in the GFI MailEssentials web interface For more information refer to SpamTag for Microsoft Outlook page 158 Maillnsights is a reporting facility that gives a graphical presentation of the top 20 contacts that the user communicated with in the previous 30 days For more information on how end users can use GFI MailEssentials refer to the GFI MailEssentials End User m
156. ee cece eeceeeeeceeeceeeseeeeeeeeeess 155 Screenshot 93 SpamTag installation language and license terms 220 0 2c e ce eeee cece cece ceeeeeeeees 162 Screenshot 94 SpamTag in Microsoft Outlook 2010 2202 2 e cece eee ceeeeeeeeeeeeeeseees 165 Screenshot 95 SpamTag in Microsoft Outlook 2003 22 2 2 2 l coe c ccc eeeeceeeeeeeeeeeeess 165 Screenshot 96 Content Filtering Body Tab setting conditions 000 0000000 e cece cece eee eee eeee 174 Screenshot 97 Content Filtering Body Tab configuring other options 02 200200 e ee eeeee eee es 175 Screenshot 98 Content Filtering Users Folders Tab 0 0 0 00 ce cece cece cece c ccc e cece cece e eee eeeeeeeeeeees 177 Screenshot 99 Add users to a Content Filtering rule 002200000 e cece cece eecececeeeeeeeeees 177 Screenshot 100 Attachment Filtering General Tab 00 0000 00 02 c cece cece cece cece ccc eeeeeeeeeeeeeees 180 Screenshot 101 Attachment Filtering Actions Tab 2 0 200000 e cece cece cece e ccc ceeeceeeeeeeeeeeeees 182 Screenshot 102 Content Filtering Users Folders Tab 02 0000 c cece ccc ec ccc cecc cece cececeeeeeeeeeees 184 Screenshot 103 Add users to a Content Filtering rule 00 020000000 e eee aaao raana aroan 184 Screenshot 104 Adding a new Advanced Content Filtering rule 00 0000000 e cece cece cece ceeeeeee 187 Screenshot 105 Actions Tab 2 22 2 eco e cece cece cece
157. eeeeeeeceseeeeees 137 Screenshot 80 Whitelist tab 2 02 00 0c cece cece ccc ccc cece cece cece eee e cece eee A A E Ra aa 139 Screenshot 81 Personal whitelist 2 2 2 0002200000 eee cece cece cece cece eee e cece cee eeeeeeceeeeeeeeeeeeeeseees 142 Screenshot 82 New Senders General tab 0 20 cece cece e cece cee cece eee cece cece eee seeeeeeeeeseneenees 143 Screenshot 83 New Senders Exceptions 1 2 2 2 2 000 c cece cece cece cece cece cece eeeeeeeeeeeeeeeeeseeeeeeee 144 Screenshot 84 Anti spam actions 0 00 00 cecc cece ccc cece e cece aaao AADA AADAL EAL E aaa aaan 145 Screenshot 85 Assigning filter priorities 0 000 2000 c cece cece eee e cece eceeeeeeeeeeeeeeseeeeees 148 Screenshot 86 SMTP Transmission Filtering properties 0 22 ccc c cece cece cece cece cece eeceeeeeeeeeees 149 Screenshot 87 Spam digest properties Administrator spam digest 0 2 ccc cece cece eeeeeceeeeceeee 150 Screenshot 88 Recipient spam digest l l 0000 0000000000000000 c cece cece eee eeeeeeeececeeeeeeeeeeeeeeeeees 151 Screenshot 89 Spam digest recipient list 0 200 eee cece ccc cece cece cece eee ceeeeeeeeeeeeeeeeeeees 152 Screenshot 90 Log file rotation 1 0000 cece ccc cece cece e cence eee eee eee eeeeaeeeenaeeeeeeaeees 153 Screenshot 91 Global actions iissa pe e cece cece cece cece ceeeeeeeeeeeeeeeeeeeeereeeees 154 Screenshot 92 DNS server settings 2000 02 22 e cece cece cece cece cece e
158. eeeeeeeeeeeeeeees 203 Default search folders 2 22 02000 c coc eee ence eee neeeeeeeeeeeees 204 Search RESULTS esc de iy whcley en 27 french el ot eaa wi dm adh AG in Set ool aaia 206 Quarantined Items details 2 220022 oececceeeeeeeeeeeeeeeneeee eens 207 Quarantine RSS feeds 22 cece cece cece ccc eee ce cence ce veceeesceeeseveeesess 209 Spam Options General Options tab 2 220 000 e eee oaaae annaa 211 Spam Options User Settings tab 00000000000000000000 c cece cece ceeeeeeeeeceeees 212 Quarantine Mode asese o el set e desea ta i hh Sel Ne A He 214 Nonexistent Recipients 220 0 cece cece cece cece c cece cecccceccecceeeeeeeeeeeeeeteeeeeees 215 Quarantine Store location and Public URL 000000222 e eee eee 217 Adding a new disclaimer 2 0 0 0 222 c cece cece cece cece cece eee eeceeececeeececeeeeeeeeeeeee 220 HEML Disclaimer 22 EE ele os a ee ge ae i SS 221 Auto reply settings o cd t e cece cece ee eeee cece eeeeeceeeeeeeeeeeseees 223 Mariables dialog EE S TE AAE pan f epee T E dob fee ane pelea ee o 224 Creating a new list elec cece cece cece cece eee cece ee ceeeeeeeeeeeeseeeeeeeeeees 225 Perimeter SMTP Server settings 0000 000000 c cece cc ccc cece cece cece eeeeeeeeeeeeeeeeees 232 Specifying the administrator s email address 1 2 0 0 ccc c cece e eee cece cece cece ee eeeees 233 Scanning Manager 0 0 0 cece cece cece e cece cece cece o Eoo aa ea arona arerioa 234 Updates
159. eeeeeeeees 264 The GFI MailEssentials Switchboard Troubleshooting 22000 22c cece eeeeeeee 265 The GFI MailEssentials Switchboard Troubleshooting 2200 2cc cece ee eeeeee 266 Changing Remoting ports 0 222 c ooo eee ccc cece cece eee cece eeeeeceeeeeeeeeeeees 268 Adding VSAPI performance monitor counters in Windows 2008 Server 2 270 Screenshot 150 Monitoring Virus Scan Files Scanned in Windows Server 2008 Performance Monitor 1 Introduction 1 1 About this manual The scope of this Administrator Guide is to help you install run configure and troubleshoot GFI MailEssentials on your network The table below describes the contents of this guide About The components and tools that make up GFI MailEssentials How inbound and outbound mail scanning works Overview of the engines that protect your mail system Typical deployment scenarios For more information refer to About GFI MailEssentials page 13 Installation gt The various environments and email infrastructures supported by GFI MailEssentials Product prerequisites applicable to your network Prepare your environment for product installation Guides you through the installation and upgrade procedures Walks you through the key steps needed to get the product running on default settings Test installation and run the product For more information refer to Installation page 22 Monitoring
160. eleased for SpamRazer that will further decrease the response time to new trends of spam SpamRazer also includes Sender Policy Framework filtering which detects forged senders It is recommended that senders publish their mail server in an SPF record For more information on SPF and how it works visit the Sender Policy Framework website at http www openspf org This filter also blocks NDR spam For more information on NDR spam refer to http go gfi com pageid ME_NDRSpam Configuring SpamRazer NOTES 1 Disabling SpamRazer is NOT recommended 2 GFI MailEssentials downloads SpamRazer updates from mailshell net 1 Go to Anti Spam gt Anti Spam Filters gt SpamRazer GFI MailEssentials 6 Anti Spam 107 General Updates Actions ta SpamRazer Configuration SpamRazer is an anti spam engine that determines if an email is spam through the use of email fingerprints email reputation and content analysis Options Enable SpamRazer engine Information about blocking descriptions returned by SpamRazer can be obtained from the following KB article http www gfi com link entry aspx page skynet amp id KBID001896 Enable SpamRazer SPF Recommended Enables SpamRazer to perform a Sender Policy Framework check as part of its checks For more information refer to http go gfi com pageid ME_SPFfilter Licensing SpamRazer Licensing Status Evaluation license Screenshot 63 SpamRazer Properties 2 From the
161. enerate tracking number in sub Generates a unique tracking number in the auto reply ject By default tracking numbers are generated using the following format ME _ YYMMDD_nnnnnn Where ME GFI MailEssentials tag YYMMDD Date in year month and date format mnnnnnn automatically generated tracking number Include email sent Select to quote the inbound email in auto reply 8 Click Apply 9 3 List Server List servers enable the creation of two types of distributions lists Newsletter Used for creating subscription lists for company or product newsletters to which users can either subscribe or unsubscribe Discussion Enables groups of people to hold discussions via email with each member of the list receiving the email that a user sends to it GFI MailEssentials 9 Email Management 224 9 3 1 Creating a newsletter or discussion list To create a new newsletter or discussion list 1 Go to Email Management gt List Server and click Add List General Database Footer Permissions Subscribers i iE Configure the list name domain and additional options for this list Display Name Provide a friendly name for this rule List Server Settings List Type Newsletter Discussion Which domain will the list use Only relevant if you have multiple domains eee List email addresses List address Subscribe subscribe Unsubscribe unsubscribe Other Options E Automatic
162. engine to a log file select Log occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are stored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log GFI MailEssentials 5 Email Security 100 General Actions Updates Q Configure the Automatic Updates For This Profile Automatic update options Configure the automatic update options W Automatically check for updates Downloading option Check for updates and download Y Download time interval hour s Last update 06 04 2014 18 35 42 Update options Wi Enable email notifications upon successful updates NOTE Notifications for unsuccessful updates will always be sent Click the button below to force the updater service to download the most recent updates Download updates Update Status No updates currently in progress Screenshot 58 Engine Updates tab 6 From Updates tab select Automatically check for updates to enable automatic updating for the selected engine 7 From Downloading option list select one of the following options Only check for Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates updates are available for this engine This option will NOT download the available updates auto matically Check for Select t
163. er s mailbox Type the folder where to move spam email e Example 1 Type Suspected Spam for a custom folder to be created in the same level of the Inbox folder e Example 2 Type Inbox Suspected Spam for a custom folder to be created in the Inbox folder NOTE This option requires that e GFI MailEssentials is installed on the Microsoft Exchange Server machine If GFI MailEssentials is not installed on the Microsoft Exchange Server configure mail server to route emails or use the Rules Manager For more information refer to Moving spam email to user s mailbox folders page 256 e The mail server is Microsoft Exchange Server 2003 or Microsoft Exchange Server 2007 2010 with the Mailbox Server Role present For Microsoft Exchange 2010 a dedicated user is required to enable this option For more information refer to Move spam to Exchange 2010 folder page 258 Send email identified as spam to a specific email address Example Forward all spam to an email address checked by someone who checks email that might have been wrongly marked as spam The subject of the email will be in the format recipient subject Saves email detected as spam to the path specified Example c Spam File names of saved emails are in the following format Sender recipient subject number eml Example c Spam jim comp com bob comp com MailOffers 1 eml Select this option to add a tag to the email subject Key in the text to use for tagging a
164. er Configuration 1 From Lotus Notes Administrator create a database with the normal MAIL85 NTF template that is used as the public folder When the database is created right click the database from the files sec tion and select Access Control Configure the user or group or server to have access on the data base GFI MailEssentials 3 Installation 35 New Application Domino Srv Acme Public Folder Cancel mail public nsf Blank B Application Library 8 Discussion Notes amp Web 8 5 3 B Doc Library Notes amp Web 8 5 Lotus SmartSuite Library 8 5 Mail R8 5 7 Show advanced templates J Inhert future design changes Screenshot 6 Create a new database 2 Convert the database using the server console by typing load convert e h mail public nsf Command should display the following results U W W N ms N O Ph LO Ph WwW wo MAP specific items in on Utility shutdown Screenshot 7 Load convert result 3 On completion ensure that the database is accessible from IMAP service From the Lotus Notes Administrator go to Configuration and select the Files tab Highlight the database of the public folder click Edit select Copy as Link and click Application Link GFI MailEssentials 3 Installation 36 Copy to the Clipboard a link to the current application File Edit Administration Files Help a Undo Gtri zZ Copy Ctrl C Copy As Link Ancho
165. er aliases Screenshot 103 Add users to a Content Filtering rule GFI MailEssentials 7 Content Filtering 184 4 In the User Lookups window specify the name of the email user user group or public folder that you wish to add to the list and click Check Names Matching users groups or public folders are listed underneath NOTE You do not need to input the full name of the users groups or public folder It is enough to enter part of the name GFI MailEssentials will list all the names that contain the specified characters For example if you input sco GFI MailEssentials will return names such as Scott Adams and Freeman Prescott if they are available 5 Select the check box next to the name s that you want to add to the list and click OK NOTE To remove entries from the list select the user user group public folder you want to remove and click Remove 6 Repeat steps 3 to 5 to add all the required users to the list 7 Click Apply 7 2 2 Enabling disabling rules To enable or disable attachment filtering rules 1 Go to Content Filtering gt Attachment Filtering 2 From the Attachment Filtering page select the checkbox of the rule s to enable or disable 3 Click Enable Selected or Disable Selected accordingly 7 2 3 Removing attachment rules Warning Deleted rules are not recoverable If in doubt it is recommended to disable a rule 1 Go to Content Filtering gt Attachment Filtering 2 From Attachment Filterin
166. er email to mailbox In Inbox In Exchange mailbox sub folder Inbox New Senders Send to email address Administrator domaina tcv Move to folder on disk Eos Tag the email with specific text NEWSENDER Specify how the tag will be applied to the email Prepend to subject lt Append block reason to email subject Logging options Log rule occurrence to this file C Program Files x86 GFI MailEssentials Antispam logs newsenders log Screenshot 84 Anti spam actions GFI MailEssentials 6 Anti Spam 145 Quarantine Email Delete Email Deliver email to mailbox Send to email address Move to folder on disk Tag the email with specific text Emails detected as spam are stored in the Quarantine Store Other spam actions are disabled if the email is quarantined For more information refer to Quarantine page 198 Delete an email blocked by that particular spam filter Other spam actions are disabled if the email is deleted Choose the folder where to deliver the email Available options are In Inbox Routes spam to user s inbox In Exchange junk email folder Routes spam to users Junk email folder This option only works when GFI MailEssentials is installed on Microsoft Exchange It is not available for the New Senders filter In Exchange mailbox sub folder Route all spam toa specific folder in the us
167. ertain GFI MailEssentials features To add users to the Access Control list 1 From GFI MailEssentials Configuration go to General Settings gt Access Control Add domain users or groups and select the product features to allow access to Access Control D i A Configure who can access GFI MailEssentials and what features are available for which users L UsenGroupName L UsenGroupName Quarantine Reporting Delete Access Access Add User Group Screenshot 134 Access control settings 2 Click Add User Group 3 In the User Lookups dialog enter the name of the user or group to add and click Check Names 4 GFI MailEssentials displays the list of users groups found Select the users groups to add and click Submit 5 For the newly added users groups select the features to allow access to Full Access User can access and configure all features of the product Quarantine Access Allows access to quarantine search and search folders Reporting Access Enables users to generate reports RSS Access Allows users to subscribe to the quarantine RSS feeds 6 Click Apply GFI MailEssentials 10 General Settings 242 11 Miscellaneous topics Topics in this chapter 11 1 Installation information 0 0 0 2 2 200000 c ete ee eee 243 11 2 Virtual directory names 20 20 02 o eee cece cece cece eee c ee ceceececcececeeceeseceeees 244 11 3 User interface mode 2 2 2 2 o oo ccc ccc ccc cee ence be cee c ete ceeeeeeeenececee
168. erver roles detected and the GFI MailEssentials components required Click Next to install the required GFI MailEssentials components and Finish to complete Post Install wizard Upgrading over GFI MailSecurity versions 10 1 2011 Anti Virus and Anti Malware features are licensed on upgrade The Anti Spam and Anti Phishing features are on a 30 day trial period Install GFI MailEssentials as if installing for the first time For more information refer to Installation procedure page 39 As from GFI MailEssentials 2015 the Anti spam synchronization agent feature has been deprecated and is now replaced with the GFI MailEssentials Multi Server feature This will need to be reconfigured on upgrade For more information refer to GFI MailEssentials Multi Server page 273 Following the installation also complete the GFI MailEssentials Post Install Wizard For more information refer to Post Installation Wizard page 43 Upgrading over both GFI MailEssentials amp GFI MailSecurity When upgrading on a server that contains both GFI MailEssentials amp GFI MailSecurity all Anti Virus Anti Malware Anti Spam and Anti Phishing features are licensed on upgrade As from GFI MailEssentials 2015 the Anti spam synchronization agent feature has been deprecated and is now replaced with the GFI MailEssentials Multi Server feature This will need to be reconfigured on upgrade For more information refer to GFI MailEssentials Multi Server page 273
169. ervers and ensure that GFI MailEssentials is bound to the correct virtual server For more information refer to SMTP Virtual Server bindings page 238 3 MX record for domain not configured correctly Ensure that the MX record points to the IP address of the server running GFI MailEssentials 4 If inbound emails are passing through another gateway ensure that the mail server running on the other gateway forwards inbound emails through GFI MailEssentials 5 Ensure that outbound emails are configured to route through GFI MailEssentials For more information refer to Installing on an email gateway or relay perimeter server page 26 6 Verify that the SMTP virtual server used by Microsoft Exchange Server for outbound emails is the same SMTP server GFI MailEssentials is bound to For more information how to solve this issue refer to http go gfi com pageid ME_MonitorProcessing This problem occurs for emails that use one character set for the message header and a different character set for the message body When such emails are processed by Microsoft Exchange 2003 the emails will be shown garbled in Microsoft Outlook Microsoft has released a hotfix to resolve this issue For more information refer to http go gfi com pageid ME_OutlookCharacters and http go gfi com pageid ME_MessageGarbled Connect to Microsoft Exchange using IMAP For more information refer to http go gfi com pageid ME_POP3ViewSpam Ensur
170. es 2 Select a filter and click up button to assign a higher priority or click down button to assign a lower priority NOTE Click Default Settings to restore the filters order to default 3 Click Apply 6 4 SMTP Transmission Filtering In GFI MailEssentials some anti spam filters can be configured to execute when the full email is received or at SMTP Transmission level In SMTP Transmission filtering emails are scanned whilst they GFI MailEssentials 6 Anti Spam 148 are being received SMTP level filtering terminates the email s connection and therefore stops the download of the full email economizing on bandwidth and processing resources In this case the connection is terminated immediately and emails are not required to go through any other anti spam filters IMPORTANT To make the best of SMTP Transmission filtering use it when GFI MailEssentials is installed on an Internet gateway or when it is the first server to receive emails from the Internet 1 Go to Anti Spam gt Filter Priority and select the SMTP Transmission Filtering tab Filter Priority SMTP Transmission Filtering SMTP transmission filtering configuration Optional SMTP filters The filters listed as optional SMTP filters are anti spam filters which can run either during SMTP transmission or during full email processing IP Blocklist Filtering during SMTP transmission Directory Harvesting Filtering during SMTP transmission IP D
171. es email For more information refer to Permanently Delete Quarantined Emails page 208 Delete and Deletes email and notifies user For more information refer to Permanently Delete Quarantined Emails Notify page 208 Download Downloads quarantined email to a location you choose in eml format Item Warning Emails in Quarantine Store may contain malicious content Use this feature with caution 8 4 2 Approving Quarantined Emails There might be instances where you might want to approve an email blocked by GFI MailEssentials GFI MailEssentials allows the administrator to approve a quarantined email so that it is released from the Quarantine Store and delivered to its intended recipients To approve emails 1 Use the search features described in the previous sections to return a list of quarantined emails 2 Select the checkbox next to the quarantined email s to approve and click Approve Sanitize and Approve Emails GFI MailEssentials also enables you to remove the item that caused the email to be quarantined and send the email to recipient To sanitize and approve emails 1 Use the search features described in the previous sections to return a list of quarantined emails 2 Click on an email to view its details 3 Click Sanitize and Approve NOTE Emails quarantined by the Information Store VSAPI source cannot be sanitized 8 4 3 Permanently Delete Quarantined Emails 1 Use the search features described in the previ
172. escription Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin istrator istrator email address page 233 Notify local Notify the email local recipients about the blocked email user 7 To log the activity of this engine to a log file select Log occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are stored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log GFI MailEssentials 5 Email Security 75 General Actions Updates Q Configure the Automatic Updates For This Profile Automatic update options Configure the automatic update options W Automatically check for updates Downloading option Check for updates and download Y Download time interval hour s Last update 06 04 2014 18 35 42 Update options Wi Enable email notifications upon successful updates NOTE Notifications for unsuccessful updates will always be sent Click the button below to force the updater service to download the most recent updates Download updates Update Status No updates currently in progress Screenshot 39 Engine Updates tab 8 From Updates tab select Automatically check for updates to enable automatic updating for the selected engine 9 From Downloading option list select one
173. ess list it can also support domain addresses which are then resolved at runtime so that all the IP addresses for the domain in question are obtained This is done in two ways 1 By default the feature queries the MX records of the domain being processed 2 Optionally you can choose to have the SPF record of the domain queried If the domain doesn t have an SPF record the SPF part is ignored and only the MX records are used If the IP address from where the email originated the one which sent to the perimeter server is an IP listed in the Domains IPs exclusions tab or resolved from a domain in the same list then the email is not processed by HTML Sanitizer This is a sort of IP Whitelist but with the additional benefit of GFI MailEssentials 5 Email Security 104 specifying domains and have the feature resolve the domains MX records and optionally the SPF record to get the IP addresses To manage domains IP exclusions in the HTML Sanitizer Whitelist 1 Navigate to Email Security gt HTML Sanitizer and select Domains IP exclusions tab HTML Sanitizer Whitelist Domain IP Exclusions 5 Domain IP Exclusions The domain exclusions provide the ability to exclude HTML Sanitizing processing for MX records of a domain by specifying the domain name Server ip addresses can also be specified Exclusions Exclusion entry sj soosoooooooem E A Remove Examples domain com 192 168 1 1 Query the SPF records ofthe specifi
174. ettings gt Product Updates and select Updates tab GFI MailEssentials 10 General Settings 239 m Updates Settings Q Available updates to fix known issues in GFI MailEssentials Y Fix for quarantine stability issues Date 2014 09 09 Severity Critical Read Me This is a fix for the malware quarantine lagging issue with large email attachments Install Y Authentication issue with joined domain fix Y Attendant exe crash on Exchange 2007 fix Screenshot 132 View and install product updates 2 Expand any updates to see details about the downloaded updates Click Install to install update 10 8 2 Disabling or modifying schedules To disable or modify this schedule 1 Navigate to General Settings gt Product Updates and select Settings tab GFI MailEssentials 10 General Settings 240 Updates Settings K Define the schedule when updates will be downloaded and installed Settings Manual Automatic Daily at Weetyon First of the month at 03 00 00 Last of the month at 03 00 00 Note Updates are essential and keep your GFI MailEssentials server free from any known issues and security threats GFI stresses that all updates are tested thoroughly prior release Please note that certain updates require restart of GFI MailEssentials services and or Microsoft Exchange SMTP services depending upon the update being installed Screenshot 133 Disable or modify produc
175. ev administrator domaina tev administrator domaina tev administrator domaina tev E Events POP2Exchange Scan Result t Eg Subject Scan Result View Test Subject Ok Details OS FHSRAEEGR Blocked 3 SpamRazer Petails OR FHSRAEEGR Blocked l EN SpamRaze Petails eSTESRSESA Blocked l e SpamRazer Details ok FBR atta Blocked Ate SpamRazer Petails KAKI A Quarantined RES HBA Email Details Bkkk Blocklist OR FHSRREEGR Blocked ESEA SpamRazer Details OR FHSRAEEGR Blocked EN SpamRaze Details OR FHBRSEEGR Blocked l e SpamRazer Petails ae RR IA Quarantined PES Ris Email Details Bik Blocklist From GFI MailEssentials Configuration you can monitor all processed emails in real time Navigate to GFI MailEssentials gt Dashboard and select the Logs tab to display the list of processed emails The following details are displayed for each email processed Date Time Sender Recipient s GFI MailEssentials 4 Monitoring status 57 Subject Scan Result shows the action taken on the email OK Email is not blocked by GFI MailEssentials and is delivered to its intended recipients Quarantined Email is blocked by an engine or a filter that has the action set to Quarantine Click Quarantine to review the email NOTE The email cannot be previewed in quarantine if it was manually deleted from quarantine Blocked Email is blocked by an engine or filter Action taken is as configur
176. evious Setting to change the SpamTag default language Click Enabled and modify the Default Language value 13 Click OK 14 Select Console Root gt lt domain policy gt gt Computer Configuration gt Software Settings 15 Right click Software installation and select New gt Package 16 In the Open dialog locate the share where the MSI file was saved in step 1 GFI MailEssentials 6 Anti Spam 164 NOTE When selecting the location of the MSI file ensure that this is done through My network locations so that the share name in GFI MailEssentials includes the full network share location rather than the local path 17 Choose the deployment option select Assigned and OK Step 3 Verify installation The set up should now be complete SpamTag will be installed the next time each client machine is started To check installation verify that the SpamTag toolbar is visible in Microsoft Outlook and that it connects successfully to GFI MailEssentials 6 7 5 Using SpamTag FS Console om Settings Help 7 GFI MailEssentials Screenshot 94 SpamTag in Microsoft Outlook 2010 For information on how to use SpamTag refer to the built in help by clicking Help in SpamTag The help automatically shows information related to the features that are enabled by the administrator in SpamTag settings page Spam y Hamy Options Y Spam Personal Blocklist Personal Blocklist Sender s Domain example com Global Blo
177. f an No email is spam based on past experience 2 4 4 Filters running at SMTP level The following engines scan and block emails during SMTP transmission before the email is received For more information refer to SMTP Transmission Filtering page 148 FILTER DESCRIPTION ENABLED BY DEFAULT IP Blocklist The IP Blocklist is a custom database of IP addresses from which you never want to receive emails Directory Harvesting Directory harvesting attacks occur when spammers try to guess email addresses by No attaching well known usernames to your domain The majority of the email addresses are non existent IP DNS Blocklist IP DNS Blocklist checks the IP address of the sending mail server against a public list Yes of mail servers known to send spam Greylist The Greylist filter temporarily blocks incoming emails received from unknown No senders Legitimate mail systems typically try to send the email after a few minutes spammers simply ignore such error messages GFI MailEssentials 2 About GFI MailEssentials 17 2 4 5 Other engines The following engines help to identify safe emails FILTER DESCRIPTION ENABLED BY DEFAULT Whitelist The Whitelist contains lists of criteria that identify legitimate email Emails that match these Yes criteria are not scanned by anti spam filters and are always delivered to the recipient New The New Senders filter identifies emails that have been received from senders to whom No Senders e
178. f email addresses to import and click Import 7 Click Apply 8 6 2 Malware Options GFI MailEssentials can also be configured to notify the administrator or authorized users via email Quarantine Action Form whenever an email is quarantined The Quarantine Approval Form contains details related to the quarantined email including the reason why it was blocked and any attachments that were included in the email The administrator can then action the quarantined email for example approve the email directly from the email client NOTE To automatically purge emails older than a specific number of days create a new search folder and set the Auto purging feature to purge emails after a number of days For more information refer to Using the Search Folders node to auto purge quarantined emails page 205 Enabling Quarantine Approval Forms 1 Navigate to Quarantine gt Quarantine Options gt Malware Options GFI MailEssentials 8 Quarantine 213 Quarantine Mode Nonexistent recipients t Quarantine mode Email options Select where the quarantine approval forms are sent These enable recipients to see the quarantine store and approve or discard quarantined email Send quarantine approval forms by email Select recipient Send to administrator Send to the following email address PT Audit options Save quarantine audit to this file quarantineaudit log If no path is specified the audit file will be
