HP Email Firewall Appliance Series User's Manual
Contents
1. We specifically permit and encourage the inclusion of this software with or without modifications in commercial products We disclaim all warranties covering The FreeType Project and assume no liability related to The FreeType Project 134 APPENDIX C THIRD PARTY COPYRIGHT AND LICENSE AGREEMENTS Legal Terms Throughout this license the terms package FreeType Project and FreeType archive refer to the set of files originally distributed by the authors David Turner Robert Wilhelm and Werner Lemberg as the FreeType Project be they named as alpha beta or final release You refers to the licensee or person using the project where using is a generic term including compiling the project s source code as well as linking it to form a program or executable This program is referred to as a program using the FreeType engine This license applies to all files distributed in the original FreeType Project including all source code binaries and documentation unless otherwise stated in the file in its original unmodified form as distributed in the original archive If you are unsure whether or not a particular file is covered by this license you must contact us to verify this The FreeType Project is copyright C 1996 2000 by David Turner Robert Wilhelm and Werner Lemberg All rights reserved except as specified below 1 No Warranty THE FREETYPE PROJECT IS PROVIDED AS IS WITHOU2. Advanced SMTP Settings SMTP Pipelining I Disable Q ESMTP I Disable Oo SMTP Notification Advanced Select the type of notifications that are sent to the postmaster account M Resource Inform the postmaster of mail not delivered due to resource problems M Software Inform the postmaster of mail not delivered due to software problems l Bounce Send postmaster copies of undeliverable mail E Delay Inform the postmaster of delayed mail r Policy Inform the postmaster of client requests that were rejected because of UCE policy restrictions mR Inform the postmaster of protocol errors client or server or attempts by a client to execute unimplemented commands l Double Bounce Send double bounces to the postmaster Advanced SMTP Settings SMTP Pipelining Pipelining allows more than one SMTP command to be inserted into a network packet which reduces SMTP connection times Some mail servers may experience problems with SMTP command pipelining and you may have to disable this feature if required ESMTP ESMTP Extended SMTP extends basic SMTP functionality to support additional media types in email messages Some mail servers may not support ESMTP and you may have to disable this feature if you are experiencing problems SMTP Notification Advanced Select the type of notifications that are sent to the postmaster account Resource Mail not delivered due to resource problems such as queue file write errors Sof
3. BCC Blind Carbon Copy The message will be copied to the mail address specified in Action Data m Action data Depending on the specified action a Modify Subject Header The specified text will be inserted into the subject line such as BULK a Add header A message header will be added with the specified text such as BULK a Redirect to Send the message to a mailbox such as soam example com STA Statistical Token Analysis is a sophisticated method of identifying Spam based on statistical analysis of mail content Simple text matches can lead to false positives because a word or phrase can have many meanings depending on the context STA provides a way to accurately measure how likely any particular message is to be soam without having to specify every word and phrase STA achieves this by deriving a measure of a word or phrase contributing to the likelihood of a message being spam This is based on the relative frequency of words and phrases in a large number of soam messages From this analysis it creates a table of discriminators words associated with spam and associated measures of how likely a message is spam When a new incoming message Is received STA analyzes the message extracts the discriminators words and phrases finds their measures from the table and aggregates these measures to produce a spam metric for the message between 1 and 100 STA uses three sources of data to build its run time datab
4. DDBC62D420 entry_time 1105466400 470362 Jan 11 10 00 00 cantata postfix smtpd 79169 DDBC62D420 helo 127 0 0 1 Jan 11 10 00 00 cantata postfix smtpd 79169 DDBC62D420 client unknown 10 1 25 1 untrusted 1 Jan 11 10 00 00 cantata postfix cleanup 92025 DDBC62D420 subject Business Opportunity Jan 11 10 00 00 cantata postf ix cleanup 92025 DDBC62D420 message id lt 20050111180000 DDBC62D420 cantata borderware com gt Jan 11 10 00 00 cantata postfix dec_scanner 95655 6D3872B1D8 DCC dec_resolve_host dec 3com borderware com Unknown host Jan 11 10 00 00 cantata newsyslog 99110 logfile turned over The start of a single message log entry begins with an smtpd connect message and ends with the disconnect message To ensure that you are looking at the entries for a specific message check the message ID such as 6D3872B 1D8 A summary of the actions for this message are included in the log In the following example the message was quarantined because of a virus Final action Quarantine Antivirus Anti Virus Kaspersky virus 1 Malformed no Attachments off White Black List no match DCC passed STA metric 99 spam yes OCF off RBL off 122 CHAPTER 8 MONITORING ACTIVITY AND STATUS Utility Functions In the System Mgmt gt Status and Utility screen there are utilities that can be used to help troubleshoot network connectivity and mail queue issues Utility Functions Mail System Control Stop Mail Rec
5. Quarantine mail The message is placed into quarantine a Discard mail The message is discarded without notification to the sending system You can view and manage the quarantine area by selecting System Mgmt gt Quarantine from the menu See Quarantine on page 105 for more information on the Quarantine area Notifications gt Pattern Files Anti Virus 33 Notifications for inbound and outbound messages can be enabled for all recipients the sender and the administrator Customize the content for the nbound and Outbound notification in the corresponding text boxes Reject Discard Quarantine email notification to All recipients E The sender E E The administrator E v Inbound Notification This is an automated message from the PROGRAM gt at host HOSTNAME A mail from 5_YOU SSENDER to R_YOU RECIPIENTS was stopped and sDISPNS because it contains one or more viruses Summary of email contents Outbound Notification This is an automated message from the PROGRAM gt at host HOSTNAME A mail from 5_YOU SENDER to R_YOU RECIPIENT was stopped and DISPNS because it contains one or more viruses Summary of email contents See Appendix A Customizing System Messages on page 125 fora full list of variables that can be used Virus pattern files must be continuously updated to ensure that you are protected from new virus threats The frequency of virus pa
6. m Delivery Settings a Mail Mappings a Virtual Mappings Mail Routes are used to define the domains you will be accepting mail for and where locally to deliver the mail such as an internal Microsoft Exchange mail server The Mail Domain you contigured at installation time using the Setup Wizard will automatically be created Select Mail Delivery gt Mail Routing from the menu to define additional mail routes Mail Domains Sub Domain Route to Port Mx KeepOpen LOCAL x Cut Sub Domain Route to Port Ws KeepOpen C example com 10 10 1 15 25 OF O Add Domain Upload File Download File Finished Help m Sub Select this check box to accept and relay subdomains for the specified domain m Domain Enter the domain for which mail is to be accepted such as example com 20 CHAPTER 2 CONFIGURING MAIL DELIVERY Route to Enter the address for the mail server to which mail will be delivered This is your local mail server such as a Microsoft Exchange mail system a MX Optional Select the MX check box if you need to look up the mail routes in DNS before delivery If this is not enabled MX records will be ignored Generally you do not need to select this item unless you are using multiple mail server DNS entries for load balancing failover purposes By checking the MX record DNS will be able to send the request to the next mail server in the list m KeepOpen Optional Selec
7. Loading Procedure Language pgSQL into ads Jan 10 10 11 07 wyserver start pgsql Creating schema for ads database Jan 10 10 11 27 wyserver start _pgsql Stop any running Database Manager Jan 10 10 11 27 wyserver start _pgsql Starting Database Manager Jan 10 10 11 32 wyserver syslogd restart Jan 10 10 11 35 wyserver start _pgsql Stop any running Database Manager Jan 10 10 11 38 wyserver start _pgsql Starting Database Manager Jan 10 10 11 47 wyserver ADMIN Rollout determining cutoff points Jan 10 10 11 47 wyserver ADMIN Rollout msg disposition to 2004 lz2 10 10 11 47 Jan 10 10 11 47 wyserver ADMIN Rollout mag_deferal to 2004 12 10 10 11 47 Jan 10 10 11 47 wyserver ADMIN Rollout mag chronicle to 2004 12 10 10 11 47 Jan 10 10 11 47 wyserver ADMIN Rollout ays_chronicle to 2004 10 09 11 11 47 Jan 10 10 11 47 wyserver ADMIN Rollout ays chronicle to 50000 rows per event tyne Configuring a Syslog Logs can also be forwarded to a syslog server which is a host that collects Server and stores log files from many sources You can define a syslog host in the System Config gt Network Settings screen Hostname mal Domain example com Q Gateway fo1 0 i Syslog Host 10 1 10 8 9 Email History Email History 79 Every message that passes through the 3Com Email Firewall generates a database entry that records information about how It was processed including a detailed journal identifying the results of the mail processing Selec
8. constitutes direct or contributory patent infringement then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed 4 Redistribution You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium with or without modifications and in Source or Object form provided that You meet the following conditions a You must give any other recipients of the Work or Derivative Works a copy of this License and b You must cause any modified files to carry prominent notices stating that You changed the files and c You must retain in the Source form of any Derivative Works that You distribute all copyright patent trademark and attribution notices from the Source form of the Work excluding those notices that do not pertain to any part of the Derivative Works and d If the Work includes a NOTICE text file as part of its distribution then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file excluding those notices that do not pertain to any part of the Derivative Works in at least one of the following places within a NOTICE text file distributed as part of the Derivative Works within the Source form or documentation if provided along with the Derivative Works or within a display generated by the Derivative Works if and wherever such third party notices normally appear
9. m Network Configuration m Mail Configuration 84 CHAPTER 6 SYSTEM CONFIGURATION Select System Contig gt Setup Wizard from the menu to start the Setup Wizard Click Finish at any time to exit the Setup Wizard Click Back to go to the previous step Change Password Enter your old password and set a new password if required Click Apply if you have made any changes If you do not want to modify your current password leave all fields blank and click Next to continue CAN 3Com Email Firewall 3com Configuration Wizard l Change Password Time Zone Network Configuration Mall Configuration Change Password Old Password The Gefaull password admin New Password Re Enter New Password ea EEEE m n Time Zone Modify your time zone if required Click Apply if you have made any changes If you do not want to modify your time zone information click Next to continue 3Com Email Firewall acom Configuration Wizard Time Zone Configuration Mall Donfigureticn Region Aree Gauni Ena Done Caster Time Driyo amp Queber mgt kocsin SS Setup Wizard 85 Network Configuration Modify your network settings if required and click Apply if you have made any changes If you do not want to modify your networking information click Next to continue gt 3Com Email Firewall 3com Configuration Wizard Change Password Time Zone Network Configuration e g mail is the Mail C
10. read before making the decision If a message matches multiple filters the filter with the highest priority will be used If more than one matched filter has the highest priority the filter with the strongest action will be used in order from highest priority to lowest Soam Reject Trust Relay Valid Accept tf more than one matched rule has the highest priority and highest action then the filter with the highest rule number will be used When a rule has been triggered the specitied action is carried out a Reject Mail is received then rejected before the close of an SMTP Session a Spam Mail is received then trained as spam for STA and then rejected a Accept Mail is delivered normally and not trained by STA or marked as spam or bulk Attempted relays are rejected m Valid Mail is delivered normally and trained as valid by STA Attempted relays are rejected a Relay Relay Is enabled for this mail Mail is not trained by STA m Trust Relay Is enabled for this mail Mail is trained as valid by STA Upload or Download File PBMF Preferences Pattern Based Message Filtering 59 Do Not Train Do not use the message for STA training purposes This option will not override other PBMF s if it applies to the same message m BCC Send a blind carbon copy mail to the mail address specified in Action Data This option only appears if you have a BCC Email Address set up in the Preferences se
11. refund to Customer the purchase price paid for the defective product All products that are replaced will become the property of 3Com Replacement products or parts may be new or reconditioned 3Com warrants any replaced or repaired product or part for ninety 90 days from shipment or the remainder of the initial warranty period whichever is longer 3Com warrants to Customer that each software program licensed from it except as noted below will if operated as directed in the user documentation substantially achieve the functionality described in the user documentation for a period of ninety 90 days from the date of purchase from 3Com or its authorized reseller No updates or upgrades are provided under this warranty 3Com s sole obligation under this express warranty shall be at 3Com s option and expense to refund the purchase price for the software product or replace the software product with software which meets the requirements of this warranty as described above Customer assumes responsibility for the selection of the appropriate programs and associated reference materials 3Com makes no warranty or representation that its software products will meet Customer s requirements or work in combination with any hardware or software products provided by third parties that the operation of the software products will be uninterrupted or error free or that all defects in the software products will be corrected For any third party products liste
12. you can find out which security processing is blocking the message and then check the configuration and rules to ensure that they are set properly Select Reporting gt Email History from the menu Messane List Records 1 to 30 of 150 Searen queue ID j fer Maith Case Search Help Queue ID Time Received Subject Prior Journal FiIEAE33S8E 7004 01 13 Report mp himi fom w81 Full sent out 13 21 453 007846 Report FIDO 7RANK3 20501 13 Undelivered Mail Returned to OBIFADARSE defend 13157515904 Sender 48R7DESDRS 7004 01 13 Undetreered Mail Returned to 3D2RFDES3E deferred 131471 366724 Sender 8142108730 2004 01 13 Undelivered Mail Returned to TARSIMIECR deferred 131471 009054 Sender FAFIOEITTE 7004 01 13 Undelivered Wail Returned to 22153733F7 deferred 131513197071 Sender C23049EC31 2004 01 13 Undelivered Mail Returned to ODARTBISAC deferred 131519185125 Sender 81992299EF D0S 01 19 Undetreered Mail Returned to 1AJCIASAFU deferred 131516150225 Sander ASIBI7SEGO D0S 01 13 Undetreered Mail Returned to DbD274CF40 deterred 131515 579233 Sender 124 CHAPTER 8 MONITORING ACTIVITY AND STATUS Click on a specific message to see the details of its processing and final disposition Message Details Message number 57 queue id D77125F 561 size 918 bytes Message ID 20041221212921 D77125F561 mazurka Prior Message Subject Business Opportunity From envelope user example com Number Recipients local 1 remote 0 Source outs
13. ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE Portions of this software are derived from code written by Bell Communications Research Inc Bellcore and by RSA Data Security Inc and bear similar copyrights and disclaimers of warranty 138 APPENDIX C THIRD PARTY COPYRIGHT AND LICENSE AGREEMENTS NTP Copyright c David L Mills 1992 2004 Permission to use copy modify and distribute this software and its documentation for any purpose and without fee is hereby granted provided that the above copyright notice appears in all copies and that both the copyright notice and this permission notice appear in supporting documentation and that the name University of Delaware not be used in advertising or publicity pertaining to distribution of the software without specific written prior permission The University of Delaware makes no representations about the suitability this software for any purpose It is provided as is without express or implied warranty OpenLDAP The OpenLDAP Public License Version 2 8 17 August 2003 Redistribution and use of this soft
14. Enter an email address to copy mail to a Errors to Specify an address that will receive error messages if there are problems delivering the BCC mail In the Annotations section you can enable annotations that are appended to all emails and customize Delivery Failure and Delivery Delay Warning messages The variables in the messages such as PROGRAM and HOSTNAME are local system settings that are automatically Substituted at the time the message is sent See Appendix A Customizing System Messages on page 125 for a full list of variables that can be used Enable M This e mail and any attachments may contain confidential and privileged information If you are not the intended recipient please notify the sender immediately by return e mail delete this e mail and destroy any copies Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal Delivery Failure Notification This is an automated message from the PROGRAMS at host HOSTNAME The message returned below could not be delivered to its intended destinations For further assistance please send mail to lt SPOSTMASTER MAIL ADDRS gt If you do so please include this problem report You can delete Delivery Settings 25 Advanced Delivery Click the Advanced button to reveal options for advanced SMTP Simple Settings Mail Transport Protocol settings and SMTP notifications
15. FQDN Fully Qualified Domain Name of the email server a Notification Days Select the specific Notification Days to send the summary a Allow releasing of email When enabled a link labelled Not Spam is inserted into the soam summary email so that the user may release the message to their inbox and additionally add the sender to the their trusted senders list m Allow reading messages When enabled a link is inserted into the Spam summary message to allow the user to read the original message a Mail Subject Enter a subject for the notification email a Mail Content Preamble Customize the preamble that will appear in the message For each Anti Spam feature DCC STA and so on that you want to use the user Spam Quarantine you must set the Action to Redirect To and the Action Data to the 3Com Email Firewall address such as maill example com DCC Action Action Redirectto Action Data mail example com Q OK Cancel Help CAUTION You must ensure you have local Soam Quarantine users configured to accept the quarantined message If there are no Spam Quarantine users configured the message will be rejected See Quarantine and Trusted Senders List Users on page 67 for more information on creating Soam Quarantine users 66 CHAPTER 4 ANTI SPAM CONFIGURATION Enabling User Access on a Network Interface Examining the Quarantine You must enable User Access on the network interf
16. GLOSSARY TLS Traceroute Trusted Senders List Virtual Mapping Transport Layer Security A protocol for encrypting and providing data integrity over the Internet A utility used to verify the routing path from one network host to another A list of users who can bypass email security controls when mailing local users Redirects email for a specified email address to another one without modifying the To or From headers of the email A Activity 115 Admin Account 86 lost password 127 Administrator Privileges 67 87 Advanced Anti Spam Options 69 Annotations Delivery Settings 24 Anti Spam 47 Header 70 Server status 118 Anti Virus 32 Server status 118 Archive log 77 Attachment Control 34 123 Attachment Types 34 Authentication log 77 Auto Generate Report 73 B Backup and Restore 107 BCC Blind Carbon Copy 24 Blacklisting 39 54 BorderWare Mail Security Services 118 Bounce 25 Bulk 51 C Certificate Authority CA 41 95 Certificates 41 Check Relays 69 Configuration Information 104 Conventions notice icons About This Guide 10 text About This Guide 10 CPU Load 80 Current Admin and Spam Quarantine Users 104 D Daily Tasks 106 Default Anti Spam Action 48 Degraded mode 93 Delivery Delay Warning 24 Delivery Failure 24 Delivery Settings 23 Diagnostic utilities 100 Disable Content Scan 36 Disk Usage 81 Distributed Checksum Clearinghouse DCC 49 DNS 89 103 DNS Server status 118 Domain
17. Keyi Continue Candal 7 When completed click Show installed certificate to ensure the certificate is loaded and that the information is correct 96 CHAPTER 6 SYSTEM CONFIGURATION Software Updates Uploading a Software Update It is important to keep your 3Com Email Firewall software updated with the latest patches and upgrades A key aspect of good security is responding quickly to new attacks and exposures by updating the system software when updates are available Software updates can be delivered or retrieved using a variety of methods including email FTP or from 3Com s support servers The Security Connection if enabled will download any patches automatically and notify you when they are available The Update Software screen shows updates that are Available Updates loaded onto the 3Com Email Firewall but not applied and nsta led Updates applied and active You can install an available update or uninstall a previously installed update Select System Contig gt Software Updates from the menu to install new updates Software Updates on the 3Com Email Firewall The following software updates are installed or are available to be installed New updates that are downloaded by the Security Connection will appear in the Available Updates list Installed Updates _ Available Updates not installed L Name d Description i M support_access Enables Support Access No updates or options have be
18. OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE 132 APPENDIX C THIRD PARTY COPYRIGHT AND LICENSE AGREEMENTS DCC Distributed Checksum Clearinghouse Copyright c 2004 by Rhyolite Software Permission to use copy modify and distribute this software for any purpose with or without fee is hereby granted provided that the above copyright notice and this permission notice appear in all copies THE SOFTWARE IS PROVIDED AS IS AND RHYOLITE SOFTWARE DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS IN NO EVENT SHALL RHYOLITE SOFTWARE BE LIABLE FOR ANY SPECIAL DIRECT INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE Copyright c 1987 1993 1994 The Regents of the University of California All rights reserved File Copyright c lan F Darwin 1986 1987 1989 1990 1991 1992 1994 1995 Software written by lan F Darwin and others maintained 1994 1999 Christos Zoulas This software is not subject to any export provision of the United States Department of Commerce and may be exported to any
19. REPORTING The Fre ds section allows you to choose which fields or items of information you wish to include in the report You can include or exclude fields as required Use the L mit column to limit the number of items for that field such as listing the Top Ten viruses Report Fields Included Field ID Title in Report Order Page Break Table 3 Report Field Descriptions Field Description System name Date time Version Timespan Uptime Filter summary Head comment Traffic blocking The system host name such as mall example com Date and time of report generation Software version Period covered by report How long the system has been running since the last reboot A summary of the filters applied to this report Freeform comment that you may enter A table showing the number of messages caught by each method over the preceding hour day week month and report timespan Vv system name SystemName its fo no x Vv date time DateandTime sits po no x oo Vv version Sofware Version 30 no gt z ia Vv timespan Tmesparn 40 fo z Vv uptime Uptime s fo no gt Vv filter summary Filters Applied eo no x oo rr head comment fheadcomment ko fo zx oo Vv traffic blocking Traffic and Filtering Summary fo no gt Vv blocking pie chart Traffic Blocking Ratios 110 no oo v total traffic received Total Traffic Received ha fno x Vv total traffic sent Total Trafic S
20. The contents of the NOTICE file are for informational purposes only and do not modify the License You may add Your own attribution notices within Derivative Works that You distribute alongside or as an addendum to the NOTICE text from the Work provided that such additional attribution notices cannot be construed as modifying the License You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use reproduction or distribution of Your modifications or for any such Derivative Works as a whole provided Your use reproduction and distribution of the Work otherwise complies with the conditions stated in this License 5 Submission of Contributions Unless You explicitly state otherwise any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License without any additional terms or conditions Notwithstanding the above nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions 6 Trademarks This License does not grant permission to use the trade names trademarks service marks or product names of the Licensor except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file 7 Disclaimer of Warranty Unless required by appl
21. as shown and then press Return or Enter Commands appear in bold When you see the word enter in this guide you must type something and then press Return or Enter Do not press Return or Enter when an instruction simply says type If you must press two or more keys simultaneously the key names are linked with a plus sign Example Press Ctrl Alt Del Italics are used to Emphasize a point a Denote a new term at the place where it is defined in the text a Identify menu names menu commands and software button names Examples From the He o menu select Contents Click OK Related Documentation Documentation Comments Related Documentation 11 In addition to this guide each 3Com Email Firewall documentation set includes the following ae 300m Email Firewall Installation Guide This guide contains detailed information on installing the 3Com Email Firewall a felease Notes These notes provide information about the current software release including new features modifications and known problems Your suggestions are very important to us They will help make our documentation more useful to you Please send comments about this document to 3Com via the following URL http www 3com com corpinfo en_US contactus index html Please include the following information when contacting us m Document title m Document part number on the title page Page number if appropriate Exampl
22. automated message from the PROGRAM at host HOSTNAME 4 mail from 5_YOU SSENDER to R_YOU RECIPIENT was stopped and DISPNS because it contains objectionable content Upload File Download File OK Cancel You can set actions for both inbound and outbound messages The following actions can be set Just log Log the event and take no further action Reject mail The message is rejected with notification to the sending system Quarantine mail The message is placed into quarantine Discard mail The message is discarded without notification to the sending system 62 CHAPTER 4 ANTI SPAM CONFIGURATION Notifications D gt Upload and Download Filter List Notifications for inbound and outbound messages can be enabled for all recipients the sender and the administrator The content for the Inbound and Outbound notification can be customized See Appendix A Customizing System Messages on page 125 fora full list of variables that can be used A predefined list of objectionable words is included with the 3Com Email Firewall To customize the list and to add or remove words click Download File to download the list to a local system Use a text editor to edit the file using one word or phrase per line When finished upload the file by clicking the Upload File button The Trusted Senders List allows users to define specific email addresses Trusted Senders List D gt that are considered
23. be visible as supported by the mail client Envelope Addr This matches on either the Envelope To or Envelope From These fields are easily faked and are not recommended for use in spam control They may be useful in whitelisting a source of mail Example user example com Envelope To This field is easily faked and is not recommended for use in spam control It may be useful in whitelisting a source of mail Example user example com Envelope From This field is easily faked and is not recommended for use in soam control It may be useful in whitelisting a source of mail Example user example com Pattern Based Message Filtering 57 Message Header Parameters Spammers will typically enter false information into these fields and except for the Subject field they are usually not useful in controlling spam These fields may be useful in whitelisting certain users or legitimate source of email a lt lt Mail Header gt gt This parameter allows for a match on any part of the message header mw lt lt Recipient gt gt This parameter matches the To or CC fields a CC m From a Message ID m Received a Reply to m Sender m Subject a TO Message Body Parameters a lt lt Raw Mail Body gt gt This parameter allows for a match on any part of the encoded message body This encoded content includes Base64 MIME and HTML Since messages are not decoded a simple text match may not work Use l
24. in to the 3Com Email Firewall and select Trusted Senders in the left menu A o r WN 3Com Email Firewall gcom user Mailbox Spam Quarantine 0 new 0 recent amp Spam Quarantine 0 Messages Selectall Select none E l Delete Undelete Not Spam Hide Deleted Empty Trash Spam Quarantine 2 Date z From Subject Size Trusted Senders There are no messages in this mailbox A Change Password Delete Undelete NotSpam Hide Deleted Empty Trash Selectall Selectnone Logout Enter an email address and then click the Add button The specified address will bypass the 3Com Email Firewall s Anti Soam controls when they send you messages gt 3Com Email Firewall 3 G 0 m user Mailbox Spam Quarantine 0 new 0 recent Trusted Senders The trusted senders list defines the email addresses that are allowed to bypass the anti spam controls Email addressed to user example1 com from the following list of senders will always be accepted Spam Quarantine Add new email address to always accept friend example com Add Trusted Senders KS Change Password Logout 64 CHAPTER 4 ANTI SPAM CONFIGURATION Spam Quarantine The Spam Quarantine contains quarantined mail messages for each local user on the 3Com Email Firewall For each Anti Spam feature DCC STA and so on that you want to use the user Spam Quarantine you must set the Action to Aealrect To and the Action Data to the 3Com Email Fire
25. is submitted If requested the DCC server can return a count of how many instances of a message have been received The 3Com Email Firewall uses this count to determine the disposition of a message A DCC server receives no mail address headers or any similar information but only the cryptographically secure checksums of such information A DCC server cannot determine the text or other information that corresponds to the checksums it receives It only acts as a clearinghouse of counts of checksums computed by clients You must allow a connection on UDP port 6277 on your network firewall or router to allow communications with a DCC server If this port is not available DCC server calls will fail and slow down mail delivery Select DCC trom the Mail Delivery gt Anti Soam menu to configure DCC settings DCC Action Action Action data BULK 7 OF Cancel Help a Action The action can be one of the following a Just log An entry is made in the log and no other action Is taken a Modify Subject Header The text specified in Action Data will be inserted into the message subject line a Add header An X mail header will be added as specified in the Action Data 50 STA CHAPTER 4 ANTI SPAM CONFIGURATION a Redirect to The message will be delivered to the mail address specified in Action Data a Reject mail The mail will not be accepted and the connecting mail server is forced to return it
26. losing connectivity somewhere in between the two hosts you can use traceroute to see where exactly the packet is losing its connection The traceroute utility will show each network hop as it passes through each router to its destination If you are experiencing routing issues yOu will be able to see in the trace response where exactly the communication is failing Traceroute Diagnostics Traceroute host fo10 0 1 7 Starting traceroute traceroute to 10 10 0 1 10 10 0 1 10 hops max 40 byte packets i 10 1 0 1 10 1 0 1 36 bytes to 10 1 25 13 0 966 m 0 643 ma O 2 ns 10 10 0 1 36 bytes to 10 1 45 15 0 365 ms 0 324 ms 0 302 Traceroute Reset Finished Hostname Lookups Use the hostname lookup utility to ensure your DNS services are working properly Enter a hostname and the type of record you are looking up such as an A record Click Lookup to query the DNS server with the specified host Hostname Lookups mail example cor A Lookup 104 CHAPTER 7 SYSTEM MANAGEMENT Current Admin and Spam Quarantine Users Configuration Information Mail Queues The Current Admin and Spam Quarantine Users section displays who is logged in via the admin interface or through a Soam Quarantine session Current Admin and Spam Quarantine Users Remote IP Idle for Who is logged on admin 10 1 253 190 00 00 00 The configuration information screen shows you important system information such as t
27. retain the following acknowledgment This product includes PHP freely available from lt http Awww php net gt THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE 143 Info ZIP Copyright c 1990 2003 Info ZIP All rights reserved For the purposes of this copyright and license Info ZIP is defined as the following set of individuals Mark Adler John Bush Karl Davis Harald Denker Jean Michel Dubois Jean loup Gailly Hunter Goatley lan Gorman Chris Herborth Dirk Haase Greg Hartwig Robert Heath Jonathan Hudson Paul Kienitz David Kirschbaum Johnny Lee Onno van der Linden Igor Mandrichenko Steve P Miller Sergio Monesi Keith Owens George Petrov Greg Roelofs Kai Uwe Rommel Steve Salisbury Dave Smith Christian Spieler Antoine Verh
28. retain undelivered MAILER DAEMON mail The number of hours to keep undelivered mail addressed to MAILER DAEMON the internal mail server process Masquerade Addresses Masquerades internal hostnames by rewriting headers to only include the address of the 3Com Email Firewall Strip Received Headers Strip all Received headers from outgoing messages Relay To Optional Enter an optional hostname or IP address of a mail server not this 3Com Email Firewall to relay mail to for all email with unspecified destinations A recipient s email domain will be 24 CHAPTER 2 CONFIGURING MAIL DELIVERY BCC All Mail Annotations checked against the Mail Routing table and if the destination is not specitied the email will be sent to the Default Mail Relay server for delivery This option is typically used when the 3Com Email Firewall cannot deliver email directly to remote mail servers ms Ignore MX record Enable this option to prevent an MX record lookup for this host to force relay settings The 3Com Email Firewall offers an archiving feature for organizations that require storage of all email that passes through their corporate mail servers This option sends a blind carbon copy BCC of each message that passes through the 3Com Email Firewall to the specified address This address can be local or on any other system Once copied the mail can be effectively managed and archived from this account ms Copy all mail to
29. rights consistent with this License However in accepting such obligations You may act only on Your own behalf and on Your sole responsibility not on behalf of any other Contributor and only if You agree to indemnify defend and hold each Contributor harmless for any liability incurred by or claims asserted against such Contributor by reason of your accepting any such warranty or additional liability END OF TERMS AND CONDITIONS Curl Libcurl COPYRIGHT AND PERMISSION NOTICE Copyright c 1996 2004 Daniel Stenberg lt daniel haxx se gt All rights reserved Permission to use copy modify and distribute this software for any purpose with or without fee is hereby granted provided that the above copyright notice and this permission notice appear in all copies THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE Except as contained in this notice the name of a copyright holder shall not be used in advertising or otherwise to promote the sale use or other dealings in this Software without prior written authoriza
30. separated list if you wish to distribute the report to multiple users Report Generation Generating Reoorts 73 Paper Size For PDF format select the paper size such as Letter A4 or Legal Describe fields in report Select this option to include a short description of each field in the report Enable Auto Generate Select this check box to automatically generate reports Auto Generate Report at Select the time to generate the report Auto Generate on Week Days Choose the days of the week to generate the report and or Day s of Month Choose specific days of the month to generate the report Timespan Covered Select the timespan covered for this report Timespan Ends at Select the end of the timespan It Is recommended to set the timespan end time a few hours prior to report generation to allow all deterred mail to be finalized rimespan Offset Days Ago Select the number of days to offset the timespan This amount of time is subtracted before setting the timespan Click the Generate Now button to generate a report on demand using the specitied settings This will also automatically email the report to the specified address To generate a report daily at 2 00am for the previous day up to 11 00pm use the following settings Auto Generate Report at 02 00 Auto Generate on Week Days All Timespan covered 1 day Timespan ends at 23 00 Timespan offset 0 days 74 CHAPTER 5
31. the system configuration Is saved Email Backup Options Encryptbackup C lt lt Back ext gt gt You can choose to encrypt the file if required Click Next gt gt to continue 110 CHAPTER 7 SYSTEM MANAGEMENT Backup by email to adminstrator Current options Encrptbackup WoO 7 Backup system configuration YES 7 Backup reporting data MO 7 lt lt Back Create backup now Create scheduled backup Confirm the listed options and then click Create backup now to begin Alternately you can click Create scheduled backup to go to the Daily Tasks menu to create a recurring Email backup Restores Backup and Restore 111 To perform a system restore select the type of restore to perform Local Disk or FTP and click the Next gt gt button Restore from Local Disk To perform a restore from a file on a local disk click the Browse button to tind the backup file If you are restoring trom an email backup you must save the email attachment to the local disk first before performing the restore Restore from local disk Enter the local filename that contains your server s backup data Restore 3Com Email Firewall Data Backup data file Browse lt lt Back ext gt gt Click Next gt gt to continue When the file has been successfully uploaded confirm the items to restore and click Restore now Backup image uploaded successfully File name backup gz size 9467310 lt lt
32. the system Jan 11 10 00 00 cantata postfix qmgr 50656 AZ1197B08B from lt frank hifive ca gt size 2418 nrcpt l queue active arrival_time 110 Jan 11 10 00 00 cantata postfix qmgr 50656 EOCC7BF228 disposition_time 1105466400 196301 Jan 11 10 00 00 cantata postfix qmgr 50656 lED6BOADZD from lt frank hifive ca gt size 2418 nrcpt l queue active arrival_time 110 Jan 11 10 00 00 cantata postfix local 90073 A21197B08B to lt skingf cantata borderware com gt relay local delay 2 status sent sp Jan 11 10 00 00 cantata postfix qmgr 50656 4211975085 disposition_time 1105466400 236611 Jan 11 10 00 00 cantata postfix local 97905 lED6BOAD2D to lt sking cantata borderware com gt relay local delay 2 status sent sp Jan 11 10 00 00 cantata postfix qmgr 50656 lED6BOAD2D disposition_time 1105466400 310380 Jan 11 10 00 00 cantata postfix cleanup 80270 4052002656 num local 1 num_remote 0 made_in_mx 0 untrusted l precedence Jan 11 10 00 00 cantata postf ix cleanup 80270 4052C02B56 fullname sender frank hifive ca from recip skinglborderware com Final action Quarantine Antivirus Anti Virus Kaspersky virus 1 Malformed no Attachments off White Black List no match DCC passed STA metric 99 spam yes OCF off RBL off Jan 11 10 00 00 cantata postfix smtpd 90047 disconnect from unknown 10 1 25 1 Jan 11 10 00 00 cantata postfix smtpd 79169 connect from unknowm 10 1 25 1 Jan 11 10 00 00 cantata postfix cleanup 92025
33. trusted and bypass the 3Com Email Firewall s Anti Spam controls DCC STA RBL and PBMF Spam If the action for an Anti Spam feature is set to Reject it cannot be bypassed by the Trusted Senders List Additionally the Trusted Senders List only applies to PBMF Spam messages with a low priority Local 3Com Email Firewall users can log in and create their own list of Trusted Senders The Trusted Senders List must first be enabled globally by the administrator by clicking on Trusted Senders List in the Mail Delivery gt Anti Spam menu Permit Trusted Senders List W Enable 2 Domain Part of Email Address example com 7 haximum of entries per user fioo 7 a Enable Trusted Senders List The Trusted Senders List must be enabled by the administrator before individual users can add addresses to their list m Domain Part of Email Address Enter the mail domain part of the local user s email address for the domain you are receiving mail for Trusted Senders List 63 m Maximum number of entries per user Enter a maximum number of list entries for each user Adding Trusted Senders When the Trusted Senders List option is enabled globally local 3Com Email Firewall users can log in and add their own addresses using the same interface as they use for checking the Spam Quarantine See Quarantine and Trusted Senders List Users on page 67 for details on how to add local users to the system Log
34. 77 Web Server Encrypted Accesses log 77 Web Server Encryption Engine log 77 Web Server Errors log 77 Whitelisting 39 54 X X STA Headers 53 3COM CORPORATION LIMITED WARRANTY 3COM INTELLIJACK HARDWARE 3COM INTELLIJACK SOFTWARE This warranty applies to customers located in the United States Australia Canada except Quebec Ireland New Zealand UK and other English language countries and countries for which a translation into the local language is not provided 3Com warrants to the end user Customer that this hardware product will be substantially free from material defects in workmanship and materials under normal use and service for the following length of time from the date of purchase trom 3Com or its authorized reseller Limited Lifetime for as long as the original Customer owns the product or for 5 years after product discontinuance whichever occurs first not transferable to a subsequent end user FOR NON US CUSTOMERS Where a limited lifetime warranty is not permitted by local law a 10 year warranty period shall be given by 3Com The duration of this warranty shall be modified where necessary to meet any minimum warranty required by law 3Com s sole obligation under this express warranty shall be at 3Com s option and expense to repair the defective product or part deliver to Customer an equivalent product or part to replace the defective item or if neither of the two foregoing options is reasonably available
35. 89 Double Bounce 26 E Email backup 106 109 Email History 79 123 Encryption 41 94 Specific Site Policy 43 Envelope From 38 Envelope To 38 ESMTP Extended SMTP 25 Examining Log Files 121 F Factory default settings 113 127 Flush Mail Queue 100 122 Forgotten admin password 127 FTP backup 106 107 108 G Gateway 89 Gateway status 118 Glossary 145 H HELO 38 40 101 Hostname Lookups 103 122 Ignore MX 24 K KeepOpen 20 Kernel log 77 L License Agreements 94 License key 93 Licensed Users 118 Licensing 93 Local Disk backup 107 Local users 86 Login failure 81 Lost admin password 127 M Mail Access 37 70 Mail Configuration 85 Mail Filtering 37 70 Mail Mappings 26 Mail Queue Statistics 116 Mail Queues 104 116 Mail Received Recently 116 Mail Routing 19 Mail Server Status 116 Mail Transport log 77 121 MAILER DAEMON 23 Maltormed Email 44 Masquerade Addresses 23 Maximum message size 39 Maximum recipients per message 39 Maybe Spam 52 Message Part 55 Message Restrictions 39 Messages log 77 MIME type 36 Minimum Free Queue Space 39 MX record 20 N Name Server 89 Network Configuration 85 Network Interfaces 90 Network Settings 89 Notifications Anti Virus 33 Attachment Control 33 35 Malformed Mail 45 Objectionable Content Filter 62 NULL Character Detect 44 O Objectionable Content Filter 61 P PASV mode 109 112 Pattern Based Message Filtering PBMF 22 39 54 123 BC
36. Back Restore now Uploaded Dataset Contents Backup created Encrypted Restore part 1 Restore part 2 Restore part 3 Restore part 4 Restore part 5 Restore part 6 Restore part T Restore part 8 Tue Dec 28 11 10 10 EST 2004 NO Database Spam quarantine directories Uploaded user record files Mail spool files Quarantined mail SSL Certs Statistical Token Analysis STA Data Report Data lt Back Restore now 112 CHAPTER 7 SYSTEM MANAGEMENT Restore from FTP To restore from FTP enter the following required information to connect to your FTP server FTP restore options Remote FTP server name or IP fi 0 1 10 5 Username on FTP server backup Password on FTP server p Directory on FTP server for backup files backup Use PASY mode D lt lt Back Next gt gt Remote FIP server name or IP Enter the hostname or IP address of the destination FTP server m Username on FIP server Enter the username to log in to this FTP server Password on FTP server Enter a corresponding password for the username entered Directory on FTP server for backup files Enter the destination directory on the FTP server to store your backup files m Use PASV mode PASV Passive mode may be required for some types of FTP servers Choose this option if you are having problems with connecting to your FTP server Click Next gt gt to continue Confirm the contents of the uploaded fil
37. C Action 60 Preferences 59 priority 58 Ping 102 122 Q Quarantine 105 Queue ID 79 Queue Sizes 81 R Raw Mail Body 57 RBL Realtime Blackhole List 69 Reboot and Shutdown 113 Relay 23 Report Configuration 72 Report Fields 74 Reporting 15 71 Reporting History Size 82 Reset to Factory Settings 113 127 Restore from FTP 112 Restore from Local Disk 111 RFC 1323 90 RFC 1644 90 S Secure Web Proxy 91 Security Connection 96 97 Security Server status 118 Self signed certificate 95 Setup Wizard 83 SMTP AUTH 42 SMTP Authenticated Relay 40 SMTP banner 40 SMTP Notification 25 SMTP Pipelining 25 SMTP Probe 101 122 SMTP Security 41 Software updates 96 Spam Quarantine 63 64 77 104 Expiry 105 Users 6 7 Specific Access Patterns 21 38 123 SSL 41 42 SSL certificate 94 Static Routes 92 Statistical Token Analysis STA 50 Maybe Spam 52 Mode 51 Tokens 57 Training 54 Status 117 Status and Utility 99 Strip Received Headers 23 Swap usage 81 Syslog 78 89 System History 80 System Logs 77 T TCP extensions 90 Time Server status 118 Time Zone 84 TLS 41 42 Token 57 Traceroute 103 122 Troubleshooting Content Issues 123 Troubleshooting Mail Delivery Problems 120 Troubleshooting Mail Queue Problems 116 Trusted Senders List 62 U Unopenable attachments 32 Users 86 V Variables 125 Virtual Mappings 28 Virus pattern files 33 W Web browser compatibility 16 Web Proxy 91 Web Server Access log
38. CLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE 6 Remaining components of the software are provided under a standard 2 term BSD licence with the following names as copyright holders Markus Friedl Theo de Raadt Niels Provos Dug Song Aaron Campbell Damien Miller Kevin Steves Daniel Kouril Wesley Griffin Per Allansson Nils Nordman Simon Wilkinson Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 141 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT
39. D2DE0 lt user example com gt Tue 13 May 2003 16 11 06 0400 EDT Subject Read me please To user example com From yourbestfriend example2 com Message Id 20030513201106 39056D 2DE0 mail example com Date Tue 13 May 2003 16 11 06 0400 EDT lt blank line gt Hello how are you 56 CHAPTER 4 ANTI SPAM CONFIGURATION Message Envelope Parameters These parameters will not be visible to the user They are the handshake part of the SMTP protocol You will need to look for these in the transport logs or have other knowledge of them lt lt Mail Envelope gt gt This parameter allows for a match on any part of the message envelope which includes the HELO Client IP and Client Host HELO This field is easily faked and is not recommended for use in Spam control It may be useful in whitelisting a source of mail Example mai example com Client IP This field will be accurately reported and may be reliably used for both blacklisting and whitelisting It is the IP address of the system initiating the SMTP connection Example 774 77 79 247 Client Host This field will be accurately reported and may be reliably used for both blacklisting and whitelisting Example maill example com The following envelope parameters Envelope Addr Envelope To and Envelope From may be visible if your client supports reading the message source They can also be found in the transport logs Other header fields may
40. Es A mail from 5 YOUS S5ENDERS to R_YOU S RECIPIENTS Was Stopped and DISPN because it contains one or more forbidden attachments Summary of email contents i gt See Appendix A Customizing System Messages on page 125 fora full list of variables that can be used 36 CHAPTER 3 CONFIGURING MAIL SECURITY Editing Attachment Click the Edit button to edit your attachment types You can add file Types extensions 703 or MIME content types mage gi7 For each attachment type choose whether you want to BLOCK or Pass the attachment ST BLOCK 7 Filename arj a BLOCK gt Filename com D BLOCK 7 Filename js E Pass gt Filename au E BLOCK gt Filename dll E BLOCK gt Filename jse E Pass gt Filename avi I Pass x Filename doct D BLOCK z Filename ha D BLOCK gt Filename bat D Pass gt Filename dot D BLOCK gt Filename Izh E BLOCK 7 Filename bin I BLOCK gt Filename dv I Pass x Filename mp3 M Pass gt Filename bmp D BLOCK gt Filename exe D Pass gt Filename mpg D BLOCK gt Filename cab I Pass gt Filename gif I Pass gt Filename msp I BLOCK gt Filename chm D BLOCK gt Filename gz L BLOCK gt Filename nim D BLOCK gt Filename clp I BLOCK gt Filename hta I BLOCK gt Filename ovl BLOCK gt Filename cmd D Pass gt Filename jpg D Pass gt Filename pdf D Page 123 Add Extension Finished Select the DS Disable Con