179. figured during recommended installation User interface is also accessible over the network via http NOTE IIS setup settings can be altered using the Website name Virtual directory and RSS virtual Directory fields The Security options enable the configuration of an Access Control List and the IIS Authentication GFI MailEssentials 11 Miscellaneous topics 245 NOTE Some services are temporarily stopped while performing this operation This may affect mail flow and or email scanning 3 Click Yes to restart the displayed services 4 Click OK 11 3 1 IIS Security Settings The Security button within the Ul mode tab enables you to configure an Access Control List and Authentication method Access Control List The Access control list specifies who can access GFI MailEssentials and what features are available for which users or groups By default Administrators are granted full access to GFI MailEssentials you can however specify specific users or groups with different access types To add a user 1 Load Switchboard by clicking Start gt Programs gt GFI MailEssentials gt Switchboard 2 Select UI Mode tab Click IIS Mode and select Security GFI MailEssentials 11 Miscellaneous topics 246 ag ACL Users Management and Authentication ACL Authentication 4 IIS Mode Access Control List a Configure who can access GFI MailEssentials and what features are available for which users Screenshot 137 IIS Securi
180. for managing emails in the mailbox and in the public folder in Microsoft Exchange Whitelist A list of email addresses and domains from which emails are always received GFI MailEssentials 15 Glossary 297 Zombie An infected computer that is made part of a Botnet through malware GFI MailEssentials 15 Glossary 298 16 Index A Active Directory 17 20 25 32 41 49 106 112 160 167 215 220 237 242 259 262 264 Antispam 59 166 251 257 Antivirus 16 24 25 40 59 73 74 78 82 85 89 93 195 207 Attachment Filtering 16 179 197 234 237 273 280 Auto replies 12 15 223 B Bayesian Analysis 17 25 107 135 155 158 159 234 285 289 C Cluster 24 71 D Dashboard 11 53 54 57 59 61 283 Database 17 34 35 53 55 60 61 66 68 71 95 106 110 115 127 137 156 226 227 237 274 284 285 288 DEP 49 Directory harvesting 15 17 20 49 106 112 149 234 262 264 Disclaimers 12 219 222 286 DMZ 19 26 41 167 216 DNS Server 29 33 43 120 132 154 Domain 11 16 32 112 121 124 125 132 138 159 162 164 166 216 220 223 237 241 259 283 E Edge Server 18 26 Email Blocklist 17 106 115 117 155 170 234 285 Email Direction 63 65 Email monitoring 12 15 16 230 286 F firewall 19 25 40 114 216 285 G gateway 19 23 26 32 40 73 77 81 84 88 123 201 207 249 283 286 Greylist 17 49 106 127 149 234 GFI MailEssentials
181. formation Email headers Information that precedes the email text body within an email message This includes the sender recipient subject sending and receiving time stamps etc Email monitoring rules Rules which enable the replication of emails between email addresses Exploit An attack method that uses known vulnerabilities in applications or operating systems to com promise the security of a system False negatives Spam emails that are not detected as spam GFI MailEssentials 15 Glossary 293 False positives Legitimate emails that are incorrectly identified as spam G Gateway The computer server in a LAN that is directly connected to an external network In GFI MailSecurity gateway refers to the email servers within the company that first receive email from external domains Greylist filter An anti spam filter that blocks emails sent from spammers that do not resend a message when a retry message is received H Ham Legitimate e mail HTML Sanitizer A filtering module within GFI MailSecurity that scans and removes html scripting code from emails HTTP Hypertext Transfer Protocol A protocol used to transfer hypertext data between servers and internet browsers IIS See Internet Information Services IMAP See Internet Message Access Protocol Internet Information Services A set of Internet based services created by Microsoft Corporation for internet servers Internet Message Access Proto
182. g option Description Check inbound emails Scan incoming emails for Trojans and malicious executable files Check outbound emails Scan outgoing emails for Trojans and malicious executable files 4 From the Security settings area choose the required level of security Security Description Level High Secur Blocks all executables that contain any known malicious signatures ity Medium Blocks suspicious executables Emails are blocked if an executable contains one high risk signature or a Security combination of high risk and low risk signatures Low Secur Blocks only malicious executables Emails are blocked if an executable contains at least one high risk sig ity nature GFI MailEssentials 5 Email Security 96 5 From Actions tab configure the actions you want GFI MailEssentials to take on emails containing a malicious executable NOTE Emails blocked by the Trojan amp Executable Scanner are always quarantined NOTE When GFI MailEssentials is installed on same machine as Microsoft Exchange 2003 GFI MailEssentials may not be able to block outbound emails but instead replaces the blocked content with a threat report 6 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options option Description Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin istrator istra
183. g frequently used in legitimate messages it will have a much bet ter spam detection rate and a far lower false positive rate Creating the Bayesian spam database Besides ham email the Bayesian filter also relies on a spam data file This spam data file must include a large sample of known spam In addition it must also constantly be updated with the latest spam by the anti spam software This will ensure that the Bayesian filter is aware of the latest spam trends resulting in a high spam detection rate How is Bayesian filtering done Once the ham and spam databases have been created the word probabilities can be calculated and the filter is ready for use On arrival the new email is broken down into words and the most relevant words those that are most significant in identifying whether the email is spam or not are identified Using these words the Bayesian filter calculates the probability of the new message being spam If the probability is greater than a threshold the message is classified as spam NOTE For more information on Bayesian Filtering and its advantages refer to http go gfi com pageid ME_Bayesian Training the Bayesian Analysis filter NOTE The Bayesian Analysis filter can also be trained using Public folders For more information refer to Configuring the Bayesian filter page 135 It is recommended that the Bayesian Analysis filter is trained through the organization s mail flow over a period of time It
184. g page select the rule s that you want to remove 3 Click Remove Selected 7 2 4 Modifying an existing rule 1 Go to Content Filtering gt Attachment Filtering 2 From Attachment Filtering page click the name of the rule to modify 3 Perform the required changes in the rule properties and click Apply 7 2 5 Changing the rule priority Attachment Filtering rules are applied in the same order from top to bottom as they are listed in the Attachment Filtering page that is rule with priority value 1 is checked first To change the GFI MailEssentials 7 Content Filtering 185 sequence priority of rules 1 Go to Content Filtering gt Attachment Filtering 2 From the Attachment Filtering page click the up or down arrows to respectively increase or decrease the priority of the selected rule 3 Repeat step 2 until rules are placed in the desired sequence 7 3 Advanced Content Filtering Advanced Content filtering enables scanning of email header data and content using advanced configurable search conditions and regular expressions regex To configure advanced content rules go to Content Filtering gt Advanced Content Filtering This page allows you to view create enable disable or delete rules 7 3 1 Creating Advanced Content Filtering rules To create an Advanced Content Filtering rule follow the steps listed below Step 1 Configuring basic rule settings and conditions to block Step 2 Configuring t
185. ge 144 NOTE If Directory Harvesting is set to run at SMTP level only the Log rule occurrence to this file option will be available in the Actions tab 6 Click Apply Stage 2 Selecting if Directory Harvesting should be done during the SMTP transmission 1 Navigate to Anti spam gt Filter Priority and select SMTP Transmission Filtering tab 2 Click Switch to toggle the Directory Harvesting filtering between GFI MailEssentials 6 Anti Spam 114 option J pescription Filtering on receiving Filtering is done when the whole email is received full email Filtering during Filtering is done during SMTP transmission by checking if the email recipients exist before the SMTP transmission email body and attachment are received NOTE If this option is chosen Directory Harvesting will always run before the other spam filters 3 Click Apply 6 1 4 Email blocklist The Email Blocklist is a custom database of email addresses and domains from which you never want to receive emails This filter is enabled by default on installing GFI MailEssentials Configuring Email Blocklist 1 Go to Anti Spam gt Anti Spam Filters gt Email Blocklist GFI MailEssentials 6 Anti Spam 115 Blocklist Personal Blocklist Actions S Specify which email addresses will be filtered for spam Enable email blocklist Blocklist Entry Email Type Checksender S i o Add Blocklist saa CCS Email Description E list adult
186. gon to your ISP Password Process every Enter the interval in minutes minutes 4 In the Schedule area specify the hours when GFI MailEssentials should dial up to pick up email 5 Click Apply 11 7 Moving spam email to user s mailbox folders When GFI MailEssentials is installed on the Microsoft Exchange Server spam emails can be saved in a user s mailbox folder For more information refer to Spam Actions What to do with spam emails page 144 If GFI MailEssentials is NOT installed on the Microsoft Exchange Server spam emails cannot be routed to a specific user s mailbox folder through the Spam Actions Emails can still however be routed to the user s mailbox as described below 11 7 1 Microsoft Exchange 2007 2010 To configure Microsoft Exchange 2007 2010 to forward tagged emails to the user s Junk E mail mailbox folder a Transport Rule needs to be created IMPORTANT In GFI MailEssentials Spam Actions select the Tag the email with specific text option only If you select any other action the emails detected as spam will not reach the mailbox of the user and therefore the configured transport rules will not be applicable To create a Transport Rule in Exchange 2007 2010 1 Launch the Microsoft Exchange Management Console 2 Navigate to Microsoft Exchange gt Organization Configuration gt Hub Transport and select the Transport Rules node 3 Click New Transport Rule 4 Type a name for the new
187. gt C MailEssent ials Settings weights bsp Done Copying C Program Files GFI MailEssentials userlist mdb gt C MailEssentials Settings userlist mdb Done Copying C Program Files GFI MailEssentials data reports mdb gt C MailEssent ials Settings reports mdb Done Done press lt Enter gt to continue Screenshot 144 Exporting settings via command line 3 Restart the services stopped in step 1 Importing settings via command line 1 Stop the following services GFI List Server GFI MailEssentials AS Scan Engine GFI MailEssentials Attendant GFI MailEssentials Autoupdater GFI MailEssentials AV Scan Engine GFI MailEssentials Backend GFI MailEssentials Enterprise Transfer GFI MailEssentials Legacy Attendant GFI MailEssentials Quarantine Action Services GFI POP2Exchange IIS Admin service 2 From command prompt change directory to the GFI MailEssentials installation root folder 3 Key in meconfigmgr import c MailEssentials Settings verbose replac Where C MailEssentials Settings location where the files to import are located Replace with the path where files to be imported are located GFI MailEssentials 11 Miscellaneous topics 263 verbose instructs the tool to display progress while copying the files ceplace instructs the tool to overwrite existing files in the destination folder WARNING The import process replaces
188. h engine and navigate to the Updates tab to configure update settings NOTE Updates for each engine are checked for and downloaded sequentially one engine update at a time GFI MailEssentials 4 Monitoring status 59 4 1 4 Event logs Dashboard Logs Updates Events POP2Exchange al o Event Logging A Events Show entries Date Event ID Subject Details 03 01 2014 10 43 43 1027 GFI MailEssentials Anti Phishing data updated Details 03 01 2014 10 42 32 1027 GFI MailEssentials Anti Phishing data updated Details Showing 1 to 2 of 2 entries First Previous 1 Next Last Screenshot 28 Event logs From GFI MailEssentials Configuration you can monitor important events related to the functionality of GFI MailEssentials Examples of instances that trigger events completion of anti spam engine updates reporting database reaches 1 7GB and GFI MailEssentials rolls over to a new database less than 1GB free disk space on partition where quarantine is stored Navigate to GFI MailEssentials gt Dashboard and select the Events tab to display the list of events The following information is displayed for each event Date Time Event ID an identifier is assigned to each type of GFI MailEssentials event Subject Click Details to show more information about a particular event GFI MailEssentials events are also available from the Windows Event Viewer under Applications and Services L
189. h specifically for whole words and avoid blocking words that are part of other words For example enabling this option would not block the word MSEx change notwithstanding the fact that the word sex is part of MSExchange 5 Select Subject tab select Block emails if content is found matching these conditions message subject to enable Spam Keyword checking on email subject 6 In the Condition Entry area key in a keyword or a combination of keywords for this filter to block Use the AND OR AND NOT and OR NOT operators to configure specific conditions 7 Select Apply the keywords list to also scan senders display names to check the display name of the sender email which can contain spam keywords For example Viagra spam which often has forged senders and the word Viagra in the s 8 Click Actions tab to select the actions to perform on messages identified as spam For more inform ation refer to Spam Actions What to do with spam emails page 144 9 Click Apply Removing conditions To remove a Spam Keyword Checking condition GFI MailEssentials 6 Anti Spam 134 1 From the Conditions list area within the Body or Subject tab select one or more conditions to remove NOTE To find the condition to remove use the controls under the list of conditions to move between the pages listing the conditions 2 Click Remove and Apply Importing and Exporting conditions To export more condit
190. hange node GFI MailEssentials 11 Miscellaneous topics 252 V Enable POP2Exchange from POP3 server Force Download POP3 Mailboxes porssener SS Por Cd U Use SSL U Accept Invalid Certificate Login OO passwort OOOO OOOO S SEY Please provide an alternate address for this mailbox Ifthe recipientis not on a local domain the email will be forwarded to this address atemate address Cid Send mail to Address stored in To field v POP3 Server Login Alternate address No data available in table First Previous Next Last Remove POP3 Options Check every fo minutes Do not download mails larger than KBytes lf mail is larger then Inform mail postmaste Screenshot 141 The GFI MailEssentials POP3 downloader 2 In the POP3 tab select Enable POP 2Exchange from POP3 server to enable POP3 downloader 3 In the POP3 Mailboxes box specify the details of the POP3 servers to download emails from option Description POP3 Key in the IP address of the POP3 server to download emails from Server Port Key in the POP3 port By default POP3 uses port 110 or port 995 when using a secure connection Use SSL Select if the POP3 server requires a secure connection Accept Select this option if you want to ignore unverified certificates from the POP3 server It is recommended to Invalid Cer unselect this option and ensure that all certificates are validated tificate GFI MailEssentials 11 Misce
191. he language selected at this stage GFI MailEssentials 3 Installation 40 GFI MailEssentials Product License Key Please enter the license key provided to you for evaluation or when registering your copy of GFI MailEssentials for Exchange SMTP Ci A license key is required to install GFI MailEssentials Get an evaluation key from here Screenshot 12 Specifying administrator s email address and license key 3 Enter License Key and click Next NOTE Evaluation is no longer accepted as a license key Access the GFI website customer area to upgrade your license key before starting the upgrade process 4 Select the mode that GFI MailEssentials will use to retrieve the list of email users Foption Description Active Directory SMTP Click Next Active Directory mode GFI MailEssentials will retrieve the list of users from Active Directory Selecting this option means that GFI MailEssentials is being installed behind your firewall and that it has access to the Active Directory containing ALL your email users SMTP mode Select this mode if you are installing GFI MailEssentials on a machine that does not have access to the Active Directory containing the complete list of all your email users This includes machines on a DMZ or machines that are not part of the Active Directory domain In this mode GFI MailEssentials automatically populates the list of local users using the sender s email address in
192. he actions to take on detected emails Step 3 Specifying the users to whom to apply this rule Step 1 Configuring basic rule settings and conditions to block 1 Go to Content Filtering gt Advanced Content Filtering and click Add Rule GFI MailEssentials 7 Content Filtering 186 General Actions Users Folders FS Advanced Content Filtering Rule name Please specify a friendly name for this rule New Advanced Checking Rule Condition Choose the condition for this rule Headers SSCs Starts With sd Email checking This rule can be applied to inbound outbound and internal emails Select below lt J K Check inbound emails Check outbound emails Check internal emails Screenshot 104 Adding a new Advanced Content Filtering rule 2 In Rule Name area provide a name for the new rule 3 In Condition area provide the condition that the email has to meet to match this rule From the drop down select the email part Header Subject Body Attachment Name or Attachment Con tent and choose a condition Start with Ends with Contains Matches Exactly Matches Regex In the text box key in the keyword or regular expression that the email should match For example To match emails having swiss in subject Select Subject and Contains and key in swiss in textbox 4 Select whether to scan inbound outbound and or internal emails Check Inbound emails Check Outbound emails Check Interna
193. he specified user This user must be dedicated to this feature only and the credentials must not be changed For more information refer to http go gfi com pageid ME_SpamExch2010 Click Next 7 When installing on Microsoft Exchange Server 2007 2010 the list of Microsoft Exchange server roles detected and GFI MailEssentials components required is displayed Click Next to install the required GFI MailEssentials components 8 Click Finish to finalize the installation GFI MailEssentials installation is now complete and the email protection system is up and running Next step Optimize your protection system to ensure that it is effectively up and running For more information refer to Post Install actions page 49 GFI MailEssentials 3 Installation 46 NOTE To re run the Post Installation wizard from command prompt navigate to the GFI MailEssentials installation folder and run the following command e2kwiz exe clean 3 4 Upgrading a previous version Upgrade to the latest version of GFI MailEssentials from GFI MailEssentials 2012 or over GFI MailEssentials 12 and over and or GFI MailSecurity 10 1 and over Important notes 1 Before upgrading to the latest version of GFI MailEssentials ensure your system meets the min imum system requirements For more information refer to System requirements page 22 2 Upgrade is not reversible you cannot downgrade to the previous version you had installed 3 4 1 Upgra
194. hecks the content of the email for text that identifies the email as Spam For comprehensive content filtering of email for example to block Racial content or Profanities use the Keyword filtering option within the Content Filtering node Add Spam Keyword Check 1 Go to Anti Spam gt Anti Spam Filters gt Spam Keyword Checking GFI MailEssentials 6 Anti Spam 133 2 From the Body tab select Block emails if content is found matching these conditions message body to enable Spam Keyword checking on email body Body Subject Actions jel Configure keyword filtering options for checking the content of the message body 7 Block emails if content is found matching these conditions message body Condition entry Edit condition AND NOT OR NOT Screenshot 78 Spam Keyword checking properties 3 In the Condition Entry area key in a keyword or a combination of keywords for this filter to block Use the AND OR AND NOT and OR NOT operators to configure specific conditions For example e Basketball sports GFI MailEssentials blocks emails with the phrase Basketball sports Only this phrase would activate the rule not the word basketball OR the word sports separated by some other words e Basketball AND Baseball GFI MailEssentials blocks emails that have both words in the email Emails with only Basketball or only baseball will not be blocked 4 Select Match whole words only to searc
195. hin GFI MailSecurity where all blocked emails are retained until they are reviewed by an administrator R RBL See Realtime Blocklist Realtime Blocklist Online databases of spam IP addresses Incoming emails are compared to these lists to determ ine if they are originating from blocked users GFI MailEssentials 15 Glossary 296 Recursive archives Archives that contain multiple levels of sub archives that is archives within archives Also known as nested archives Remote commands Instructions that facilitate the possibility of executing tasks remotely RSS feeds A protocol used by websites to distribute content feeds that frequently changes for example news items with its subscribers Secure Sockets Layer A protocol to ensure an integral and secure communication between networks Simple Mail Transport Protocol An internet standard used for email transmission across IP networks SMTP See Simple Mail Transport Protocol Spam actions Actions taken on spam emails received e g delete email or send to Junk email folder SSL See Secure Sockets Layer T Trojan horse Malicious software that compromises a computer by disguising itself as legitimate software V Virus scanning engine A virus detection technology implemented within antivirus software that is responsible for the actual detection of viruses W WebDAV An extension of HTTP that enables users to manage files remotely and interactively Used
196. his file PT Screenshot 101 Attachment Filtering Actions Tab 2 To block an email that matches the rule conditions select Block attachment and perform this action and select one of the following options Quarantine Stores blocked emails in the Quarantine Store You can subsequently review approve delete all the email quarantined emails For more information refer to Quarantine page 198 Delete Deletes blocked emails email Move to Moves the email to a folder on disk Key in the full folder path where to store blocked emails folder on disk IMPORTANT Actions always affect the whole email containing the blocked content even if there is other content such as attachments that do not trigger this rule GFI MailEssentials 7 Content Filtering 182 NOTE When GFI MailEssentials is installed on same machine as Microsoft Exchange 2003 GFI MailEssentials may not be able to block outbound emails but instead replaces the blocked content with a threat report 3 Select Send a sanitized copy of the original email to recipient s to choose whether to send a copy of the blocked email to the recipients but with the malicious content removed 4 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options option Description Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin ist
197. his option if you want GFI MailEssentials to check for and automatically download any updates updates and available for this engine download GFI MailEssentials 5 Email Security 101 8 Specify how often you want GFI MailEssentials to check download updates for this engine by spe cifying an interval value in hours 9 From Update options area select Enable email notifications upon successful updates to send an email notification to the administrator whenever the engine updates successfully NOTE An email notification is always sent when an update fails 10 To check for and download updates immediately click Download updates 11 Click Apply 5 4 2 Enabling Disabling Email Exploits 1 Go to Email Security gt Email Exploit Engine gt Exploit List Email Exploit a Email Exploit Engine Enable Selected Disable Selected ID Description 1 CLS ID File Extension High alert 2 Tframe within an HTML email Suspicious 3 Malformed File Extension High alert 4 Java ActiveX Component Exploit High alert 5 Mime header vulnerability High alert 6 ASX buffer overflow High alert T Document Open method Exploits Possible intrusion attempt 8 Popup Object exploit High alert 9 Object CODEBASE file execution High alert 10 Local file reading execution Suspicious 11 Java security vulnerability High alert mM 12
198. i Phishing Bayesian Analysis Antivirus definition files Trojan and executable scanner Email Exploit engine GFI MailEssentials downloads from the following locations http update gfi com http update gfisoftware com http support gfi com mailshell com spamrazer gfi com NOTE GFI MailEssentials can also be configured to download updates through a proxy server For more information refer to Proxy settings page 234 These ports are used for inter process communication No firewall configuration is required to allow connections to or from the remoting ports since all the GFI MailEssentials processes run on the same server NOTE Ensure that no other applications except GFI MailEssentials are listening on these ports If other applications are using this ports these ports can be changed For more information refer to Remoting ports page 267 This port is used in these scenarios Microsoft Exchange environment Required if the server running GFI MailEssentials does not have access cannot get list of users from Active Directory for example in a DMZ environment or other envir onments which do not use Active Directory Lotus Domino mail server environment Required to get email addresses from Lotus Domino server Other SMTP mail server environments Required to get email addresses from SMTP server 3 2 Pre installation actions Before installing GFI MailEssentials prepare y
199. iguration Go to General Settings gt Licensing and key in your license in the License key box Click Apply 10 6 1 License key information To review your license information including the subscription expiry date go to General Settings gt Licensing and review the details in the License key information Product Edition The edition of GFI MailEssentials depending on the type of subscription purchased Anti spam Enables the anti spam filtering functionality Security and anti malware scanning engines are disabled EmailSecurity Enables the security and anti malware scanning engines Anti spam filters are disabled UnifiedProtection Includes both the anti spam and email security functionality Anti spam Shows if anti spam functionality is licensed EmailSecurity Indicates whether the security and anti malware functionality is licensed Subscription The date when the subscription expires status When the license expires your email server will no longer be protected GFI MailEssentials stops scanning emails and stops downloading updates Number of The maximum number of users allowed by the purchased license licensed users Current number The number of users that are being protected by GFI MailEssentials of users 10 6 2 How to determine license requirements GFI MailEssentials counts the total mailboxes email addresses depending on the environment To determine the number of users in your environment go to http
200. ile in XML format Key in an entry to search for Matching entries are filtered in the list of blocklist entries 3 Click Actions tab to select the actions to perform on messages identified as spam For more inform ation refer to Spam Actions What to do with spam emails page 144 4 Click Apply Personal Blocklist The personal blocklist is an additional blocklist that compliments global blocklist Disabled by default the personal blocklist can be enabled for users to enable them to add specific email addresses to a personal blocklist that they can manage For more information refer to End User Actions page 20 For management purposes administrators can also remove specific email addresses that the users have added to their personal blocklist Enabling Disabling Personal Blocklist 1 Go to Anti Spam gt Email Blocklist GFI MailEssentials 6 Anti Spam 117 Blocklist Personal Blocklist Actions as View the users personalized blocklists V Enable personal email blocklist Personal Blocklist UserfAl o y E User Blocklisted Email E DOMAINA Administrator jmarvin domain com Screenshot 68 Personal blocklist 2 Select Personal Blocklist tab and select or unselect Enable personal email blocklist to enable or disable personal blocklist feature 3 Click Apply Removing emails from users personal blocklist 1 Go to Anti Spam gt Email Blocklist and select Personal Blocklist tab 2 From the User drop
201. iles that are processed by the virus scanner Virus Scan Queue Length Current number of outstanding requests that are queued for virus scanning Virus Scan Folders Scanned in Total number of folders that are processed by background scanning Background Virus Scan Messages Scanned in Total number of messages that are processed by background scanning Background GFI MailEssentials 11 Miscellaneous topics 272 12 GFI MailEssentials Multi Server Use the slideshow below for an introduction about the GFI MailEssentials Multi Install feature Use the controls and to navigate through the slides 12 1 Features synchronized by Multi Server GFI MailEssentials multi install performs the following actions Configuration synchronization All configuration settings that are set to be synchronized are retrieved from each server and merged together into a single list So for example if a whitelist on one machine has 10 whitelist entries while another machine has 20 entries on the whitelist with 5 of these entries being common to both machines the end result is a single merged whitelist list with 25 email addresses present on both machines 5 unique from the first machine 15 from the second machine and 5 common from both machines This applies for the following filters gt Global Whitelist gt Global Blocklist gt Personal Whitelist and Blocklist gt Auto Whitelist x x x Content filtering synchronization In the ca
202. ill present in the Services applet run the following command in command prompt sc delete lt Service Name gt For example run sc delete gfiasmsecatt if the GFI MailEssentials Legacy Attendant is still present 7 Open the system Registry Editor and delete the key Computer HKEY LOCAL _ MACHINE SOFTWARE GF 8 Copy the backup of GFI MailEssentials to where it was installed 9 Turn off the current node and start the next node Ensure all cluster services Exchange services and GFI MailEssentials services are up and running 10 Uninstall GFI MailEssentials 11 Open the Services applet to ensure that there are no GFI MailEssentials services which were not deleted For each service that is still present in the Services applet run the following command in command prompt sc delete lt Service Name gt For example run sc delete gfiasmsecatt if the GFI MailEssentials Legacy Attendant is still present 12 Repeat steps 7 to 11 for all remaining nodes 13 Delete the GFI MailEssentials installation folder and its backup From cluster administrator delete all GFI services 3 2 4 Lotus Domino Information on using GFI MailEssentials with Lotus Domino GFI MailEssentials 3 Installation 31 Lotus Domino incompatibilities Installation information for Lotus Domino Lotus Domino Anti Spam Folder Configuration Lotus Domino incompatibilities Internal memos emails are not scanned GFI MailEssentials d
203. ils Amount of emails in Bayesian database Legitimate emails HAM 46247 Spam emails 78367 If you rarely send and receive English emails then itis recommended to have a minimum of 3000 HAM and spam emails to ensure effective filtering If however you send and receive mostly English emails then a minimum recommendation of 2500 HAM and spam emails should be enough to ensure effective filtering Screenshot 79 Bayesian analysis properties 3 In the Updates tab configure the frequency of updates to the spam database by enabling Auto matically check for updates and configuring an hourly interval NOTE Click Download updates now to immediately download any updates NOTE You can download updates using a proxy server For more information refer to Proxy settings page 234 4 Click Actions tab to select the actions to perform on messages identified as spam For more inform ation refer to Spam Actions What to do with spam emails page 144 5 Click Apply NOTE GFI MailEssentials also provides a Bayesian Analysis wizard that enables you to train the Bayesian Analysis filter from a machine other than where GFI MailEssentials is installed For more information refer to Training the Bayesian Analysis filter page 289 GFI MailEssentials 6 Anti Spam 137 6 1 15 Whitelist NOTE Whitelist affects only Anti Spam filters and not email security and content filtering The Whitelist contains lists of criteria that iden
204. imer 3 In the General tab configure Disclaimer Key in a unique and friendly name for the disclaimer Name Disclaimer Choose to which user s to apply this disclaimer Type Domain disclaimer All emails sent from a domain will have the disclaimer added Select the domain from the Domain drop down list User Group disclaimer Click Search User Group to select a user or a group of users to whom the dis claimer is added for outbound emails If GFI MailEssentials is in Active Directory mode pick users or groups directly from Active Directory else specify the user s SMTP email address Disclaimer Select Top or Bottom option to configure if disclaimer should be located at the top or bottom of the email position GFI MailEssentials 9 Email Management 220 General HTML Plain Text Exclusions Eo Configure HTML disclaimer text amp character set conversion HTML Disclaimer Edity Inserty View Format Table Tools v B Z Font v Kind regards ad_initials ad_firstname ad_lastname ad_jobtitle ad_company ad_street _ ad citvl fad statel ad country l fad ziocodel p Select how the disclaimer should be set if the specified disclaimer is not representable in the email body s character set Convert to unicode UTF 8 Recommended O User HTML encoding Use character set of email body Screenshot 123 HTML Disclaimer 4 From the HTML tab use the HTML editor to create a cust
205. important settings rd page 43 It is also recommended to n the following settings that are not configured during the Post Installation wizard For more information refer to P n W Directory Harvesting This must be verified when importing to a server that connects to a dif ferent Active Directory or ud an Active Directory which is located on a different server For more information refer to L 1 Ha 1g page 112 Spam Actions Some spam actions are only available for Microsoft Exchange environments If importing settings to a different environment for Ample on an IIS PA actions will not work For more information refer to Spam A s Wha do with spam emails page 144 NOTE For more information on the settings to Toa after import refer to ME_Checklmpe GFI MailEssentials 11 Miscellaneous topics 264 11 10 Disabling email processing Disabling email processing disables all protection offered by GFI MailEssentials and enables all emails including spam and malicious emails to get to your user s mailboxes Email processing is typically disabled only for troubleshooting purposes To enable disable GFI MailEssentials from processing emails 1 Launch the GFI MailEssentials Switchboard from Start gt Programs gt GFI MailEssentials gt Switchboard and select Troubleshooting tab N GFI MailEssentials Switchboard Ul Mode Troubleshooting Tracing Quarantine Other
206. in an email and only one address can be specified as the command parameter The parameter is either a user email or a domain Example ADDBLIST spammer spam com Or ADDBLIST spammers org Bayesian filter commands Add spam email or valid email ham to the Bayesian filter database Available commands are ADDASSPAM Instructs Bayesian filter to classify email as spam ADDASGOODMAIL Instructs Bayesian filter to classify email as HAM NOTE These commands do not have parameters the content of the email is the parameter Remote command logging To keep track of changes made to the configuration database via remote commands each email with remote commands even if the email with remote commands was invalid is saved in lt GFI MailEssentials installation path gt GFI MailEssentials AntiSpam ADBRProcessed The file name of each email is formatted according to the following format lt sender email address gt SUCCESS lt timestamp gt eml in case of successful processing lt sender email address gt FAILED lt timestamp gt eml in case of failure NOTE Timestamp is formatted as yyyymmddhhmmss GFI MailEssentials 6 Anti Spam 157 6 7 SpamTag for Microsoft Outlook The GFI MailEssentials SpamTag Plugin is an addon for Microsoft Outlook that installs a toolbar on end users machines giving some control to users in management of spam emails The plugin also s
207. ines and content filtering rules Spam Emails blocked by anti spam filters 1 Choose Malware and Content tab or Spam tab to view quarantined emails for the specific quar antined email type The results page provides the following functions and details option Description Returns you to the previous screen Back GFI MailEssentials 8 Quarantine 206 Foption Description OOO Approve Enables you to approve a single or multiple emails For more information refer to Approving Quarantined Emails page 208 Delete Deletes a single or multiple emails For more information refer to Permanently Delete Quarantined Emails _ page 208 Rescan Rescans emails using current antivirus signatures which may be more up to date than the antivirus sig natures that quarantined the email in the first place Select one or more emails and click Rescan to res can Module The module that identified the email as to be quarantined Reason The reason rule that triggered the action to quarantine the email Sender The email address of the sender Recipients The email address of the recipient Subject The email subject as sent by the sender Date The date when email was quarantined Source The location from where the email was quarantined Item Enables selecting a source to filter the display with Available options are Source View all Information Store VSAPI Gateway SMTP Information Store Transport Page size En
208. information how to solve this issue refer to http go gfi com pageid ME_SpamChecklist Limit the amount of entries in the lists to 10 000 1 Ensure that your license key is valid 2 Ensure that the required ports are open and that your firewall is configured to allow connections from the GFI MailEssentials server For more information refer to Firewall port settings page 25 3 Ensure that if applicable proxy server settings for connection to Internet are correct To verify the operation of Greylist Step 1 Confirm that Greylist is enabled From the Greylist properties ensure that Enable Greylist is selected Step 2 Verify excluded addresses From the IP and Email exclusions in Greylist properties ensure that there are no incorrect exclusions such as com Step 3 Use esentutl exe to ensure the Greylist database is not corrupted For more information refer to http go gfi com pageid ME_esentutl Some Spam emails contain a fake SMTP FROM email address consisting of the same domain as the recipient This may seem as if the email is coming from a local user 1 Enable Sender Policy Framework from within SpamRazer anti spam filter to block emails originating from spoofed addresses For more information refer to SpamRazer page 107 2 Create an SPF record for your domain For more information refer to http go gfi com pageid ME_CreateSPFRecord 3 Ensure that SpamRazer is configure to run at a higher priority
209. ing and outgoing emails Topics in this chapter 9 1 Disclaimers l a aana sath ae cc so aaaeeeaa aaaeeeaa aoaaa aso aE ease datas seeoce td 219 9 2 PULO REDINCS oeieo bin te deuascetsade be nccseeede devon Mleuyeuiees ebb e a 223 9 3 List Servet ae ee Oe ROO ORE RS Te EEEE re AEE Ooo Oe ERODE UNS TOR rts ON MOE mM ERO TN te rm 224 9 4 Mail Monitoring 22 2 2 eee ccc ccc cc cece ec eeceeceeceeceeueeaceccecceccecceceeceeeeeeeneeeee 228 9 1 Disclaimers Disclaimers are standard content added to the bottom or top of outbound email for legal and or marketing reasons These assist companies in protecting themselves from potential legal threats resulting from the contents of an email and to add descriptions about the products services offered Configuring disclaimers Disabling and enabling disclaimers Sorting disclaimers by priority 9 1 1 Configuring Disclaimers To customize or create a new disclaimer 1 Go to Email Management gt Disclaimers 2 Click a disclaimer to edit its settings or click Add Disclaimer to create a new disclaimer GFI MailEssentials 9 Email Management 219 General HTML Plain Text Exclusions Configure disclaimer settings Disclaimer Name Provide a friendly name for this rule New Disclaimer Disclaimer Options Disclaimer Type Domain Disclaimer User Disclaimer Domain domaina tcv Specify position of disclaimer Bottom Screenshot 122 Adding a new discla
210. internal emails During installation or post install wizard GFI MailEssentials automatically imports local domains from the IIS SMTP service or Microsoft Exchange Server In some cases however local domains may have to be added manually IMPORTANT GFI MailEssentials only filter emails destined to local domains for spam Some rules filter are also based on the direction This is determined by the local domains To add or remove local domains after installation follow these steps 1 2 3 Go to General Settings gt Settings and select Local Domains tab Key in the name and description of the domain to add in the Domain and Description text boxes Click Add to include the stated domain in the Local domains list NOTE To remove a listed domain select it from the list and click Remove Click Apply GFI MailEssentials 10 General Settings 236 10 5 Managing local users GFI MailEssentials uses 3 ways to retrieve users depending on the installation environment NOTE The number of users retrieved is also used for licensing purposes 10 5 1 GFI MailEssentials installed in Active Directory mode When GFI MailEssentials is not installed on the same machine as your mail server and Active Directory is present then GFI MailEssentials retrieves mail enabled users from the Active Directory domain of which the GFI MailEssentials machine forms part 10 5 2 GFI MailEssentials installed on the Microsoft Exchange machine When GF
211. intervals for the time period selected The graph shows the number of timeline time graph processed legitimate malware content filtering and spam emails Scan statistics pie A graphical distribution of the total number of safe quarantined and failed emails for the time chart period selected Legend The legend shows the color used in graphs and the count of each category GFI MailEssentials 4 Monitoring status 56 4 1 2 Email processing logs Dashboard Logs Updates Y9 The Logs show all the email scanning activity in chronological order A Filters Recipient _ Modules All selected Show entries FF EEE F ee TE Fr EE G Date Time 07 09 2013 11 57 27 07 09 2013 11 41 04 07 09 2013 11 41 04 07 09 2013 11 41 04 07 09 2013 11 41 04 07 09 2013 11 41 03 07 09 2013 11 41 03 07 09 2013 11 41 02 07 09 2013 11 41 02 07 09 2013 11 41 01 Sender safe safesender com spam spam2domain c om spam spam2domain c om spam spam2domain c om spam spam2domain c om spam spam2domain c om spam spam2domain c om spam spam2domain c om spam spam2domain c om spam spam2domain c om Showing 1 to 10 of 1 809 entries Screenshot 25 Email processing logs Recipient s administrator domaina tev administrator domaina tev administrator domaina tev administrator domaina tev administrator domaina tev administrator domaina tev administrator domaina t
212. ion refer to Perimeter SMTP Server Settings page 231 Configuring IP DNS Blocklist 1 Go to Anti Spam gt Anti Spam Filters gt IP DNS Blocklist GFI MailEssentials 6 Anti Spam 120 General Actions iR IP DNS Blocklist Configuration V Check whether the sending mail server is on one of the following IP DNS Blocklist IP DNS Domain IP DNS list Name Status Priority bl spamcop net Enabled 1 t dul dnsbl sorbs net Disabled 2 Enable Selected Disable Selected Remove Selected Screenshot 70 IP DNS Blocklist 2 Configure the following options Foption Description Check whether the sending mail server ison Select to enable the IP DNS Blocklist filter one of the following IP DNS Blocklists Add IP DNS Blocklist If required add more IP DNS Blocklists to the ones already listed Key in the IP DNS Blocklist domain and click Add IP DNS Blocklist Enable Selected Select an IP DNS Blocklist and click Enable Selected to enable it Disable Selected Select an IP DNS Blocklist and click Disable Selected to disable it Remove Selected Select an IP DNS Blocklist and click Remove Selected to remove it 3 Click Actions tab to select the actions to perform on messages identified as spam For more inform ation refer to Spam Actions What to do with spam emails page 144 4 Click Apply NOTE To enable IP DNS Blocklist at SMTP Transmission Filtering level select Anti Spam gt Filter Priori
213. ions 1 From the Conditions list area within the Body or Subject tab select one or more conditions to export NOTE To find the conditions to export use the controls under the list of conditions to move between the pages listing the conditions 2 In the File Download screen click Save and select a folder where to save the export file To import conditions 1 From the Conditions list area within the Body or Subject tab key in the folder and filename of the file to import 2 Click Import 6 1 14 Bayesian Analysis An anti spam filter that can be trained to accurately determine if an email is spam based on past experience This manual also contains information how the Bayesian filter works and how it can be trained For more information refer to Appendix Bayesian Filtering page 288 The Bayesian Analysis filter is NOT enabled by default IMPORTANT Enable learning from outbound emails and allow at least a week for before enabling filter This is required because the Bayesian filter acquires its highest detection rate when it adapts to your email patterns Configuring the Bayesian filter Configuring the Bayesian filter requires 2 stages Stage 1 Training the Bayesian filter Stage 2 Enabling the Bayesian filter Stage 1 Training the Bayesian filter The Bayesian filter can be trained in two ways GFI MailEssentials 6 Anti Spam 135 Method 1 Automatically through outbound emails GFI MailEssentials proce
214. irebird database located in folder lt GFI MailEssentials installation path gt GFI MailEssentials data Go to Reporting gt Settings node and check or uncheck Enable Reporting to enable or disable reporting respectively 4 2 2 Generating a report 1 From GFI MailEssentials configuration go to GFI MailEssentials gt Reporting gt Reports GFI MailEssentials 4 Monitoring status 61 Report List Custom Reports pr Use this page to generate reports and select what data to show in the reports Reports lists Select report to generate Email Direction View Report Preview Description Reporting filtering Date filtering Custom FROM date Custom TO date 04 08 2013 02 09 2013 Email direction filtering All email directions inbound outbound internal Email address filtering 3 x Reporting grouping Grouping Group by Week Generate Save As Custom Screenshot 30 Creating a report 2 From the Report List tab configure the following report options GFI MailEssentials 4 Monitoring status 62 option Description Report type Select the type of report to generate Emails Blocked shows total emails blocked by anti spam and anti malware filters for each email direction Inbound Outbound and Internal out of all emails processed Emails Blocked Graph graphically shows total emails blocked by anti spam and anti malware fil ters for each email direction Inboun
215. ired sequence 7 2 Attachment Filtering Attachment Filtering allows you to set up rules to filter what types of email attachments to allow and block on the mail server A rule is composed of Attachment types to block Actions to take when a matching attachment is found The users to which a rule applies To configure attachment rules navigate to Content Filtering gt Attachment Filtering This page allows you to view create enable disable or delete rules 7 2 1 Creating an Attachment Filtering rule To create an Attachment filtering rule follow the steps listed below Step 1 Configuring basic rule settings and the terms to block Step 2 Configuring the actions to take on detected emails Step 3 Specifying the users to whom to apply this rule Step 1 Configuring basic rule settings and the terms to block 1 Navigate to Content Filtering gt Attachment Filtering node 2 Click Add Rule GFI MailEssentials 7 Content Filtering 179 General Actions Users Folders F Attachment Filtering Rule display name Rule name New Attachment Checking Rule Email checking Check inbound emails Check outbound emails Check internal emails Attachment blocking Block all Block this list E Do not block attachments smaller than the following size p ks Block all except this list Enter filenames with optional wildcards eg vbs eg lettervbs eg happy exe eg orders md
216. irements The machines where to install SpamTag must meet or exceed the following specifications Hardware Processor 1Ghz or more Memory Minimum 512MB Recommended 2GB Physical Storage 50MB physical storage dedicated for SpamTag Supported operating systems Windows 8 amp 8 1 Windows 7 Windows Vista Windows XP Windows Server 2012 Windows Server 2008 Windows Server 2003 Supported Microsoft Outlook Microsoft Outlook 2013 Versions Microsoft Outlook 2010 Microsoft Outlook 2007 Microsoft Outlook 2003 Connection with GFI MailEs SpamTag connects with GFI MailEssentials on port 80 over HTTP sentials To confirm connection from the client s browser ensure that you can open the GFI MailEssentials URL Other software Microsoft Net Framework 4 this is downloaded and installed automatically if not found 6 7 3 Installing SpamTag manually Run the SpamTag installer on client s machines to manually install SpamTag 1 Get the installer from lt GFI MailEssentials installation folder gt Outlook 2 Copy GFIMailEssentialsspamTag exe to the machine where to install SpamTag 3 Close Microsoft Outlook 4 Right click the installer and select Run as administrator 5 In the first screen select the language for the installation GFI MailEssentials 6 Anti Spam 161 GFI MailEssentials SpamTag Install the GFI MailEssentials Outlook Plugin The GFI MailEssentials Spam
217. irtual directory details 6 In the Web Server Setup dialog configure the following options NOTE Default settings are typically correct for most installations option f peseription lIS Website Select the website where you want to host the GFI MailEssentials virtual directories Configuration Path Specify a name for the GFI MailEssentials virtual directory RSS Path Specify a name for the GFI MailEssentials Quarantine RSS feeds virtual directory Click Next GFI MailEssentials 3 Installation 42 7 Select folder where to install GFI MailEssentials and click Next When the installation is an upgrade GFI MailEssentials installs in the same location as the previous installation 8 Click Install to start the installation process If you are prompted to restart the SMTP services click Yes 9 On completion click Finish NOTE For new installations setup automatically launches the Post Installation Wizard For more information refer to Post Installation Wizard page 43 3 3 3 Post Installation Wizard The post installation wizard loads automatically after installing GFI MailEssentials the first time It enables configuration of the most important settings of GFI MailEssentials 1 Click Next in the welcome page 2 Post Installation Wizard Of x DNS Server Specify the DNS server to be used for domain lookups The DNS server is used for domain look ups and by spam filters which query DNS blocklists Use the sa
218. isplay list of matching terms Use the Show Statistics button to view the total number of emails blocked per whitelist entry 1 Specify the full path and filename of the file to use for importing the previously exported data 2 Click Import to import entries Click Export to export current list of whitelist entry to an XML file 3 Select the Auto Whitelist tab to configure the following options option f peseription Populate Auto Whitel If selected destination email addresses of outbound emails are automatically added to the ist automatically Enable Email Auto Whitelist Maximum entries allowed in the Auto Whitelist auto whitelist Select this option to enable auto whitelist Senders of incoming emails are matched against the auto whitelist If the sender is present in the list the email is forwarded directly to the recipient s Inbox Specify the number entries allowed in Auto Whitelist When the limit specified is exceeded the oldest and least used entries are automatically replaced by the new entries NOTE Entering a value larger than the default value of 30 000 can negatively affect the performance of GFI MailEssentials 4 From the Keyword Whitelist tab specify keywords that flag emails as valid emails option Description O Enable email body keyword whitelist Select this option to check for keywords in the email body which qualify an email as valid Add keywords to the Body Keywords list
219. istSMTP 2 Greylist contains exclusion lists so that specific email addresses domains and IP addresses are not greylisted Exclusions must be configured when Emails originating from particular email addresses domains or IP addresses cannot be delayed Emails addressed to a particular local user cannot be delayed Configuring Greylist 1 Go to Anti Spam gt Anti Spam Filters gt Greylist 2 From the General tab select unselect Enable Greylist to enable disable Greylist GFI MailEssentials 6 Anti Spam 127 General Email Exclusions IP Exclusions Actions min g Configure email addresses which Greylist would not process Email Addresses Domains Select email domain address type From To Specify email domain address Add Emails Email list Email jm domain com Remove Options V Exclude email addresses and domains specified in Whitelist and Personal Whitelist Screenshot 74 Email Exclusions 3 Select Email exclusions tab to specify any email addresses or domains that you do not want to greylist In the Edit Addresses area specify full email address or emails from an entire domain for example trusteddomain com or an entire domain suffix for example mil or edu Also specify if the exclusion applies to senders select From gt or to the local recipients select To gt Example 1 Do not greylist emails if the recipient is administrator
220. it ing the text in the URL box NOTE It is recommended to test the settings manually by loading the URL in a web browser This should load an XML formatted file named services wsdl 3 Click Scan Now to automatically create the Public folders 4 Click Test if you are setting up IMAP WebDAV or Web Services On screen notification will confirm success failure If the test fails verify update credentials and re test 5 Click Apply Configure a dedicated user account for Microsoft Exchange Server 2003 For security reasons it is recommended that when GFI MailEssentials is installed in a DMZ a dedicated user account is created to retrieve scan emails from public folders 1 Create a new Active Directory AD user From the Microsoft Exchange System Manager expand Folders gt Public Folders node Right click GFI AntiSpam Folders public folder and select Properties 2 3 4 Click Permissions tab and select Client permissions 5 Click Add select new user and click OK 6 Select the new user from the client permissions list and from the provided list set its role to Owner Ensure that all checkboxes are selected and the radio buttons are set to All 7 Click OK to finalize your configuration 8 From the Microsoft Exchange System Manager right click GFI AntiSpam Folders and select All tasks gt Propagate settings NOTE For Microsoft Exchange Server 2003 SP2 right click GFI AntiSpam Folders and select Al
221. it compares capabilities of the executable to a database of malicious actions and rates the risk level of the file With the Trojan amp Executable scanner you can detect and block potentially dangerous unknown or one off Trojans before they compromise your network 5 3 1 Configuring the Trojan amp Executable Scanner 1 Go to Email Security gt Trojan amp Executable Scanner GFI MailEssentials 5 Email Security 95 General Actions Updates Q Trojan amp Executable Scanner V Enable Trojan amp Executable scanner Email checking W Scan Inbound SMTP Email V Scan Outbound SMTP Email Security settings GFI MailEssentials rates executables according to their risk level Select the level of security to use High Security Quarantines almost all executables If the executable contains any signature it will get quarantined Medium Security Quarantines suspicious executables If the executable contains 1 high risk signature or a combination of high risk and low risk signatures it will get quarantined Low Security Quarantines executables that are most probably malicious If the executable contains atleast 1 high risk signature it will get quarantined Screenshot 54 Trojan and Executable Scanner General Tab 2 Select Enable Trojan amp Executable Scanner to activate this filter 3 In Email checking area specify the emails to check for Trojans and other malicious executables by selectin
222. itten could grow to a substantial size on disk Click the button below to delete the tracing logs Clear Tracing Logs Screenshot 140 Configuring Tracing options 2 Select or unselect Tracing enabled to enable or disable logging respectively NOTE Some services are temporarily stopped while performing this operation This may affect mail flow and or email scanning 3 Click Yes to restart the displayed services GFI MailEssentials 11 Miscellaneous topics 251 4 Click OK Clear Tracing Logs To delete all Tracing logs 1 Launch the GFI MailEssentials Switchboard from Start gt Programs gt GFI MailEssentials gt Switchboard and select Tracing tab NOTE Some services are temporarily stopped while performing this operation This may affect mail flow and or email scanning 2 Click Clear Tracing Logs and click Yes to restart the displayed services 3 Click OK when completed 11 6 POP2Exchange Download emails from POP3 server POP2Exchange downloads emails from a POP3 server processes them and sends them to the local mail server The recommendation for GFI MailEssentials is to if possible avoid using POP3 and to use SMTP since POP3 is designed for email clients and not for mail servers Notwithstanding this fact and to cater for situations where a static IP address required by SMTP is not available GFI MailEssentials can use POP3 to retrieve email 11 6 1 Configuring POP3 downloader 1 Go to POP2Exc
223. ity product GFI MailEssentials Online sentials Online For more information refer to http go gfi com pageid ME_MAXMPME 3 Click Apply 10 1 Administrator email address GFI MailEssentials sends important notifications to the administrator via email To set up the administrator s email address 1 From the GFI MailEssentials Configuration navigate to General Settings gt Settings and select the General tab Administrator email Enter the administrators email address in the field below Notifications sent to the administrator will be sentto this email address Administrator Email Administrator domaina tcv NOTE GFI MailEssentials will communicate this email address to the GFI servers GFI will only use this email address to send important GFI MailEssentials notices directly to the administrator Screenshot 128 Specifying the administrator s email address 2 Key in the administrator s email address in the Administrator email area 3 Click Apply 10 2 Enabling Disabling scanning modules From GFI MailEssentials you can enable or disable particular email scanning modules This allows switching on and off scanning engines or filters in batch NOTE This feature enables or disables particular scanning engines only Disabled engines do not process inbound outbound and or internal emails All other features of GFI MailEssentials such as the quarantine store is still functional 1 From the GFI MailEssentials
224. kbox 5 Specify the refresh interval in minutes in the Refresh feed content every text box The default value is 10 minutes 6 Specify the maximum number of items you want the feed to include in the Feed should contain at most text box The default value is 100 items NOTE You can change the URL of an RSS feed by clicking Reset Feed URL To change the URL of all enabled RSS feeds click Edit to the right of the OPML entry and click Reset all the URLs When changing URL s ensure to update all present subscriptions accordingly Reset feed url should be done in case of unauthorized access 7 Click Apply 8 5 2 Subscribing to Quarantine RSS feeds Subscribing to all enabled Quarantine RSS feeds 1 Navigate to GFI MailEssentials gt Quarantine gt Quarantine RSS Feeds 2 In the RSS Feeds area right click on icon and click Copy Shortcut to copy the RSS feed URL 3 Use the copied URL in your RSS Feed Reader application to create a new RSS feed subscription Subscribing to a search folder Quarantine RSS feed To subscribe to an RSS feed of a default or custom search folder 1 Navigate to GFI MailEssentials gt Quarantine gt Quarantine RSS Feeds 2 In the RSS Feeds area right click on icon next to the search folder to subscribe to and click Copy Shortcut to copy the RSS feed URL 3 Use the copied URL in your RSS Feed Reader application to create a new RSS feed subscription 8 5 3 Securing access to the GFI MailEssentials Quara
225. known or for which there is no published data For more information on Advanced SPF filtering refer to http go gfi com pageid ME_SPFfilter 4 Select IP Exceptions or Email Exceptions tab to configure IP addresses and or recipients to exclude from SPF checks IP exception list Entries in this list automatically pass SPF checks Select IP Exception List check box add a new IP address and description and click Add To remove entries select entries from the list and click Remove Selected To disable the IP exception list unselect IP Exception List checkbox NOTE When adding IP addresses to the IP exception list you can also add a range of IP addresses using the CIDR notation Email exception list This option ensures that certain email senders or recipients are excluded from SPF checking even if the messages are rejected Select Email Exception List checkbox add a new email address and description and click Add To remove entries select entries from the list and click Remove Selected To disable the Email exception list unselect Email Exception List checkbox An email address can be entered in any of the following three ways e local part abuse matches abuse abc com abuse xyz com etc e domain abc com matches john abc com jill abc com etc e complete joe abc com only matches joe abc com 5 Click Actions tab to select the actions to perform on messages identifie