41. For detailed information on installation see the nstal lation Guide that came with your 3Com Email Firewall The following sections provide an overview of the main features of the 3Com Email Firewall The 3Com Email Firewall contains a variety of powerful features to prevent spam messages including the following m Server based tools such as DCC Distributed Checksum Clearinghouse STA Statistical Token Analysis Objectionable Content Filtering and Pattern Based Message Filtering that prevent Spam messages from being delivered to an end user s mailbox a User based tools for managing quarantined spam and building trusted senders lists for whitelisting The 3Com Email Firewall provides a built in virus scanning service When enabled all messages inbound and outbound passing through the 3Com Email Firewall are scanned for viruses Viruses can be selectively blocked depending on whether they are found in inbound or outbound messages Message attachments are recursively disassembled to help ensure that viruses cannot be concealed Many viruses try to elude virus scanners by concealing themselves in malformed messages The scan engines cannot detect the attachment and pass the complete message through to an internal server Some mail clients try to rebuild malformed messages and may rebuild or activate a virus infected attachment Other types of malformed messages are designed to attack mail servers directly These types of messag
42. L ANY COPYRIGHT HOLDER OR ANY OTHER PARTY WHO MAY MODIFY AND OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE BE LIABLE TO YOU FOR DAMAGES INCLUDING ANY GENERAL SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES 2 The 32 bit CRC compensation attack detector in deattack c was contributed by CORE SDI S A under a BSD style license Cryptographic attack detector for ssh source code Copyright c 1998 CORE SDI S A Buenos Aires Argentina All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that this copyright notice Is retained THIS SOFTWARE IS PROVIDED AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES ARE DISCLAIMED IN NO EVENT SHALL CORE SDI S A BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS SOFTWARE Ariel Futoransky lt futo core sdi com gt lt http Awww core sdi com gt 3 ssh keyscan was contributed by David Mazieres under a BSD style license Copyright 1995 1996 by David Mazieres lt dm lcs mit edu gt Modification and redistribution in source and binary f
43. M 7 Select the User Access check box to allow local access to the Spam Quarantine and Trusted Senders List via this interface Click Apply to save the network settings Network Settings Network Settings 89 The Network Settings screen allows you to modify your network settings such as the Hostname Domain name IP address Name Server and network interface settings Select System Contig gt Network Settings from the menu to manage your networking information Hostname mail Domain example com Q Gateway f 0 1 0 1 Syslog Host Mame Server fio1 017 2 Name Server 2 2 Mame Server 3 7 Hostname Enter the hostname not the full domain name of the 3Com Email Firewall such as a in the domain name mail example com m Domain Enter the domain name such as example com a Gateway Enter the default gateway for this 3Com Email Firewall This is typically your network router a Syslog host Enter an optional syslog host to forward logs to A syslog server collects and stores log files from many sources Name Server Enter the address of your DNS server and enter secondary name servers if required 90 CHAPTER 6 SYSTEM CONFIGURATION Network Interfaces Advanced Parameters In the Network Interfaces section you can modify your network interface information such as the IP address netmask and enable local user access Network Interface Inch IP address 101 2514 N
44. OM sender example com lt lt lt 250 Ok RCPT TO joe example com lt lt lt 250 Ok DATA lt lt lt 354 End data with lt CR gt lt LF gt lt CR gt lt LF gt sending tmp smtpdata lt lt lt 250 Ok queued as F130F33EA6 QUIT lt lt lt 221 Bye Ping Utility The ping utility sends ICMP packets to a host and listens for a return packet This ensures that you have network connectivity to the destination server If you do not receive a response the destination host may not be available or it may indicate that your 3Com Email Firewall does not have network connectivity Try to ping other hosts internal and external to your network If you cannot ping any hosts external to your network your Internet connection is most likely down For more detailed information on routing connectivity between the two hosts use the traceroute utility Ping Diagnostics Ping host fio 0 0 1 Starting ping command PING 10 10 0 1 10 10 0 1 56 data bytes 64 bytes from 10 10 00 64 bytes from 10 10 00 64 bytes from 10 10 00 64 bytes from 10 10 00 64 bytes from 10 10 0 gt icmp seq 0 ttl 63 time O0 321 ms gt icmp seqql ttl 63 time 0 972 ms gt icmp Seqqe2 ttl 63 time 0 341 ms icmp Seq 3 ttl 63 time 0 346 ms icmp Seq 4 ttl 63 time 0 3359 ms ee 10 10 0 1 ping Statistics Fing Finished Status and Utility 103 Traceroute Utility Traceroute is used to see the routing steps between two hosts If you are
45. QO 3CO Email Firewall User Guide User Guide for the 3Com Email Firewall http Awww 3com com Part No DUA MFA100 AAAO1 Published January 2005 rowereD 8Y BorderWare 3Com Corporation 350 Campus Drive Marlborough MA 01752 3064 Copyright 2000 2005 BorderWare Technologies Inc Used under license by 3Com Corporation All rights reserved No part of this documentation may be reproduced in any form or by any means or used to make any derivative work such as translation transformation or adaptation without written permission from BorderWare Technologies Inc 3Com Corporation and its licensors reserve the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation or its licensors to provide notification of such revision or change 3Com Corporation and its licensors provide this documentation without warranty term or condition of any kind either implied or expressed including but not limited to the implied warranties terms or conditions of merchantability satisfactory quality and fitness for a particular purpose 3Com Corporation and its licensors may make improvements or changes in the product s and or the program s described in this documentation at any time If there is any software on removable media described in this documentation it is furnished under a license agreement included with the product as a separate document in the ha
46. RISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The names of the authors and copyright holders must not be used in advertising or otherwise to promote the sale use or other dealing in this Software without specific written prior permission Title to copyright in this Software shall at all times remain with copyright holders OpenLDAP is a registered trademark of the OpenLDAP Foundation Copyright 1999 2003 The OpenLDAP Foundation Redwood City California USA All Rights Reserved Permission to copy and distribute verbatim copies of this document is granted 139 OpenSSH The licences which components of this software fall under are as follows First we will summarize and say that all components are under a BSD licence or a licence more free than that OpenSSH contains no GPL code 1 Copyright c 1995 Tatu Ylonen lt ylo cs hut fi gt Espoo Finland All rights reserved As far as am concerned the code have written for this software can be used freely for any purpose Any derived versions of this software must be clearly marked as such and if the derived work is incompatible with the protocol description in the RFC file it must be called by a name other than ssh or Secure Shell However am not implying to give any licenses to any patents or copyrights held by third parties and the software includes parts that are not under my direct control As far as know all inc
47. SMTP Authenticated Relay D gt SMTP Banner This feature allows authenticated clients to use the 3Com Email Firewall as an external mail relay for sending mail For example you may have remote users that need to send mail via this system Client systems must use a login and password to authenticate to the system before being allowed to relay mail Authenticated relay can also allow authorized mail servers to use this 3Com Email Firewall as a relay Users must have a local account on this 3Com Email Firewall for the feature to work SMTF Authenticated Relay Permit SMTP authenticated relay Mi Enable 7 It is recommended that you accept SSL TLS for incoming mail connections so that account details cannot be intercepted when the relay is enabled See SMTP Security on page 41 for more detailed information on setting up SSL TLS encryption Click the Advanced button to reveal an option for the SMTP banner The SMTP banner is exchanged during the HELO session of an SMTP connection This banner contains identifying information for your 3Com Email Firewall which can be used as information to launch attacks against it This option allows you to customize the SMTP banner and remove the 3Com Email Firewall s hostname by using the Domain only option SMTP Banner Domain only wi 7 Banner mallexamole cam ESAN P SMTP Security SMTP Security 41 The 3Com Email Firewall offers a simple mechanism for encrypting mail delivery
48. SSUTLS not used Sending Host fdn mozar ip 10 1 25 1 helo 127 0 0 1 Processing STA spam no DCC passed no virus not malformed sent out STA metric 82 Journal Times entered at 2004 12 21 16 29 21 467654 disposed at 2004 12 21 16 29 21 786371 Message Disposition sent out 250 Ok queued as 10 10 0 88 2004 12 21 9F793A41CD 10 10 0 88 16 29 21 80 CHAPTER 5 REPORTING System History Event Types The system history is a record of system events such as login failures and disk space and CPU usage Select Reporting gt System History from the menu to view the system event history Search 24791 2004 12 28 10 05 03 24792 2004 12 28 10 05 03 24793 2004 12 28 10 05 03 24794 2004 12 28 10 05 03 24795 2004 12 28 10 05 03 24796 2004 12 28 10 05 03 24797 2004 12 28 10 05 03 24785 2004 12 28 10 05 01 24786 2004 12 28 10 05 01 24787 2004 12 28 diskio ad0 cpuld que nic IncO 576 Link 1 decpref 199 71 190 227 dec swap page du idewad0s2a du idewad0s2d du idewladOs2e Records 1 to 30 of 150 type any gt Search max 150 Help End Type Device User Text 1 Time 0 00 0 00 0 0 75 0 32047027 0 005 22 0 176242 2 23434 15235849 255 0 237360 118672 3436928 The following table describes the event types that can appear in the System History database Table 4 System Events Event Type Admin Actions AV Updates CPU Lo
49. STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE OpenSSL Copyright c 1998 2003 The OpenSSL Project All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http Awww openssl org 4 The names OpenSSL Toolkit and OpenSSL Project must not be use to endorse or promote products derived from this software without prior written permission For written permission please contact openssl core openssl org 5 Products derived from this software may not be called OpenSSL nor may OpenSSL appear in their names without prior written permission of the OpenSSL Project 6 Redistributions of any form whatsoever must retain the following acknowledgment This product includes softwar
50. T LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE 133 FreeBSD Copyright 1994 2004 The FreeBSD Project All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The views and conclus
51. T WARRANTY OF ANY KIND EITHER EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE IN NO EVENT WILL ANY OF THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY DAMAGES CAUSED BY THE USE OR THE INABILITY TO USE OF THE FREETYPE PROJECT 2 Redistribution This license grants a worldwide royalty free perpetual and irrevocable right and license to use execute perform compile display copy create derivative works of distribute and sublicense the FreeType Project in both source and object code forms and derivative works thereof for any purpose and to authorize others to exercise some or all of the rights granted herein subject to the following conditions Redistribution of source code must retain this license file LICENSE TXT unaltered any additions deletions or changes to the original files must be clearly indicated in accompanying documentation The copyright notices of the unaltered original files must be preserved in all copies of source files Redistribution in binary form must provide a disclaimer that states that the software is based in part of the work of the FreeType Team in the distribution documentation We also encourage you to put an URL to the FreeType web page in your documentation though this isn t mandatory These conditions apply to any software derived from or based on the FreeType Project not just the unmodified files If you use our work you mus
52. TORING ACTIVITY AND STATUS Troubleshooting Mail Delivery Problems When experiencing any mail delivery problems the first step is to examine if the problem is affecting only incoming mail outgoing or both For example if you are receiving mail but not sending outgoing mail it is certain that your Internet connection is working properly or you would not be receiving mail In this scenario you may have issues with the firewall or router blocking your outbound SMTP connections or some other problem preventing mail delivery Problems affecting both inbound and outbound delivery include the following scenarios Network infrastructure and Communications The most common scenario in which you are not receiving or sending mail is if your Internet connection is down This can include upstream communications with your ISP your connection to the Internet or your external router You should also check your internal network infrastructure to ensure you can contact the 3Com Email Firewall from your router or firewall DNS If your DNS is not working or configured properly mail will not be forwarded to your 3Com Email Firewall or you will not be able to lookup external mail sites Check the DNS service itself to see If it is running and check your DNS records for any miscontiguration for your mail services Firewall Router If you are having issues with your firewall or router or if they have been misconfigured this may inadvertently
53. Y OF SUCH DAMAGE 137 ModSSL Copyright c 1998 2004 Ralf S Engelschall All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgment This product includes software developed by Ralf S Engelschall lt rse engelschall com gt for use in the mod_ssl project http Avwww modssl org 4 The names mod_ss must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact rse engelschall com 5 Products derived from this software may not be called mod_ssl nor may mod_ssl appear in their names without prior written permission of Ralf S Engelschall 6 Redistributions of any form whatsoever must retain the following acknowledgment This product includes software developed by Ralf S Engelschall lt rse engelschall com gt for use in the mod_ssl project http Awww modssl org THIS SOFTWARE IS PROVIDED B
54. Y RALF S ENGELSCHALL AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL RALF S ENGELSCHALL OR HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Mpack C Copyright 1993 1994 by Carnegie Mellon University All Rights Reserved Permission to use copy modify distribute and sell this software and its documentation for any purpose is hereby granted without fee provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation and that the name of Carnegie Mellon University not be used in advertising or publicity pertaining to distribution of the software without specific written prior permission Carnegie Mellon University makes no representations about the Suitability of this software for any purpose It is provided as is without express or implied warranty CARNEGIE MELLON UNIVERSITY DISCLAIMS
55. a Reject mail The mail will not be accepted and the connecting mail server is forced to return it BCC Send a blind carbon copy mail to the mail address specified in Action Data a Action data Depending on the specified action Modify Subject Header The specified text will be inserted into the subject line such as SPAM Add header A message header will be added with the specified text such as SPAM Redirect to Send the message to a mailbox such as soam example com PBMF BCC Action Send a blind carbon copy of the message to the address specitied This is a separate action from the PBMF spam actions Objectionable Content Filtering Actions Objectionable Content Filtering The Objectionable Content Filter defines a list of key words that will cause a message to be blocked if any of those words appear in the message Select Objectionable Content Filtering trom the Mail Delivery gt Anti Spam menu to configure the filter Objectionable Content Filter Configuration Action Quarantine mail 7 Quarantine mail 7 Rejecti Discard Quarantine email notification to All recipients E The sender A The administrator E Iv Inbound Notification This is an automated message from the PROGRAM at host SHOSTNAMEs mail from 5 _ YOUs SSENDER to R_YOU RECIPIENT was stopped and s DISPNS because it contains objectionable content Outbound Notification This is an
56. access pattern New Access Pattern Pattern example com Client Access MM HELO Access D Envelope From ACCESS E Envelope To ACCESS E lf pattern matches Reject Update Cancel Pattern Enter a mail address hostname domain name or IP Address m Client Access This parameter is used for domain hostname or IP address patterns This item is the most reliable and may be used to block spam as well as whitelist oo 890909 Only the Client Access parameter can be relied upon because spammers can easily forge all other message properties The other parameters however are useful for whitelisting m HELO Access This parameter requires either a domain or hostname pattern It is not reliable as soammers can fake this property m Envelope From Access This parameter requires a valid email address pattern It is not reliable as soammers can fake this property a Envelope To Access This parameter requires a valid email address pattern It is not reliable as soammers can fake this property a f Pattern Matches a Reject The connection will be dropped a Allow relaying Messages from this address will be relayed and processed for spam a Trust Messages trom this address will be relayed and not processed for spam Pattern Based Message Filtering Message Restrictions Mail Access Filtering 39 Pattern Based Message Filtering is the primary tool for whitelisting and blacklisting message
57. ace to allow users to login to the Soam Quarantine via that interface Select System Contig gt Network Settings and go to the Network Interface section Network Interface Inc IP address ors 2 Metmask 25525500 z Media 8 UserAccess W Select the User Access check box to allow access to the Soam Quarantine via this interface Click Apply to save the network settings Local Email Firewall users can log in and examine the messages in their Spam Quarantine Messages in the quarantine can be released back into the user s Inbox by clicking the Not Spam link amp Trusted Senders A Change Password 4 Logout 3Com Email Firewall user Mailbox Spam Quarantine 0 new 0 recent amp Spam Quarantine Selectall Selectnone Delete Undelete NotSpam Date From Subject There are no messages in this mailbox Delete Undelete Not Spam Selectall Select none Hide Deleted Empty Trash 4 Size Hide Deleted Empty Trash Quarantine and Trusted Senders List Users 67 Quarantine and You must add local users to the 3Com Email Firewall if you require the Trusted Senders List ability for users to view the Soam Quarantine or configure their Trusted Users Senders Lists Select System Contig gt Users trom the menu All Users Search Search Login Email m user user example com Selected Users Remove Select All None Add a New User File upload File do
58. ad Description Shows administrative functions that have been performed The time of the last update its success OF failure and the name of the new pattern file The load average for the past 1 5 and 15 minutes Number of processes waiting tor CPU A very busy system may have 50 or more Event Type DCC Preterred Disk IO Disk Usage Logins Logouts Login failure Network IO Paging Queue Sizes RBL Responses Swap usage System History 81 Description Parameters The round trip Name ot preterred server time to preferred DCC server MB per second transfer KB per transfer transfers per second for a disk Amount of used and total available disk Space for each disk slice A single web UserlD and IP address based login A single web UserlD and IP address based logout not including timed out sessions Login failure UserlD and IP address Amount of data in and out of network card This shows the swap paging activity pages in out over 5 seconds Number of Active queue size in bytes messages In deferred queue size in bytes active and deferred queues Average round RBL server time to RBL server with minimum and maximum values This shows the Used and available swap Swap usage Space In megabytes and total swap space available 82 CHAPTER 5 REPORTING Configure History In the Configure Reporting History Size screen you can configure how Settings m
59. ail Firewall In this case the system must be reset to factory default settings from the system console CAUTION After returning your system to factory default settings do not perform a restore from a previous backup because you will overwrite the current admin password with the previous one that was forgotten If you forget your admin password all settings and data will be lost and you cannot perform a restore from a previous contiguration Use the following procedure to return the 3Com Email Firewall to factory default settings if you cannot connect using the web admin interface Shutdown the system using the power button Connect a USB keyboard and a monitor to the 3Com Email Firewall Turn on the system As the system restarts wait for the message that appears at the top of the screen that states Hit R to reinstall and then press r If you were successful the system will reinstall and then reboot The procedure will take approximately five minutes When the 3Com Email Firewall restarts it will be at the factory default settings You will need to connect to the system via a web browser to the default IP address of 192 168 1 253 When connected login with the user name admin and use the default password admin 128 APPENDIX B RESET TO FACTORY DEFAULT SETTINGS FROM CONSOLE 8 You will need to reinstall and license the system using the Setup Wizard and License Wizard See the nsta lation Guide for details on insta
60. ailbox For example mail addressed to user example com can be redirected to the internal mail address user sal es example com This enables the message to be delivered to the user s preferred mailbox Similarly mail originating internally will have the address in the From Reply To and Sender header modified by a mail mapping so it appears to have come from the preferred external form of the mail address user example com Select Mail Delivery gt Mail Mappings to configure your mail mappings ee ee Mail Mapping Noo mal mapping ant Selected tems Remove Select All Mone Retresh Add Upload File Download File Finished Help Uploading Mapping List Mail Mappings 27 Click Add to add a new mapping to your list New Mail Mapping Entry External mail address user example com 7 Internal mail address user sales example co 7 Extra internal addresses Mew P Add Update Cancel Help m External mail address Enter the external mail address that you want to be converted to the specified internal email address for incoming mail The specified internal address will be converted to this external address for outgoing mail a Internal mail address Enter the internal mail address that you want external addresses to be mapped to for incoming mail The internal address will be converted to the specified external address for outgoing mail a Extra internal add
61. all mean the work of authorship whether in Source or Object form made available under the License as indicated by a copyright notice that is included in or attached to the work an example is provided in the Appendix below Derivative Works shall mean any work whether in Source or Object form that is based on or derived from the Work and for which the editorial revisions annotations elaborations or other modifications represent as a whole an original work of authorship For the purposes of this License Derivative Works shall not include works that remain separable from or merely link or bind by name to the interfaces of the Work and Derivative Works thereof Contribution shall mean any work of authorship including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner For the purposes of this definition submitted means any form of electronic verbal or written communication sent to the Licensor or its representatives including but not limited to communication on electronic mailing lists source code control systems and issue tracking systems that are managed by or on behalf of the Licensor for the purpose of discussing and improving the Work but excluding communication that is conspicuously
62. ame than the server specified in the single certificate Digital certificates eventually expire and are no longer valid after a certain period of time and need to be renewed before the expiry date SSL Certificates 95 To Install a commercial certificate 1 Select System Config gt SSL Certificates from the menu to view and manage your certificates 2 Create a new self signed certificate by clicking the Generate a self signed certificate button Create a New Self Signed SSL Certificate ServerName mail example com 2 Server Email Address admin example com oO Server Organization Name 3Com Q Server Location City Marlborough E Server Location State Province Massachusetts Server Location Country lus e Days to Certificate Expiry 730 B Size of Certificate s Public Key 2046 bit Apply Cancel 3 Click Apply You must then reboot to install the new certificate 4 Click the Show installed certificate button to display the certificate and an accompanying certificate request 5 Forward the request portion of the certificate to a commercial Certificate Authority CA for signing 6 When received install the commercial certificate by clicking the Load a site certificate button Copy and paste the SSL Certificate and private key portions into the indicated fields and then click Continue Install Externally Generated Certificate SSL Certificate snip 2EH CERTIFICATE Private
63. ample com Connect Now Wpdate Cancel Help m Send Email Enable this option to send an email to the address specified in the Send Emails To field when an Email Firewall update is available m Send Emails To Specify an email address to receive messages from Security Connection Click the Connect Now button to run Security Connection immediately 98 CHAPTER 6 SYSTEM CONFIGURATION Status and Utility SYSTEM MANAGEMENT This chapter describes how to use the system management features of the 3Com Email Firewall and includes the following topics a Status and Utility a Mail Queues Quarantine m Daily Tasks m Backup and Restore Reboot and Shutdown m Reset to Factory Settings Select System Mgmt gt Status and Utility from the menu to view a number of system statistics such as the total system uptime load average the amount of used swap and disk partition space and NTP server status Uptime 16 07 53 Load Average 0 07 0 06 0 05 i Swap Space 2047M total 8M used AM This is normal swap usage System Date Time 20 Jan 2005 13 36 54 Operating System Area 63 Used 88 72 MB Available System Backup Area 0 Used 474 77 MB Available Disk Usage Log Files Area 0 Used 10751 75 MB Available Mail Storage Area 0 Used 10754 27 MB Available Database Files 13 Used 10633 32 MB Available Temporary Files 0 Used 956 6 MB Available NTP Server Stratum Secs Poll Delay Offset Displacement NTP Server Statu
64. any emails and system events to keep in the logs and how long you want to keep them Setting higher values will use uo more disk space and cause backups to take much longer to complete if they include the reporting data Select Reporting gt Configure History trom the menu to modity your reporting history settings Configure Reporting History Size Limit Total Number of Email to 250 000 Limit Number of System Events per 50000 event type Report Expiry liyear Apply Help a Limit Total Number of Email to Select the total number of emails to keep in the email history m Limit Number of System Events per event type Select the limit for the number of system events to keep m Report Expiry Choose how long you wish to keep reports Setup Wizard SYSTEM CONFIGURATION This chapter describes how to view and modify the system configuration of the 3Com Email Firewall and includes the following topics a Setup Wizard m Admin Account m System Users m Network Settings m Web Proxy m Static Routes a Licensing a SSL Certificates a Software Updates The Setup Wizard can quickly guide you through the steps to change your networking or system mail setup information For additional information regarding the Setup Wizard refer to the nstal lation Guide that you received with your 3Com Email Firewall Using the Setup Wizard you can change the following settings m Admin Password m TimeZone
65. ase a The initial database tables based on analysis of known spam a Tables derived trom an analysis of local legitimate mail This is referred to as training SIA 51 Mail identified as bulk by DCC is also analyzed to provide an example of local spam Select STA from the Mail Delivery gt Anti Soam menu to configure STA settings Configure STA STA Mode Normal gt Qo Spam Action Action Modify Subjectheader gt B Action data SPAM sts oO Maybe Spam Action Enable Maybe Spam D gs Action Action data PO B Diagnostics Enable X STA Headers 7 Q STA Mode Use one of the following three modes for STA Normal This is the default mode and is recommended in most cases The STA upper threshold is set to 85 and the lower threshold to 65 Any message with a metric 85 or above will be considered spam A metric between 85 and 65 will be considered Maybe Spam and will trigger an action if you have the Maybe Spam option enabled A metric lower than 65 is considered legitimate mail Aggressive Increases STA s aggressiveness to ensure more spam is caught but also increases the possibility of false positives The STA upper threshold is set to 80 and the lower threshold to 50 Any message with a metric 80 or above will be considered spam A metric between 80 and 50 will be considered Maybe Spam and will trigger an action if you have the Maybe Spam option enabled A metric lower than 50 is consid
66. assing through the 3Com Email Firewall are scanned for viruses Viruses can be selectively blocked depending on whether they are found in inbound or outbound messages Message attachments are recursively disassembled to help ensure that viruses cannot be concealed When a virus infected message is received it can be deleted quarantined or the event can be logged Quarantined messages may be viewed forwarded downloaded or deleted Quarantined messages can also be automatically deleted based on their age 32 CHAPTER 3 CONFIGURING MAIL SECURITY Select Mail Delivery gt Anti Virus from the menu to enable and configure virus scanning Enable virus scanning Ca Quarantine unopenable attachments M Action Quarantine mail Quarantine mail m Enable virus scanning Select the check box to enable virus scanning m Quarantine unopenable attachments This option is enabled by default to quarantine attachments that are password protected and flag them in the logs as suspicious This feature prevents password protected zip files that contain viruses or worms from being passed through the system This option will only take effect if the Anti Virus action Is set to Quarantine Mall a Action Configure the action for both inbound and outbound mail Possible actions include a Just log Log the event and take no further action a Reject mail The message is rejected with notification to the sending system a
67. block mail access to and from the 3Com Email Firewall For example SMTP port 25 must be opened between the Internet and the 3Com Email Firewall to allow inbound and outbound mail connections Internal Mail Systems You may be receiving incoming mail to the 3Com Email Firewall but mail is not being forwarded to the appropriate internal mail servers such as Exchange Also outgoing mail trom the internal servers may not be forwarded to the 3Com Email Firewall tor delivery In these scenarios examine your internal mail server to ensure It is working properly Check communications between the two systems to ensure there are no network DNS or routing issues Also check that your internal servers are configured to send outgoing mail to 3Com Email Firewall External Mail Systems If you have sent a large amount of mail to a particular destination and that mail server is currently down these messages will queue up in the deferred mail queue to be retried after Troubleshooting Mail Delivery Problems 121 a period of time You can view the Mail Transport logs to see the relevant messages that may indicate why you cannot connect to that particular mail server The server could be down too busy or not currently accepting connections Examining Log Files Examine the system log files in the Reporting gt System Logs screen The Mail Transport log is the most important as it provides a detailed description of each message that passes through
68. change the admin account password CAUTION If you forget your admin password you will have to reinstall the system Please choose your password carefully and store it in a sate place See Appendix B on page 127 for information on resetting the system If you have forgotten your admin password Click Add Admin User to create a new user with admin privileges Edit User Profile for admin Forward email to admin example com E9 Email admin example com 2 Password Password roses Confirm Password paas Add Admin User Apply You must add local users to the 3Com Email Firewall if you require the ability to view the user Soam Quarantine or configure the Trusted Senders Lists Select System Contig gt Users to manage your local users Search Search j Login f Email C user USerigexample com Selected Users Remove Select All Mone AddaNewWser File upload File download Creating an Admin User System Users 8 7 Click the Add a New User button to add a new user to the system Add a New User User ID Jnewuser Password Set Password p Confirm Password m Administrator Privileges I Full Admin Create Cancel Enter a User ID and a Password If this user will be an additional administrator for this 3Com Email Firewall select the Full Admin option in the Administrator Privileges section When a Full Admin user logs into the 3Com Email Firewall they must click the Adminis
69. con indicates that your license will expire in a week Licensed Users Indicates the number of licensed users supported by the 3Com Email Firewall If this information is incorrect and you have already installed a license please contact 3Com support A warning icon indicates that you are using at least 90 of your licensed number of users Security Server Indicates the status of the Security Server and the last time an update was retrieved Anti Spam Server Indicates the status of the Anti Spam server Anti Virus Server Indicates the status of your Anti Virus services including the time of the last pattern file update Internal Mail Server Indicates the status of your internal mail server If it is inaccessible check the internal mail server to ensure that it is running Perform network tests to ensure you have connectivity between the 3Com Email Firewall and the internal mail server A warning icon indicates that the connection is timing out Gateway Indicates your connection to the local gateway which is your firewall or router If the gateway is inaccessible ensure that it is up and running and perform network tests to ensure connectivity between the 3Com Email Firewall and the gateway DNS Server Indicates that DNS services are working properly If the server is inaccessible check your DNS server to ensure It is running and perform network tests between the 3Com Email Firewall and the DNS server to
70. country or planet Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice immediately at the beginning of the file without modification this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgement This product includes software developed by lan F Darwin and others 4 The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRIC
71. ction You can create a list of PBMF rules and upload them together in one file The file must contain comma or tab separated entries in the form Section type pattern action priority seq rulenumber For example to contains user example com reject medium The file o6mf csv should be created in csv file format using Excel Notepad or other Windows text editor It is recommended that you download the PBMF file first by clicking Download File edit it as required and upload it using the Upload File button Click the Preferences button to set your preferences for any spam PBMF s PBMF Configuration PBMF SPAM Action Train as STA Spam M Action Modify Subject header gt Action data SPAM B PBMF BCC Action BCC Email Address D Other PBMF Actions Other PEMF actions currently do not require configuration OK Cancel Help B m Train as STA Spam Select this option to allow any mail that triggers an action to be trained as spam for STA purposes a Action Specify one of the following actions a Just log An entry is made in the log and no other action is taken 60 CHAPTER 4 ANTI SPAM CONFIGURATION Modity Subject Header The text specitied in Action Data will be inserted into the message subject line Add header An X mail header will be added as specified in the Action Data Redirect to The message will be delivered to the mail address specified in Action Dat
72. d States and other jurisdictions Microsoft and Windows are registered trademarks of Microsoft Corporation All other company and product names may be trademarks of the respective companies with which they are associated ENVIRONMENTAL STATEMENT It is the policy of 3Com Corporation to be environmentally friendly in all operations To uphold our policy we are committed to Establishing environmental performance standards that comply with national legislation and regulations Conserving energy materials and natural resources in all operations Reducing the waste generated by all operations Ensuring that all waste conforms to recognized environmental standards Maximizing the recyclable and reusable content of all products Ensuring that all products can be recycled reused and disposed of safely Ensuring that all products are labelled according to recognized environmental standards Improving our environmental record on a continual basis End of Life Statement 3Com processes allow for the recovery reclamation and safe disposal of all end of life electronic components Regulated Materials Statement 3Com products do not contain any hazardous or ozone depleting material Environmental Statement about the Documentation The documentation for this product is printed on paper that comes from sustainable managed forests it is fully biodegradable and recyclable and is completely chlorine free The varnish is environmentally friendly a
73. d in the 3Com software product documentation or specifications as being compatible 3Com will make reasonable efforts to provide compatibility except where the non compatibility is caused by a bug or defect in the third party s product or from use of the software product not in accordance with 3Com s published specifications or user manual THIS 3COM PRODUCT MAY INCLUDE OR BE BUNDLED WITH THIRD PARTY SOFTWARE THE WARRANTY PROVISIONS OF THIS DOCUMENT DO NOT APPLY TO SUCH THIRD PART SOFTWARE IF A SEPARATE END USER LICENSE AGREEMENT HAS BEEN PROVIDED FOR SUCH THIRD PARTY SOFTWARE USE OF THAT SOFTWARE WILL BE GOVRNED BY THAT AGREEMENT FOR ANY APPLICABLE WARRANTY PLEASE REFER TO THE END USER LICENSE AGREEMENT GOVERNING THE USE OF THAT SOFTWARE REGULATORY INFORMATION FCC COMPLIANCE FCC CLASS B VERIFICATION STATEMENT INDUSTRY CANADA IC COMPLIANCE STATEMENT AVIS DE CONFORMITE A LA REGLEMENTATION D INDUSTRIE CANADA EUROPEAN UNION DECLARATION OF CONFORMITY This device complies with part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation NOTE This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection aga
74. d to a UPS Uninterruptable Power Supply to prevent damage in the event of a power failure duing this procedure Factory Settings M WARNING WARNING WARNING WARNING I This operation will initiate a complete software re installation to factory default settings ALL existing settings and data will be lost Only perform this operation if the 3Com Email Firewall is connected to an uninterruptible power supply There is a possibility of system damage if power is lost during this operation After rebooting installation will continue on the system console Restore to Factory Settings now Click the Restore to Factory Settings now button to continue The system must be rebooted when the procedure is complete After rebooting you must reinstall the system using the instructions in the nstallation Guide that came with your 3Com Email Firewall 114 CHAPTER 7 SYSTEM MANAGEMENT Monitoring Mail Processing Activity MONITORING ACTIVITY AND STATUS This chapter describes how to monitor the 3Com Email Firewall s mail processing activity and system status and includes the following topics a Monitoring Mail Processing Activity a Email Firewall Status Select Activity from the main menu to view the 3Com Email Firewall s Activity screen The Activity screen provides you with a variety of information on mail processing activity such as the number of messages in the mail queue the number of different types of messages receiv
75. d to access another device on your network you enter the name of the device instead of its IP address Extended SMTP A set of extensions for the SMTP Simple Mail Transport Protocol tor better multimedia message handling File Transfer Protocol A protocol based on TCP IP for reliable file transfer The initial identifying message sent when setting up an SMTP connection between two email servers Hypertext Transfer Protocol This is a set of rules tor exchanging files text graphic images sound video and other multimedia files on the World Wide Web A secure version of HTTP using SSL Secure Sockets Layer encryption 146 GLOSSARY IP address Mailer Daemon Mail Mapping Mail Route Malformed Email MIME MX NIC NTP Pattern Based Message Filtering PBMF Ping Protocol Internet Protocol IP is a layer 3 network protocol that is the standard for sending data through a network IP is part of the TCP IP set of protocols that describe the routing of packets to addressed devices Internet Protocol address A unique identifier for a device attached to a network using TCP IP The address is written as four octets separated with periods full stops and is made up of a network section an optional subnet section and a host section The name of a process running on the email server that may send out Status messages Maps an external email address to a different internal email address and vice versa Def
76. do so please include this problem report You can delete The following variables can be used Table 5 System Message Variables Variable Value Example PROGRAM or 3Com Email Firewall PRODUCT 126 APPENDIX A CUSTOMIZING SYSTEM MESSAGES Variable HOSI NAME POSTMASTER_MAIL _ADDR DELAY_WARN_TIME MAX_QUEUVE_TIME S YOU or SENDER R_YOU or RECIPIENT SPAM_FOLDER SPAM_EXPIRY SPAM_MESSAGES DISPN Value Hostname entered on the Network Settings screen Email address of the admin user In Delivery Settings Time before Delay Warning In Delivery Settings Maximum Time in Mail Queue Mail address of sender Mail address of recipient The name of the spam folder for the user spam quarantine The number of days before quarantined Spam is expired The information for a spam message Date From Subject Disposition or Action Example mail example com admin example com 4 hours 5 days sender example com recipient example com Spam_quarantine 30 05 27 04 user example com File for you quarantined KR W N RESET TO FACTORY DEFAULT SETTINGS FROM CONSOLE If you need to return the 3Com Email Firewall to its factory default settings you should use the System Mgmt gt Factory Settings screen from the main menu If you have forgotten your admin password it cannot be recovered and you will not be able to login to the 3Com Em
77. e a 3Com Email Firewall User Guide a Part number DUA MFA100 AAAO1 m Page 25 Please note that we can only respond to comments and questions about 3Com product documentation Questions related to technical support or sales should be directed in the first instance to your network supplier 12 ABOUT THIS GUIDE Deployment and 3COM EMAIL FIREWALL OVERVIEW This chapter provides an overview of the 3Com Email Firewall and its features and includes the following topics m Deployment and Installation Features m System Administration The 3Com Email Firewall is designed to be situated between your mail Installation servers and the Internet so that there are no direct SMTP Simple Mail Transport Protocol connections between external and internal servers The 3Com Email Firewall is installed behind the existing firewall on the Internal network Internal Email External Email Intemet Server Firewall 4Com Email Firewall Inbound mail will be forwarded from the Firewall or Router to the 3Com Email Firewall where it will be scanned processed and then sent to your internal mail server for delivery Outbound mail will be sent from your internal mail server to the 3Com Email Firewall to be scanned processed and then delivered to the destination SMTP server on the Internet 14 CHAPTER 1 3COM EMAIL FIREWALL OVERVIEW Installation Features Anti Spam Anti Virus Scanning Malformed Email Checks
78. e and then click Restore now to perform the restore Backup image uploaded successfully File name backup gz size 9467310 lt lt Back Restore now Uploaded Dataset Contents Backup created Tue Dec 28 11 10 10 EST 2004 Encrypted NO Restore part 1 Database Restore pat 2 Spam quarantine directories Restore pat 3 Uploaded user record files Restore part 4 Mail spool files Restore pat 5 Quarantined mail Restore part6 SSL Certs Restore part Statistical Token Analysis STA Data Restore part8 Report Data lt lt Back Restore now Reboot and Shutdown Reset to Factory Settings AN Reboot and Shutdown 113 The 3Com Email Firewall can be safely rebooted or shut down from the System Mgmt gt Reboot and Shutdown screen Before shutting down remove any media from the floppy and CDROM drives 3Com Email Firewall Reboot or Shutdown The 3Com Email Firewall will now be rebooted or shut down Reboot now Shutdown noy Click Reboot now to shutdown the system and reboot Click Shutdown now to shutdown the system completely Select System Mgmt gt Reset to Factory Settings from the menu to revert your 3Com Email Firewall back to its factory default settings CAUTION All existing configuration settings and data will be lost if you reset to factory default settings Ensure that you perform a backup of your system If you Wish to restore your configuration and data Also ensure that your system Is connecte
79. e Part 55 Match Option 58 Pattern 58 Priority 58 Action 58 Upload or Download File 59 PBMF Preferences 59 59 Objectionable Content Filtering 61 Actions 61 Notifications 62 Upload and Download Filter List 62 Trusted Senders List 62 Adding Trusted Senders 63 Spam Quarantine 64 Spam Quarantine Configuration 64 User Notification 65 Set Redirect Action for Anti Spam Features 65 Enabling User Access on a Network Interface 66 Examining the Quarantine 66 Quarantine and Trusted Senders List Users 67 Upload and Download User Lists 68 Enabling User Access on a Network Interface 68 Advanced Anti Spam Options 69 RBL Realtime Blackhole List 69 Mail Access Filtering 70 Anti Spam Header 70 REPORTING Generating Reports 71 Report Configuration 72 Report Generation 73 Report Fields 74 System Logs 77 Viewing Log Details 78 Configuring a Syslog Server 78 Email History 79 System History 80 Event Types 80 Configure History Settings 82 SYSTEM CONFIGURATION Setup Wizard 83 Change Password 84 Time Zone 84 Network Configuration 85 Mail Configuration 85 Admin Account 86 System Users 86 Creating an Admin User 87 Upload and Download User Lists 88 Enabling User Access on a Network Interface 88 Network Settings 89 Network Interfaces 90 Advanced Parameters 90 Web Proxy 91 Static Routes 92 Licensing 93 Installed License 93 License Agreements 94 License Renewal or Upgrade 94 SSL Certificates 94 Software Updates 96 Uploading a So
80. e Users Select Reporting from the menu to view and configure reports Report List Generate Now Refresh Delete Selected Configure Help Report Started At Status Finished At rep6 pdt 2004 12 22 11 40 53 done 2004 12 22 11 40 58 rep6 html 2004 12 22 11 40 53 done 2004 12 22 11 40 57 a reps pai 2004 12 22 11 31 58 done 2004 12 22 11 32 03 M rep html 2004 12 22 11 31 58 done 2004 12 22 11 32 01 M rep4 pdf 2004 12 22 11 30 31 done 2004 12 22 11 30 35 M rep4 htmil 2004 12 22 11 30 31 done 2004 12 22 11 30 34 Generate Now Refresh Delete Selected Configure Help To view a previously generated report click on the report name To configure a report click the Configure button Click Generate Now to immediately generate a report Click the Configure button to set up a new report Report Configuration Generate Now Apply Update Cancel Help Report Title Full Report Email HTML To admin example com Email PDF To Paper Size Describe fields in report Report Generation Enable Auto Generate Vi Auto Generate Report at 03 30 z Auto Generate on Week Days Monday gt and or Day s of Month none gt Timespan Covered 1 month gt Timespan Ends at generate time Timespan Offset Days Ago 0 days a Report Title Title to display at the top of the report m Email To HTML PDF Specify an email address such as admin example com Use a comma
81. e accompanying Installation Guide f release notes are shipped with your product and the information there differs from the information in this guide follow the instructions in the release notes Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format PDF or HTML on the 3Com World Wide Web site http www 3com com products 10 ABOUT THIS GUIDE Conventions Table 1 and Table 2 list conventions that are used throughout this guide Table 1 Notice Icons Icon Notice Type Description gt Information note Information that describes important features or Caution h Warning instructions Information that alerts you to potential loss of data or potential damage to an application system or device Information that alerts you to potential personal injury Table 2 Text Conventions Convention Screen displays Syntax Commands The words enter and type Keyboard key names Words in talics Description This typeface represents information as it appears on the screen The word syntax means that you must evaluate the syntax provided and then supply the appropriate values for the placeholders that appear in angle brackets Example To change your password use the following syntax system password lt password gt In this example you must supply a password for lt password gt The word command means that you must enter the command exactly