226. l Security 93 Information Store Virus Scanning VSAPI Settings E Configures VSAPI Settings Microsoft Exchange Virus Scanning API VSAPI settings Enable background scanning Enabling background scanning causes all Information Store contents to be scanned Exchange Server might become very busy during this process depending on the size of the Information Store Itis therefore recommended to enable it during times of low server activty typically at night On access scanning New items in the Information Store are scanned through VSAPI as they are accessed New email messages are therefore scanned as they are accessed by the email client This means that there might be a short delay before the email client displays the contents of anew message Pro active scanning When a new item is submitted to the Information Store itis immediately added to a scan queue Ifthe new item is accessed while still in the scanning queue itis allocated a higher priority for scanning This is the recommended setting since it causes the Information Store to attempt scanning of an item on receipt doing away as much as possible with delays associated with on access scanning Screenshot 53 VSAPI Settings 3 Optional Select Enable background scanning to run Information Store Scanning in the back ground WARNING Background scanning causes all the contents of the Information Store to be scanned This can result in a high pro
227. l emails GFI MailEssentials Select this option to scan incoming emails Select this option to scan outgoing emails Select this option to scan internal emails NOTE This option is only available when GFI MailEssentials is installed on the Microsoft Exchange server 7 Content Filtering 187 Step 2 Configuring the actions to take on detected emails 1 From the Actions tab configure what happens when this rule is triggered General Actions Users Folders S Attachment Filtering Actions Actions Block attachment and perform this action Quarantine email Delete email Move to folder on disk Loo Rh C Send a sanitized copy ofthe original email to recipient s Notification options v Notify administrator Notify local user lt Logging options Log rule occurrence to this file PT Screenshot 105 Actions Tab 2 To block an email that matches the rule conditions select Block email and perform this action and select one of the following options Quarantine Stores blocked emails in the Quarantine Store You can subsequently review approve delete all the email quarantined emails For more information refer to Quarantine page 198 Delete Deletes blocked emails email Move to Moves the email to a folder on disk Key in the full folder path where to store blocked emails folder on disk IMPORTANT Actions always affect the whole email containing the blocked content
228. l in question is spam NOTES 1 In Microsoft Outlook dragging and dropping email moves the email to the selected folder To retain a copy of the email hold down the CTRL key to copy the email rather than moving it 2 Detailed information how to create the GFI AntiSpam folders is included in this manual For more information refer to Enabling Public Folder Scanning page 166 Adding senders to the Email Blocklist 1 In the public folders of the mail client example Microsoft Outlook locate the GFI AntiSpam Folders gt Add to blocklist public folder 2 Drag and drop emails to the Add to blocklist public folder GFI MailEssentials 6 Anti Spam 170 Use spam emails to teach the Bayesian filter 1 In the public folders of the mail client example Microsoft Outlook locate the GFI AntiSpam Folders gt This is spam email public folder 2 Drag and drop the spam email to the This is spam email folder GFI MailEssentials 6 Anti Spam 171 7 Content Filtering Content Filtering engines enable administrators to control the content of emails These engines scan the content of emails and attachments and block emails containing content matching the content filtering rules Topics in this chapter 7 1 Keyword Filtering occ sess egos ue eco rescence ota ost teeceadlgs bat aoaaa oaan eae 172 7 2 Attachment Filtering 20 20 00 cece ccc cnccecceceececceceeeseteeesteeeaee 179 7 3 Advanced Content Filtering
229. l local recipients about the blocked email user 7 To log the activity of this engine to a log file select Log occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are stored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log General Actions Updates Q Configure the Automatic Updates For This Profile Automatic update options Configure the automatic update options W Automatically check for updates Downloading option Check for updates and download Y Download time interval hour s Last update 06 04 2014 18 35 42 Update options Enable email notifications upon successful updates NOTE Notifications for unsuccessful updates will always be sent Click the button below to force the updater service to download the most recent updates Download updates Update Status No updates currently in progress Screenshot 45 Engine Updates tab GFI MailEssentials 5 Email Security 83 8 From Updates tab select Automatically check for updates to enable automatic updating for the selected engine 9 From Downloading option list select one of the following options Foption Description Only check for Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates updates are available for
230. l tasks gt Manage Settings option GFI MailEssentials 6 Anti Spam 167 9 Select Folder rights or Modify client permissions and click OK or Next 10 Specify the credentials of the new power user account created in step 1 and test the setup to ensure permissions are correct Configure a dedicated user account for Microsoft Exchange Server 2007 2010 When configuring a dedicated user account to retrieve the emails from the GFI AntiSpam Public folders the user would need to have owner access rights on the GFI AntiSpam Public Folders 1 Create a new Active Directory AD power user 2 Logon to the Microsoft Exchange Server using administrative privileges 3 Open Microsoft Exchange Management Shell and key in following command Get PublicFolder Identity GFI AntiSpam Folders Recurse ForEach Object Add PublicProlderClientPermission Identity Identity User USERNAME AccessRights owner Server SERVERNAME Change USERNAME and SERVERNAME to the relevant details of the Active Directory user in question Example Get PublicFolder Identity GFI AntiSpam Folders Recurse ForEach Object Add PublicFolderClientPermission Identity Identity User mesuser AccessRights owner Server exch07 Hiding user posts in GFI AntiSpam Folders For privacy and security purposes it is highly recommende
231. lEssentials may not be able to block outbound emails but instead replaces the blocked content with a threat report 3 Select Send a sanitized copy of the original email to recipient s to choose whether to send a copy of the blocked email to the recipients but with the malicious content removed 4 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options Foption Description Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin istrator istrator email address page 233 Notify local Notify the email local recipients about the blocked email user 5 To log the activity of this engine to a log file select Log occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are stored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log Step 4 Specifying users to whom this rule applies 1 By default the rule is applied to all email users GFI MailEssentials however allows you to apply this rule to a custom list of email users specified in the Users Folders tab GFI MailEssentials 7 Content Filtering 176 General Body Subject Actions Users Folders Oy Keyword Filtering Users Folders Please select users this ru
232. le will apply to Only this list All except this list Remove Screenshot 98 Content Filtering Users Folders Tab 2 Specify the users to apply this rule to Only this list Apply this rule to a custom list of email users groups or public folders All except this list Apply this rule to all email users except for the users groups or public folders specified in the list 3 To add email users user groups and or public folders to the list click Add User Lookups ga Select User Group Name Email Address Email Aliases E John Smith jsmith domaina tcv No other aliases Screenshot 99 Add users to a Content Filtering rule GFI MailEssentials 7 Content Filtering 177 4 In the User Lookups window specify the name of the email user user group or public folder that you wish to add to the list and click Check Names Matching users groups or public folders are listed underneath NOTE You do not need to input the full name of the users groups or public folder It is enough to enter part of the name GFI MailEssentials will list all the names that contain the specified characters For example if you input sco GFI MailEssentials will return names such as Scott Adams and Freeman Prescott if they are available 5 Select the check box next to the name s that you want to add to the list and click OK NOTE To remove entries from the list select the user user group public folder you want to remove and click
233. les auto replies only for emails containing specific text in the subject field contains Auto Reply Specify an email address in case where an auto reply is required from a different email address other from than the email address to which the inbound email was addressed to Auto Reply Specify the subject of the auto reply email subject 4 In Auto Reply text specify the text to display in the auto reply email NOTE Import auto reply text from a text file via the Import button Click Export to download auto reply text to a text file GFI MailEssentials 9 Email Management 223 Insert Variable x Date Field From Email Field From Name Field Subject Field Add Ms Screenshot 125 Variables dialog 5 Click Variable to personalize auto replies using variables Select variable field to insert and click OK Available variables are option Description Date Field Inserts the email sent date From Email Field Insert sender email address From Name Field Inserts the display name of the sender Subject Field Inserts email subject To Email Field Inserts the recipient s email address To Name Field Inserts the recipient s display name Tracking Number Inserts tracking number if generated 6 In Attachments area select any attachments to send with the auto reply email Specify the loc ation of the attachment and click Add Remove attachments using Remove 7 In Other Settings configure option Description G
234. llaneous topics 253 option peseription Login Specify the credentials to login to the POP3 mailbox amp Password Alternate If the emails in the mailbox are addressed to a recipient that is not on one of the GFI MailEssentials local address domains emails will be routed to this address Ensure that this is a local address configured on the mail server and protected by GFI MailEssentials Send mail Choose to Address stored in To field GFI MailEssentials analyzes the email header and routes the email accordingly If email analyzing fails email is sent to the email address specified in the Alternate address field Alternate address GFI MailEssentials does not analyze the email headers and all emails from this mailbox are forwarded to email address configured in Alternate address 4 Click Add to add the POP3 server details Select an added POP3 Server and click Update to replace it with the newly entered settings 5 Repeat the steps above to add multiple POP3 servers 6 In POP3 Options configure option T peseription Check every minutes Specify the download interval in minutes Do not download mails larger Specify a maximum download size in KBytes If email exceeds this size it will not be than downloaded If mail is larger then Choose to delete email larger than the maximum allowed size or send a message to the postmaster 8 Click Apply 11 6 2 Configure dial up connection options 1 Go to POP2Ex
235. ls data reports fdb New Database Settings Database type Firebird SQL Server Enter a valid path to an existing database below or specify a new location ilename to have anew database created automatically File Program Files x86 GFI MailEssentials data reports fdb Screenshot 34 Configuring a Firebird database backend 1 Navigate to Reporting gt Settings 2 Select Firebird 3 Key in the complete path including file name and fdb extension of the database file If you only specify a file name the database file is created in the following default path lt GFI MailEssentials installation path gt GFI MailEssentials data 4 Click Apply GFI MailEssentials 4 Monitoring status 69 NOTE An email notification is sent to the administrator when the database reaches 7GB since this may impact performance If this is the case it is recommended to use Auto Purging to remove emails older than a particular date Configuring a Microsoft SQL Server database backend 1 Create a new database in Microsoft SQL Server 2 Create a dedicated user login in Microsoft SQL Server mapped to the newly created database Grant the user full access to all server and database roles and permissions 3 In GFI MailEssentials navigate to Reporting gt Settings New Database Settings Database type Firebird SQL Serer SQL server reporting Detected server DBServeniSQL 2 Manually specified server
236. ls that are purposely composed in such a way that they are blocked by GFI MailEssentials Step 1 Create a Content Filtering rule 1 Launch the GFI MailEssentials console 2 Go to GFI MailEssentials gt Content Filtering gt Keyword Filtering node 3 Click Add Rule GFI MailEssentials 3 Installation 50 General Body Subject Actions Users Folders Dj Keyword Filtering Rule name Provide a friendly name for this rule New Keyword Filtering Rule Email checking Select to which emails this rule applies V Inbound emails V Outbound emails V Internal emails PGP Encryption This rule can be setto block any PGP encrypted mail Enable or disable this option below E Block PGP encrypted emails Screenshot 19 Creating a test rule on Keyword filtering 4 In Rule name type Test Rule 5 From the Subject tab select Block emails if content is found matching these conditions message subject 6 In Edit Condition type Threat test and click Add Condition 7 From Actions tab enable Block email and perform this action and select Quarantine email 8 Click Apply to save the rule Step 2 Send an inbound test email 1 From an external email account create a new email and type Threat test as the subject 2 Send the email to one of your internal email accounts Step 3 Send an outbound test email 1 From an internal email account create a new email and type Threat test as the subject 2 Send the email to
237. m For more inform ation refer to Spam Actions What to do with spam emails page 144 6 Click Apply 6 1 12 Header Checking The Header Checking filter analyses the email header to identify spam emails Configuring Header Checking 1 Go to Anti Spam gt Anti Spam Filters gt Header Checking GFI MailEssentials 6 Anti Spam 130 General Languages Actions Qi Specify which checks to perform on email headers Email and IP Addresses Check ifthe email header contains an empty MIME FROM field Check if the email header contains a malformed MIME FROM field F Maximum number of recipients allowed in email Check ifthe email headers contain different SMTP TO and MIME TO fields Verify if sender domain is valid performs DNS lookup on MIME FROM F Maximum numbers allowed in the first part of the MIME FROM field eg joe31516u9 domain com A Check if email contains encoded IP addresses SMTP fields are specified by the SMTP server whereas MIME fields are specified by the client Content Related E Check if email contains remote images only Minimum HTML body size i2 Joves E Check if email contains GIF images E Check if email contains attachment spam Subject E Check ifthe email subject contains the first part of the recipient email address Email exception list Screenshot 76 Header checking options 2 Enable disable or c
238. m gt Anti Spam Settings go to Remote Commands tab and select Enable remote commands 2 Edit the email address to which remote commands should be sent to GFI MailEssentials 6 Anti Spam 155 NOTE The email address should NOT be a local domain The default address is rcommands mailessentials com A mailbox for the configured address does not need to exist but the domain part of the address must consist of a real email address domain that returns a positive result to an MX record lookup via DNS This can also be a public email account that you can manage for example Gmail or Yahoo mail 3 Optionally configure some basic security for remote commands A shared password to include in the email For more information refer to Using remote commands page 156 Which users are allowed to send emails with remote commands 4 Click Apply Using remote commands Remote commands can be sent via email to GFI MailEssentials from an email client within the domain Conditions for sending remote commands The email must be in Plain Text format The subject of the email is ignored The following syntax must be used for all commands lt command name gt lt parameterl gt lt parameter2 gt lt parameter3 gt For example ADDBLIST spammer spam com There can be more than one command in the body of an email with each command separated by a semi colon Ifa password is configured for remote c
239. mails have never been sent before 2 5 Typical deployment scenarios This chapter explains the different scenarios how GFI MailEssentials can be installed and configured 2 5 1 Installing directly on Microsoft Exchange server y A GFI MailEssentials Figure 1 Installing GFI MailEssentials on your Microsoft Exchange server You can install GFI MailEssentials directly on Microsoft Exchange Server 2003 or later without any additional configuration In Microsoft Exchange 2007 2010 environments GFI MailEssentials can only be installed on the servers with the following roles Edge Server Role or Hub Transport Role or Hub Transport and Mailbox Roles with this configuration GFI MailEssentials can also scan internal emails for viruses In Microsoft Exchange 2013 GFI MailEssentials can only be installed on the servers with the following roles Edge Transport role or Mailbox role GFI MailEssentials 2 About GFI MailEssentials 18 NOTE GFI MailEssentials supports a number of mail servers but can only be installed on the same machine as Microsoft Exchange For other mail servers for example Lotus Domino install GFI MailEssentials on a separate machine 2 5 2 Installing on an email gateway or relay perimeter server gt X ED ia g GFI MailEssentials P Figure 2 Installing GFI MailEssentials on a mail gateway relay server This setup is commonly used to filter spam on
240. mation Store VSAPI items Notification options Notify administrator Notify local user Logging options is Log occurrence to this file C Program Files x86 GFI MailEssentials EmailSecurity logs vipre log Screenshot 50 Virus scanning engine actions 6 From Actions tab choose the action to take when an email is blocked Quarantine email Stores all infected emails detected by the selected Virus Scanning Engine in the Quarantine Store You can subsequently review approve delete all the quarantined emails For more information refer to Quarantine page 198 Delete email Deletes infected emails GFI MailEssentials 5 Email Security 89 Send a sanitized copy Choose whether to send a sanitized copy of the blocked email to the recipients of the original email to recipient s 7 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options Foption Description Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin istrator istrator email address page 233 Notify local Notify the email local recipients about the blocked email user 8 To log the activity of this engine to a log file select Log occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are st
241. me DNS server used by this server Usean alternate DNS Server m Test Screenshot 14 DNS Server settings 2 In the DNS Server dialog select Use the same DNS server used Select this option to use the same DNS server that is used by the operating system by this server where GFI MailEssentials is installed Use an alternate DNS server Select this option to specify a custom DNS server IP address Click Test to test connection with the specified DNS server If test is unsuccessful specify another DNS server Click Next GFI MailEssentials 3 Installation 43 2 GFI MailEssentials Post Installation Wizard Sle Es Proxy Settings Specify how this server connects to the Internet GFI MailEssentials requires a connection to the internet to download anti spam and anti malware updates This machine connects directly to the internet This machine connects to the internet through a proxy server Screenshot 15 Proxy settings 3 In the Proxy Settings dialog specify how GFI MailEssentials connects to the Internet If the server connects through a proxy server click Configure proxy server and specify proxy settings Click Next 0 GFI MailEssentials Post Installation Wizard Inbound email domains Specify the email domains GF MailEssentials should treat as inbound Add all inbound email domains in which you recieve email E g If your email address is user afi com add gfi com masterd
242. me with optional wildcards text box and click Add Repeat this step for all filenames and or attachment types to exclude NOTE When specifying filenames and or attachment types you can use asterisk wildcards For example specifying orders mdb refers to all files of type mdb that contain the string orders in the file name Specifying jpg will block all images of type jpg NOTE To remove an entry from the list select it and click Remove Selected 6 You can also block attachments that have a size bigger than a particular size To enable this option from the Options area select Block all attachments greater than the following size in KB and specify the maximum attachment size in KB NOTE This feature blocks all attachments with a file size bigger than the one specified irrespective if the attachment matches an entry in the Attachment blocking list Step 2 Configuring the actions to take on detected emails 1 Click the Actions tab to configure what happens when this rule is triggered GFI MailEssentials 7 Content Filtering 181 General Actions Users Folders D Attachment Filtering Actions Actions Block attachment and perform this action Quarantine email Delete email Move to folder on disk E Send a sanitized copy of the original email to recipient s Notification options lt Notify administrator Notify local user lt Logging options T Log rule occurrence to t
243. move users from the subscription list table when unsubscribing from the list and not just flag them as unsubscribed select Delete from database when user unsubscribes checkbox 4 Click Apply Importing subscribers to the list database structure When a new newsletter or discussion list is created a table called listhame_subscribers with the following fields is created in the database To import data into the list populate the database with data in the following fields Ls_id Varchar 100 Subscriber ID Ls_first Varchar 250 First name Ls_last Varchar 250 Last name Ls_email Varchar 250 Email Ls_unsubscribed Int 0 NOT NULL Unsubscribe flag Ls_company Varchar 250 Company name 9 4 Mail Monitoring Mail monitoring enables copying emails sent to or from a particular local email address to another email address This enables the creation of central store of email communications for particular persons or departments GFI MailEssentials 9 Email Management 228 9 4 1 Adding new Mail Monitoring rules 1 Go to Email management gt Mail Monitoring 2 Click Add Rule 3 From the General tab configure the following options option Description Mail Monitor Name Key in a friendly mail monitoring rule name Inbound or Outbound Select whether to apply rule to inbound or outbound emails Copy monitored email to The destination email address or mailbox where to copy the emails to Select Email user or email address Address to
244. mydomain com so that any emails sent to administrator mydomain com are never delayed GFI MailEssentials 6 Anti Spam 128 Example 2 Do not greylist emails if the sender s domain is trusteddomain com trusted domain com so that emails received from domain trusteddomain com are never delayed Click Add emails to add the exclusion NOTE To exclude whitelisted and auto whitelisted email addresses and domains from being greylisted and delayed select Exclude email addresses and domains specified in Whitelist 4 Select the IP exclusions tab to specify any IP addresses to exclude from being greylisted Click Add IPs and specify an IP to exclude 5 To exclude whitelisted IP addresses from being greylisted and delayed select Exclude IP addresses specified in Whitelist 6 To log Greylist occurrences to a log file click Actions tab and select Log rule occurrence to this file NOTE Log files may become very large GFI MailEssentials supports log rotation where new log files are created periodically or when the log file reaches a specific size To enable log file rotation navigate to Anti Spam gt Anti Spam Settings Select Anti spam logging tab check Enable log file rotation and specify the rotation condition 7 Click Apply 6 1 11 Language Detection Determines the language of the email body text and configurable to block certain languages GFI MailEssentials takes a portion of the email body message and compares it t
245. n 9 1 3 Sorting disclaimers by priority The order in which disclaimers are applied to outbound messages can be customized If multiple disclaimers are enabled and applied to the same user the disclaimer with the higher is applied to that user To customize the priority of disclaimers 1 Go to Email Management gt Disclaimers 2 Next to the disclaimer to change priority click up button to assign a higher priority or click down button to assign a lower priority GFI MailEssentials 9 Email Management 222 9 2 Auto Replies Auto replies enable the sending of automated replies to specific inbound emails A different auto reply for each email address or subject can be specified Variables can also be used in an auto reply to personalize emails To enable auto replies go to Email Management gt Auto Replies and select Enable Auto Replies 9 2 1 Configuring auto replies 1 Go to Email Management gt Auto Replies 2 Click Add Auto Reply Auto Reply Settings When email is sent to O O E andsubjectcontainss D lt SSS Auto Reply from E DoS Ee Screenshot 124 Auto reply settings 3 In Auto Reply Settings configure the following options Foption Description When email Key in the email address that sends auto replies when receiving emails is sent to Example If sales master domain com is used senders sending to this email address will receive an auto reply and subject This option enab
246. n Enable Directory Harvesting Directory harvesting attacks occur when spammers try to guess email addresses by attaching well known usernames to your domain The majority of the email addresses are non existent This filter is enabled by default if GFI MailEssentials is installed in an Active Directory Environment For more information refer to Directory Harvesting page 112 Enable Greylist The Greylist filter temporarily blocks incoming emails received from unknown senders Legitimate mail systems typically try to send the email after a few minutes spammers simply ignore such error messages This filter is not enabled by default For more inform ation refer to Greylist page 127 For more information refer to Greylist page 127 Configure Whitelists The Whitelist contains lists of criteria that identify legitimate email Emails that match these criteria are not scanned by anti spam filters and are always delivered to the recip ient For more information refer to Whitelist page 138 Test your installation After configuring all post install actions GFI MailEssentials is ready to start protecting and filtering your mail system from malicious and spam emails Test your installation to ensure that GFI MailEssentials is working properly For more information refer to Test your installation page 50 3 5 1 Add engines to the Windows DEP Exception List Data Execution Prevention DEP is a set of hardware and software technologies that perfo
247. ncludes answers to the most common problems GFI SkyNet always has the most up to date listing of technical support questions and patches In case that the information in this guide does not solve your problems next refer to GFI SkyNet by visiting http kb gfi com 13 6 Web Forum User to user technical support is available via the GFI web forum Access the web forum by visiting http forums gfi com GFI MailEssentials 13 Troubleshooting and support 286 13 7 Request technical support If none of the resources listed above enable you to solve your issues contact the GFI Technical Support team by filling in an online support request form or by phone Online Fill out the support request form and follow the instructions on this page closely to submit your support request on http support gfi com supportrequestform asp Phone To obtain the correct technical support phone number for your region visit http www g fi com company contact htm NOTE Before contacting Technical Support have your Customer ID available Your Customer ID is the online account number that is assigned to you when first registering your license keys in the GFI Customer Area at http customers gfi com We will answer your query within 24 hours or less depending on your time zone 13 8 Documentation If this manual does not satisfy your expectations or if you think that this documentation can be improved in any way let us know via email on
248. nd SMTP emails Scan and sanitize HTML scripts from all incoming emails Scan outbound SMTP emails Scan and sanitize HTML scripts from all outgoing emails 4 Click Apply 5 5 2 HTML Sanitizer Whitelist The HTML Sanitizer Whitelist can be configured to exclude emails received from specific senders NOTE To exclude specific IP Addresses or domains use the HTML Sanitizer Domain IP Exclusions feature For more information refer to HTML Sanitizer page 103 To manage senders in the HTML Sanitizer Whitelist GFI MailEssentials 5 Email Security 103 1 Navigate to Email Security gt HTML Sanitizer and select Whitelist tab HTML Sanitizer Whitelist Domain IP Exclusions g Whitelist This Whitelist enables you to exclude emails received from specific senders from being processed bythe HTML Sanitizer Whitelist Whitelist entry Remove A examples sender domain com domain com domain com Screenshot 61 HTML Sanitizer Whitelist page 2 In Whitelist entry key in an email address an email domain for example domain com or an email sub domain for example domain com and click Add NOTE To remove an entry from the HTML Sanitizer whitelist select an entry and click Remove 3 Click Apply 5 5 3 HTML Santizer Domain IP Exclusions The HTML Santizer Domain IP Exclusions feature enables administrators to specify IP addresses or domains to exclude from HTML Sanitizer This will not simply use an IP addr
249. nd anti spam engine updates Dashboard Logs Updates Events POP2Exchange KR GFI MailEssentials checks for and downloads updates for anti virus engines and for spam filters A Anti Virus Definition Updates Anti virus engine Last Update Status Q VIPRE AntiVirus Never S Downloading in progress A BitDefender AntiVirus Never 2 Downloading in progress n No updates currently in progress last update K Kaspersky AntiVirus Never g failed R Aua ANAG R Q No updates currently in progress last update failed M ARa ANNAE eer g No updates currently in progress last update failed Update all engines A Anti Spam Definition Updates Anti spam engine Last Update Status ta Spanar 14 04 2014 18 25 54 g No updates currently in progress last update 2 ae succeeded ARAPE i Pe No updates currently in progress last update Anti Phishing 14 04 2014 16 16 55 g failed le Bayesian 44 04 2014 15 35 45 g No updates currently in progress last update failed Update all engines Screenshot 27 Virus scanning engines updates The updates of antivirus and antispam scanning engines can be monitored from a central page Go to GFI MailEssentials gt Dashboard and select the Updates tab to review the status and dates when scanning engines were last updated Click Update all engines to check for and download all updates The updates are checked for and downloaded as configured in the engines configuration pages Go to the configuration page of eac