82. e actions include Disable Anti Spam The Anti Spam features are disabled Set Action to Modify Subject Header Anti Spam features are enabled Messages determined to be spam will have their subject field modified with the text SPAM Set Action to User Quarantine Mail User Spam Quarantine Anti Spam features are enabled Messages determined to be spam will be redirected to the User Soam Quarantine The Action for each feature will be set to Redirect To and the Action data set to the address of this 3Com Email Firewall for quarantine A N CAUTION If you set the global Anti Spam action to User Quarantine Mail you must ensure you have local Soam Quarantine users contigured to accept the messages If there are no Soam Quarantine users configured the messages will be rejected See Quarantine and Trusted Senders List Users on page 67 for more information on creating Spam Quarantine users DCC DCC 49 DCC Distributed Checksum Clearinghouse is a tool used to identity bulk mail and is based on a number of servers that maintain databases of message checksums These checksums are derived trom numeric values that uniquely identify a message DCC provides a simple but very effective way to successfully identify soam and control its disposition while updating its database with new spam message types Mail users and ISPs all over the world submit checksums of all messages received The database records how many of each message
83. e and Trusted Senders List via this interface Click Apply to save the network settings Advanced Anti Spam Options RBL Realtime Blackhole List Advanced Anti Soam Options 69 Click the Advanced button to reveal the following advanced Anti Spam options RBLs contain the addresses of known sources of spam and are maintained by both commercial and non commercial organizations The RBL mechanism is based on DNS Every server that attempts to connect to the 3Com Email Firewall will be looked up on the specified RBL servers using DNS If the server is blacklisted then the server Is considered an origin of known spam and the connection dropped Note the following considerations when using RBL If the RBL server is not available the DNS request times out This may affect performance and requires monitoring for timed out connections If a message that you want to receive is blocked by an RBL add an item to the Pattern Based Message Filtering list to Trust to train for STA or Accept not train for STA this message RBL Configuration Enable RBLs Mi Rosee Check Relays fo Action Modify Subject header Action Data RBL RBL Servers RBL Servers Edit oo 099 Enable RBLs Select this check box to enable RBLs Check Relays The Check Relays setting deals with soammers who are relaying their messages through an intermediate server The information about the originating server is carried in t
84. e developed by the OpenSSL Project for use in the OpenSSL Toolkit http Awww openssl org THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE This product includes cryptographic software written by Eric Young eay cryptsoft com This product includes software written by Tim Hudson tjh cryptsoft com 142 APPENDIX C THIRD PARTY COPYRIGHT AND LICENSE AGREEMENTS PAM Redistribution and use in source and binary forms of Linux PAM with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain any existing copyright notice and this entire permission notice in its entirety including the disclaimer of warranties 2 Redistributions in binary form must reproduce all prior and current copyrig
85. e packet is losing its connection a Hostname Lookups Use this test to ensure that hostnames are being properly resolved by the DNS server Troubleshooting Content Issues Email History Troubleshooting Content Issues 123 If the mail has been delivered to the 3Com Email Firewall successfully it will undergo security processing before delivery to its final destination Many of the security tools used by the 3Com Email Firewall such as Anti Spam Content Filtering Anti Virus scanning Attachment Control and so on will cause the message to be rejected discarded and quarantined without the message being delivered to the recipient s mail box These tools can often be miscontfigured allowing legitimate messages to be incorrectly rejected or quarantined If you find that certain mail messages are being blocked when they should not be check the following a ls there a Specific Access Pattern or Pattern Based Message Filter rule that applies to the message a ls the attachment type filtered via Attachment Control a Are the spam controls blocking the message m ls the message over the maximum size limit Every message that passes through the 3Com Email Firewall generates a database entry that records information about how It was processed filtered quarantined and so on To see how the message was handled by the 3Com Email Firewall you can check the Ema History to see the disposition of the message Using this information
86. ed and sent and current message activity RO 3Com Email Firewall 3C 0 m Activity c O m Ed Ge Ss 0 0 0 0 Mail Delivery Status Mail is running Queued 0 Hour 0 0 Reporting Stop Deferred 0 Day 0 0 0 0 0 0 System Config m Total 0 Week 2 10 0 0 0 10 System Mgmt Mail Received Recently Logout Tine uum sender econ Sat 18 45 55 44B846744FC userl example com user2 example2 com sent out 18 45 07 F2F5720144 userl example com user2 example2 com pending 16 29 21 D77125F561 userl example com user2 example2 com sent out Refresh 116 CHAPTER 8 MONITORING ACTIVITY AND STATUS Mail Server Status Mail Queue Mail Q Mail Queue Statistics Mail Received Recently Troubleshooting Mail Queue Problems The mail system status is shown in the top left window Mail will either be running or stopped Use the Stop or Start button to control mail processing The mail queue activity Mail Q section displays the number of Queued Deferred and Tota messages in the mail queue This provides a quick indicator of how your mail is processing If the mail queues begin to build up you may have a problem sending or accepting mail The mail queue statistics section displays the number of messages per hour day and week in the following categories a Arrived The number of messages received m Sent The number of mail messages sent m Spam The number of soam messages rec
87. eijen Paul von Behren Rich Wales Mike White This software Is provided as is without warranty of any kind express or implied In no event shall Info ZIP or its contributors be held liable for any direct indirect incidental special or consequential damages arising out of the use of or inability to use this software Permission is granted to anyone to use this software for any purpose including commercial applications and to alter it and redistribute it freely subject to the following restrictions 1 Redistributions of source code must retain the above copyright notice definition disclaimer and this list of conditions 2 Redistributions in binary form compiled executables must reproduce the above copyright notice definition disclaimer and this list of conditions in documentation and or other materials provided with the distribution The sole exception to this condition is redistribution of a standard UnZipSFX binary including SFXWiz as part of a self extracting archive that is permitted without inclusion of this license as long as the normal SFX banner has not been removed from the binary or disabled 3 Altered versions including but not limited to ports to new operating systems existing ports with new graphical interfaces and dynamic shared or static library versions must be plainly marked as such and must not be misrepresented as being the original source Such altered versions also must not be misrepresented as b
88. eing Info ZIP releases including but not limited to labeling of the altered versions with the names Info ZIP or any variation thereof including but not limited to different capitalizations Pocket UnZip WiZ or MacZip without the explicit permission of Info ZIP Such altered versions are further prohibited from misrepresentative use of the ip Bugs or Info ZIP e mail addresses or of the Info ZIP URL s 4 Info ZIP retains the right to use the names Info ZIP Zip UnZip UnZipSFX WiZ Pocket UnZip Pocket Zip and MacZip for its own source and binary releases 144 APPENDIX C THIRD PARTY COPYRIGHT AND LICENSE AGREEMENTS Attachment Control BCC Certificate Certificate Authority CA DCC DNS ESMTP FTP HELO HTTP HTTPS GLOSSARY A feature that allows you to block attachments based on their extension or MIME type Blind Carbon Copy The copy of an email is sent to a specified address without the other recipient s knowledge An attachment to a message that verifies its origin A centralized organization that verities and issues digital certificates Distributed Checksum Clearinghouse An anti soam technology that uses message checksums derived from email received from all over the Internet to determine whether messages are considered bulk mail Domain Name System This system maps a numerical Internet Protocol IP address to a more meaningful and easy to remember name When you nee
89. eived a Reject The number of messages rejected a Virus The number of messages that contained a virus m Clean The number of clean messages that have passed through the system The Mail Received Recently portion of the Activity screen displays the most recent messages processed by the system including their current status You can click on an individual message ID to see its details When troubleshooting mail problems examine the following items on the Activity screen m Examine the mail queue activity Mai Q to check the number of Queued Deferred and Total messages in the mail queue This is a quick indicator of how your mail is processing Click the Refresh button frequently to ensure that the mail queues are not building up too high a Inthe Mail Received Recently portion of the Activity screen check the timestamps of your most recent incoming and outgoing mail If no mail has been processed in a certain period of time this may indicate that the inbound outbound or both mail directions are not working Check the statistics for your mail queues You may notice mail system latency if you are receiving a lot of virus soam or message rejects Email Firewall Status 117 Email Firewall Status Select Status from the main menu to determine if all services and servers are functioning properly CANI 3Com Email Firewall 3com Status System Name Activity System Upti
90. eiving Disable Receiving Mail Sending Disable Sending Flush Mail Queue Flush SMTP Probe Run Test Ping Utility Run Test Traceroute Utility Run Test Hostname Lookups A Lookup oo 0909090 9 a Flush Mail Queue Use this utility if you have a high amount of deterred mail that you would like to try and delivery In environments with a high amount of deferred mail this process can take a very long time If the deferred mail queue continues to grow there are other problems that are preventing the delivery of mail and the Flush button should not be clicked again a SMTP Probe The SMTP Simple Mail Transport Protocol Probe is used to test email connectivity with a remote SMTP server This allows you to verity that a certain SMTP server Is responding to connection requests and returning a valid response If you are having trouble delivering mail to a specific server test your SMTP connection using this utility m Ping and Traceroute Use the Ping and Traceroute utilities to ensure network connectivity with another host From the 3Com Email Firewall try to ping hosts both on the internal and external networks You should also try to ping the firewall DNS server and external router Try to ping the 3Com Email Firewall from these locations to ensure you have connectivity Traceroute is used to see the routing steps between two hosts If you do not have connectivity you can use traceroute to see where exactly th
91. en installed Selected Updates Install Delete Select All None Upload a Software Update Ifyou have a software update file enter the local filename below or use the Browse button to locate the file It will be uploaded and added to the Available Updates list Upload Software Update Software update file Browse Next When these software update files are downloaded to your local system they can be installed by clicking Browse in the Voload a Software Update section navigating to the downloaded file and then clicking Next The update will now appear in the Available Updates not installed section Click on the update you want to apply then click Install After applying any updates you must restart the system ib Security Connection Software Updates 97 When the system restarts the update will appear in the nsta led Updates section Before applying any update backup your system configuration and data Select System Mgmt gt Backup amp Restore from the menu to perform a backup The Security Connection is a service running on the 3Com Email Firewall that polls 3Com s support servers for new updates security alerts and other important information When new information and updates are received an email can be sent to the administrator Click the Security Connection link in the System Config gt Software Updates screen Current Settings Send Email i Send Emails To Jadmin ex
92. end public com Medium Reject 4 Client IF Matches 10 1 0 17 Medium Trust Add Upload File Download File Preferences OR Help 3 Select Client IP as the Message Part and set the address of the mail server for the mail route as the pattern 4 Set the Acton to Trust and click Update to add the new rule Fier MessagePart Pattern Priority Action 4 Client IP gt Matches f10 1 25 15 Medium gt Trust gt Del RE Update Cancel Help Delivery Settings Delivery Settings 23 You can customize various delivery settings that affect how you accept and deliver mail messages Delivery Settings Gateway Features Default Mail Relay Select Mail Delivery gt Delivery Settings from the menu Advanced Update Cancel Delivery Settings Maximum time F farant 5 value in days 1 100 Time before delay warning 4 Value in hours 0 disables Time to retain undelivered MAILER DAEMON mail Value in hours blank no processing Gateway Features Masquerade Addresses IV Strip Received 2 Headers Default Mail Relay RelayTo S Ignore MX record M Copy all mail to OoOo O O 2 Errors to flaamin 8 Maximum time in mail queue Enter the number of days for a message to stay in the queue before being returned to the sender as undeliverable Time before delay warning Number of hours before issuing the sender a notification that mail is delayed Time to
93. ensure they are communicating Time Server Indicates that your network time server is up and running Email Firewall Status 119 If there are issues with a certain service click the service check icon beside the help button to perform a test of that particular subsystem Network Address 10 1 25 14 Network Intertace 24648K8 in 476KB out last 5 minutes i af Internal Mail Server Server 10 1 25 11 operational Ey Gateway Accessible O AO DNS Server Fail Default servers are not available Time Server Serice not available i Refresh Report Problems Report Problems Click the Report Problems button at the bottom of the Status page to send selected reports back to 3Com for analysis if you experiencing problems with your 3Com Email Firewall Report Problems Send To support 3com com Version Information M Mail Log Mail Queue Stats 609099 9 lv Mail Configuration M lv lv System Messages send Now Contact Ls Update Cancel Help a Send to This is the email address tor 3Com support a Version information Include the version information in the problem report a Mail Log Include the Mail Log in the problem report a Mail Configuration Include the Mail Configuration in the problem report m Mail Queue Stats Include the Mail Queue Stats in the problem report a System Information Include the system information in the problem report 120 CHAPTER 8 MONI
94. ered legitimate mail Lenient Reduces the possibility of false positives but more spam may get through The STA upper threshold is set to 90 and the lower threshold to 80 Any message with a metric 90 or above will be considered spam A metric between 90 and 80 will be considered Maybe Spam and will trigger an action if you have the Maybe Spam option enabled A metric lower than 80 Is considered legitimate mail 52 CHAPTER 4 ANTI SPAM CONFIGURATION Spam Action Maybe Spam Action Specify an action when STA flags a message as spam m Action The action can be one of the following Just log An entry is made in the log and no other action is taken Modity Subject Header The text specitied in Action Data will be inserted into the message subject line Add header An X mail header will be added as specified in the Action Data Redirect to The message will be delivered to the mail address specified in Action Data Reject mail The mail will not be accepted and the connecting mail server is forced to return it BCC The message will be copied to the mail address specified in Action Data Action data Depending on the specified action Modify Subject Header The specified text will be inserted into the subject line such as SPAM Add header A message header will be added with the specified text such as SPAM Redirect to Send the message to a mailbox such as soam example com This features allow
95. erver web server Web Server Encryption made via SSL Engine E Archive Old Logs 0 1 2 3 4 Kernel generated messages Amalgamation of all logs System messages including file Uploads The Mail Transport log is the most important log to monitor because it contains a record of all mail processed by the 3Com Email Firewall Other logs include a Authentication Contains messages from Spam Quarantine logins m Web Server Access A log of access to the web server m Web Server Errors Contains error messages from the web server m Web Server Encryption Engine Contains messages for the web server encryption engine m Web Server Encrypted Accesses A log of SSL web server access m Messages Contains system messages including Tile uploads m Kernel A log of kernel generated messages a Archive This option allows you to view an amalgamation of all the logs 78 CHAPTER 5 REPORTING Viewing Log Details Select a specific log to view search and download its detailed entry information RetreshSearch Previous Next Download Finished Search Jan 10 10 10 44 wyserver syslogd restart Jan 10 10 10 50 wyserver start pgsql Initialising the entire database Jan 10 10 11 03 wyserver start opgsql Stop any running Database Manager Jan 10 10 11 03 wyserver start _pgsql Starting Database Manager Jan 10 10 11 07 wyserver start pgsql Creating initial sds database Jan 10 10 11 07 wyserver start opgsql
96. es are often used in denial of service DoS attacks The 3Com Email Firewall analyzes each message with very extensive integrity checks Malformed messages are quarantined if they cannot be processed Attachment Control Email Security Reporting Features 15 Attachment filtering can be used to control a wide range of problems Originating from the use of attachments such as viruses objectionable content and confidential documents leaving your network Both inbound and outbound email can be scanned Messages containing forbidden attachments can be rejected or quarantined Communications between email gateways that are normally sent in clear text can be protected from interception and eavesdropping via TLS Transport Layer Security encryption The 3Com Email Firewall s reporting features allow you to create customized reports on mail and system activity including the following a Traffic Summary a System Health m Top Mailbox Disk Users m Spam Statistics a Virus Reports m Email History m System Events History The reports are derived from information written to the various systems logs and then stored in the database Reports are stored on the system for online viewing and can also be emailed automatically to specitied users 16 CHAPTER 1 3COM EMAIL FIREWALL OVERVIEW System Administration The 3Com Email Firewall is administered via a web browser The following web browsers are supported Microsoft Internet E
97. et EJE no z oo Vv total received message size Total Received Message Size EN no Vv total sent out message size Total Sent Out Message Size EJE fno x Vv processing time Message ProcessingTime fso no gt z Vv spam metrics Spam Metric Frequency 160 no X 100 v top virus Top Virus List 170 no z hoo Field Blocking ple chart Total traffic Received Total traffic sent Total received message size Total sent out message size Processing time Spam metrics Top virus Recent virus list Top PBMFs Top forbidden attachments Recent forbidden attachments Disk usage Disk load CPU load NIC load Swap usage Paging Top spam quarantine sizes Active mail queue Deferred mail queue Generating Reports 75 Description A pie chart ot the same data as the right hand column of Traffic Blocking timespan Graphs of the number of messages received per hour over the reporting period timespan Graphs of the number of messages sent per hour over the reporting period timespan Total message size of incoming messages per hour Total message size of outgoing messages per hour The average time a message waits between initial handshake and disposition including RBL DCC lookups if any Messages that are deferred are not included Graph of the number of messages per STA assigned spam metric 0 100 List of the top viruses found List of the most recent viruses found List of the top patte
98. etmask 255 255 0 0 amp Media aj UserAccess M Advanced Parameters Enable RFC 1323 M 7 Enable RFC 1644 M m P Address Enter the IP address for this 3Com Email Firewall m Netmask Enter the appropriate netmask for your network m Media Select the type of network card Use Auto select for automatic configuration m User Access Enables local access to the Soam Quarantine and Trusted Senders List on this interface The following advanced network parameters are enabled by default and should only be modified if you are experiencing connection problems with certain mail delivery hosts m Enable RFC 1323 These are TCP extensions to improve performance and to provide reliable operation over very high speed paths m Enable RFC 1644 This is an experimental TCP extension for efficient transaction oriented request response service Web Proxy Web Proxy 91 A secure proxy server may be used to cache and proxy requests to systems external to your network such as an HTTP web proxy server If you use a proxy server on your network you must enter the proxy server address and a username and password to allow Anti Virus Anti Spam and Licensing services to retrieve updates Select System Contig gt Web Proxy from the menu Web Proxy Use Secure Web Proy M 7 Serwer Address fhitasy progy 8080 o User Mame proxyusemame 9 Password escent e o Re Enter Password m e Update C
99. fined Selected Mappings Remove Select All Mone Add Virtual Mapping Upload File Download File Finished Click the Add Virtual Mapping button to add a new mapping Add Virtual Mapping Input example com Q Output example2 com Q m Inout Enter the domain or address to which incoming mail is directed in the Input box m Output Enter the domain or address to which mail should be redirected to in the Output box Uploading Virtual Mapping List Virtual Mappings 29 A list of virtual mappings can also be uploaded in one text Tile The Tile must contain comma or tab separated entries in the form map_in map_out For example user example com user user example com user example2 com example com example2 com The file virtmap csv should be created in csv file format using Excel Notepad or other Windows text editor It is recommended that you download the virtual mapping Tile first by clicking Download File editing it as required and uploading it using the Upload File button 30 CHAPTER 2 CONFIGURING MAIL DELIVERY Anti Virus CONFIGURING MAIL SECURITY This chapter describes how to configure mail security settings on your 3Com Email Firewall and includes the following topics Anti Virus Attachment Control Mail Access Filtering SMTP Security Malformed Email The 3Com Email Firewall provides a built in virus scanning service When enabled all messages inbound and outbound p
100. ftware Update 96 Security Connection 97 SYSTEM MANAGEMENT Status and Utility 99 Utility Functions 100 Current Admin and Spam Quarantine Users 104 Configuration Information 104 Mail Queues 104 Quarantine 105 Expiry Settings 105 Daily Tasks 106 Backup and Restore 107 Starting a Backup 107 Restores 111 Reboot and Shutdown 113 Reset to Factory Settings 113 8 MONITORING ACTIVITY AND STATUS Monitoring Mail Processing Activity 115 Mail Server Status 116 Mail Queue Mail Q 116 Mail Queue Statistics 116 Mail Received Recently 116 Troubleshooting Mail Queue Problems 116 Email Firewall Status 117 System Alarms 118 Licensing 118 BorderWare Mail Security Services 118 Network Settings 118 Report Problems 119 Troubleshooting Mail Delivery Problems 120 Examining Log Files 121 Troubleshooting Content Issues 123 Email History 123 A CUSTOMIZING SYSTEM MESSAGES B RESET TO FACTORY DEFAULT SETTINGS FROM CONSOLE C THIRD PARTY COPYRIGHT AND LICENSE AGREEMENTS GLOSSARY Z Y ABOUT THIS GUIDE The instructions in this guide are designed to help you with configuration and system administration tasks for the 3Com Email Firewall This guide is intended for the system or network administrator who is responsible for configuring using and managing the 3Com Email Firewall It assumes a working knowledge of TCP IP network and email communications protocols For more detailed information on 3Com Email Firewall installation please see th