250. nd specify where to place the tag Prepend to subject insert the specified tag at the start i e as a prefix of the email subject text Example SPAM Free Web Mail Append to subject insert the specified tag at the end i e as a suffix of the email subject text Example Free Web Mail SPAM Add tag in an X header Add the specified tag as a new X header to the email In this case the X Header will have the following format e X GFIME SPAM TAG TEXT e X GFIME SPAM REASON REASON Example X GFIME SPAM This is SPAM X GFIME SPAM REASON IP DNS Blocklist Check failed Sent from Blocklisted Domain NOTE Rules manager can be used to move emails when this feature is used GFI MailEssentials 6 Anti Spam 146 Append If this option is enabled the name of the filter which blocked the email and the reason for blocking are block appended to the subject of the blocked email reason to email sub ject Log rule Log the spam email occurrence to a log file of your choice By default log files are stored in occurrence lt GFI MailEssentials installation to this file path gt GFI MailEssentials AntiSpam Logs lt filtername gt log NOTE Log files may become very large GFI MailEssentials enables log rotation where new log files are created periodically or when the log file reaches a specific size To enable log file rotation navigate to Anti Spam gt Anti Spam Settings Select Anti spam logging tab
251. nding to GFI MailEssentials Screenshot 69 IP Blocklist 2 From the General tab select Enable IP Blocklist to block all emails received from specific IP addresses 3 In the IP Blocklist Entry box specify the IP addresses to block Single computer CIDR Key in a single IP address or a range of IP addresses using CIDR notation Group of computers Specify the Subnet Address and Subnet Mask of the group of IPs to whitelist 2 Optional Add a Description 3 Click Add Description Optionally add a description to help identify the specified IPs GFI MailEssentials 6 Anti Spam 119 4 Click Add to add the specified IP addresses to the IP Blocklist box 5 To delete IP addresses from the IP Blocklist select the addresses to remove and click Remove 6 Click Actions tab to select the actions to perform on messages identified as spam For more inform ation refer to Spam Actions What to do with spam emails page 144 NOTE If IP Blocklist is set to run at SMTP level only the Log rule occurrence to this file option will be available in the Actions tab 7 Click Apply 6 1 6 IP DNS Blocklist IP DNS Blocklist checks the IP address of the sending mail server against a public list of mail servers known to send spam GFI MailEssentials supports a number of IP DNS Blocklists There are a number of third party IP DNS Blocklists available ranging from reliable lists that have clearly outlined procedures for getting on or off the
252. nformation tab displays the GFI MailEssentials installation version and build number To check whether you have the latest build of GFI MailEssentials installed on your machine click Check if newer build exists NOTE Always quote your GFI version and build information when contacting GFI support The 3rd Party Licenses tab lists third party components in use by GFI MailEssentials 11 2 Virtual directory names The default virtual directory names of GFI MailEssentials and Quarantine RSS are MailEssentials and MailEssentialsRSS respectively Virtual directory names are customizable however it is recommended that these are not changed NOTE If GFI MailEssentials is configured to be accessed only from the local machine the GFI MailEssentials Configuration virtual directory is not configurable 1 Launch GFI MailEssentials Switchboard from Start gt Programs gt GFI MailEssentials gt Switchboard 2 From IIS user interface mode options area specify custom virtual directory names for GFI MailEssentials Configuration key in a custom name in the Virtual directory field Quarantine RSS virtual directory key in a custom name in the RSS Virtual directory field 3 Click Apply 4 Click OK and wait while applying the new settings 5 When the process completes click OK 11 3 User interface mode The GFI MailEssentials user interface can be loaded on the installation machine only local mode or accessible via http over th
253. ng filters to identify spam FILTER DESCRIPTION ENABLED BY DEFAULT SpamRazer An anti spam engine that determines if an email is spam by using email Yes reputation message fingerprinting and content analysis Anti Phishing Blocks emails that contain links in the message body pointing to known Yes phishing sites or if they contain typical phishing keywords Director Harvesting Directory harvesting attacks occur when spammers try to guess email Yes only if GFI MailEs addresses by attaching well known usernames to your domain The sentials is installed in majority of the email addresses are non existent an Active Directory environment Email Blocklist The Email Blocklist is a custom database of email addresses and domains Yes from which you never want to receive emails IP Blocklist The IP Blocklist is a custom database of IP addresses from which you No never want to receive emails IP DNS Blocklist IP DNS Blocklist checks the IP address of the sending mail server against Yes a public list of mail servers known to send spam URI DNS Blocklist Stops emails that contain links to domains listed on public Spam URI Yes Blocklists Sender Policy This filter uses SPF records to stop email sent from forged IP addresses No Framework by identifying if the sender IP address is authorized Anti Spoofing Checks emails received with a sender email address claiming to ori No ginate from your own domain against a list of IP addresses by GFI MailEs se
254. ns 25 3 3 Installation procedure oo occs ccc scccedsaceveueseesecestucosceanucessecdsveuuscosacees sveeedvueeoeesoseas 39 3 4 Upgrading a previous version 0 20 0 e cece cece cee cece cee ceccececcececcececeeseececseceseee 47 3 5 Post Install actions 00 22 c cece ccc cece cecccccecccecccececeeccecececcceecceecsetcceteeetcceteeeesetes 49 4 Monitoring status aaao oaaao c cece c cence eee e DD DLLD DLLD DIDDL IDDL L D D 222222 53 AT DashbOand c e2sscccic ENAIRE EEEE AARLE ETATE ETEA geencade 53 AED O E E EE E E E E ETE EEEE 61 5 Email Security oer e e re es SN a aa a aE 73 5 1 Virus Scanning Engines 0 00000000000000 00000000000 0000000000000000 0000D DLLD DLD 000000222022122 73 5 2 Information Store Protection 2 2 0 0 20 cece cece cece cc ceceeceeceeceeceeeeceeeccecceceeceeeeeeeenens 92 5 3 Trojan and Executable Scanner 2 2 0 2 2c ccc cece ccc ccc cecccccecceecceceecteceteeeseesseeesees 95 5 4 Email Exploit ENgINE 2iedacecisecsut ee vdvecutviavcneue cielo leiden teenbedencdetesedatncesesivausuledeies 99 DD HTML Sanitizer eoria eek oop eee ee nace cee ein a nated Guha E e toe uede bees 103 AMEL SDAIN oo EE ths cae a ss oes eee es Sea ete Sens Sn bn ee tes sete oa 106 6 1 Anti Spam filters osc cei eedae Sep cuale tect paki sadedesuceaucavarssecdcdgnaeecusdbes viGeddsussooidatas 106 6 2 Spam Actions What to do with spam emails 0 0 0 0 20 0 ccc eee c eee ec eee ceceececeeceees 144 6 3 Sorting a
255. nshot 61 Screenshot 62 Screenshot 63 Screenshot 64 Screenshot 65 Screenshot 66 Screenshot 67 Screenshot 68 Screenshot 69 Screenshot 70 Screenshot 71 Screenshot 72 Screenshot 73 Maillnsights Communication Flow report 2c ccceeeeeeccccccccecccccceececcccceeeeeeecs 72 Vipre configuration cecene epen c cece cee cece eect cece a a 73 Virus scanning engine actions 0 000000 c cece cece eee cece eeeeeeeeeeeeeeeeseeeees 74 Engine Updatesstab Se oi thu ae hii te ele Sue ie ce AS delat deat A tb ec al Ca 76 BitDefender configuration 2 0000 cece cece cece cece cece cece cece ceeeeeeeeeceeeeeceeeeeeees 77 Virus scanning engine actions 2 2 o eee eee ec cee cece cece cece oaa aaraa aoaaa 78 Engine Updates tab co0 620 s Sve cbse Geeta kata oa das decd tt dead aed ge olde Cel ates os vee pled 80 Kaspersky configuration 00222 c cece cece eee e cece cece cece ec ceeceececeeeeceeceeeeeeeeseees 81 Virus scanning engine actions 2 2 2 2 elec cece cece eee cece eee eee nena ee eeeeeeeeeeeenes 82 Engine Updates taD A s 45 ccc a Seruneedacidicd a A OEE N a 83 Avira configuration 00 000000 0000000000000000 c cece cece cece eeeeeeeeceeeeeeceseceeeeseees 84 Virus scanning engine actions 22 e cece cece cece cece ceeeeeeeeeeeeeeeeees 85 Engine Updates tab eoe leeena e cece cece eee e cece ee ecceeeeeteeeeeseeeseeees 87 McAfee config uration lt si 4 052 2524
256. nti spam actions If an email goes through all the filters and is not identified as spam it then goes to the next stage 5 If configured auto replies are next sent to the sender 6 If configured email monitoring is next executed and the appropriate actions taken 7 Email is next checked by the New Senders filter 8 If email is not blocked by any scanning or filtering engine it is sent to the user s mailbox 2 3 Outbound mail filtering Outbound mail filtering is the process through which emails sent by internal users are processed before sending them out over the Internet 3 GF MailEssentials When sending an outbound email this is routed to GFI MailEssentials and processed as follows 1 The email is scanned by the malware and content filtering engines Any email that is detected as containing malware is processed according to the actions configured If an email is considered as safe it then goes to the next stage GFI MailEssentials 2 About GFI MailEssentials 15 2 Remote commands check and execute any remote commands in email if any are found If none are found email goes to the next stage 3 If configured the applicable disclaimer is next added to the email 4 If configured email monitoring is next executed and the appropriate actions taken 5 If enabled Auto Whitelist adds the recipients email addresses to the auto whitelist This auto matically enables replies from such recipients to go to the sender
257. nti spam filters by priority 00 0 0c cece eee c ec cee ccc ecceececceeceeecececceceeeeeeee 147 6 4 SMTP Transmission Filtering 2 2 02 2 ccc c cece cecccccceccecceceeceeceectecteceessessesees 148 6 5 Spam Digest 2 0 2 0 cece cece cece ccc eee cece ence eee e cece bene eeeeeeeeceeseneeeeeeeeesersenses 150 6 6 Anti Spam settings 2220 00 22 e cece cece eee ee cece ceeeeececceeeeceeeeeceeeeeeeeeees 152 6 7 SpamTag for Microsoft Outlook 2 2 0 0 2c eee ccc e cece ccc eeceeceeceeceeccecceceeceeeeeeneesenees 158 6 8 Public Folder Scanning 22 2 20 20 22 c ccc cece cece ec cec ccc cccceceeeeeeceeceeceveeeeeeeeestesseeeaes 165 7 Content Filtering 2220 22 c ccc nc cece ccceeeececeeeseceeeseecesstseeteeteeneees 172 7 1 Keyword Filtering 22 00 00 cece cece cece ccc eccececcceccecccececcecceceeececueeeeeceeeeeceeeeeeeeene 172 7 2 Attachment Filtering 2 00 22 ccc ccc ccc cece ccc cccccececececeeeeeceeeeesstseteeeseseeees 179 7 3 Advanced Content Filtering 22 00 00 eee cece ccc cccececceeececcecceccecceuceeceeeeeceeeeeees 186 7 4 Decompression Engine 2 2 2 20 22 2 ccc cece cc cecc cece cece cece cece cece cece ceeeeeeeceeeeeeeeeees 191 S Quarantin Co lt 2cecsccc sats A eae a ec pad SE Se eS os 198 8 1 Important Notes is nesat e cece cece eee e aa D ea a N aa RE 198 8 2 Searching the quarantine 22 2 o oo cece eee cc cece cece cnc cecceccecceceessenetneenetecetseeeeene 198 63 3SCarchsFOldGrs 2 2 one
258. ntials If the sender IP address is not on the list of own domain server IP addresses email is blocked Greylist The Greylist filter temporarily blocks incoming emails received from No unknown senders Legitimate mail systems typically try to send the email after a few minutes spammers simply ignore such error messages GFI MailEssentials 6 Anti Spam 106 FILTER DESCRIPTION ENABLED BY DEFAULT Language Detec Determines the language of the email body text and configurable to No tion block certain languages Header Checking The Header Checking filter analyses the email header to identify spam No emails Spam Keyword This filter enables the identification of Spam based on keywords in the No Checking email being received Bayesian analysis An anti spam filter that can be trained to accurately determine if an No email is spam based on past experience Whitelist The Whitelist contains lists of criteria that identify legitimate email Yes Emails that match these criteria are not scanned by anti spam filters and are always delivered to the recipient New Senders The New Senders filter identifies emails that have been received from No senders to whom emails have never been sent before 6 1 1 SpamRazer An anti spam engine that determines if an email is spam by using email reputation message fingerprinting and content analysis SpamRazer is the primary anti spam engine and is enabled by default on installation Frequent updates are r
259. ntials gt Dashboard This includes Important statistical information about blocked emails For more information refer to Status and stat istics page 54 Status of GFI MailEssentials services For more information refer to Services page 55 Graphical presentation of email activity For more information refer to Charts page 56 List of emails processed For more information refer to Email processing logs page 57 Status of software updates For more information refer to Antivirus and anti spam engine updates page 59 Record of important GFI MailEssentials events For more information refer to Event logs page 60 Log of POP2Exchange activities For more information refer to POP2Exchange activity page 61 Reports GFI MailEssentials enables you to create reports based on data logged to database To access Reporting go to GFI MailEssentials gt Reporting Enabling reporting For more information refer to Enabling Disabling reporting page 61 Configure reporting database For more information refer to Configuring reporting database page 68 Generate reports For more information refer to Generating a report page 61 Create custom reports For more information refer to Custom reports page 65 Search the reporting database For more information refer to Searching the reporting database page 66 4 1 Dashboard The GFI MailEssentials Dashboard provides real time inf
260. ntine RSS feeds Configure who can subscribe to the quarantine RSS feeds from the Access Control node in GFI MailEssentials Configuration For more information refer to Access Control page 241 8 6 Quarantine Options Use the Quarantine Options to configure Quarantined Spam retention User Reporting and Quarantined Malware non existent user setup 8 6 1 Spam Options 1 Navigate to Quarantine gt Quarantine Options gt Spam Options GFI MailEssentials 8 Quarantine 210 General Options User Settings t Use this tab to configure the general quarantine options for spam emails The quarantine store of spam emails can grow to several gigabytes of size depending on the quantity of quarantined emails and the retention period for emails Retention Period The email retention period will delete ALL quarantined spam emails older than the configured number of days Spam quarantine store email retention 21 7 days recommended 21 days Screenshot 117 Spam Options General Options tab 2 From the General Options tab change or confirm the Spam quarantine store email retention period 3 Click User Settings tab GFI MailEssentials 8 Quarantine 211 General Options User Settings oy Use this tab to configure user related settings for spam quarantine store access Users access quarantined emails using email reports sent at configurable intervals Search and management of quarantined emails by users is done through a web browse
261. ntine data host This computer does not necessarily have to be the master server For more information refer to Configuring the master server page 275 To sync Reporting and Quarantine data 1 On the each and every machine from where to send the data locate and click the Multi Server node 2 Click Configuration Sync tab Multi Server Setup Configuration Sync gt Features that are synchronized in the Multi Install network Reporting and Quarantine data Transfer the Reporting and Quarantine data from this server to the Multi Install network to view reports and manage quarantine from one central location Transfer data from this server to the Multi Install network IE When disabling this feature reports and quarantine must be managed from this server and data will not be sent to the Multi Install network Filtered Settings Settings Global Whitelist Global Blocklist Personal Whitelist and Blocklist Auto Whitelist Attachment Filtering Rules Advanced Content Filtering Rules Keyword Filtering Rules Ss ss f amp S amp S 8S 8 8 f amp amp Decompression Engine GFI MailEssentials 12 GFI MailEssentials Multi Server 281 3 From the Reporting and Quarantine data area enable Transfer data from this server to the Multi Install network option 4 Click Apply NOTE GFI MailEssentials Multi Server setup reverts to maintaining reporting and quarantine data on the local computer if network connection between th
262. numbers in the FROM field address Check if email contains Checks the message header and body for URLs which have a hex octal encoded IP encoded IP addresses http 0072389472 hello com or which have a username password combination for example www citibank com scammer com The following examples are flagged as spam http 12312 www microsoft com hello 01 123123 Check if email contains remote Flag emails that only have remote images and a minimal amount of text as spam Ass images only Minimum HTML ists in identifying image only email spam body size Check if email contains GIF Checks if the email contains one or more embedded GIF images Embedded GIF images images are often used to circumvent spam filters IMPORTANT Since some legitimate emails contain embedded GIF images this option is prone to false positives Check if email contains attach Checks email attachments for properties that are common to attachments sent in ment spam spam email This helps in keeping up with the latest techniques used by spammers in using attachments to send spam Check if the email subject con Identifies the personalized spam email where spammers frequently include the tains the first part of the recip first part of the recipient email address in the subject ient email address 3 From the Language tab select Block mail that use these languages character sets to enable lan guage detection NOTE The Header Checking L
263. o an in built language engine Configure the Language Detection filter to block certain languages or allow only some language NOTE The Language Detection filter is different than the Header Checking Language filter since it analyzes the language of the email body text The Header Checking analyzes the encoding character set of the email header Results of the Language Detection filtering engine are generally more reliable The Language Detection filter is NOT enabled by default on installation Configuring Language Detection 1 Go to Anti Spam gt Anti Spam Filters gt Language Detection GFI MailEssentials 6 Anti Spam 129 General Actions a Configure the automatic natural language detection settings Languages Filter emails by language Block the list below Block all except the list below Languages Afrikaans South Africa Latvian Albanian Albania Lithuanian Amharic Ethiopia Malay Arabic Malayalam Armenian Armenia Maltese Azeri Latin Marathi Screenshot 75 Language Detection options 2 From the General tab select unselect Filter emails by language option to enable disable Lan guage Detection 3 Select Block the list below to select the languages to block or Block all except the list below to block all languages except the ones selected 4 Select the languages to block allow from the Languages area 5 Click Actions tab to select the actions to perform on messages identified as spa
264. o export the GFI MailEssentials configuration files to a specific location or to import an exported configuration ion back into GFI MailEssentials Screenshot 143 Configuration Export Import Tool NOTE Duration of the export process depends on the databases sizes 4 Click Export 5 From Browse for Folder dialog choose folder where to export configuration settings and click OK 6 On completion click Exit Step 2 Copy the exported settings 1 Manually copy the folder where the configuration settings were exported 2 Paste the folder to the machines where to import the settings Step 3 Import settings to new installation IMPORTANT When importing settings the imported files overwrite existing settings for example Source DNS settings and may require reconfiguration of particular network settings and spam actions GFI MailEssentials 11 Miscellaneous topics 260 NOTE Some services are temporarily stopped while performing this operation This may affect mail flow and or email scanning 1 Stop the following services GFI List Server GFI MailEssentials AS Scan Engine GFI MailEssentials Attendant GFI MailEssentials Autoupdater GFI MailEssentials AV Scan Engine GFI MailEssentials Backend GFI MailEssentials Enterprise Transfer GFI MailEssentials Legacy Attendant GFI MailEssentials Quarantine Action Services GFI POP2Exchange IIS Admin service 2 Goto lt GFI MailEs
265. o launch the GFI MailEssentials user interface Set Virtual Directory names for the web interface and RSS Enable Disable email processing GFI MailEssentials 2 About GFI MailEssentials 13 Enable Disable tracing Setting email backups before and after processing Setting Quarantine Store location and Quarantine Public URL Specifying user account for the Move to Exchange Folder settings Specifying Remoting Ports Enable Disable failed mail notifications GFI MailEssentials 2 About GFI MailEssentials 14 2 2 Inbound mail filtering Inbound mail filtering is the process through which incoming emails are scanned and filtered before delivery to users GF MailEssentials 3 Inbound emails are routed to GFI MailEssentials and processed as follows 1 SMTP level filters Directory Harvesting Greylist IP Blocklist amp IP DNS Blocklist can be executed before the email body is received 2 The email is scanned by the malware and content filtering engines Any email that is detected as containing malware is processed according to the actions configured If an email is considered as safe it then goes to the next stage 3 The email is checked to see if it is addressed to a list in the list server If the email matches a list it will be processed by the list server 4 The incoming email is filtered by the anti spam filters Any email that fails a spam filter check is processed as configured in the a
266. o records to display Detect button will automatically retrieve MX records of inbound domains Detect Remove Selected GFI MailEssentials Online Emails are also filtered by GFI MailEssentials Online For more information refer to http Awww afi com link entry as px page skynet amp id KBID003180 Screenshot 127 Perimeter SMTP Server settings 2 Configure the following options This is the only SMTP server which Select this option when GFI MailEssentials is installed on the only SMTP server receives emails from the Internet that receives external emails directly from the Internet The following SMTP servers receive Emails are relayed to the GFI MailEssentials server from other SMTP servers emails directly from the Internet Add these SMTP servers in the SMTP Server List and forward them to this server Automatic detection To automatically detect SMTP servers by retrieving MX records of inbound domains click Detect Manual addition To manually add the IP addresses of SMTP servers that relay emails to the GFI MailEssentials server key in the IP address or a range of IP addresses using CIDR notation and click Add SMTP Server Note This option is also required for installations in a Multi Server environment For more information refer to GFI MailEssentials Multi Server page 273 GFI MailEssentials 10 General Settings 232 Foption Description OOO Emails are also filtered by GFI MailEs Select if using the hosted email secur
267. oes not scan internal memos emails sent by Lotus Domino since the Lotus Domino s sender receiver format is not in a compatible format When internal memos emails are passed into GFI MailEssentials these end up in the queue and are not processed NOTE Do not pass internal memos emails through GFI MailEssentials GFI MailEssentials List Server will not work with Lotus Domino Creating Newsletters or discussion lists will not work for the internal domain of Lotus Domino This option should not be used If used Lotus Domino users will not be able to send emails to the list GFI MailEssentials Installation Guide for Lotus Domino Use the information in this section to install and configure Lotus Domino with GFI MailEssentials Install GFI MailEssentials on a separate machine then Lotus Domino as seen on the figure below ll GFI MailEssentials diay Lotus Domino Figure 4 GFI MailEssentials installation on a separate server than Lotus Domino Install GFI MailEssentials by running the GFI MailEssentials installation file and following the onscreen instructions For more information refer to Installation page 22 If GFI MailEssentials is installed on a machine where Active Directory is present one may encounter the dialog box below Select No do not have Active Directory to install GFI MailEssentials in SMTP mode Configure the machine where GFI MailEssentials is installed to act as a gateway also known as Smart host o
268. of the following options Only check for Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates updates are available for this engine This option will NOT download the available updates auto matically Check for Select this option if you want GFI MailEssentials to check for and automatically download any updates updates and available for this engine download GFI MailEssentials 5 Email Security 76 10 Specify how often you want GFI MailEssentials to check download updates for this engine by spe cifying an interval value in hours 11 From Update options area select Enable email notifications upon successful updates to send an email notification to the administrator whenever the engine updates successfully NOTE An email notification is always sent when an update fails 12 To check for and download updates immediately click Download updates 13 Click Apply 5 1 2 BitDefender 1 Go to Email Security gt Virus Scanning Engines gt BitDefender General Actions Updates G BitDefender AntiVirus Options Enable Gateway Scanning SMTP Scan Inbound SMTP Email Scan Outbound SMTP Email Scan Internal and Information Store Items Macro Checking Do not check macros Block all documents containing macros Screenshot 40 BitDefender configuration 2 Select Enable Gateway Scanning SMTP check box to scan emails using this Virus Scanning
269. og occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are stored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log 9 Click Apply Check for amount of files in archives This filter allows you to quarantine or delete emails that contain an excessive amount of compressed files within an attached archive You can specify the number of files allowed in archive attachments from the configuration options included in this filter To configure this filter 1 Navigate to Content Filtering gt Decompression node 2 From the list of available filters click Check for amount of files in archives 3 To enable this filter select Check for amount of files in archives 4 Specify the maximum number of files in archives in the If the number of files within archive exceeds text box If the archive contains more files than the specified value the email is triggered as malicious 5 Specify what to do when an email contains an archive that triggers this filter Foption Description Quarantine Quarantines blocked emails Automatically Delete Deletes blocked emails NOTE When GFI MailEssentials is installed on same machine as Microsoft Exchange 2003 GFI MailEssentials may not be able to block outbound emails but instead replaces the blocked content with a threat report GFI Mail
270. ogs gt GFI MailEssentials GFI MailEssentials 4 Monitoring status 60 4 1 5 POP2Exchange activity Dashboard Logs Updates Events POP2Exchange S POP Downloader Logging A POP2Exchange Logs 02 09 2013 13 59 52 gfipop2exch service started 02 09 2013 13 59 19 gfipop2exch service stopped 02 09 2013 13 55 33 gfipop2exch service started Showing 1 to 3 of 3 entries First Previous 1 Next Last Screenshot 29 POP2Exchange log From GFI MailEssentials you can monitor the activity of POP2Exchange in real time Navigate to GFI MailEssentials gt Dashboard and select the POP2Exchange tab NOTE For more information refer to POP2Exchange Download emails from POP3 server page 252 4 2 Reports GFI MailEssentials enables you to create reports based on data logged to database To access Reporting go to GFI MailEssentials gt Reporting Enabling reporting For more information refer to Enabling Disabling reporting page 61 Configure reporting database For more information refer to Configuring reporting database page 68 Generate reports For more information refer to Generating a report page 61 Create custom reports For more information refer to Custom reports page 65 Search the reporting database For more information refer to Searching the reporting database page 66 4 2 1 Enabling Disabling reporting By default Reporting is enabled and email activity data is logged to a F
271. om disclaimer in HTML format To add email fields or Active Directory fields variables in disclaimer navigate to Insert gt Variable Select the variable to add and click Add The recipient display name and email address variables will only be included if the email is sent to a single recipient If emails are sent to multiple recipients the vari ables are replaced with recipients NOTE If you choose the Custom Attribute variable you will need to specify a Microsoft Exchange custom attribute For a full listing of attributes in your Active Directory configuration install and use the ADSI Editor from Microsoft For more information refer to http go gfi com pageid ME_ADSI 5 Select the encoding for the HTML disclaimer if the email body s character set is not HTML Convert to Unicode Convert both email body and disclaimers to Unicode so that both are properly dis played Recommended Use HTML encoding Use to define character sets for email body and disclaimer Use character set of the Disclaimer is converted to the email body character set email body NOTE If selected some disclaimer text might not display properly GFI MailEssentials 9 Email Management 221 6 Select Plain Text tab and insert the text to include for use in plain text emails directly into the Text Disclaimer field Optionally add variables in disclaimer by clicking Variable The variables that can be added are email fields sender name recipient
272. omain com Screenshot 16 Inbound email domains 4 In the Inbound email domains dialog specify all the domains to scan for viruses and spam Any local domains that are not specified in this list will not be scanned Click Next GFI MailEssentials 3 Installation 44 NOTE When adding domains select Obtain domain s MX records and include in perimeter servers list to retrieve the domain s MX records and automatically add them to the perimeter SMTP servers list configured in the next step 2 Post Installation Wizard let x SMTP Servers SMTP servers configuration Specify which SMTP servers receive emails directly from the internet This is the only SMTP server which receives emails directly from the internet C The following SMTP servers receive emails directly from the internet and forward them to this server Add Delete Emails are also filtered by GFI MailEssentials Online For more information refer to http www gfi comlink entry aspx page skynetid KBID003180 lt Back Cance Screenshot 17 SMTP Server settings 5 In the SMTP Servers dialog specify how the server receives external emails If emails are routed through other servers before they are forwarded to GFI MailEssentials add the IP address of the other servers in the list For more information about perimeter SMTP servers refer to http go g fi com pageid ME_PerimeterServer When using hosted email security product GFI M
273. ommands enter the password in the first line using the fol lowing syntax PASSWORD lt shared password gt Command names are case sensitive and should be written in UPPERCASE only Conditions suchas IF AND OR are not supported Remote commands can only be used to add entries and not delete or modify existing entries Keyword commands Use keyword commands to add keywords or combination of keywords in the body or subject lists in Keyword Checking filter Available commands are ADDSUBJECT Adds keywords specified to the subject keyword checking database e Example ADDSUBJECT sex porn spam ADDBODY Adds keywords specified to the body keyword checking database e Example ADDBODY free 100 free absolutely free GFI MailEssentials 6 Anti Spam 156 NOTE When configuring phrases other than a single words enclose them in double quotes Blocklist commands Use blocklist commands to add a single email address or an entire domain to the email blocklist Available commands are ADDBLIST lt email gt e Example ADDBLIST user somewhere com NOTES 1 Add an entire domain to the blocklist by specifying a wildcard before the domain Example ADDBLIST domain com 2 Wildcards cannot be used in domain names Example ADDBLIST domain com is invalid and will be rejected 3 For security reasons there can be only one ADDBLIST command
274. on 5 Click Close to finalize configuration Step 2 Create SMTP domain s for email relaying 1 Go to Start gt Control Panel gt Administrative Tools gt Internet Information Services IIS Manager 2 In the left pane expand the respective server node Right click Default SMTP Virtual Server and select Properties 4 Expand Default SMTP Virtual Server node 5 Right click Domains and select New gt Domain 6 Select Remote and click Next 7 Specify organization domain name for example test mydomain com and click Finish Step 3 Enable email relaying to your Microsoft Exchange server 1 Right click on the new domain and select Properties 2 Select Allow the Incoming Mail to be Relayed to this Domain 3 Select Forward all mail to smart host and specify the IP address of the server managing emails in this domain IP address must be enclosed in square brackets for example 123 123 123 123 to exclude them from all DNS lookup attempts 4 Click OK to finalize your configuration Step 4 Secure your SMTP email relay server If unsecured your mail relay server can be exploited and used as an open relay for spam To prevent this it is recommended that you specify which mail servers can route emails through this mail relay GFI MailEssentials 3 Installation 27 server for example allow only specific servers to use this email relaying setup To achieve this 1 Go to Start gt Control Panel gt Administrative T
275. on which GFI MailEssentials is GFI MailEssentials 10 General Settings 234 installed connects to the Internet through a proxy server configure the proxy server settings as follows 1 From GFI MailEssentials Configuration go to General Settings gt Settings and select Updates tab General Updates Local Domains Q Automatic update checks Proxy server settings V Enable proxy server Proxy server Port Loo Proxy authentication settings Configure proxy authentication settings V Enable proxy authentication Username Password For security reasons the length in the password box above does not necessarily reflect the true password length Screenshot 130 Updates server proxy settings 2 Select the Enable proxy server checkbox 3 In the Proxy server field key in the name or IP address of the proxy server 4 In the Port field key in the port to connect on default value is 8080 5 If the proxy server requires authentication select Enable proxy authentication and key in the Username and Password 6 Click Apply GFI MailEssentials 10 General Settings 235 10 4 Local domains General Updates Local Domains wz Local Domains Local Domain Domain PT Description Po Add Local Domain List T Domain Description E domaina tcv Remove Screenshot 131 Local Domains list GFI MailEssentials requires the list of local domains to enable it to distinguish between inbound outbound or
276. onfigure the following parameters Check if the email header con Checks if the sender has identified himself in the From field If this field is empty tains an empty MIME FROM the message is marked as spam field GFI MailEssentials 6 Anti Spam 131 ES OOOO Check if the email header con Checks if the MIME from field is a correct notation as defined in the RFCs tains a malformed MIME FROM field Maximum number of recipients Identifies emails with large amounts of recipients and flags them as SPAM allowed in email Check if the email headers con Checks whether the SMTP to and MIME to fields are the same The spammers email tain different SMTP TO and server always has to include an SMTP to address However the MIME to email MIME TO fields address is often not included or is different NOTE This feature identifies a lot of spam however some list servers do not include the MIME to either It is therefore recommended to whitelist newsletter sender address to use this feature Verify if sender domain is valid Performs a DNS lookup on the domain in the MIME from field and verifies the domain performs DNS lookup on MIME validity FROM NOTE Ensure that the DNS server is properly configured to avoid timeouts and slow email flow Maximum numbers allowed in Identifies the presence of numbers in the MIME from field Spammers often use tools the first part of the MIME that automatically create unique reply to addresses by using
277. ools gt Internet Information Services IIS Manager 2 In the left pane expand the respective server node Right click on Default SMTP Virtual Server and select Properties 3 From the Access tab select Relay 4 Select Only the list below and click Add 5 Specify IP s of the internal mail server s that are allowed to route emails through your mail relay server You can specify Single computers Authorize one specific machine to relay email through this server Use the DNS Lookup button to lookup an IP address for a specific host Group of computers Authorize specific computer s to relay emails through this server Domain Allow all computers in a specific domain to relay emails through this server NOTE The Domain option adds a processing overhead that can degrade SMTP service performance This is due to the reverse DNS lookup processes triggered on all IP addresses within that domain that try to route emails through this relay server Step 5 Enable your mail server to route emails via GFI MailEssentials Microsoft Exchange Server 2003 Set up SMTP connectors that forward all emails to GFI MailEssentials 1 Start Exchange System Manager 2 Right click Connectors click New gt SMTP Connector and specify a connector name 3 Select Forward all mail through this connector to the following smart host and specify the IP of your GFI MailEssentials relay server within square brackets for example 123 12
278. opy of the blocked email to the recipients but with the malicious content removed 7 Click the Actions tab to configure further actions 8 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options Foption Description Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin istrator istrator email address page 233 Notify local Notify the email local recipients about the blocked email user 9 To log the activity of this engine to a log file select Log occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are stored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log 10 Click Apply Check size of uncompressed files in archives This filter allows you to block or delete emails with archives that exceed the specified physical size when uncompressed Hackers sometimes use this method in a DoS Denial of Service attack by sending an archive that can be uncompressed to a very large file that consumes hard disk space and takes a long time to analyze by content security or antivirus software To configure this filter 1 Navigate to Content Filtering gt Decompression node 2 From the list of available filters cli
279. or emails sent and received by users Start Date End Date 02 09 2013 E 07 09 2013 E Search User Total Emails 7 v administrator domaina tcv 1384 jsmith domaina tcyv 1 Click an email address to view emails sent received Screenshot 32 Searching the reporting database 2 Specify search criteria Search criteria Description Start date amp End Select date range to filter emails from that period Click Search date User Filter email address results Key in number and click v to specify conditions Total emails Filter users by the amount of emails processed Key in number and click 7 to specify conditions 3 The list of matching users is displayed Click an email address to view detailed report of emails processed for that email address GFI MailEssentials 4 Monitoring status 67 administrator domaina tcv bd Date he 03 09 2013 b4 03 09 2013 bg 03 09 2013 Cg 03 09 2013 bg 03 09 2013 b 03 09 2013 bg 03 09 2013 bg 03 09 2013 Sender Y spam spam2domain com spam spam2domain com spam spam2domain com spam spamdomain com administrator domaina tcv administrator domaina tcv administrator domaina tcv administrator domaina tcv 86 87 88 89 90 91 92 93 94 95 Export reportto file Screenshot 33 Reports database search results 4 Optional From the report filter the data by email direction sender receiver or subject Received Y administrator domaina tcv administrator
280. or its affiliates in the US and other countries Any other trademarks contained herein are the property of their respective owners GFI MailEssentials is copyright of GFI Software Development Ltd 1999 2015 GFI Software Devel opment Ltd All rights reserved Document Version 2 2 Last updated month day year 08 01 2015 Contents 1 Introduction aoaaa oaaao aaao aaao o a aaa LLDD L LAAD LLLA ALLL AAALDDLLDADD LLALLA LLDD LaLa aaa 11 1 1 About this manual 2 2 0 0 irec a a a a E O E aa iaai 11 1 2 Terms and conventions used in this manual 2 oaoa eee 12 2 About GFI MailEssentials 13 2 1 GFI MailEssentials component 0 ceccecceceececceccecceeceeceuceeueecceceeceveceeeeeeees 13 2 2 Inbound mail filtering 2 0 2 cece cc ccc cece ccc cece cc cccccececcecenetececsetseeseeeesees 15 2 3 Outbound mail filtering 2 2 0 e cece cece ccc eeceececceeceeccececceccecceueeeceeeeeneeeenes 15 2 4 Email scanning and filtering engines 22 22 2000 2 c cece cece ccc ccc ceccecceeceeceesteceeeteeeees 16 2 5 Typical deployment scenarios 222 eke cece cee ec eee eececcccceececceececeeeueeeeeceeceeceeeeeeee 18 2 6 End User Actions 2 20 0 20 ccc c ccc cece cece cnc cccceccccceceesteceesceceeeeenseteecetnsetseeseeseeneesees 20 S lnstallation 23 ceo te ts ee ee eet eh ee eet ee O 22 3 1 System requirements 2 2 2 eke cece ccc ec cece cc ceccecceccecceccecceeneeceueeeceeeeeeeeeceeceeeeees 22 3 2 Pre installation actio
281. ored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log GFI MailEssentials 5 Email Security 90 General Actions Updates Q Configure the Automatic Updates For This Profile Automatic update options Configure the automatic update options W Automatically check for updates Downloading option Check for updates and download Y Download time interval hour s Last update 06 04 2014 18 35 42 Update options Wi Enable email notifications upon successful updates NOTE Notifications for unsuccessful updates will always be sent Click the button below to force the updater service to download the most recent updates Download updates Update Status No updates currently in progress Screenshot 51 Engine Updates tab 9 From Updates tab select Automatically check for updates to enable automatic updating for the selected engine 10 From Downloading option list select one of the following options Only check for Select this option if you want GFI MailEssentials to just check for and notify the administrator when updates updates are available for this engine This option will NOT download the available updates auto matically Check for Select this option if you want GFI MailEssentials to check for and automatically download any updates updates and available for this engine download GFI MailEssentials 5 Email Security 91
282. ormation that enables you to monitor the product To access the Dashboard go to GFI MailEssentials gt Dashboard This includes Important statistical information about blocked emails For more information refer to Status and statistics page 54 x gt Status of GFI MailEssentials services For more information refer to Services page 55 x gt Graphical presentation of email activity For more information refer to Charts page 56 List of emails processed For more information refer to Email processing logs page 57 Status of software updates For more information refer to Antivirus and anti spam engine updates page 59 Record of important GFI MailEssentials events For more information refer to Event logs page 60 Log of POP2Exchange activities For more information refer to POP2Exchange activity page 61 GFI MailEssentials 4 Monitoring status 53 4 1 1 Status and statistics Dashboard Logs Updates Events POP2Exchange r Use the Dashboard to see the GFI MailEssentials status and statistical information Nee A GFI MailEssentials Services A Quarantine Statistics Y AVScanEngine WY AS Scan Engine Quarantined Malware Emails 381 Malware Quarantine Size 57 55 MB vV Quarantine Action Y Backend Quarantined Spam Emails 365 V Autoupdater V Legacy Attendant Spam Quarantine Size 107 16 MB vV Attendant vV List Server Free Disk Space 18 01 GB vV
283. ort 284 13 3 Scanning engines amp filters Issue encountered Solution Spam is delivered to users mailbox Email Blocklist Whitelist and or Content Filtering pages take long to load or appear to hang SpamRazer updates not downloading Emails are not being greylisted Receiving spam emails from my domain GFI MailEssentials Follow the checklist below to solve this issue 1 Check that GFI MailEssentials is not disabled from scanning emails For more information refer to Disabling email processing page 265 2 Check if all required filters are enabled For more information refer to Anti Spam filters page 106 3 Check if local domains are configured correctly For more information refer to Local domains page 236 4 Check if emails are passing through GFI MailEssentials or if GFI MailEssentials is bound to the correct IIS SMTP Virtual Server 5 Check if TEMP location which by default is the C Windows Temp folder contains a lot of files 6 Check if the number of users using GFI MailEssentials exceeds the number of purchased licenses 7 Check if whitelist is configured correctly For more information refer to Whitelist page 138 8 Check if actions are configured correctly For more information refer to Spam Actions What to do with spam emails page 144 9 Check if Bayesian Analysis filter is configured correctly For more information refer to Bayesian Analysis page 135 For more
284. ou can also access the Pop2Exchange feature For more information refer to POP2Exchange Download emails from POP3 server page 252 General Set Describes how to customize general settings for your environment tings For more information refer to General Settings page 231 Miscellaneous Explains various functions and tools that can be used to manage GFI MailEssentials For more information refer to Miscellaneous topics page 243 Troubleshooting This chapter describes how to resolve common issues encountered when using GFI MailEssentials For more information refer to Troubleshooting and support page 283 1 2 Terms and conventions used in this manual O Additional information and references essential for the operation of GFI MailEssentials gt Step by step navigational instructions to access a specific function Important notifications and cautions regarding potential issues that are commonly encountered Bold text Items to select such as nodes menu options or command buttons Italics text Parameters and values that you must replace with the applicable value such as custom paths and file names Code Indicates text values to key in such as commands and addresses For any technical terms and their definitions as used in this manual refer to the Glossary GFI MailEssentials 1 Introduction 12 2 About GFI MailEssentials Topics in this chapter 2 1 GFI MailEssentials components 0 20 2 o cece cece
285. ou can also review the antivirus engine licensing and version information D Virus Scanner Actions Actions Select the actions to perform when a virus is detected Quarantine item Delete item E Send a sanitized copy ofthe original email to recipient s NOTE Sanitization does not work for Information Store VSAPI items Notification options E Notify administrator E Notify local user Logging options Log occurrence to this file C Program Files x86 GFI MailEssentials EmailSecurity logs vipre log Screenshot 44 Virus scanning engine actions 5 From Actions tab choose the action to take when an email is blocked Quarantine email Stores all infected emails detected by the selected Virus Scanning Engine in the Quarantine Store You can subsequently review approve delete all the quarantined emails For more information refer to Quarantine page 198 Delete email Deletes infected emails Send a sanitized copy Choose whether to send a sanitized copy of the blocked email to the recipients of the original email to recipient s 6 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options GFI MailEssentials 5 Email Security 82 Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin istrator istrator email address page 233 Notify local Notify the emai
286. our environment for deployment Topics in this chapter Installing on the Microsoft Exchange server Installing on an email gateway or relay perimeter server GFI MailEssentials 3 Installation 25 Microsoft Exchange 2003 Clusters Lotus Domino 3 2 1 Installing on the Microsoft Exchange server When installing GFI MailEssentials on the same server as Microsoft Exchange 2003 or later no pre install actions or configurations are required In Microsoft Exchange 2007 2010 environments GFI MailEssentials can only be installed on the servers with the following roles Edge Server Role or Hub Transport Role or Hub Transport and Mailbox Roles with this configuration GFI MailEssentials can also scan internal emails for viruses In Microsoft Exchange 2013 GFI MailEssentials can only be installed on the servers with the following roles Edge Transport role or Mailbox role 3 2 2 Installing on an email gateway or relay perimeter server GFI MailEssentials can be installed On a perimeter server for example in a DMZ As a mail relay server between the perimeter gateway SMTP server and mail server This setup is commonly used to filter spam on a separate machine commonly installed in the DMZ In this environment a server also known as a gateway perimeter server is set to relay emails to the mail server GFI MailEssentials is installed on the gateway perimeter server so that sp
287. ous sections to return a list of quarantined emails 2 Select the checkbox next to the quarantined email s and click Delete Delete Quarantined Emails and notify user The Delete and Notify feature enables notifying recipients when deleting emails from quarantine To delete and notify recipients GFI MailEssentials 8 Quarantine 208 1 Use the search features described in the previous sections to return a list of quarantined emails 2 Click on an email to view its details 3 Click Delete and Notify 8 5 Quarantine RSS Feeds RSS Really Simple Syndication is a protocol used to distribute frequently updatable content or feeds for example news items with its subscribers An RSS Feed Reader is required by subscribers to view RSS feeds RSS feeds usually include a summary of the content and a link to view the full article To facilitate the monitoring of quarantined emails RSS feeds can be used The GFI MailEssentials Quarantine RSS feed displays quarantined emails for review and enables users to approve or delete quarantined emails NOTE GFI MailEssentials Quarantine RSS feeds can be used on most RSS Feed Readers For a list of freely available RSS Feed Readers that were tested with GFI MailEssentials Quarantine RSS feeds refer to http kbase gfi com showarticle asp id KBID002661 8 5 1 Enabling Quarantine RSS Feeds 1 Navigate to GFI MailEssentials gt Quarantine gt Quarantine RSS Feeds Quarantine RSS Feeds
288. ove or delete emails blocked due to malware content Date 04 09 2013 11 24 50 04 09 2013 11 24 45 04 09 2013 11 24 42 04 09 2013 11 24 41 04 09 2013 11 24 39 04 09 2013 11 24 40 Mij ud Sender spam spam2do main com spam spam2do main com spam spam2do main com spam spam2do main com spam spam2do main com spam spam2do main com Recipients Administrator dom aina tcv Administrator dom aina tcv Administrator dom aina tcv Administrator dom aina tcv Administrator dom aina tcv Administrator dom aina tcv 30 31 32 33 34 35 36 37 38 39 gt n Subject Energy Issu es Energy Issu es IEP News 5 30 IEP News 5 30 Energy Issu es Energy Issu es Page size 10 Module Keyword Filt ering Keyword Filt ering Keyword Filt ering Keyword Filt ering Keyword Filt ering Keyword Filt ering vv Screenshot 114 Search Results NOTE The results page may be split in two tabs Reason Triggered rule threa t content Triggered rule threa t content Triggered rule threa t content Triggered rule threa t content Triggered rule threa t content Triggered rule threa t content 381 items in 39 pages Source Gateway SMTP Gateway SMTP Gateway SMTP Gateway SMTP Gateway SMTP Gateway SMTP Malware and Content Emails blocked by anti malware eng
289. permissions for the GFI MailEssentials Public Folders to contributor where users can move emails to the Public Folders but cannot view or modify entries By default administrators are owners of the Public Folders and can view or modify entries For more information about Public Folders permissions refer to http go gfi com pageid ME_PFPermissionsExch2007 Microsoft Exchange 2010 1 From Microsoft Exchange Management Shell change the folder to the Microsoft Exchange scripts folder that can be found in the Microsoft Exchange installation folder If Microsoft Exchange is installed in the default path the scripts folder is stored in C Program Files Microsoft Exchange Server V14 Scripts 2 Key in the following command ReplaceUserPermissionOnPFRecursive psl Server server TopPublicFolder GFI AntiSpam Folders User Default Permissions Contributor Replace server with the full computer name This command will set the default permissions for the GFI MailEssentials Public Folders to contributor where users can move emails to the Public Folders but cannot view or modify entries By default administrators are owners of the Public Folders and can view or modify entries For more information about Public Folders permissions refer to http go gfi com pageid ME_PFPermissionsExch2010 6 8 2 Using Public folder scanning Reviewing spam email 1 When spam emails are delivered to the user
290. plica of an official site but in reality it is controlled by whoever sent the phishing emails When the user enters the sensitive information on the phishing site the data is collected and used for example to withdraw money from bank accounts The Anti Phishing filter detects phishing emails by comparing URIs present in the email to a database of URIs known to be used in phishing attacks Phishing also looks for typical phishing keywords in the URIs The Anti Phishing filter is enabled by default on installation Configuring Anti Phishing NOTE Disabling Anti Phishing is NOT recommended 1 Go to Anti Spam gt Anti Spam Filters gt Anti Phishing GFI MailEssentials 6 Anti Spam 110 General Keywords Updates Actions PN Phishing URI Realtime Blocklist PURBL Configuration V Check UR s in mail messages for typical phishing keywords Keywords Edit keywords Add Update Keyword list Current keywords Remove Export Specify file from which to import keywords Browse No file selected Import Screenshot 65 Anti Phishing options 2 From the General tab select unselect Check mail messages for URI s to known phishing sites option to enable disable Anti Phishing 3 From the Keywords tab select any of the following options Check URI s in mail messages for typ Enable disable checks for typical phishing keywords ical phishing keywords Add Enables adding keywords to Phishing filter Key in a keyword and
291. ption to scan internal emails NOTE This option is only available when GFI MailEssentials is installed on the Microsoft Exchange server 4 To block emails encrypted using PGP technology select Block PGP encrypted emails NOTE PGP encryption is a public key cryptosystem often used to encrypt emails Step 2 Configuring terms to block 1 Select the Body tab to specify the keywords in the email body to block 2 Select Block emails if content is found matching these conditions message body attachments checkbox to enable scanning of body for keywords GFI MailEssentials 7 Content Filtering 173 General Body Subject Actions Users Folders Configure keyword filtering options for checking the content of the message body and attachments Block emails if content is found matching these conditions message body attachments Condition entry Edit condition AND NOT Conditions list All these conditions are validated as a single condition using the OR operator for each entry Clicking on an entry will copy the condition text in the condition entry above for editing Current conditions Condition TEST Specify the full path and filename of the file to use for importing Note Import of list data cannot be performed unless the import listis on the server where GFI MailEssentials is installed Screenshot 96 Content Filtering Body Tab setting conditions 3 From the Condition entry area key in keywords to
292. r User Quarantine Reports W Send user quarantine reports at regular intervals Specify the days amp time when the report will be sent to users Send every Weekday at 8 00 Delete Send every Weekday at 15 00 Specify which users will receive the spam quarantine report All Users except the ones listed below Only users in the list below Remove Export Specify the full path and filename of the file to use for importing Browse No file selected Import Screenshot 118 Spam Options User Settings tab 4 Select Send user quarantine reports at regular intervals to enable sending of User quarantine reports NOTE User quarantine reports are emails sent to users on a regular basis with a list of blocked spam for that user Using this list users can check and approve any legitimate emails Email blocked by the Malware and Content Filtering filters are not shown in these emails GFI MailEssentials 8 Quarantine 212 5 Configure the frequency at which report will be sent To add to the preset schedule select a date and time and click Add rule Select an existing date and time and click Delete to delete selected date time 6 Configure the users that will receive the Quarantined Spam reports Select All Users except the ones listed below or Only users in the list below and provide the email address of the users to include or exclude NOTE Click Browse to select a file with a list o
293. r Mail relay server for all email Effectively all inbound email must pass through this machine before relayed to the mail server for distribution it is the first to receive all emails destined for your mail server The same applies for outbound emails mail server must relay all outgoing emails to the gateway machine for scanning before these are sent to external recipients via Internet it must be the last stop for emails destined for the Internet In this way GFI MailEssentials checks all inbound and outbound mail it is delivered to the recipients The MX record of your domain must point to the mail relay server GFI MailEssentials 3 Installation 32 NOTE If your ISP manages the DNS server ask this provider to update it for you Since the new mail relay server must first receive all inbound email update the MX record of your domain to point to the IP of the new mail relay Gateway server Verify the MX record of your DNS server as follows 1 From command prompt type nslookup and press Enter 2 Type set type mx and press Enter 3 Type your mail domain and press Enter The MX record should return a single IP that corresponds to the IP address of the machine running GFI MailEssentials cs Administrator Command Prompt nslookup Microsoft Windows Version 6 1 76611 Copyright lt c gt 2669 Microsoft Corporation All rights reserved C Users Administrator gt ns lookup Default Server megateway devtest com
294. r Link Document Link Delete Del i BD View Link Al Cti Application Link cauo IK 5 al Deselect All Find Replace Ctrl F 6 Find Next Gtl G iit External Links Admit Unread Marks David om Nase Screenshot 8 Copy to the clipboard a link to the current application 4 From the configuration go to Messaging Settings and select IMAP tab Messaging Settings Messaging Settings Domino Web Access IMAP Comments Basics Public and Other Users Folders Advanced Public and other users folders Enabled 4 support Include all public and other users T Enabled 5 folders when a folder list is requested Public folder prefix Public Folders Public folder database links x SE Other users folder prefix f Other Users Other users domain delimiter Ta IMAP users who can change other j sE users unread marks Screenshot 9 Include all public and other users folders when a folder list is requested 5 Select Public and Other Users Folders tab Right click and paste on the Public Folders Database Links and enable the Include all public and other users folders when a folder list is requested 6 Save and close the document GFI MailEssentials 3 Installation 37 New Mail In Database X saveaClose Get Certificates X Cancel Mail In Database Basics Other Comments Administration Mail in name Public Folder Domain T Acme 5 Des
295. racing Quarantine Other FO 4 Configure other advanced options Remoting Ports Remoting ports enable the different GFI MailEssentials modules to communicate with each other Ports which are used by third parties will result in loss of functionality and conflicts Current Ports 9030 GFI MailEssentials Backend 9091 GFI MailEssentials Attendant oS feo 5 GFI MailEssentials Autoupdater M Failed Mail Notifications This option sends notifications to the administrator s email address when emails fail to be scanned for Malware and Content Filtering V Send Notifications on Failed Mail OK Cancel Apply Screenshot 139 Enabling Failed emails notification 2 3 Select Send Notifications on Failed Mail Click Apply NOTE Some services are temporarily stopped while performing this operation This may affect mail flow and or email scanning Click Yes to restart the displayed services 5 Click OK 11 5 Tracing GFI MailEssentials provides the facility of creating log files for debugging purposes Use tracing for troubleshooting purposes or when contacting GFI Support Disable tracing if there are performance issues with the GFI MailEssentials machine When enabled GFI MailEssentials stores a number of log files in the following folders GFI MailEssentials 11 Miscellaneous topics 250 lt GFI MailEssentials installation path gt GFI MailEssentials DebugLogs
296. rator istrator email address page 233 Notify local Notify the email local recipients about the blocked email user 5 To log the activity of this engine to a log file select Log occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are stored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log Step 3 Specifying users to whom this rule applies 1 By default the rule is applied to all email users GFI MailEssentials however allows you to apply this rule to a custom list of email users specified in the Users Folders tab GFI MailEssentials 7 Content Filtering 183 General Body Subject Actions Users Folders Oy Keyword Filtering Users Folders Please select users this rule will apply to Only this list All except this list Remove Screenshot 102 Content Filtering Users Folders Tab 2 Specify the users to apply this rule to Only this list Apply this rule to a custom list of email users groups or public folders All except this list Apply this rule to all email users except for the users groups or public folders specified in the list 3 To add email users user groups and or public folders to the list click Add User Lookups ga Select User Group Name Email Address Email Aliases E John Smith jsmith domaina tcv No oth