101. he current version of the system software the time it was installed and CPU and RAM information Configuration Info Version 1 0 ATI 3M40 201 204 CPU Type Pentium 4 Q Installed 2004 12 21 11 08 45 7 Q Q System RAM 125 Megabytes Select System Mgmt gt Mail Queues to view and manage queued mail The Mail Queues screen contains information on mail waiting to be delivered You can search for a specific mail message using the search function Messages that appear to be undeliverable can be removed by selecting them and then clicking the Remove button Mail in Queue Search earch E a DS Sor een DSE4EES6C2 903 Tue Jan11 10 15 43 user example com Selected Messages Remove Select All None All Messages all pages Remove All Retresh Flush Mail Queue Quarantine Expiry Settings Quarantine 105 The Quarantine area contains messages that have been quarantined because of a virus malformed message illegal attachment or other ISSUE Select System Mgmt gt Quarantine to view and manage the quarantine area Quarantined Mail Search Search r quC2CAOFESST CICADFESET VVorm LoveLetter Salesian 17 41 55 Selected Messages Remove Forward to Original Recipient Select All None All messages matching Search in entire quarantine Remove All Forward All Refresh setExpiry Settings Help You can view the details of a message by clicking on its ID numbe
102. he headers of the message which is checked against the RBL For example set Check Relaysto 2 to look for the last two relays Action Specify one of the following actions a Just log An entry is made in the log and no other action Is taken a Modify Subject Header The text specified in Action Data will be inserted into the message subject line 70 CHAPTER 4 ANTI SPAM CONFIGURATION Mail Access Filtering Anti Spam Header Add header An X mail header will be added as specified in the Action Data a Redirect to The message will be delivered to the mail address specified in Action Data a Reject mail The mail will not be accepted and the connecting mail server is forced to return it BCC The message will be copied to the mail address specified in Action Data a Action data Depending on the specified action a Modify Subject Header The specified text will be inserted into the Subject line such as RBL a Add header A message header will be added with the specified text such as RBL a Redirect to Send the message to a mailbox such as soam example com m RBL Servers Click the Edit button to edit your RBL server addresses In the Mail Access Mail Filtering settings you can specify patterns to match for on incoming connections and configure an appropriate action The maximum number of recipients and the maximum size of a message can also be configured See Mail Access Filte
103. hnologies RFC s can evolve to become actual Internet standards Simple Mail Transfer Protocol An IETF standard protocol used for transferring mail across a network reliably and efficiently as defined in RFC 821 Several SMTP commands are sent together in the same network packet Defines an access pattern to match for on a specific part of an SMTP connection Secure Sockets Layer A protocol for encrypting and securing private data over the Internet Statistical Token Analysis A method of identifying soam messages based on statistical analysis of email content A routing entry ensuring connectivity to systems on other networks A subnet mask is used to divide the device part of the IP address into two further parts The first part identities the subnet number The second part identities the device on that subnet A syslog server collects and stores log files from many sources Transmission Control Protocol Internet Protocol This is the name for two of the most well known protocols developed for the interconnection of networks Originally a UNIX standard TCP IP is now Supported on almost all platforms and is the protocol of the Internet TCP relates to the content of the data travelling through a network ensuring that the information sent arrives in one piece when it reaches its destination IP relates to the address of the endstation to which data is being sent as well as the address of the destination network 148
104. ht notices this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 The name of any author may not be used to endorse or promote products derived from this software without their specific prior written permission ALTERNATIVELY this product may be distributed under the terms of the GNU General Public License in which case the provisions of the GNU GPL are required INSTEAD OF the above restrictions This clause is necessary due to a potential conflict between the GNU GPL and the restrictions contained in a BSD style copyright THIS SOFTWARE IS PROVIDED AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR S BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE PHP The PHP License version 3 0 Copyright c 1999 2002 The PHP Group All rights reserved Redistribution and use in source and binary forms with or without m
105. icable law or agreed to in writing Licensor provides the Work and each Contributor provides its Contributions on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied including without limitation any warranties or conditions of TITLE NON INFRINGEMENT MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License 8 Limitation of Liability In no event and under no legal theory whether in tort including negligence contract or otherwise unless required by applicable law such as deliberate and grossly negligent acts or agreed to in writing shall any Contributor be liable to You for damages including any direct indirect special incidental or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work including but not limited to damages for loss of goodwill work stoppage computer failure or malfunction or any and all other commercial damages or losses even if such Contributor has been advised of the possibility of such damages 131 9 Accepting Warranty or Additional Liability While redistributing the Work or Derivative Works thereof You may choose to offer and charge a fee for acceptance of support warranty indemnity or other liability obligations and or
106. ide mazurka message was not trusted SSLTLS not used Sending Host fqdn mozar ip 10 1 25 1 helo 127 0 0 1 Processing STA spam no DCC passed no virus not malformed sent out STA metric 82 Journal Times entered at 2004 12 21 16 29 21 467654 disposed at 2004 12 21 16 29 21 786371 Message Disposition sent out 250 Ok queued as 10 10 0 88 2004 12 21 9F793A41CD 10 10 0 88 16 29 21 CUSTOMIZING SYSTEM MESSAGES Message variables can be used to customize the content of notification annotation and delivery messages The 3Com Email Firewall will substitute your local settings for the variables at the time the message is sent For example in the following Delivery Failure Notification message from Mail Delivery gt Delivery Settings the HOSTNAME variable will be replaced with the hostname of your 3Com Email Firewall Enable Mi Gg This e mail and any attachments may contain confidential and privileged information If you are not the intended recipient please notify the sender immediately by return e mail delete this e mail and destroy any copies Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal This is an automated message from the PROGRAM gt at host HOSTNAMES The message returned below could not be delivered to its intended destinations For further assistance please send mail to lt SPOSTMASTER_MAIL ADDR gt If you
107. ier and the message data Click the Send Message button to send the test message to the destination SMTP server The server should come back with a response SMTP Connectivity Diagnostics SMTP Sever 1010088 envelope from MAILFROM o gt envelope to RCPT TO fadmin examplecom HELO mal 0 Message to Send DATA command Subject Test Message This is a test message 2 Bye m SMTP Server Enter the domain name of the destination SMTP server that you want to test m Envelope from MAIL FROM The MAIL FROM part of the email message identities the sender Enter an email address indicating the sender of the message m Envelope to RCPT TO The RCPT TO part of the email message identifies the recipient of the email Enter an email address indicating the intended recipient of the message m HELO The HELO parameter is used to identify the SMTP Client to the SMTP Server You can enter any value here but the sending domain name of the server is usually specified m Message to Send DATA Command This contains the actual test message data You can enter an optional subject to ensure a blank Subject field is not sent 102 CHAPTER 7 SYSTEM MANAGEMENT The response field will show the result of the SMTP diagnostic probe including the response for each SMTP command sent Sending mail lt lt lt 220 ESMTP Postfix 2 1 0 HELO example com lt lt lt 250 mail example com MAIL FR
108. iety of information on mail processing activity such as the number of messages in the mail queue the number of different types of messages received and sent and current message activity m Status The Status page displays a list of system services and their current status Network and system tests can also be performed a Mail Delivery This menu allows you to configure mail delivery features such as a Anti Spam a Anti Virus a Attachment Control a Mail Routing a Delivery Settings a Mail Access Filtering a Mail Mappings a Virtual Mappings a SMTP Security a Malformed Email detection 18 CHAPTER 1 3COM EMAIL FIREWALL OVERVIEW a Reporting This menu allows you to view and configure the reporting and system log features of the 3Com Email Firewall a System Configuration This menu allows you to view and modify system configuration settings such as The Setup Wizard Admin Account System Users Network Settings Web Proxy Static Routes Licensing SSL Certificates Software Updates a System Management This menu is used for system management features such as Status and Utility menu for troubleshooting Mail Queues Quarantine Backup and Restore Reboot and Shutdown Returning the system to factory settings Mail Routing CONFIGURING MAIL DELIVERY This chapter describes how to configure your 3Com Email Firewall to accept and deliver mail and includes the following topics a Mail Routing
109. il encryption Taterelaniiare E Accept TLS D Enable 7 Require TLS for SMTP AUTH I Enable Mail Delivery By Default Offer TLS IF Enable 7 Enforce TLS D Enable Specific Site Policy Search Search No sites defined Offer TLS Selected Delete Select All Mone Add Update Site Don tuse TLS Update Update Cancel Help Incoming Mail Accept TLS Enable this option to accept SSL TLS for incoming mail connections m Require TLS for SMTP AUTH This value is used to require SSL TLS when accepting mail for authenticated relay See the SMTP Authenticated Relay section on page 40 for more detailed information Mail Delivery By Default a Offer TLS Enable this option to offer remote mail servers the option of using SSL TLS when sending mail m Enforce TLS Enabling this option will require the validation of a CA signed certificate when delivering mail to a remote mail server Failure to do so will result in mail delivery failure SMTP Security 43 Specific Site Policy This option supports the specification of exceptions to the default settings for SSL TLS For example you may need to exempt a mail server from using SSL TLS because of lack of TLS support To exempt a system specify the IP Address or FQDN Fully Qualified Domain Name of the remote mail server in the Add Update Site field Select Don t Use TLS from the dropdown box and click the Update button The exemp
110. il to admin Configuration only Backup Restore Status Click the Status button below Backup Type Restore type to check the status of any Backup to remote FTP server Restore from remote FTP server current backup operations Backup to local disk C Restore from local disk Status Backup by email to admin Next gt gt Next gt gt Finished Help Select the type of backup and click the Next gt gt button Local Disk Options When backing up to a Tile on a local disk you can choose to encrypt the file if required Click Next gt gt to continue Direct Backup Options Encryptbackup C lt lt Back ext gt gt 108 CHAPTER 7 SYSTEM MANAGEMENT Confirm the listed options and then click Create backup now to begin Backup to local disk Current options Encrypt backup MO Backup system configuration YES 7 Backup reporting data YES 7 lt lt Back Create backup now The file backup gz will be then be downloaded to your local system FTP Options If you choose the FTP option you must specify the address of the destination FTP server including a valid login and password FTP Backup Options Encrypt backup D G Remote FTP sewer name oriP fi01105 Username on FTP server backup Password on FTP server asss Directory on FTP server for backup fles backup Use PASY mode D iz lt lt Back Next gt gt a Encrypt backup Select this option to encrypt the backu
111. ines an email domain that you accept mail for and the internal mail server to deliver the email An email message not structured according to standards Malformed email can be used to cause denial of service attacks and buffer overruns Multipurpose Internet Mail Extension A standard for identifying the type of data contained in a Tile based on its extension Mail Exchanger A type of DNS record indicating the address of the email server Network Interface Card A circuit board installed in an endstation that allows it to be connected to a network Network Time Protocol A protocol for time synchronization between systems on a network Allows you to define a pattern to search for on an email header envelope or body See Pattern Based Message Filtering A utility used to verify connectivity over a network by sending ICMP ping packets to another host A set of rules for communication between devices on a network The rules dictate format timing sequencing and error control Quarantine RBL RFC SMTP SMTP Pipelining Specific Access Pattern SSL STA Static route Subnet mask Syslog TCP IP 147 A protected area for storing messages that contain viruses or are considered spam Messages can be deleted from the quarantine or released back into an email inbox Realtime Blackhole List A list of servers that are considered sources of known spam Request for Comments A series of notes on Internet tec
112. inst harmful interference in a commercial installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at the user s own expense Changes or modifications not expressly approved by 3Com could void the user s authority to operate this equipment This Class B digital apparatus complies with Canadian ICES 003 Cet appareil num rique de la classe B est conform a la norme NMB 003 du Canada This product is in compliance with the essential requirements and other relevant provisions of Directives 73 23 EEC and 89 336 EEC CE
113. ions contained in the software and documentation are those of the authors and should not be interpreted as representing official policies either expressed or implied of the FreeBSD Project Freelype The FreeType Project LICENSE 2000 Feb 08 Copyright 1996 2000 by David Turner Robert Wilhelm and Werner Lemberg Introduction The FreeType Project is distributed in several archive packages some of them may contain in addition to the FreeType font engine various tools and contributions which rely on or relate to the FreeType Project This license applies to all files found in such packages and which do not fall under their own explicit license The license affects thus the FreeType font engine the test programs documentation and makefiles at the very least This license was inspired by the BSD Artistic and UG Independent JPEG Group licenses which all encourage inclusion and use of free software in commercial and freeware products alike Asa consequence its main points are that We don t promise that this software works However we will be interested in any kind of bug reports as is distribution You can use this software for whatever you want in parts or full form without having to pay us royalty free usage You may not pretend that you wrote this software If you use it or only parts of it in a program you must acknowledge somewhere in your documentation that you have used the FreeType code credits
114. las with modifications for thread safety by Thomas Boutell Portions relating to WBMP copyright 2000 2001 2002 2003 2004 Maurice Szmurlo and Johan Van den Brande Portions relating to GIF animations copyright 2004 Jaakko Hyvatti Jaakko hyvatti iki i Permission has been granted to copy distribute and modify gd in any context without fee including a commercial application provided that this notice is present in user accessible supporting documentation This does not affect your ownership of the derived work itself and the intent is to assure proper credit for the authors of gd not to interfere with your productive use of gd If you have questions ask Derived works includes all programs that utilize the library Credit must be given in user accessible documentation This software is provided AS IS The copyright holders disclaim all warranties either express or implied including but not limited to implied warranties of merchantability and fitness for a particular purpose with respect to this code and accompanying documentation Although their code does not appear in the current release the authors also wish to thank Hutchison Avenue Software Corporation for their prior contributions 136 APPENDIX C THIRD PARTY COPYRIGHT AND LICENSE AGREEMENTS JPEG The authors make NO WARRANTY or representation either express or implied with respect to this software its quality accuracy merchantability or fitness for a particula
115. lear Password and Update Help Use Secure Web Proxy Select the check box to enable use of the secure web proxy Server Address Enter the proxy server address in the format https hostname port such as Attos oroxy example com 8080 m User Name Enter a username to log into the secure web proxy server Password Enter a corresponding password for the user name you entered a Re Enter Password Confirm the password 92 CHAPTER 6 SYSTEM CONFIGURATION Static Routes Static routes are required if the mail servers to which mail must be relayed are located on another network such as behind an internal firewall or accessed via a VPN Select System Config gt Static Routes from the menu to define any static routes Static Routes No state routes defined Mask Gateway Met 0 0 0 0 0 0 0 0 New Route To add a new static route enter the network address netmask and gateway for the route and then click New Route Licensing Installed License Licensing 93 Your 3Com Email Firewall must be licensed before it can process mail The Licensing screen allows you to view your current license information and enter a new license key if you are renewing or upgrading your current license Select System Config gt Licensing from the menu to view and manage your license information Installed License Current License Key 3MF INN100 2000578 705FO6F3 License Type 100 User Internal Not For Re
116. lling the 3Com Email Firewall THIRD PARTY COPYRIGHT AND LICENSE AGREEMENTS APACHE Apache License Version 2 0 January 2004 http Awww apache org licenses TERMS AND CONDITIONS FOR USE REPRODUCTION AND DISTRIBUTION 1 Definitions License shall mean the terms and conditions for use reproduction and distribution as defined by Sections 1 through 9 of this document Licensor shall mean the copyright owner or entity authorized by the copyright owner that is granting the License Legal Entity shall mean the union of the acting entity and all other entities that control are controlled by or are under common control with that entity For the purposes of this definition control means i the power direct or indirect to cause the direction or management of such entity whether by contract or otherwise or ii ownership of fifty percent 50 or more of the outstanding shares or iii beneficial ownership of such entity You or Your shall mean an individual or Legal Entity exercising permissions granted by this License Source form shall mean the preferred form for making modifications including but not limited to software source code documentation source and configuration files Object form shall mean any form resulting from mechanical transformation or translation of a Source form including but not limited to compiled object code generated documentation and conversions to other media types Work sh
117. luded source code is used in accordance with the relevant license agreements and can be used freely for any purpose the GNU license being the most restrictive see below for details Note that any information and cryptographic algorithms used in this software are publicly available on the Internet and at any major bookstore scientific library and patent office worldwide More information can be found e g at http Awww cs hut fi crypto The legal status of this program is some combination of all these permissions and restrictions Use only at your own responsibility You will be responsible for any legal consequences yourself am not making any claims whether possessing or using this is legal or not in your country and am not taking any responsibility on your behalf NO WARRANTY BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE PROGRAM AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU SHOULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WIL
118. marked or otherwise designated in writing by the copyright owner as Not a Contribution 130 APPENDIX C THIRD PARTY COPYRIGHT AND LICENSE AGREEMENTS Contributor shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work 2 Grant of Copyright License Subject to the terms and conditions of this License each Contributor hereby grants to You a perpetual worldwide non exclusive no charge royalty free irrevocable copyright license to reproduce prepare Derivative Works of publicly display publicly perform sublicense and distribute the Work and such Derivative Works in Source or Object form 3 Grant of Patent License Subject to the terms and conditions of this License each Contributor hereby grants to You a perpetual worldwide non exclusive no charge royalty free irrevocable except as stated in this section patent license to make have made use offer to sell sell import and otherwise transfer the Work where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution s alone or by combination of their Contribution s with the Work to which such Contribution s was submitted If You institute patent litigation against any entity including a cross claim or counterclaim in a lawsuit alleging that the Work or a Contribution incorporated within the Work
119. me Up 2 days 22 47 g Status Date amp Time Sun Dec 12 10 45 35 EST 2004 o Mail Delivery i Load Averages 1 5and15min 0 58 0 21 0 12 Go Reporting v System Alarms There are no alarms pending System Config w License Active expires 2014 11 24 i System Mgmt f Licensed Users 1 user registered of 100 available g Version 1 0 BTI 3M40 060704 2 System ID Offec4966e5884c3 o Security Server Updated 2004 12 11 16 29 05 9 AY Anti Spam Server DCC failure o Anti Virus Server Last updated 2004 12 12 10 29 06 7 Network Interface 77KB in 88KB out last 5 minutes Q X Internal Mail Server Unable to contact server Go v Gateway Accessible oe DNS Server Server accessible Time Server Server 10 10 0 1 OK a For each service a status icon will indicate if the service is running properly if there is a warning or the service is unable to connect vv amp 118 CHAPTER 8 MONITORING ACTIVITY AND STATUS System Alarms Licensing BorderWare Mail Security Services Network Settings Ensure that the following services are running and the information displayed is correct Indicates if there are any pending system alarms You will receive an alarm if there is an FTP backup error or if a license expires License Displays your license information including the expiration date If this information is incorrect or if you have installed a license and it does not display as active please contact 3Com support A warning i
120. n most mail clients but can be used to gather information on why mail is processed in a particular way The following headers will be inserted a X STA Metric The score assigned by STA such as 95 which would indicate a soam message X STA NotSpam Indicates the words with the highest non spam value found in the message a X STA Spam Indicates the words with the highest spam value found in the message 54 CHAPTER 4 ANTI SPAM CONFIGURATION STA Training Pattern Based Message Filtering The STA training section displays statistics of all mail analyzed by the 3Com Email Firewall STA Training l Legitimate Spam Mail STA analyzed Sa Soa Rebuild STA Delete Training OK Cancel Help Click the Rebuild STA button to rebuild the STA database The STA run time engine is built and rebuilt at 12 hour intervals using several sources such as the supplied soam data the DCC spam if enabled and local training Since the database is not built for the first time until 12 hours after installation you can use this button to immediately rebuild the STA database Click the Delete Training button to delete all training material if your 3Com Email Firewall has been miscontfigured and starts to treat legitimate mail as soam or vice versa Pattern Based Message Filtering is the primary tool for whitelisting and blacklisting messages An administrator can specify that mail is rejected or whitelisted according to the con
121. nd the inks are vegetable based with a low heavy metal content ENCRYPTION This product contains encryption and may require U S and or local government authorization prior to export or import to another country CONTENTS ABOUT THIS GUIDE Conventions 10 Related Documentation 11 Documentation Comments 11 3COM EMAIL FIREWALL OVERVIEW Deployment and Installation 13 Installation 14 Features 14 Anti Spam 14 Anti Virus Scanning 14 Maltormed Email Checks 14 Attachment Control 15 Email Security 15 Reporting 15 System Administration 16 Main Menu 17 CONFIGURING MAIL DELIVERY Mail Routing 19 Additional Mail Route Rules 21 Delivery Settings 23 Delivery Settings 23 Gateway Features 23 Default Mail Relay 23 BCC All Mail 24 Annotations 24 Advanced Delivery Settings 25 Mail Mappings 26 Uploading Mapping List 27 Virtual Mappings 28 Uploading Virtual Mapping List 29 CONFIGURING MAIL SECURITY Anti Virus 31 Notifications 33 Pattern Files 33 Attachment Control 34 Notifications 35 Editing Attachment Types 36 Mail Access Filtering 37 Specific Access Patterns 38 Pattern Based Message Filtering 39 Message Restrictions 39 SMTP Authenticated Relay 40 SMTP Banner 40 SMTP Security 41 Incoming Mail 42 Mail Delivery 42 Maltormed Email 44 ANTI SPAM CONFIGURATION Anti Spam Features 47 DCC 49 STA 50 Spam Action 52 Maybe Spam Action 52 Diagnostics 53 STA Training 54 Pattern Based Message Filtering 54 Messag
122. nt version and read online documentation You can also contact us individually at David Turner lt david turner freetype org gt Robert Wilhelm lt robert wilhelm freetype org gt Werner Lemberg lt werner lemberg freetype org gt GD Graphics Library Portions copyright 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 by Cold Spring Harbor Laboratory Funded under Grant P41 RRO2188 by the National Institutes of Health Portions copyright 1996 1997 1998 1999 2000 2001 2002 2003 2004 by Boutell Com Inc Portions relating to GD2 format copyright 1999 2000 2001 2002 2003 2004 Philip Warner Portions relating to PNG copyright 1999 2000 2001 2002 2003 2004 Greg Roelofs Portions relating to gdttf c copyright 1999 2000 2001 2002 2003 2004 John Ellson ellson graphviz org Portions relating to gdft c copyright 2001 2002 2003 2004 John Ellson ellson graphviz org Portions relating to JPEG and to color quantization copyright 2000 2001 2002 2003 2004 Doug Becker and copyright C 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 Thomas G Lane This software is based in part on the work of the Independent JPEG Group See the file README JPEG TXT for more information Portions relating to GIF compression copyright 1989 by Jef Poskanzer and David Rowley with modifications for thread safety by Thomas Boutell Portions relating to GIF decompression copyright 1990 1991 1993 by David Kob
123. nti Virus software and Third Party Open Source products To renew or upgrade your license you will need an annual subscription renewal key or an additional user key You can obtain a key by contacting your 3Com reseller or you can visit www 3com com When you have obtained a renewal or upgrade key return to this screen and enter the key in the New License Key field and click License A valid SSL certificate is required to support the encryption services available on the 3Com Email Firewall The SSL encrypted channel from the server to the web browser such as when using a URL that begins with Attos requires a valid digital certificate You can use self signed certificates generated by the 3Com Email Firewall or import certificates purchased from commercial Certificate Authorities CA such as Verisign The disadvantage of self signed certificates is that web browsers will display warnings that the company in this case the 3Com Email Firewall issuing the certificate is untrusted When you purchase a commercial certificate the browser will recognize the company that signed the certificate and will not generate the warning messages A web server digital certificate can only contain one domain name such as server example com and a limitation in the SSL protocol only allows one certificate per IP address Some web browsers will display a warning message when trying to connect to any domain on the server that has a different domain n
124. odification is permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 The name PHP must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact group php net 4 Products derived from this software may not be called PHP nor may PHP appear in their name without prior written permission from group php net You may indicate that your software works in conjunction with PHP by saying Foo for PHP instead of calling it PHP Foo or phpfoo 5 The PHP Group may publish revised and or new versions of the license from time to time Each version will be given a distinguishing version number Once covered code has been published under a particular version of the license you may always continue to use it under the terms of that version You may also choose to use such covered code under the terms of any subsequent version of the license published by the PHP Group No one other than the PHP Group has the right to modify the terms applicable to covered code created under this License 6 Redistributions of any form whatsoever must
125. om Mail Firewall will Quarantine mail 7 Reject Discard Quarantine email notification to All recipients D E The sender D 2 The administrator I7 B Notification This is an automated message from the PROGRAM gt at host HOSTNAME mail from 5_YOU sSENDER to R_YOU RECIPIENT was stopped and DISPN because it contains one or more malformed mail components Summary of email contents Update Cancel m Enable malformed scanning Select this option to enable scanning tor malformed emails m Enable NULL Character Detect Select this option to enable null character detection Any messages with null characters in them a byte value of 0 will be considered a malformed message Malformed Email 45 a Actions Select an action to be performed Options include a Just log Log the event and take no further action a Reject mail The message is rejected with notification to the sending system Quarantine mail The message is placed into quarantine a Discard mail The message is discarded without notification to the sending system as Notifications Notifications for inbound and outbound messages can be enabled for all recipients the sender and the administrator and the notification message can be customized See Appendix A Customizing System Messages on page 125 fora full list of variables that can be used 46 CHAPTER 3 CONFIGURING MAIL SECURITY Anti Spam Feat
126. onfiguration Hostname mail hostname of mail example com Domain fexamplecom SS e g example com IP Address ha21601 SSS NetMask 255 255 2550 Gateway haoa oo Name Server haor ooo Apply Finish Cancel lt lt Back Next Mail Configuration Modify your mail configuration and proxy settings if required and click Apply if you have made any changes If you do not want to modify your mail configuration settings click Finish CANI 3Com Email Firewall 3com Setup Wizard Change Password Time Zone Network Configuration gt Mail Configuration Internal Mail Server Address fintemalmail example com Internal SMTP mail server Administrator Email Address admin example com Test warning and status emails sent here Set the default action for Anti Spam features Network Configuration i Mail Configuration Modify Subject Headings i Anti Spam Action Used for Anti Virus Anti Spam and Licensing Format Address inttps proxy example com 8080 https hostname port or https ipaddress port User Name proxyusemame Password rr Re Enter Password Saaai Apply Finish Cancel ss Back V Use Secure Web Proxy 86 CHAPTER 6 SYSTEM CONFIGURATION Admin Account System Users AN Select System Contig gt Admin Account from the menu to modify the administrator account settings You can modify the address to which mail to the administrator is forwarded to and
127. orms is permitted provided that due credit is given to the author and the OpenBSD project by leaving this copyright notice intact 140 APPENDIX C THIRD PARTY COPYRIGHT AND LICENSE AGREEMENTS 4 The Rijndael implementation by Vincent Rijmen Antoon Bosselaers and Paulo Barreto is in the public domain and distributed with the following license version 3 0 December 2000 Optimised ANSI C code for the Rijndael cipher now AES author Vincent Rijmen lt vincent rijmen esat kuleuven ac be gt author Antoon Bosselaers lt antoon bosselaers esat kuleuven ac be gt author Paulo Barreto lt paulo barreto terra com br gt This code is hereby placed in the public domain THIS SOFTWARE IS PROVIDED BY THE AUTHORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE 5 One component of the ssh source code is under a 3 clause BSD licen
128. ose sender FQDNs which include any string after the first comma The limit parameter in the report configuration sets the maximum number listed The top recipients during the report timespan sorted by number of messages The sum of the message sizes is also listed If the title contains one or more comma characters the list will be restricted to those recipients which include any string after the first comma The limit parameter in the report configuration sets the maximum number listed Graph showing the average round trip in seconds to the preferred DCC server over the reporting period Graph showing the round trip in seconds to the RBL servers over the reporting period The value Is averaged over all enabled RBL servers Comment text Extra comment text System Logs 11 System Logs The system logs provide detailed information on all mail transport and system related events Select Reporting gt System Logs from the menu to view the log Tiles 3Com Email Firewall System Logs Old Logs 0 1 2 3 Old Logs 0 11 2131 Old Logs 0 11 2131 4 5 6 7 8 9 10 4 5 6 7 8 9 10 4 5 6 7 8 9 10 Messages from the Mail Messages from User Access Log of accesses made on Transport logins the web server This log can be very large Web Server Errors Web Server Encryption Web Server Encrypted Old Logs 0 11 2 3 Engine Accesses 41516 Old Logs 0 11 2131 Old Logs 0 1 2 3 4 EE Tonite 4 5 6 7 8 9 10 Accesses to the web s
129. p file Remote FIP server name or IP Enter the hostname or IP address of the destination FTP server m Username on FIP server Enter the username to log in to this FTP server Password on FTP server Enter a corresponding password for the username entered m Directory on FTP server for backup files Enter the destination directory on the FTP server to store your backup files Backup and Restore 109 m Use PASV mode PASV Passive mode may be required for some types of FTP servers Choose this option if you are having problems with connecting to your FTP server Click Next gt gt to continue Backup to remote FTP server Current options Encrptbackup WoO 7 Backup system configuration YES 7 Backup reporting data YES 7 FTP server 101 105 Directory on FTF serwer backup 7 Username on FTP serwer backup 7 Use PASY mode na 7 lt lt Back Create backup now Create scheduled backup Confirm the listed options and then click Create backup now to begin Alternately you can click Create scheduled backup to go to the Daily Tasks menu to create a recurring FTP backup Administrator Backup Email Options If you select the Email backup type the configuration will be saved and sent via email attachment to the 3Com Email Firewall administrator It is recommended that you save the email attachment to your local disk System mail and data cannot be backed up using this method Only
130. r or remove the message from quarantine by clicking the Remove button Quarantined messages can also be forwarded to their original destination by clicking the Forward to Original Recipient button Use the search field to look for specific messages within the quarantine For example you could search for the name of a specific virus so that any quarantined messages infected with that virus will be displayed Click the Set Expiry Settings button to configure the quarantine expiry settings An expiry term can be set so that messages will be deleted after a certain period of time You can use this feature to flush all messages from the quarantine area on a regular basis Quarantined Mail Removal Expire automatically I Enable Days 7 Qo Maximum Quarantine Disk Usage 25 o percentage Currently using 0 of disk space for 0 messages Maximum Overall Disk Usage fao E percentage Current disk usage is 1 Update and Expire Now Update Cancel 106 CHAPTER 7 SYSTEM MANAGEMENT Daily Tasks a Expire automatically Enable this feature to expire messages automatically m Days Enter how many days to keep a quarantined message before deleting it m Maximum Quarantine Disk Usage percentage Enter a percentage of disk usage that can be used by the quarantine area If the quarantine area grows beyond this size messages will be expired m Maximum Overall Disk Usage percentage Enter a percentage for the maxim
131. r purpose This software is provided AS IS and you its user assume the entire risk as to its quality and accuracy This software is copyright C 1991 1998 Thomas G Lane All Rights Reserved except as specified below Permission is hereby granted to use copy modify and distribute this software or portions thereof for any purpose without fee subject to these conditions 1 If any part of the source code for this software is distributed then this README file must be included with this copyright and no warranty notice unaltered and any additions deletions or changes to the original files must be clearly indicated in accompanying documentation 2 If only executable code is distributed then the accompanying documentation must state that this software is based in part on the work of the Independent JPEG Group 3 Permission for use of this software is granted only if the user accepts full responsibility for any undesirable consequences the authors accept NO LIABILITY for damages of any kind These conditions apply to any software derived from or based on the UG code not just to the unmodified library If you use our work you ought to acknowledge us Permission is NOT granted for the use of any JG author s name or company name in advertising or publicity relating to this software or products derived from it This software may be referred to only as the Independent JPEG Group s software We specifically permit and encou
132. rage the use of this software as the basis of commercial products provided that all warranty or liability claims are assumed by the product vendor Libspf The libspf Software License Version 1 0 Copyright c 2004 James Couzens amp Sean Comeau All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHORS MAKING USE OF THIS LICENSE OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILIT
133. rd copy documentation or on the removable media in a directory file named LICENSE TXT or LICENSE TXT If you are unable to locate a copy please contact 3Com and a copy will be provided to you UNITED STATES GOVERNMENT LEGEND f you are a United States government agency then this documentation and the software described herein are provided to you subject to the following All technical data and computer software are commercial in nature and developed solely at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as a commercial item as defined in FAR 2 101 a and as such is provided with only such rights as are provided in 3Com s standard commercial license for the Software Technical data is provided with limited rights only as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this User Guide Unless otherwise indicated 3Com registered trademarks are registered in the United States and may or may not be registered in other countries 3Com the 3Com logo are registered trademarks of 3Com Corporation BorderWare the Powered by BorderWare Logo and BorderWare Security Network are trademarks or registered trademarks of BorderWare Technologies Inc in the Unite
134. resses Enter any additional internal mappings that will be included in the outgoing mail conversion Click Update when finished A list of mappings can also be uploaded in one text Tile The file must contain comma or tab separated entries in the form sender or recipient map_in map_out value on or off For example sender user example com user sales example com on The file mai mapping csv should be created in csv file format using Excel Notepad or other Windows text editor It is recommended that you download the mail mapping file first by clicking Download File editing it as required and uploading it using the Upload File button 28 CHAPTER 2 CONFIGURING MAIL DELIVERY Virtual Mappings Virtual Mappings are used to redirect mail addressed for one domain to a different domain This process is performed without modifying the To and From headers in the mail as virtual mappings modify the envelope recipient address For example the 3Com Email Firewall can be configured to accept mail tor example com and deliver it to examp e2 com This allows the 3Com Email Firewall to distribute mail to multiple internal servers based on the Recipient address of the incoming mail Virtual Mappings are useful for acting as a wildcard mail mapping such as mail for example com is sent to exchange example com Select Mail Delivery gt Virtual Mappings to configure your mappings Virtual Mail Mappings ho Lita Manning de
135. ring on page 37 for more detailed information on configuring Mail Access Filtering settings This feature adds a header to scanned email messages displaying the results of the 3Com Email Firewall s Anti Spam processing The header output is similar to the following X AntiSpam sta false 0 020 dcc off rbl off wlbl none Generating Reports REPORTING This chapter describes the reporting features of the 3Com Email Firewall and includes the following topics m Generating Reports m System Logs m Email History m System History m Configure History Settings The 3Com Email Firewall s reporting features provide a comprehensive range of informative reports including the following m Traffic Summary m System Health ms Top Mailbox Disk Users m Spam Statistics a Virus Reports m Email History a System Events History The reports are derived from information written to the various systems logs and then stored in the database Reports are stored on the system for online viewing and can also be emailed automatically to specitied users Reports can be generated on demand and at scheduled times Reports can also be filtered to provide reporting on only mail domains user groups or specific hosts 72 CHAPTER 5 REPORTING Report Configuration Administrators can specify which data is to be included in each report how it is to be displayed the order of data and the number of entries to report such as Top 10 Disk Spac
136. rn based message filters List of the top forbidden attachments caught by attachment control List of the most recent forbidden attachments caught by attachment control Shows disk usage by partition Graph of average disk load MB s over the reporting period Graph of average CPU load number of waiting processes over the reporting period Graph for each active network interface load Bytes hour for the reporting period Swap file usage Paging usage Lists the top users based on the size of their Spam quarantine in MB Graph showing number of queued messages as sampled every 5 minutes over the reporting period Graph showing maximum number of messages as sampled every 5 minutes in the deterred queue over the reporting period 76 CHAPTER 5 REPORTING Field Top senders Top sending hosts Top recipients DCC Servers RBL Servers End comment Extra comment Description The top sender Judged by Envelope trom not Header from during the report timespan sorted by number of messages If the title contains one or more comma characters the list will be restricted to those senders which include any string after the first comma The limit parameter in the report configuration sets the maximum number listed The top sending hostnames in FQDN format during the report timespan sorted by number of messages If the title contains one or more comma characters the list will be restricted to th
137. route defined during installation will already be configured Mail Filtering Settings Specific Access S y Patterns 9 Pattern Based Message Filtering M Enable Maximum recipients per message hooo oO Maximum message size li 0240000 B SMTP Authenticated Relay Permit SMTP authenticated relay I Enable Advanced Apply Help 2 Click Add Pattern to add a new pattern for the additional mail route New Access Pattern Pattern 10 1 25 15 ClientAccess W HELO Access D Envelope From ACCESS a Envelope To ACCESS lf pattern matches Trust OK Cancel 3 Enter the IP address of the mail server you are routing to in the Pattern field oo 689690 9 22 CHAPTER 2 CONFIGURING MAIL DELIVERY 4 Select Clhent Access 5 Select Trust for the action if the pattern matches and click OK Adding a Pattern Based Message Filter 1 Select Mail Delivery gt Mail Access Filtering from the menu Select Pattern Based Message Filtering Mail Filtering Settings US 251 Pi Specific Access 2 Patterns Add Pattern Pattern Based Message Filtering Enable Maximum recipients per message fi 000 Maximum message size fi 0240000 SMTP Authenticated Relay Permit SMTP authenticated relay I Enable z Advanced Apply Help 2 Click Add to add a new filter rule 00 Al Mal Header Reg Exp from e 0 S 0 9 com Medium Reject 2 To contains rusinglegmail cam Medium Reject ili To contains ti
138. s a 10 10 0 1 3 64 0 00046 0 010876 0 00092 100 CHAPTER 7 SYSTEM MANAGEMENT Utility Functions The Utility Functions section allows you to control mail services and run network and diagnostic utilities Utility Functions Mail System Control stop Mail Receiving Disable Recenving Mail Sending Disable Sending Flush Wail Queue Flush SMTP Probe Run Test Fing Utility Run Test Traceroute Utility Run Test Hostname Lookups A Lookup eo do 099 9 as Mail System Control Use this button to Stop and Start all mail queues a Mail Receiving Use this button to disable and enable mail receiving only a Mail Sending Use this button to disable and enable mail sending only m Flush Mail Queue The Flush Mail Queue button is used reprocess any queued mail in the system Only click this button once If the mail queue does not process you may be experiencing other types of delivery problems and reprocessing the mail queue will only add additional load to the system Status and Utility 101 SMTP Probe The SMTP Simple Mail Transport Protocol Probe is used to test email connectivity with a remote SMTP server This allows you to verity that a specitic SMTP server is responding to connection requests and returning a valid response In the SMTP Probe screen you must enter the destination SMTP server the envelope header fields for the sender and recipient MAIL FROM and RCPT TO the HELO identif
139. s An administrator can specify that mail is rejected or whitelisted according to the contents of the message envelope message header such as the sender recipient subject and body text See Pattern Based Message Filtering on page 54 for more details on configuring these types of filters Mail Filtering Settings 10 1 2511 E Specific Access Patterns 5 Add Pattern Pattern Based Message Filtering M Enable Q Maximum recipients per message fiooo 6 WMaximum message size fiozao0o0 Q Permit SMTP authenticated relay E Enable 7 Advanced Apply Help The following parameters allow you to reject messages based on the number of recipients the message size or free queue space available Maximum recipients per message ooo Maximum message size fi 0240000 Minimum Free Queue Space 20720000 m Maximum recipients per message Set the maximum number of recipients accepted per message This helps prevent delivery of soam messages that typically contain a large number of recipients m Maximum message size Set the maximum message size in bytes that will be accepted by the 3Com Email Firewall Ensure that the specified size can accommodate email attachments a Minimum Free Queue Space Advanced Set the minimum free queue space available in bytes before the system will stop receiving mail This option only appears if you click the Advanced button 40 CHAPTER 3 CONFIGURING MAIL SECURITY
140. s you to take action on messages that STA identifies as maybe spam which indicates it could be spam but may also be legitimate mail A message Is considered to be maybe spam if its metric is between the upper and lower thresholds as configured by your STA mode Normal Aggressive Lenient m Enable Maybe Spam Select the check box to enable actions for maybe spam m Action The action can be one of the following Just log An entry is made in the log and no other action is taken Modity Subject Header The text specitied in Action Data will be inserted into the message subject line Add header An X mail header will be added as specified in the Action Data STA 53 a Redirect to The message will be delivered to the mail address specified in Action Data a Reject mail The mail will not be accepted and the connecting mail server is forced to return it BCC The message will be copied to the mail address specified in Action Data m Action data Depending on the specified action a Modify Subject Header The specified text will be inserted into the subject line such as SPAM Add header A message header will be added with the specified text such as SPAM m Redirect to Send the message to a mailbox such as soam example com Diagnostics m Enable X STA Headers This setting inserts X STA headers into all messages These are not visible to the user although they can be filtered i
141. sale Expiry 2006 01 16 Status active Show Firewall License Firewall Show Anti Virus License Anti Virus Show Source Licenses Source License Renewal or Upgrade To renew or upgrade your license you wiii need an annual subscription renewal key or an additional user key You can obtain a key by contacting your 3Com reseller or you can visit waww 3com com When you have obtained a renewal or upgrade key return to this screen and enter the key in the area below Response Valid License New License Key 3MF INN1 00 2000578 705f06f3 _tivense The nstalled License section displays your current license information If your license expires the system will not accept incoming mail connections You can switch to Degraded mode by selecting the corresponding check box which will allow you to accept mail but the Anti Spam and Anti Virus services will not scan these messages Installed License Current License Key 3MF INC100 2000265 64385AFF License Type 100 User Commercial License Expiry 2006 01 18 Status expired Normally the system does not accept incoming mail when itis unlicensed However incoming mail can be enabled in 2 degraded mode which does not perform anttvirus or anti spam scanning Degraded Mode Vi 94 CHAPTER 6 SYSTEM CONFIGURATION License Agreements License Renewal or Upgrade SSL Certificates Click the specified button to view the license agreements for the 3Com Email Firewall the A