297. rator when updates updates are available for this engine This option will NOT download the available updates auto matically Check for Select this option if you want GFI MailEssentials to check for and automatically download any updates updates and available for this engine download GFI MailEssentials 5 Email Security 98 10 Specify how often you want GFI MailEssentials to check download updates for this engine by spe cifying an interval value in hours 11 From Update options area select Enable email notifications upon successful updates to send an email notification to the administrator whenever the engine updates successfully NOTE An email notification is always sent when an update fails 12 To check for and download updates immediately click Download updates 13 Click Apply 5 4 Email Exploit Engine The Email Exploit Engine blocks exploits embedded in an email that can execute on the recipient s machine either when the user receives or opens the email An exploit uses known vulnerabilities in applications or operating systems to compromise the security of a system For example execute a program or command or install a backdoor 5 4 1 Configuring the Email Exploit Engine 1 Go to Email Security gt Email Exploit Engine General Actions Updates Pe Email Exploit Engine Email checking Scan Inbound SMTP Email V Scan Outbound SMTP Email Screenshot 56 Email Exploit configuration 2 From the
298. re MSI and ADM files 1 From the GFI MailEssentials server go to the GFI MailEssentials installation folder and open the Outlook sub folder 2 Copy the MSI and the ADM files to a shared folder that is accessible by all users that will have SpamTag installed Ensure that users have at least Read permissions to the folder Step 2 Deploy SpamTag 1 On the domain controller open Server Manager 2 Expand Server Manager gt Features gt Group Policy Management gt Forest gt Domains gt domain name Right click the domain name or an organizational unit and select Create a GPO in this domain and Link it here 3 Enter a name for the new Group Policy Object GPO For example GFI MailEssentials SpamTag Click OK 4 Right click the newly created GPO and click Edit 5 In the Group Policy Management Editor window expand Computer Configuration gt Policies gt Software settings gt Software Installation Right click Software Installation gt New gt Package to con figure the GPO to install on log in 6 Enter the network path of the shared folder that contains the SpamTag MSI package Click OK NOTE When selecting the location of the MSI file ensure that this is done through My network locations so that the share name in GFI MailEssentials includes the full network share location rather than the local path 7 In the Deploy Software pop up select Assigned and click OK 8 The new package is now added under
299. red when installing on Microsoft Windows Server 2008 2008R2 GFI MailEssentials 3 Installation 23 MSMQ Microsoft Messaging Queuing Service for more information refer to e Installing MSMQ on Windows Server 2012 e Installing MSMQ on Windows Server 2008 e Installing MSMQ on Windows Server 2003 NOTE For more information on how to install pre requisites on Microsoft Windows Server 2008 refer to http go gfi com pageid ME_Win2008 For more information on how to install pre requisites on Microsoft Windows Server 2012 refer to http go gfi com pageid ME_Win2012 NOTE GFI MailEssentials Information Store Protection cannot be used if any other software is registered to make use of Microsoft Exchange VSAPI NOTE GFI MailEssentials can also be installed in virtual environments such as Microsoft Hyper V and VMWare virtualization software Microsoft Virtual Server cluster group resource with a physical disc cluster This is required ONLY for environments running Microsoft Exchange 2003 clusters For more information refer to Microsoft Exchange 2003 Clusters page 30 NOTE For more information on how to create a Resource Group for an Exchange Virtual Server ina Windows Server Cluster refer to http g0 gfi com pageid ME_Clusterresourcegrouphowto 3 1 3 Antivirus and backup software Antivirus and backup software scanning may cause GFI MailEssentials to malfunction This occurs when such software denies
300. reen 3 Choose whether to Create a new Bayesian Spam Profile bsp file or update an existing one Specify the path where to store the file and the filename Update the Bayesian Spam profile used by the Bayesian Analysis filter directly when installing on the same machine as GFI MailEssentials Click Next to proceed 4 Select how the wizard will access legitimate emails Select Use Microsoft Outlook profile configured on this machine Retrieves emails from a Microsoft Outlook mail folder Microsoft Outlook must be running to use this option Connect to a Microsoft Exchange Server mailbox store Retrieves emails from a Microsoft Exchange mailbox Specify the logon credentials in the next screen Do not update legitimate mail ham in the Bayesian Spam profile skip retrieval of legitimate emails Skip to step 6 Click Next to continue 5 After the wizard connects to the source select the folder containing the list of legitimate emails e g the Sent items folder and click Next 6 Select how the wizard will access the source of spam emails Select Download latest Spam profile from GFI website Downloads a spam profile file that is regularly updated by collecting mail from leading spam archive sites An Internet connection is required Use Microsoft Outlook profile configured on this machine Retrieves spam from a Microsoft Outlook mail folder Microsoft Outlook must be running to use this option
301. rent application 00 0 00000000 2202 e cece 37 Include all public and other users folders when a folder list is requested 2 37 New mail in database _2 2 0 00 eee eee eee eee eeeeeeeees 38 Enable Public Folder Scanning 0 02202 c cece cece cece cece cece ececeeeeeeeeeeceeeeeeeees 39 Specifying administrator s email address and license key 22 2 220 2222 eee eee e eee 41 SMTP server and virtual directory details 000 elec cece eee cece eee e eens 42 DNS Server settings 000 000 o ccc cece ce eee cece cece eee eeeeeeeeeeeeeeeeeeeeeeeeee 43 Proxy SCUINGS ices toe ete ah Se eee eee ee eet ee eects ae 44 Inboundiemail GOmains sisirin irese dneni pr EEE ees E n TEE E Tide pe ER 44 SMTP Server settings 2 2 2 aaea adanadan oaoa oraraa eaaa ear naana 45 Selecting the default anti spam action to use 22 22 22 c eee 46 Creating a test rule on Keyword filtering 2 0 02 c cco eee eee cece ce eeeeeeeeeees 51 Test email blocked by Test rule 2 0 0 0 2 cece e eee c cece eee ceeeeeeceeeeeeeeees 52 The GFI MailEssentials Dashboard 20 0cccc cece cence cence ee eneeeeeneeeeeeeeeeneeenaes 54 The GFI MailEssentials Services 0 22 0 2 00 2 c occ eee rrun eee eee ence eeeee eee 55 Quarantine Statistics o e 02 esis saben es dence eet Sede iebead beak oo eka eee reee oer eed 55 Dashboard Charts 22 teeta cece aback hc tdeot doth labda
302. rm memory checks to help prevent malicious code from running on a system If you installed GFI MailEssentials on an operating system that includes DEP you will need to add the GFI MailEssentials scanning engine GFiScanM exe and the Kaspersky Virus Scanning Engine kavss exe executables GFI MailEssentials 3 Installation 49 NOTE This is required only when installing on Microsoft Windows Server 2003 SP 1 or SP 2 To add the GFI executables in the DEP exception list 1 From Control Panel open the System applet 2 From the Advanced tab under the Performance area click Settings 3 Click Data Execution Prevention tab 4 Click Turn on DEP for all programs and services except those select 5 Click Add and from the dialog box browse to lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity and choose GFiScanM exe 6 Click Add and from the dialog box browse to lt GFI MailEssentials installation path gt GFI MailEssentials AntiVirus Kaspersky and choose kavss exe 7 Click Apply and OK to apply the changes 8 Restart the GFI MailEssentials Autoupdater service and the GFI MailEssentials AV Scan Engine services 3 5 2 Test your installation After configuring all post install actions GFI MailEssentials is ready to start protecting and filtering your mail system from malicious and spam emails Ensure that GFI MailEssentials blocks unwanted emails To do this send inbound and outbound test emai
303. rs gt Add to whitelist public folder 2 Drag and drop emails or newsletters to Add to whitelist public folder Adding discussion lists to the whitelist Emails sent to discussions lists have the discussion list s email address as the recipient of the message To receive emails from specific discussion lists the list s email address needs to be whitelisted 1 Using your email client example Microsoft Outlook locate the GFI AntiSpam Folders gt want this Discussion list public folder 2 Drag and drop discussion lists to the want this Discussion list public folder Using legitimate emails to train the Bayesian filter 1 In the public folders of the mail client example Microsoft Outlook locate the GFI AntiSpam Folders gt This is legitimate email public folder 2 Drag and drop emails to the This is legitimate email folder Managing spam While GFI MailEssentials starts identifying spam emails right out of the box there may be instances where spam makes it through undetected to the users mailbox Typically this might be either due to configuration settings that have not yet been performed or to new forms of email spam to which GFI MailEssentials has not yet adapted itself In both cases these situations are resolved when GFI MailEssentials is configured to capture such spam In these cases users should add such emails to Add to blocklist and This is spam email folders to teach GFI MailEssentials that the emai
304. rsion of GFI MailEssentials introduced a number of changes over the functionality available in the above versions For more information refer to the GFI MailEssentials Upgrade Guide Major changes include GFI MailEssentials 3 Installation 47 Anti spam and anti virus features are merged in one solution A new web based user interface Difference in the anti virus engines available x gt Reporting is integrated within the user interface Multi Server x gt Other updates Choose the environment that you are upgrading over GFI MailEssentials versions 12 14 2010 GFI MailSecurity versions 10 1 2011 Both GFI MailEssentials amp GFI MailSecurity Upgrading over GFI MailEssentials versions 12 14 2010 Anti Spam and Anti Phishing features are licensed on upgrade The Anti Virus and Anti Malware features are on a 30 day trial period Install GFI MailEssentials as if installing for the first time For more information refer to Installation procedure page 39 As from GFI MailEssentials 2015 the Anti spam synchronization agent feature has been deprecated and is now replaced with the GFI MailEssentials Multi Server feature This will need to be reconfigured on upgrade For more information refer to GFI MailEssentials Multi Server page 273 For upgrades on Microsoft Exchange 2007 amp over the Post Installation wizard is displayed after the installation It displays the list of Microsoft Exchange s
305. rule example GFI MailEssentials SPAM and click Next 5 In the Conditions area select When the Subject field contains specific words 6 In the Edit rule area click Specific Words to enter the words used for tagging Type the tag specified in the spam actions of each spam filter example SPAM and click Add Click OK when all words are added and click Next 7 In the Actions area select Set the spam confidence level to value 8 In the Edit rule area click O and set the confidence level to 9 Click OK and click Next 9 Optional Set any exceptions to this transport rule and click Next GFI MailEssentials 11 Miscellaneous topics 256 10 Click New to create the new Transport Rule NOTE Ensure that the Junk E Mail folder is enabled for the users mailboxes The transport rule created will now forward all emails which contain the GFI MailEssentials tag to the users Junk E mail folder 11 7 2 Microsoft Exchange Server 2003 GFI MailEssentials includes a Rules Manager utility that automatically moves emails tagged as spam to the users mailbox IMPORTANT To use Rules Manager in Spam Actions select the Tag the email with specific text option and specify a tag Install Rules Manager on the Microsoft Exchange Server 1 From the GFI MailEssentials machine go to lt GFI MailEssentials installation path gt GFl MailEssentials Antispam 2 Copy the following files to a folder on the Microsoft Exchange Server
306. rvers without any further configuration Microsoft Exchange Server 2013 NOTE Information Store Protection VSAPI is not supported on Microsoft Exchange Server 2013 because VSAPI was removed from Microsoft Exchange Server 2013 Microsoft Exchange Server 2010 Microsoft Exchange Server 2007 SP1 or higher Microsoft Exchange Server 2003 For more information refer to Installing on the Microsoft Exchange server page 26 GFI MailEssentials can also be installed in an environment with any SMTP compliant mail server In this case GFI MailEssentials should be installed on the gateway perimeter server so that spam is filtered before reaching the mail server For more information refer to Installing on an email gateway or relay perimeter server page 26 Supported Internet browsers GFI MailEssentials can be used with the following Internet browsers Microsoft Internet Explorer 8 or later Google Chrome version 22 0 1229 94 October 10 2012 or later Mozilla Firefox version 16 0 2 October 26 2012 or later Other required components Internet Information Services IIS World Wide Web service Internet Information Services IIS SMTP service Except when installing on Microsoft Exchange 2007 2010 2013 server Microsoft NET Framework 4 WCF HTTP Activation required when using SpamTag plugin for Microsoft Outlook Windows Authentication role and Static Content services Requi
307. s Group authorization No E Enabled Yes Ji Screenshot 4 Lotus Domino LDAP Settings GFI MailEssentials 3 Installation 34 In the server configuration one must edit the credentials under the configuration Anonymous authentication must be enabled so that GFI MailEssentials can access the Lotus Domino LDAP Basics Security Ports Server Tasks Internet Protocols MTAs Miscellaneous Transactional Logging Shared Mail Notes Network Ports Internet Ports Proxies SSL key file name keyfile kyr SSL protocol version for use with all protocols except HTTP Accept SSL site certificates C Yes No Accept expired SSL certificates Yes No SSL ciphers RC4 encryption with 40 bit key and MD5 MAC Modify RC4 encryption with 128 bit key and MD5 MAC RC4 encryption with 128 bit key and SHA 1 MAC DES encryption with 56 bit key and SHA 1 MAC Triple DES encryption with 168 bit key and SHA 1 MAC Enable SSL V2 l Yes SSL V3 is always enabled Negotiated Web Directory Mail DIIOP Remote Debug Manager Server Controller TCP IP port number 389 TCP IP port status Enabled Enforce server access No settings Authentication options Name amp password Yes Anonymous Yes SSL port number 636 SSL port status Disabled Authentication options Client certificate No Name amp password No Anonymous Yes Screenshot 5 Enable Anonymous Authentication Lotus Domino Anti Spam Fold
308. s Also provide a description for the server in the Description field NOTE The SMTP Server field supports the following types of entry A single IP Address A CIDR range for example 192 0 2 1 24 4 Click Add SMTP Server to save SMTP server details GFI MailEssentials 6 Anti Spam 126 NOTE To remove previously added SMTP servers select an SMTP server from the Authorized IP Address list and click Remove Selected By default Use authorized IP addresses from perimeter server and Do not block authenticated connections are enabled It is not recommended that these options are disabled NOTE Do not block authenticated connections checkbox does not apply for Microsoft IIS and Microsoft Exchange 2003 It only works with Exchange 2007 or later 6 1 10 Greylist The Greylist filter temporarily blocks incoming emails received from unknown senders Legitimate mail systems typically try to send the email after a few minutes spammers simply ignore such error messages If an email is received again after a predefined period Greylist will 1 Store the details of the sender in a database so that when the sender sends another email the email will not be greylisted 2 Receive the email and proceed with anti spam scanning Greylist is NOT enabled by default Important Notes 1 To enable Greylist GFI MailEssentials must be installed on the perimeter SMTP server For more information refer to http go gfi com pageid ME_Greyl
309. s 244 11 4 Failed emails sone os ceva becca aeiia ea ere iet E dxtiseadcuceseviaucaceasearesci sexe 248 UA AGUNG seee E oe te oe ee cree ee a oes Senta 250 11 6 POP2Exchange Download emails from POP3 server 0 2 2ceeeeee ee ee eee 252 11 7 Moving spam email to user s mailbox folders _ 2 0 0 20 20 0 ccc c cece cece eee e cee eee 256 11 8 Move spam to Exchange 2010 folder _ 2 0 0 0 o ooo c cece cece eee c eee eececceceeeee 258 11 9 Exporting and importing settings manually _ 2 20 0 0 002 c eee cece cece e cee eee 259 11 10 Disabling email processing _ 22 22 2020 0 20 e ccc e cece eee ec ccc ececcececceceececsececes 265 11 11 Email backup before and after processing 0 2 0 2 0 0 20 e cece ec ece cece eee ec eee 266 11 12 Remoting ports 0 000000000000 oaoa 00000000000 c ec cece cee ee eee eeeeeeceeceeceeereceereceeeees 267 11 13 Monitoring Virus Scanning API _ 22 22 0020 eee eee cece eee eeceeeeeeeeee 268 11 1 Installation information Version Information 3rd Party Licenses vop Version Information Product description Product name GFI MailEssentials for Exchange SMTP Company name GFI Software Ltd Current build version information Version 2014 Build 20130830 Check if newer build exists Screenshot 135 Version Information page GFI MailEssentials 11 Miscellaneous topics 243 To view the GFI MailEssentials version information navigate to About node The Version I
310. se LDAP lookups NOTE WhenGFI MailEssentials is behind a firewall this feature might not be able to connect directly to the internal Active Directory because of Firewall settings Use LDAP lookups to connect to the internal Active Directory of your network and ensure to enable default port 389 on your Firewall Use LDAP Select this option when GFI MailEssentials is installed in SMTP mode and or when GFI MailEssentials does lookups not have direct access to the full list of users 4 Specify the LDAP server name or IP address in the Server text box NOTE In an Active Directory environment the LDAP server is typically the Domain Controller or Global Catalog 5 Specify the port number default 389 in the Port text box If connection to the LDAP server is via SSL select Use SSL and the default port changes to 636 NOTE Ensure that the port is enabled from the Firewall 6 Click Update DN list to populate the Base DN list and select the Base DN that is the top level in the Active Directory hierarchy 7 If your LDAP server requires authentication specify the User and Password Alternatively if no authentication is required select Anonymous bind 8 Test your configuration settings by specifying a valid email address in the Email address box and click Test If the email address is not found review the configuration settings 9 To log Nonexistent Recipient activity to a log file select Log occurrence to this file and specify
311. se of content filtering there is a difference from how white lists and blocklists are merged In the case Keyword Filtering Rules Attachment Filtering Rules Advanced Content Filtering Rules and Decompression settings rules and settings from every server are gathered and merged into a single list Each filter has an internal last modified time which is then used to determine whose rule setting is the latest So for example if there are 2 rules with same name on 2 different servers only the latest one is merged Every update done on a server is immediately synchronized to all the other servers This effectively means that changes are immediately available on all servers This applies to the following Rules and engines Keyword Filtering Rules Attachment Filtering Rules A Advanced Content Filtering Rules Decompression Engine Quarantine Reporting synchronization GFI MailEssentials 12 GFI MailEssentials Multi Server 273 All slave machines upload all the local reporting quarantine database data to the machine hosting Quarantine Reporting This server would require ample disk space since it needs to write quarantine of both spam amp malware and reporting data If there s no connection to server for example a network outage slave servers save records locally until the connection is re established When a machine is set to send all reporting quarantine data all current data in the local databases is transferred
312. sender s domain to their Personal Whitelist To enable this option the Personal Whitelist must be enabled A sub option is shown under Not Spam button that enables users to whitelist newsletters discussion lists To enable this option the Personal Whitelist must be enabled 4 From the Advanced tab configure the following advanced options option Description O Import Outlook Junk Settings to Personal Block list and Personal Whitelist Import Outlook contacts to Per sonal Whitelist Override Microsoft Outlook Junk Hide the Con sole button 5 Click Apply IMPORTANT Imports the addresses listed in Microsoft Outlook Safe Senders and Blocked Senders into the GFI MailEssentials Personal Whitelist and Personal Blocklist The list of Safe Senders and Blocked Senders in Microsoft Outlook is available from Junk gt Junk e mail options NOTE Imports are done automatically in the background by SpamTag every 2 hours and the user does not configure or see any options on screen NOTE When the user uses Microsoft Outlook that is installed on a battery powered device such as a laptop or tablet automatic synchronization is not done to economize on battery life Imports the list of Microsoft Outlook contacts to the Personal Whitelist NOTE Imports are done automatically in the background by SpamTag every 2 hours and the user does not configure or see any options on screen NOTE When the user uses Microsoft Outlook tha
313. sentials installation path gt GFI MailEssentials and launch meconfigmgr exe NOTE Duration of the import process depends on size of the databases to be imported 4 Click Import choose folder containing import data and click OK WARNING The import process replaces the configuration files with the files found in this folder GFI MailEssentials 11 Miscellaneous topics 261 NOTE Some imported settings may not be appropriate for the installation of GFI MailEssentials may need to be re configured This is possible for example DNS settings domains list and perimeter servers are different from the server from which settings were exported Click Yes to launch the GFI MailEssentials Post Installation wizard to reconfigure important settings For more information refer to Post Installation Wizard page 43 It is also recommended to verify the following settings that are not configured during the Post Installation wizard Directory Harvesting This must be verified when importing to a server that connects to a dif ferent Active Directory or with an Active Directory which is located on a different server For more information refer to Directory Harvesting page 112 Spam Actions Some spam actions are only available for Microsoft Exchange environments If importing settings to a different environment for example on an IIS Server actions will not work For more information refer to Spam Actions What to
314. server proxy settings 00 0 0 00 e cece eee e oaaao aaan aoaaa 235 Local Domains ist ersa iien Sn tates dee WS sone tte ios heed ob at on sdetaelunctecavecestdedacteee ns 236 View and install product updates 2 2 22 022 022 e eee cece eee eeceeeeeeeeeeeeees 240 Disable or modify product update schedule 2 222 o occ eee eee e cece ee eeeeeeeees 241 Access control settings 0 020000000 c cece cece e cece ceeeeeeeeeeeeceeeeeeeeeeee 242 Version Information page l 00000000000000 cece cece cece cece e eee ceeeeeeeeeeeeeeeeeeeeeeeeeees 243 GFI MailEssentials Switchboard Ul Mode 220 cece cece ence ee eeeeeeeeeeeeneeeeeees 245 IIS Security ACL tabs o ence she ust oo cebu oh A Sh eu eet Aen 8h co a te 247 IIS Security Authentication tab 00 00000000 e eee E ETENEE I EE 248 Enabling Failed emails notification 0 0 200000 c ccc cece cece cee ceeecececeeeeeees 250 Configuring Tracing options 000 00 c cece e cece cece aAa 251 The GFI MailEssentials POP3 downloader 0 2000 22 ec cece cece eee e eee cence eee 253 DialUP ONGO a Gaira das dnseein td oo scs de bh Soret hee as dascla teak Soc babe es 255 Configuration Export Import Tool 00 02000000 c cece ccc cece cece ceeeeeeeeeeeeeeeees 260 Exporting settings via command line 0 2 2 2 0 eee cece eee eee ee ee eee eeeeeeeeeees 263 Importing settings via command line 2 0000 e cece ccc ceeeceeee
315. spam Creating a tailor made Bayesian word database Before Bayesian filtering is used a database with words and tokens for example sign IP addresses and domains etc must be created This can be collected from a sample of spam email and valid email referred to as ham A probability value is then assigned to each word or token this is based on calculations that account for how often such word occurs in spam as opposed to ham This is done by analyzing the users outbound email and known spam All the words and tokens in both pools of email are analyzed to generate the probability that a particular word points to the email being spam This probability is calculated as per following example If the word mortgage occurs in 400 out of 3 000 spam emails and in 5 out of 300 legitimate emails then its spam probability would be 0 8889 i e 400 3000 5 300 400 3000 Creating a custom ham email database The analysis of ham email is performed on the company s email and therefore is tailored to that particular company Example A financial institution might use the word mortgage many times and would get many false positives if using a general anti spam rule set On the other hand the Bayesian filter if tailored GFI MailEssentials 14 Appendix Bayesian Filtering 288 to your company through an initial training period takes note of the company s valid outbound email and recognizes mortgage as bein
316. sses legitimate email ham by scanning outbound emails The Bayesian filter can be enabled after it has collected at least 500 outbound emails If you send out mainly English email or 1000 outbound mails If you send out non English email To do this 1 Go to Anti Spam gt Anti Spam Filters gt Bayesian Analysis 2 Select Automatically learn from outbound e mails 3 Click Apply Method 2 Manually through existing email Copying between 500 1000 mails from your sent items to the This is legitimate email sub folder in the GFI AntiSpam Folders public folders trains the Bayesian filter in the same way as live outbound email sending NOTE To use this option Public Folder Scanning must be enabled For more information refer to Public Folder Scanning page 165 Stage 2 Enabling the Bayesian filter After the Bayesian filter is trained it must be enabled 1 From GFI MailEssentials configuration console go to Anti Spam gt Anti Spam Filters gt Bayesian Analysis 2 From the General tab select Enable Bayesian Analysis GFI MailEssentials 6 Anti Spam 136 General Updates Actions hi Configure the Bayesian Analysis settings Bayesian options Enable Bayesian Analysis Allow GFI MailEssentials to learn for a minimum of one week depending on your mail volume from your outbound mail before enabling Alternatively run Bayesian Wizard see Administrator Guide for more information Automatically learn from outbound e ma
317. t is installed on a battery powered device such as a laptop or tablet automatic synchronization is not done to economize on battery life When selecting this option the options that are enabled in SpamTag override the equivalent settings in Microsoft Outlook Junk to ensure that only one anti spam management system is utilized on client side When users use a Microsoft Outlook Junk option a SpamTag function is run instead For example if users click Never Block Sender in Outlook Junk the Not Spam function of SpamTag is run instead NOTE If a particular option is not enabled in SpamTag and user utilizes the equivalent function in Outlook no action is taken when the Outlook Junk function is used For example if Not Spam button is not enabled nothing will happen when users click Never Block Sender Hides the Console button from the SpamTag toolbar No direct access to the GFI MailEssentials con sole is provided but users can still log in by manually typing the URL in a browser The settings provided to the user in the GFI MailEssentials console depend on Active Directory permissions or other custom Access Control settings For more information refer to Access Control page 241 SpamTag checks which features are enabled or disabled in GFI MailEssentials when Microsoft Outlook starts After changing any of the above settings Microsoft Outlook needs to be restarted to apply changes GFI MailEssentials 6 Anti Spam 160 6 7 2 SpamTag requ
318. t update schedule 2 Edit the following options Manual Disables the schedule Check for updates will only be triggered manually Automatic Enables the schedule Also configure the schedule that the update will follow Daily Checks for updates daily at the set time Weekly Checks for updates weekly at the set date and time First Checks for updates on the first day of the month that is chosen and at the specified time Last Checks for updates on the last day of the month that is chosen and at the specified time 3 Click Apply 10 9 Access Control Allow or block access to various features of GFI MailEssentials for particular domain users or groups Users can access the Web UI of GFI MailEssentials using their domain credentials The features shown to logged in users depends on the Access Control configuration GFI MailEssentials 10 General Settings 241 NOTE Configuring access control from the web UI is only possible when GFI MailEssentials is running in IIS mode and can be accessed over the network Access Control is configurable from the Switchboard when GFI MailEssentials is running in Local mode For more information refer to Access Control List page 246 The Domain Admins group in an Active Directory environment only and the server administrator account group are automatically given full access privileges to all features of GFI MailEssentials Other users or groups can be given full or partial access to c
319. tation Over time log files may become very large GFI MailEssentials enables log rotation where new log files are created periodically or when the log file reaches a specific size To enable log file rotation GFI MailEssentials 6 Anti Spam 152 1 Go to Anti Spam gt Anti Spam Settings DNS Server Public Folder Scanning Remote Commands Anti spam logging Global Actions Perimeter SMTP Servers i Ey Anti spam filter log file configuration Rotation Enable log file rotation by size or time to control the size of anti spam filter log files V Enable log file rotation gt by time Screenshot 90 Log file rotation 2 From the Anti spam logging tab select Enable log file rotation and specify the rotation condition by size or by time 3 Provide the size or time values and click Apply 6 6 2 Anti Spam Global Actions A lot of spam is sent to email addresses that no longer exist Generally these emails are simply deleted however for troubleshooting or evaluation purposes you might want to move these emails to a folder or forward them to a particular email address NOTE This section only applies for installations on Microsoft Exchange Server that have spam action Move to subfolder of user s mailbox enabled For more information refer to Spam Actions What to do with spam emails page 144 On other mail servers the anti spam global actions tab will not appear Configuring Anti spam global actions 1 Go to Anti