142. se held by the University of California since we pulled these parts from original Berkeley code Copyright c 1983 1990 1992 1993 1995 The Regents of the University of California All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT IN
143. t lt Mail Content gt gt for text matching on the decoded content a lt lt Mail Content gt gt This parameter allows for a match on the visible decoded message body STA Token STA tokens can also be selected for pattern based message filters This allows you to match patterns for common spam words that could be hidden or disguised with fake or invisible HTML text comments that would not be caught by a normal pattern filter For example STA extracts the token viagra from the text vi lt sopam gt ag lt spam gt ra and V i a g r a 58 CHAPTER 4 ANTI SPAM CONFIGURATION Match Option Pattern Priority Action The match option looks for the specified text in each line You can specify one of the following Contains Looks for the text to be contained in a line or field This allows for spaces or other characters that may make an exact match fail a Ends with Looks for the text at the end of the line or field no characters soaces and so on between the text and the non printed end of line character a Matches The entire line or field must match the text Starts with Looks for the text at the start of the line or field no characters between the text and the start of line Reg Exp Use a Regular Expression to define a pattern that matches various text strings Enter the pattern you wish to search for Select a priority for the filter Wigh Medium Low The entire message is
144. t Reporting gt Email History from the menu to view the message history Message List Records 1 to 30 of 150 Search queue ID for Match Case Search Help Queue D Time Recsived Sublet Por dour FIGAES3B8E 2005 01 13 Report rep6 html from w81 Full sent out 13 21 53 002856 Report F2DC28A063 2005 01 13 Undelivered Mail Returned to 0B1F6DA64E deferred 13 16 25 15904 Sender 4BB7D68DB5 2005 01 13 Undelivered Mail Returned to 3D28FDE93E deferred 13 15 21 366724 Sender B142108230 2005 01 13 Undelivered Mail Returned to 7569103ECB deferred 13 15 21 009054 Sender F4F10E277E 2005 01 13 Undelivered Mail Returned to 22153738F deferred 13 15 19 197071 Sender C23C49EC31 2005 01 13 Undelivered Mail Returned to OD6B7B156C deferred 13 15 19 185125 Sender 91992289EF 2005 01 13 Undelivered Mail Returned to 1ATCIAGAFO deferred 13 15 16 150225 Sender AQ26173E60 2005 01 13 Undelivered Mail Returned to D6D274CF40 deferred 13 15 15 579288 Sender You can quickly search the email history by entering a specific field to search on and a pattern Click on an individual message Queue ID to display the details for the message and how it was processed Message Details Message number 57 queue id D77125F561 size 918 bytes Message ID 20041221212921 D77125F561 mazurka Prior Message Subject Business Opportunity From envelope user example com Number Recipients local 1 remote 0 Source outside mazurka message was not trusted
145. t acknowledge us However no fee need be paid to us 3 Advertising Neither the FreeType authors and contributors nor you shall use the name of the other for commercial advertising or promotional purposes without specific prior written permission We suggest but do not require that you use one or more of the following phrases to refer to this software in your documentation or advertising materials FreeType Project FreeType Engine FreeType library or FreeType Distribution As you have not signed this license you are not required to accept it However as the FreeType Project is copyrighted material only this license or another one contracted with the authors grants you the right to use distribute and modify it Therefore by using distributing or modifying the FreeType Project you indicate that you understand and accept all the terms of this license 135 4 Contacts There are two mailing lists related to FreeType freetype freetype org Discusses general use and applications of FreeType as well as future and wanted additions to the library and distribution If you are looking for support start in this list if you haven t found anything to help you in the documentation devel freetype org Discusses bugs as well as engine internals design issues specific licenses porting etc http Awww treetype org Holds the current FreeType web page which will allow you to download our latest developme
146. t the KeepOpen check box to ensure that each mail message to the domain will not be removed from the active queue until delivery is attempted even if the preceding mail failed or was deferred This setting ensures that local mail servers receive high priority The KeeoOpen option should only be used for domains that are usually very reliable If the domain is unavailable it may cause system performance problems due to excessive error conditions and deterred mail A list of domains can also be uploaded in one text file The file must contain comma or tab separated entries in the form domain route port ignore_mx subdomains_too keep_open For example example com 10 10 1 1 25 on off off The file domains csv should be created in csv Tile format using Excel Notepad or other Windows text editor It is recommended that you download the domain file first by clicking Download File editing it as required and uploading it using the Upload File button Mail Routing 21 Additional Mail Route When adding an additional mail route for a local email server you must Rules add a Specific Access Pattern and a Pattern Based Message Filter to trust mail from that server for Anti Spam training purposes These procedures are not required for the default mail route you configured at installation time with the Setup Wizard Adding a Specific Access Pattern 1 Select Mail Delivery gt Mail Access Filtering from the menu Your primary mail
147. ted mail server will be listed under the Specific Site Policy TLS options include the following m Don t Use TLS TLS Mail Delivery is never used with the specified system m May Use TLS Use TLS if the specified system supports it m Enforce TLS Deliver to the specified system only if a TLS connection with a valid CA signed certificate can be established a Loose TLS Similar to Enforce TLS but will accept a mismatch between the specified server name and the Common Name in the certificate See SSL Certificates on page 94 for more information on installing certificates 44 CHAPTER 3 CONFIGURING MAIL SECURITY Malformed Email Many viruses try to elude virus scanners by concealing themselves in malformed messages The scanning engines cannot detect the attachment and pass the complete message through to an internal server Some mail clients try to rebuild malformed messages and may rebuild or activate a virus infected attachment Other types of malformed messages are designed to attack mail servers directly These types of messages are often used in denial of service DoS attacks The 3Com Email Firewall analyzes each message with very extensive integrity checks Malformed messages are quarantined If they cannot be processed Select Mail Delivery gt Malformed Email from the menu to configure malformed email checks Enable malformed scanning M Enable NULL Character Detect Vv a Actions 3C
148. tent Scan check box if you want to disable content scanning for attachments with the specified extension The attachment will still be checked for viruses if the Disable Content Scan option is selected Click the Add Extension button to add a Tile extension or MIME type to the list and then click Update The following example adds a MIME type of smage ong to the attachment types list Edit Attachment Type Extension image png Q Disable content scan D i Update Cancel Mail Access Filtering Mail Access Filtering 37 The 3Com Email Firewall provides a number of filtering options to ensure that specific mail messages are not accepted from the incoming SMTP connection In the Mail Access Mail Filtering settings you can specify patterns to match for on incoming connections and configure an appropriate action The maximum number of recipients and the maximum size of a message can also be configured Select Mail Delivery gt Mail Access Filtering to configure access patterns and mail filters Mail Filtering Settings ee alle Specific Access y r Patterns Add Pattern Pattern Based Message Filtering M Enable Maximum recipients per message fi O00 Maximum message size fi 0240000 SMTP Authenticated Relay Permit SMTP authenticated relay E Enable 7 Advanced Apply Help 0o00 38 CHAPTER 3 CONFIGURING MAIL SECURITY Specific Access Patterns Click the Add Pattern button to add a new specific
149. tents of the message envelope message header such as the sender recipient subject and body text Select Pattern Based Message Filtering from the Mail Delivery gt Anti Spam menu to configure your PBMF rules 3 Mal Reader Reg Exp fron Ge 0 S 0 9 com Medium Reject 2 Ta contains rusinglecmail cam Medium Reject T Ta Contains TriendMpublic com Medium Reject 4 Client IP Matches 10 1 0 177 Medium Trust Add Upload File Download File Freferences LIK Help Pattern Based Message Filtering 55 Some default PBMF rules are provided and more can be added by clicking the Add button Message Part a es ee From Contains fex TET j i Update Finished Help Do Not Train Message Part Select a Message Partfrom the dropdown list The following diagram and sections explain each part of the mail message HELO mail example com MAIL FROM yourbestfriend example2 com RCPT TO user example com DATA Message Envelope not visible Received from mail example com mail example com 10 10 1 88 by server example com 8 11 1 8 11 1 with ESMTP id h4DKCF 51 7028 for lt user server example com gt Tue 13 May 2003 16 12 15 0400 EDT envelope from noone nowhere com Received by mail example com Mail Firewall id 4D627D2DF 1 Tue 13 May 2003 16 12 15 0400 EDT Delivered To user example com Received from fake server example com 10 10 0 2 by mail example com Mail Firewall with SMTP id 9056
150. tion for items not specifically listed in the Attachment Types list The default Is Pass which allows all attachments Any Tile types defined in the Attachment Types list will override the default setting Enable Attachment Control Select the check box to enable Attachment Control for inbound and or outbound mail Attachment Types Click Edit to configure the attachment types Action Select an action to be performed Options include a Just log Log the event and take no further action a Reject mail The message is rejected with notification to the sending system a Quarantine mail The message is placed into quarantine a Discard mail The message is discarded without notification to the sending system Attachment Control 35 Notifications Notifications for inbound and outbound messages can be enabled for all recipients the sender and the administrator Customize the content for the nbound and Outbound notification in the corresponding text boxes Reject Discard Quarantine email notification to All recipients w a The sender W ra The administrator W rj Inbound Notification This is an automated message from the PROGRAM at host SHOSTMANEs A mail from 5 YOUS S5ENDERS to R_YOU S RECIPIENTS Was Stopped and DISPN because it contains one or more forbidden attachments Summary of email contents Dutbound Notification This is an automated message from the PROGRAM at host SHOSTNAM
151. tion of the copyright holder Cyrus SASL CMU libsasl Tim Martin Rob Earhart Copyright c 2000 Carnegie Mellon University All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 The name Carnegie Mellon University must not be used to endorse or promote products derived from this software without prior written permission For permission or any other legal details please contact Office of Technology Transfer Carnegie Mellon University 5000 Forbes Avenue Pittsburgh PA 15213 3890 412 268 4387 fax 412 268 7395 tech transfer andrew cmu edu 4 Redistributions of any form whatsoever must retain the following acknowledgment This product includes software developed by Computing Services at Carnegie Mellon University http www cmu edu computing CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES
152. tration link on the left menu to open up the admin menu CANI 3C0M Spam Quarantine g Trusted Senders D Change Password Logout 3Com Email Firewall user Mailbox Spam Quarantine 0 new 0 recent amp Spam Quarantine i 0 Messages Selectall Select none Delete Undelete Not Spam Hide Deleted Empty Trash Date From Subject Size There are no messages in this mailbox Delete Undelete NotSpam Hide Deleted Empty Trash Selectall Selectnone 88 CHAPTER 6 SYSTEM CONFIGURATION Upload and Download User Lists Enabling User Access on a Network Interface You can upload lists of users using comma or tab separated text Tiles You can specify the login ID password email address and disk quota in megabytes Use the following format login password email address quota For example user ajg 7rY user example com 0 The file user cs should be created in csv file format using Excel Notepad or other Windows text editor It is recommended that you download the user list Tile first by clicking File Download editing it as required and then uploading it using the File Upload button You must enable User Access on the network interface to allow users to log in via that interface Select System Contig gt Network Settings and go to the Network Interface section Network Interface Incd IP address 10 1 25 14 Netmask 255 255 0 0 Media User Accessi
153. ttern file updates can be configured in the Virus Pattern Files section Select the time interval to check for pattern Tile updates Options include 15 30 and 60 minutes Virus Pattern Files amp Update interval mins Last Update Check 2006 01 02 13 41 03 Last Check Status Downloaded new patterns Last Pattern Update 2005 01 20 11 41 01 Get Pattern Update Apply Help Click the Get Pattern Update button to retrieve a new pattern update file immediately 34 CHAPTER 3 CONFIGURING MAIL SECURITY Attachment Control Attachment filtering can be used to control a wide range of problems originating from the use of attachments including the following Viruses Attachments that can potentially contain viruses can be blocked Offensive Content The 3Com Email Firewall can block the transfer of images which reduces the possibility that an offensive picture will be transmitted to or trom your company mail system Contidentiality Prevents unauthorized documents from being transmitted through the 3Com Email Firewall Productivity Prevents your systems from being abused by employees Select Mail Delivery gt Attachment Control from the menu to configure your attachment types and actions Current Settings Default action Pass Enable Attachment Control Attachment Types Edit Edit n Action Quarantine mail Quarantine mail Default action Set the default attachment control ac
154. tware Mail not delivered due to software problems Bounce Send postmaster copies of undeliverable mail If mail is undeliverable a single bounce message is sent to the postmaster with a copy of the message that was not delivered For privacy reasons the postmaster copy is truncated after the original message headers If a single bounce message is undeliverable the postmaster receives a 26 CHAPTER 2 CONFIGURING MAIL DELIVERY Mail Mappings double bounce message with a copy of the entire single bounce message a Delay Inform the postmaster of delayed mail In this case the postmaster receives message headers only a Policy Inform the postmaster of client requests that were rejected because of unsolicited mail policy restrictions The postmaster will receive a transcript of the entire SMTP session a Protocol Inform the postmaster of protocol errors client or server or attempts by a client to execute unimplemented commands The postmaster will receive a transcript of the entire SMTP session m Double Bounce Send double bounces to the postmaster Mail Mappings are used to map an external address to a different internal address and vice versa This is useful for hiding internal mail server addresses from external users For mail originating externally the mail mapping translates the address in the To and CC mail header field into a corresponding internal address to be delivered to a specific internal m
155. um overall disk usage that can be used by the quarantine Click Update to enable the settings for new quarantined messages Click Update and Expire Now to apply the settings to all messages in the quarantine area The Daily Tasks feature allows you to set up daily recurring FTP and Email backups The FTP backup and Email backup features must be configured separately in the System Mgmt gt Backup amp Restore screen for the daily tasks to work Select System Mgmt gt Daily Tasks to configure recurring backups Current Settings FTP Backup Email Backup wt Q statTime joom Apply Help m FTP Backup Enables recurring FTP backups m Email Backup Enables recurring Email backups a Start Time Set the start time using the 24 hour format hh mm Backup and Restore Starting a Backup Backup and Restore 107 The 3Com Email Firewall can backup all data including the database quarantined items mail queues mailboxes uploaded user lists SSL certificates reports and system configuration data The restore feature can restore any of these items individually The 3Com Email Firewall should be backed up before performing any type of software upgrade or update You can perform backups on demand or you can schedule a tape or FTP backup once per day via the Daily Tasks option from the System Mgmt gt Daily Tasks screen The Email Firewall supports three backup methods m FIP server Local Disk m Ema
156. ures ANTI SPAM CONFIGURATION This chapter describes how to configure the Anti Spam features of your 3Com Email Firewall and includes the following topics Anti Spam Features DCC STA Pattern Based Message Filtering Objectionable Content Filtering Trusted Senders List Spam Quarantine Quarantine and Trusted Senders List Users Advanced Anti Spam Options The 3Com Email Firewall contains a variety of powerful features to prevent soam messages including the following Server based tools such as DCC Distributed Checksum Clearinghouse STA Statistical Token Analysis Objectionable Content Filtering and Pattern Based Message Filtering that prevent Spam messages from being delivered to an end user s mailbox User based tools for managing quarantined spam and building trusted senders lists for whitelisting 48 CHAPTER 4 ANTI SPAM CONFIGURATION Select Mail Delivery gt Anti Spam from the menu to configure the 3Com Email Firewall s Anti Spam features Spam Filters Global Anti Spam Action SetAction to Modify Subjectheader 7 Distributed Checksum Clearinghouse DCC W Enable o Statistical Token Analysis STA M Enable 9 Pattern Based Message Filtering M Enable oO Objectionable Content Filtering M Enable o Trusted Senders List M Enable 8 Spam Quarantine M Enable Q Users 7 Advanced _Apply Help The Default Anti Spam Action defines the type of action to be used for the preselected Anti Spam features Possibl
157. via SSL Secure Sockets Layer and TLS Transport Layer Security support A flexible policy can be implemented to allow other servers and clients to establish encrypted sessions with the 3Com Email Firewall to send and receive mail The following types of traffic can be encrypted m Server to Server Used to create an email VPN Virtual Private Network and protect company email over the Internet a Client to Server Many email clients support TLS for sending and receiving mail This allows email messages to be sent confidentiality from desktop to desktop but without the difficulties of implementing other encryption schemes Encryption can be enforced between particular systems such as setting up an email VPN between two 3Com Email Firewalls at remote sites Encryption can also be set as optional so that users who are concerned about the confidentiality of their messages on the internal network can specify encryption in their mail client when it communicates with the 3Com Email Firewall The 3Com Email Firewall supports the use of certificates to initiate the negotiation of encryption keys The 3Com Email Firewall can generate its own site certificates and it can also import Certificate Authority CA signed certificates See SSL Certificates on page 94 for more information on installing certificates 42 CHAPTER 3 CONFIGURING MAIL SECURITY Select Mail Delivery gt SMTP Security from the menu to enable and configure ema
158. wall address such as mail example com This will redirect the message to the soam quarantine where it will be placed in a folder for that particular user Users can log in to the 3Com Email Firewall and manage their quarantined soam Messages can be viewed returned to the inbox or deleted Select Soam Quarantine from the Mail Delivery gt Anti Soam menu Spam Quarantine Configuration Enable Spam Quarantine M Qe Expiry Period 1 Month 2 Folder Size Limit 50 MB Q User Notification Enable Summary Email I Notification Domain example com Notification Days Thursday Allow releasing of email D oo 9 9 9 Allow reading messages D Mail subject Spam summary for RECIPIENT Spam Quarantine m Enable Spam Quarantine Select the check box to enable the spam Configuration quarantine a Expiry Period Select an expiry period for mail in each quarantine folder Any mail quarantined for longer than the specified value will be deleted a Folder Size Limit Set a value in megabytes to limit the amount of stored quarantined mail in each quarantine folder User Notification Set Redirect Action for Anti Spam Features Spam Quarantine 65 m Enable Summary Email Select the check box to enable a summary email notification that alerts users to mail that has been placed in their quarantine folder x Notification Domain Enter the domain for which notifications are sent to This is typically the
159. ware and associated documentation Software with or without modification are permitted provided that the following conditions are met 1 Redistributions in source form must retain copyright statements and notices 2 Redistributions in binary form must reproduce applicable copyright statements and notices this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution and 3 Redistributions must contain a verbatim copy of this document The OpenLDAP Foundation may revise this license from time to time Each revision is distinguished by a version number You may use this Software under terms of this license revision or under the terms of any subsequent revision of the license THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS CONTRIBUTORS AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE OPENLDAP FOUNDATION ITS CONTRIBUTORS OR THE AUTHOR S OR OWNER S OF THE SOFTWARE BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE A
160. wnload Click the Add a New User button to add a new user to the system Add a New User User ID Jnewuser Q Password Set Password Confirm Password Prost Administrator Privileges T Full Admin Create Cancel Enter a user ID and a password If this user will be an additional administrator for this Email Firewall select the Full Admin option in the Administrator Privileges section 68 CHAPTER 4 ANTI SPAM CONFIGURATION Upload and Download User Lists Enabling User Access on a Network Interface You can upload lists of users using comma or tab separated text files You can specify the login ID password email address and disk quota in megabytes Use the following format login password email address quota For example user ajg 7rY user example com 0 The file user cs should be created in csv file format using Excel Notepad or other Windows text editor It is recommended that you download the user list Tile first by clicking File Download editing it as required and then uploading it using the File Upload button You must enable User Access on the network interface to allow users to log in via that interface Select System Contig gt Network Settings and go to the Network Interface section Network Interface Inch IP address fio 5 14 7 Netmask 255 255 0 0 7 Media pE 7 UserAccess M 7 Select the User Access check box to allow local access to the Spam Quarantin
161. xplorer 5 5 or greater Netscape 7 0 or greater Mozilla Firefox 1 0 or greater Safari 1 2 3 or greater Your web browser must have cookies enabled to be able to connect and login to the 3Com Email Firewall Launch a web browser on your computer and enter the IP address or hostname into the location bar such as https 192 168 1 253 or https mail example com The login screen will then be displayed Enter the user name admin and the corresponding password RO 3Com Email Firewall 3COM toein 192 168 1 253 Login Powerco sy BorderWare The Activity screen and main menu will then be displayed System Administration 17 Main Menu The main menu provides quick access to the 3Com Email Firewall s configuration and management options DD 3Com Email Firewall 3COM Activity c O Status FE SS Mail Delivery Status Mail is running Queued 0 Hour 0 0 0 0 0 0 Reporting z Stop Deferred 0 Day oo 0 0 0 0 System Config gt l Total 0 Week 2 10 0 0 0 10 System Mgmt Mail Received Recenthy Time Queue Sender Recipient Status 18 45 55 44B846744FC userl example com user2 example2 com sent out Logout 18 45 07 F2F5720144 userl example com user2 exarmple2 com pending 16 29 21 D77125F561 userl example com user2 example2 com sent out Refresh The menu is divided into the following sections a Activity The Activity screen provides you with a var
Download Pdf Manuals
Related Search