320. tch to another cluster node NOTE GFI MailEssentials can only be installed in an Active Passive cluster environment In an active passive cluster a failover mechanism ensures that whenever an active cluster fails one of the available passive nodes becomes active i e takes over the role of the failed node To install GFI MailEssentials on a Microsoft Exchange Server 2000 2003 cluster ensure that Any running applications are closed Microsoft Exchange Server 2000 2003 is installed in clustered mode An Exchange Virtual Server cluster group resource exists and includes among other things a Phys ical Disk cluster resource All cluster nodes should be turned off except the node where GFI MailEssentials will first be installed 1 Start the installation process and ensure that e All files are installed on the shared hard drive e You are installing on the machine s Default Website 2 On completion start default website using IIS Manager 3 Go to Control Panel gt Administrative Tools gt Cluster Administrator and create a new resource group Right click Groups gt New gt Group 4 KeyinGFI MailEssentials asthenameand Services for GFI MailEssentials as the description Click Next 5 Move all available nodes to Preferred Owners and click Finish 6 Right click GFI MailEssentials gt New gt Resource 7 Set the name as GFI List Server 8 Set Resource Type to Generic Servi
321. tering 191 Size of decompressed files in archives Amount of files in archives Scan within archives 7 4 1 Configuring the decompression engine filters To configure decompression engine filters 1 Navigate to Content Filtering gt Decompression node Decompression J Decompression Engine lt Configure how compressed attachments rar zip files are processed Disable Selected Enable Selected Description Check password protected archives Check corrupted archives Check for recursive archives Check size of uncompressed files in archives Check for amount of files in archives Scan within archives Screenshot 108 Decompression engine checks 2 Click the decompression filter to configure Check password protected archives Check corrupted archives Check for recursive archives Check size of uncompressed files in archives Check for amount of files in archives Scan within archives Check password protected archives 1 Navigate to Content Filtering gt Decompression node 2 From the list of available filters click Check password protected archives 3 To enable this filter select Check password protected archives GFI MailEssentials Status Enabled Enabled Enabled Enabled Enabled Enabled 7 Content Filtering 192 4 Specify what to do when an email contains an archive that triggers this filter Foption Descrip
322. teteseeseesees 237 TOO LIGENSING oaeen sasea eld certs a hua ot co aaa a Mia tid ca ph icant tpg 237 10 7 SMTP Virtual Server bindings 2 2 2 0 00 0 0 ccc cece ccc cnccncceccecccceeceeceeseeseesstsesseees 238 10 8 Product Updates 20 2 0 ooo ccn cece cece cc cecceceeceeseeseeecensenseceeneetseesetseeaeens 239 TOI ACCESS Contr Obain mtn hI nae 2 A Sea S nh whet 8 nein An Doh Spl Yn tel its Dolan Val dala S Se 241 11 Miscellaneous topics o oo cece ccc cece ceccccceccecceceeseeeeeceessessetetnseceeeseteeeees 243 11 1 Installation information _ 2200020 200 occ e eee Laaa 243 11 2 Virtual directory NAMES 2 2 22 occ eee enc ec ccc ceccecceeceececeteenceeseceetseeeeseeneenes 244 4123 User intentace MOde A es ok besten cs lash ane toa edoer ie enact aes 244 11 4 Failediemalls 2 2 2 2e25 titer piel Liesl eet at Et eel ok tet oie BAM ee ren gy 248 Ve AGING soso tree ph eh taints delta adic a ta ene a ta duty dal e e Selah Sh iia lah td 250 11 6 POP2Exchange Download emails from POP3 server 2 2 20 2ccecceccecceeceeeeeees 252 11 7 Moving spam email to user s mailbox folders 2 0 2 2 cece cece cece ceccceccecceceeceesees 256 11 8 Move spam to Exchange 2010 folder 2 2 2 0 0 200 c ccc cece cece cnccnccecenceeceeceeseeseesees 258 11 9 Exporting and importing settings manually 0 00 00 0200 2 ccc ccc cece ccc cecceccecceseeees 259 11 10 Disabling email processing 2 2 2 2 2c cece cec
323. the email body and attachments 2 4 2 Content filtering engines The following engines scan the content of emails checking for parameters matching configured rules Email scanning engine Description Keyword Filtering Keyword Filtering enables you to set up rules that filter emails with particular keywords or a combination of keywords in the body or subject of the email Attachment Filtering Attachment Filtering allows you to set up rules to filter what types of email attachments to allow and block on the mail server Decompression engine The Decompression engine extracts and analyzes archives compressed files attached to an email Advanced Content Fil Advanced Content filtering enables scanning of email header data and content using tering advanced configurable search conditions and regular expressions regex 2 4 3 Anti spam filtering engines The following engines scan and block spam emails GFI MailEssentials 2 About GFI MailEssentials 16 FILTER DESCRIPTION ENABLED BY DEFAULT SpamRazer An anti spam engine that determines if an email is spam by using email Yes reputation message fingerprinting and content analysis Anti Phishing Blocks emails that contain links in the message body pointing toknown Yes phishing sites or if they contain typical phishing keywords Directory Harvesting Directory harvesting attacks occur when spammers try to guess email Yes only if GFI MailEs addresses by attaching well known usern
324. ties Top 20 The top 20 contacts with whom the selected user communicated the most Color codes indicate the different contacts contacts domains The table indicates the total number of sent amp received emails with that contact together with the date and time when the last email communication occurred GFI MailEssentials 4 Monitoring status 71 Top 20 Contacts Last 30 days Total Total ee Contacts Internal P 914c5c3d 53a1 4e2e 98e4 20 20 219a8734f78 domain local 100 of Total 100 of Total 5 Contacts Contacts domain local hjzniuvwdx hebfctwita fbnywkpby fbipxyfzdh Administrator exidccluqs eeamyrnwg j diseebhfft e 98e4 e219a8734F Screenshot 36 Maillnsights Communication Flow report GFI MailEssentials Total Top External External 0 0 of Total 0 Contacts domain remote hxvjmppuab hvdcatnckw eztrxvhblib sbkz bzvjhfcaqd 4 Monitoring status 72 5 Email Security The security filters of GFI MailEssentials offer protection against virus infected and other malicious emails Topics in this chapter 5 1 Virus Scanning Engines aaan ooo ccc e a ooo oono DDD D D D D Do 2r rron 73 5 2 Information Store Protection 2 220 022 2202 e cee nan 92 5 3 Trojan and Executable Scanner _ 0 0 0 2 o coe ccc cece cece e cee ecceceececcececeececeeces 95 5 4 Email Exploit Engine sects scccuredecscusadbiacsuigveeesvisiwebudyiucsdeveiewaciwulyesveediuinedivd
325. tify legitimate email Emails that match these criteria are not scanned by anti spam filters and are always delivered to the recipient Emails can be whitelisted using the following criteria Sender s email address email domain or IP address Senders to whom an email was previously sent Auto whitelist x gt Recipient exclude local email addresses from having emails filtered Keywords in email body or subject The whitelist and Auto Whitelist features are enabled by default Important notes Using the Auto Whitelist feature is highly recommended since this eliminates a high percentage of false positives In Keyword Whitelist it is recommended to add terms that spammers do not use and terms that relate to your nature of business for example your product names Entering too many keywords increases the possibility of emails not filtered by GFI MailEssentials and delivered to users mailboxes Whitelisting an internal user defeats the purpose of the Anti Spoofing filter For more information refer to Anti Spoofing page 125 Configuring Whitelist 1 Go to Anti Spam gt Whitelist GFI MailEssentials 6 Anti Spam 138 Whitelist Auto Whitelist Keyword Whitelist Personal Whitelist IP Whitelist Actions g Specify which email addresses will not be filtered for spam V Enable email whitelist Whitelist Entry Email Address Domain D E Email Type Checksender o yo Description Email Description
326. tion Quarantine Quarantines blocked emails Automatically Delete Deletes blocked emails NOTE When GFI MailEssentials is installed on same machine as Microsoft Exchange 2003 GFI MailEssentials may not be able to block outbound emails but instead replaces the blocked content with a threat report 5 Select Send a sanitized copy of the original email to recipient s to choose whether to send a copy of the blocked email to the recipients 6 Click the Actions tab to configure further actions 7 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options Foption Description Notify admin Notify the administrator whenever this engine blocks an email For more information refer to Admin istrator istrator email address page 233 Notify local Notify the email local recipients about the blocked email user 8 To log the activity of this engine to a log file select Log occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are stored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log 9 Click Apply Check corrupted archives 1 Navigate to Content Filtering gt Decompression node 2 From the list of available filters click Check corrupted archives 3 To enable this filter select
327. tion WebDAV Specify mail server name port default WebDAV port is 80 username password and domain To use a secure connection select the Use SSL checkbox By default public folders are accessible under the public virtual directory If this has been changed specify the correct virtual directory name to access the public folders by editing the text in the URL box GFI MailEssentials 6 Anti Spam 166 Foption Description OOOO Web Services Specify the following details Server mail server name Domain use the local domain NOTE If both a local and a public domain exist always use the local domain Port default Web Services port 80 or 443 if using SSL Username password use credentials with administrative privileges or create a dedicated user from Microsoft Exchange Management Shell by entering the following command to add the appro priate permissions Add ADPermission identity Mailbox Store User NewUser AccessRights GenericALL Replace Mailbox Store with the name of the mailbox store that contains the user mailboxes and NewUser with the username of the created user Use SSL Select this option if Exchange Web Services require a secure connection By default Web Services requires SSL URL By default public folders are accessible under the EWS exchange asmx virtual directory If this has been changed specify the correct virtual directory name to access the public folders by ed
328. to be used for domain lookups DNS Settings Use the DNS server configured for this computer to use Use the following DNS server Test DNS Server Screenshot 92 DNS server settings 1 From the DNS Server tab configure Use the DNS server configured for Select this option to use the same DNS server that is used by the operating sys this computer to use tem where GFI MailEssentials is installed Use the following DNS server Select this option to specify a DNS server that is different than the one used by the local machine 2 Click Test DNS Server to test connectivity with the specified DNS server If unsuccessful specify another DNS server 3 Click Apply 6 6 4 Remote Commands Remote commands facilitate adding domains or email addresses to the Email Blocklist Whitelist as well as update the Bayesian filter with spam or ham valid emails Remote commands work by sending an email to GFI MailEssentials Addressing an email to rcommands mailessentials com configurable will have GFI MailEssentials recognize the email as containing remote commands and processes them as described below With remote commands the following tasks can be achieved 1 Add Spam or ham to the Bayesian Analysis database 2 Add keywords either to the subject keyword checking feature or to the body keyword checking fea ture 3 Add email addresses to the Email Blocklist filter and Whitelist Configuring remote commands 1 Click Anti Spa
329. to perform on messages identified as spam For more inform ation refer to Spam Actions What to do with spam emails page 144 6 Click Apply 6 1 3 Directory Harvesting Directory harvesting attacks occur when spammers try to guess email addresses by attaching well known usernames to your domain The majority of the email addresses are non existent Spammers send emails to randomly generated email addresses and while some email addresses may match real users the majority of these messages are invalid and consequently floods the victim s email server GFI MailEssentials stops these attacks by blocking emails addressed to users not in the organizations Active Directory or email server Directory harvesting can either be configured to execute when the full email is received or at SMTP level that is emails are filtered while they are being received SMTP level filtering terminates the email s connection and therefore stops the download of the full email economizing on bandwidth and processing resources In this case the connection is terminated immediately and emails are not required to go through any other anti spam filters This filter is enabled by default on installing GFI MailEssentials in an Active Directory Environment Directory Harvesting is set up in two stages as follows Stage 1 Configuring Directory Harvesting properties Stage 2 Selecting if Directory Harvesting should be done during the SMTP transmission Stage 1
330. tom list of email users specified in the Users Folders tab GFI MailEssentials 7 Content Filtering 189 General Body Subject Actions Users Folders Oy Keyword Filtering Users Folders Please select users this rule will apply to Only this list All except this list Remove Screenshot 106 Content Filtering Users Folders Tab 2 Specify the users to apply this rule to Only this list Apply this rule to a custom list of email users groups or public folders All except this list Apply this rule to all email users except for the users groups or public folders specified in the list 3 To add email users user groups and or public folders to the list click Add User Lookups ga Select User Group Name Email Address Email Aliases E John Smith jsmith domaina tcv No other aliases Screenshot 107 Add users to a Content Filtering rule GFI MailEssentials 7 Content Filtering 190 4 In the User Lookups window specify the name of the email user user group or public folder that you wish to add to the list and click Check Names Matching users groups or public folders are listed underneath NOTE You do not need to input the full name of the users groups or public folder It is enough to enter part of the name GFI MailEssentials will list all the names that contain the specified characters For example if you input sco GFI MailEssentials will return names such as Scott Adams and Freeman Prescott
331. tor email address page 233 Notify local Notify the email local recipients about the blocked email user 7 To log the activity of this engine to a log file select Log occurrence to this file In the text box spe cify path and file name to a custom location on disk where to store the log file By default log files are stored in lt GFI MailEssentials installation path gt GFI MailEssentials EmailSecurity Logs lt EngineName gt log GFI MailEssentials 5 Email Security 97 General Actions Updates Q Configure the Automatic Updates For This Profile Automatic update options Configure the automatic update options W Automatically check for updates Downloading option Check for updates and download Y Download time interval hour s Last update 06 04 2014 18 35 42 Update options Wi Enable email notifications upon successful updates NOTE Notifications for unsuccessful updates will always be sent Click the button below to force the updater service to download the most recent updates Download updates Update Status No updates currently in progress Screenshot 55 Engine Updates tab 8 From Updates tab select Automatically check for updates to enable automatic updating for the selected engine 9 From Downloading option list select one of the following options Only check for Select this option if you want GFI MailEssentials to just check for and notify the administ
332. tore Items Macro Checking Do not check macros Block all documents containing macros Screenshot 49 McAfee configuration 2 Select Enable Gateway Scanning SMTP check box to scan emails using this Virus Scanning Engine 3 Select whether to scan inbound and or outbound emails using this Virus Scanning Engine Foption Description Scan Inbound SMTP email Select this option to scan incoming emails Scan Outbound SMTP email Select this option to scan outgoing emails 4 If you installed GFI MailEssentials on a Microsoft Exchange machine you will also have the option to scan internal emails and the Information Store Select Scan Internal and Information Store Items GFI MailEssentials 5 Email Security 88 NOTE To use the Information Store Virus Scanning feature you must enable the option from Information Store Protection node For more information refer to Information Store Protection page 92 NOTE In this page you can also review the antivirus engine licensing and version information 5 McAfee Antivirus can also be used to block emails with attachments that contain macros Enable this feature from the Macro Checking area by selecting Block all documents containing macros n Virus Scanner Actions Actions Select the actions to perform when a virus is detected Quarantine item Delete item E Send a sanitized copy of the original email to recipient s NOTE Sanitization does not work for Infor
333. ty ACL tab 3 Click Add and provide the name of the user or group to add to the list 4 Select the type of access to grant Available options are Permission Description Full Access User can access and configure all features of the product Quarantine Access Allows access to quarantine search and search folders Reporting Access Enables users to generate reports RSS Access Allows users to subscribe to the quarantine RSS feeds 5 Click OK to finalize setup To remove access to a user or group select the item to remove and click Remove IIS Authentication Mode The IIS Authentication Mode enables you to choose the authentication method to use when accessing GFI MailEssentials GFI MailEssentials 11 Miscellaneous topics 247 1 Load Switchboard by clicking Start gt Programs gt GFI MailEssentials gt Switchboard 2 Select Ul Mode tab Click IIS Mode and select Security 3 Select Authentication tab x ACL Users Management and Authentication ACL Authentication Yo IIS Authentication Mode Select the Authentication Mode which you would like to use to access GFI MailEssentials m Authentication Modes Windows Mode This option does not provide the ability to log off from GFI MailEssentials user interface and the user log on session does not time out Forms Mode Specify user log on session timeout 30 minutes timeout Screenshot 138 IIS Security Authentication tab 4
334. ty gt SMTP Transmission Filtering tab and click Switch next to IP DNS Blockist to enable disable filtering at SMTP level or on receipt of full email 6 1 7 URI DNS Blocklist Stops emails that contain links to domains listed on public Spam URI Blocklists A Universal Resource Identifier URI is a standard means of addressing resources on the Web GFI MailEssentials 6 Anti Spam 121 Realtime Blocklists RBL detect spam based on hyperlinks in the email known to be used by spammers This filter is enabled by default on installing GFI MailEssentials Configuring URI DNS Blocklist 1 Go to Anti Spam gt Anti Spam Filters gt URI DNS Blocklist General Actions pA URI DNS Blocklist Configuration V Check if mail messages contain URIs with domains that are in this blocklist URI DNS Domain URI DNS list Name Status Priority multi surbl org Enabled Enable Selected Disable Selected Remove Selected Screenshot 71 URI DNS Blocklist 2 From the URI DNS Blocklist tab option f Description Check if mail message contains URIs Select this option to enable the URI DNS Blocklist filter with domains that are in these block lists Add URI DNS Blocklist If required add more URI DNS Blocklists to the ones already listed Key in the full name of the URI DNS Blocklist domain and click Add URI DNS Blocklist Order of preference The order of preference for enabled URI DNS Blocklists can be changed by
335. ust enable the option from Information Store Protection node For more information refer to Information Store Protection page 92 NOTE In this page you can also review the antivirus engine licensing and version information n Virus Scanner Actions Actions Select the actions to perform when a virus is detected Quarantine item Delete item F Send a sanitized copy of the original email to recipient s NOTE Sanitization does not work for Information Store VSAPI items Notification options F Notify administrator E Notify local user Logging options I lt Log occurrence to this file C Program Files x86 GFI MailEssentials EmailSecurity logs vipre log Screenshot 38 Virus scanning engine actions 5 From Actions tab choose the action to take when an email is blocked GFI MailEssentials 5 Email Security 74 Quarantine email Stores all infected emails detected by the selected Virus Scanning Engine in the Quarantine Store You can subsequently review approve delete all the quarantined emails For more information refer to Quarantine page 198 Delete email Deletes infected emails Send a sanitized copy Choose whether to send a sanitized copy of the blocked email to the recipients of the original email to recipient s 6 GFI MailEssentials can send email notifications whenever an email triggers this filter To enable this feature select any of the following options Foption D
336. vanced SPF filter settings enables blocking of other SPF check results SOFT FAIL Neutral Unknown and NONE Enabling advanced filtering is only recommended for advanced users since it may trigger false positives For more information on SPF filters refer to http go gfi com pageid ME_SPFfilter Enable Advanced SPF filtering Block SOFT FAIL result Block SOFT FAIL Neutral Unknown and NONE results Screenshot 72 Enable and configure the Sender Policy Framework 2 Click Enabled to enable the Sender Policy Framework filter If the email sender IP address is def initely not authorized to send emails from the sender domain emails are blocked 3 Optionally select Enable Advanced SPF filtering and select one of the advanced option from OPTION DESCRIPTION Block SOFT FAIL result Blocks all emails which Sender IP address is definitely not allowed to send emails from the sender domain Sender IP address is probably not allowed to send emails from the sender domain For more information on Advanced SPF filtering refer to http go gfi com pageid ME_SPFfilter GFI MailEssentials 6 Anti Spam 124 OPTION DESCRIPTION Block SOFT FAIL Neutral Unknown and Blocks all emails which NONE results gt Sender IP address is definitely not allowed to send emails from the sender domain Sender IP address is probably not allowed to send emails from the sender domain Sender IP address is explicitly inconclusive un
337. w report which gives a graphical presentation of emails exchanged between selected users groups and their contacts Other Maillnsights reports can be generated using GFI MailArchiver Communication Flow report The Communication Flow report shows the top 20 contacts that a user communicated with in the previous 30 days 1 Navigate to Reporting gt Maillnsights and select the Communication Flow tab 2 Administrators can generate the report for any email user Click Search to select an email user and click Generate to start building the report The generated report displays the data for the selected user as follows Totals The top area of the report shows the total statistics of communication flow in the previous 30 days Total Contacts the total number of email addresses with whom the user had email communications Total Internal total number of internal users with whom the user had communications Top Internal the internal email address with whom the selected user communicated the most Total External total number of external users with whom the user had communications Top External the external email address with whom the selected user communicated the most Graph The selected user is displayed as a single entity in the middle of the graph Contacts are segregated by domains Each domain cluster is shown in different color Edge width between the nodes shows the strength of the email relation between different enti
338. whitelist that they can manage For more information refer to End User Actions page 20 For management purposes administrators can also remove specific email addresses that the users have added to their personal whitelist Enabling Disabling Personal Whitelists 1 Go to Anti Spam gt Whitelist GFI MailEssentials 6 Anti Spam 141 Whitelist Auto Whitelist Keyword Whitelist Personal Whitelist IP Whitelist Actions g View the users personalized whitelists V Enable personal email whitelist Personal Whitelist E User Whitelisted Email C DOMAINA Administrator janedoe domain com F DOMAINA Administrator johnsmith domain com Screenshot 81 Personal whitelist 2 Select Personal Whitelist tab and select or unselect Enable personal email whitelist to enable or disable personal whitelist feature 3 Click Apply Removing emails from users personal whitelist 1 Go to Anti Spam gt Whitelist and select Personal Whitelist tab 2 From the User drop down list select the user for whom to delete an email address 3 Select an email address from the list of email addresses Click Remove 4 Click Apply 6 1 16 New Senders The New Senders filter identifies emails that have been received from senders to whom emails have never been sent before Such senders are identified by referencing the data collected in the Whitelist Only emails in which no spam is detected and where the sender is not present in any Whitelist ar
339. with Active Directory is not possible via an LDAP server 1 Navigate to Quarantine gt Quarantine Options gt Malware Options Quarantine Mode Nonexistent recipients Nonexistent recipients If enabled this feature automatically deletes emails with nonexistent recipients instead of quarantining them Use this feature to automatically keep your quarantine store clean form malicious spam email v Delete quarantined emails for nonexistent recipients Lookup options Use native Active Directory lookups Use LDAP lookups Anonymous bind Update DN list For security reasons the length in the password box above does not necessarily reflect the true password length Email address test Email address Logging options Log occurrence to this file PT Screenshot 120 Nonexistent Recipients GFI MailEssentials 8 Quarantine 215 2 From Nonexistent Recipients tab select Delete quarantined emails for nonexistent recipients checkbox 3 Select the user lookups method to use Foption Description Use native Select this option if GFI MailEssentials is installed in Active Directory mode and has access to ALL users on Active Dir Active Directory Skip to step 8 ectory look ups NOTE When GFI MailEssentials is installed in Active Directory user mode on a DMZ the AD of a DMZ usually does not include all the network users email recipients In this case configure GFI MailEssentials to u
340. without being checked for spam 6 Email is sent to the recipient 2 4 Email scanning and filtering engines GFI MailEssentials contains a number of scanning and filtering engines to prevent malicious emails spam and other unwanted emails from reaching domain users 2 4 1 Malicious email scanning The following engines scan and block emails containing malicious content Email scanning Description engine Virus Scanning GFI MailEssentials uses multiple antivirus engines to scan inbound outbound and internal emails for Engines the presence of viruses GFI MailEssentials ships with Vipre and BitDefender Virus Scanning Engines You can also acquire a license for Kaspersky Avira amp McAfee Information When GFI MailEssentials is installed on the Microsoft Exchange server machine Information Store Pro Store Pro tection allows you to use the Virus Scanning Engines to scan the Microsoft Exchange Information Store tection for viruses Trojan amp The Trojan and Executable Scanner analyzes and determines the function of executable files executable attached to emails This scanner can subsequently quarantine any executables that perform scanner suspicious activities such as Trojans Email exploit The Email Exploit Engine blocks exploits embedded in an email that can execute on the recipient s engine machine either when the user receives or opens the email HTML Sanitizer The HTML Sanitizer scans and removes scripting code within
341. y have a singe master server per multi server network instance If you have multiple instances of multi server networks then each instance must have its own master server Important All GFI MailEssentials machines in a multi server environment must have their IP address listed in the Perimeter SMTP Server Settings This ensures that emails processed by a GFI MailEssentials server is not reprocessed by another server For more information refer to Perimeter SMTP Server Settings page 231 1 Locate and click the Multi Server node on the GFI MailEssentials console of the computer to des ignate as the Master Server GFI MailEssentials 12 GFI MailEssentials Multi Server 275 Multi Server Setup Configuration Sync Use Multi Install mode to synchronize Configuration Reporting and Quarantine pel on multiple GFI MailEssentials servers Settings configured on a server joined to 7 the Multi Install network are inherited by all other servers Enable Multi Install mode Master Server Coordinator of the Multi Install functionality of GFI MailEssentials There can be only one Master in a Multi Install network Slave Server Join this instance of GFI MailEssentials as a Slave server to an existing Multi Install network Master Server GFI MailEssentials Administrator credentials Port used to synchronize data Port 9096 Synchronize Quarantine and Reporting data with the Multi Install network Host 805 v Port 9095
342. ynchronizes Microsoft Outlook Junk settings with GFI MailEssentials Whereas the Microsoft Outlook Junk functionality enables users to manage spam emails at client side with the SpamTag plugin users can manage their spam emails at server level The GFI MailEssentials administrator can choose which of the following features and functions to enable Train the Bayesian Analysis filter Add senders and or domains to Personal Blocklist or Personal Whitelist Automatically synchronize allowed and blocked senders in Microsoft Outlook with the GFI MailEs sentials Personal Whitelist and Personal Blocklist respectively Automatically add users contacts to the Personal Whitelist NOTE Users assigned full access to GFI MailEssentials are also allowed to add senders domains to the GFI MailEssentials Email Global Blocklist amp Global Whitelist NOTE When using SpamTag install WCF HTTP Activation on the GFI MailEssentials server To do this go to Server Manager gt Features gt Add Feature gt NET Framework gt WCF Activation gt HTTP Activation 6 7 1 Choosing SpamTag features The GFI MailEssentials administrator can configure which features SpamTag users can make use of For example the administrator can enable users to add senders to personal whitelist but disable adding of domains to the personal whitelist SpamTag can also be configured to override the Microsoft Outlook Junk features To configure SpamTag features
Download Pdf Manuals
Related Search