Vade Retro mailcube, Administrator'S Manual

Page 1: ...Get a better inbox Administration guide MailCube ...

Page 2: ...reaming 13 Activating TLS on outbound email streaming 14 6 CONFIGURE YOUR INTEGRATED MAIL RELAY 16 Receiving messages 16 Queuing 17 Sending messages 18 Activation of outgoing filter 19 Receiving messages 19 Queuing 20 Sending messages 21 7 CONFIGURING YOUR FILTER ENGINE 22 IP filtering 22 Protocol filtering 23 Domain filtering 23 Address filtering 25 Content filtering 26 Antivirus filtering 27 Dom...

Page 3: ...ion 53 13 HIGH AVAILABILITY CONFIGURATION 53 14 ACCESS TO LOGS 56 15 ACCESS TO STATISTICS 58 STATISTICS HOMEPAGE INTERFACE 58 PRESENTATION OF THE INTERFACE FOR CHRONOLOGICAL CONSULTATION OF STATISTICS 59 16 HOMEPAGE 60 PRESENTATION OF THE HOMEPAGE INTERFACE 60 Homepage 60 The dashboard 61 17 FAQ 62 WHAT IF AN UNWANTED MESSAGE HAS NOT BEEN BLOCKED 62 WHAT IF A MESSAGE IS BLOCKED BY MISTAKE 62 HOW D...

Page 4: ...lusivity that allows anticipating and blocking certain categories of new generation spam even before they spread on your network Heuristic technology also allows Vade Retro Technology to provide a classification for commercial messages and social network notifications thereby allowing you to get a pleasant and uncluttered mailbox Furthermore Vade Retro Technology solutions offer a unique feature o...

Page 5: ...sent more than 50 of the messages that reach your inbox At Vade Retro we call these graymail Graymail refers to low priority messages that are occupying an increasing amount of space in inboxes Commercial e mails provide ways to unsubscribe in order to stop receiving them However these links are sometimes not clearly visible to the user or the unsubscription process is tedious and many users dread...

Page 6: ...t With the implementation of a predictive heuristic analysis Vade Retro technology is able to anticipate certain types of undesirable mail and viruses before they spread on your network This new feature intends to meet publishers minimum intervention time limit which imperatively requires an upgrade of the engine or of signatures during an attack With MailCube you will benefit from the latest tech...

Page 7: ...eing placed in the path of SMTP traffic The figure below Figure 3 1 shows the architecture recommended by Vade Retro Technology Figure 3 1 Architecture recommended for MailCube MC Pro The integration of the appliance requires certain ports to be opened on your firewall and e mail server to update connectors in order for MailCube to run properly Details of these elements are given in Appendix 18 1 ...

Page 8: ...o check and basic actions to perform in order to access the administration interface Figure 3 1 Figure 3 2 Getting Started guide Virtual Edition The elements shown in the initial startup are not set They may be modified later from the administration interface Warning The items shown in step 7 and 8 must allow access to internet Internet access is needed in order to activate MailCube as shown in st...

Page 9: ...igned to your MailCube during startup or the DNS equivalent followed by the port 8080 You will then reach a home page asking you to enter your username and password Figure 4 1 The input should be in this format http XXX XXX XXX XXX 8080 or http appliancename 8080 The default username and password are admin admin During your first login you will be asked to modify your password Figure 4 2 You can a...

Page 10: ...appliance s network settings and configure and customize your overall mail security policy define filter rules The domain management interface where you can customize your mail security policy by domain The statistics interface allowing you to configure dashboards The filter logs interface The interface to access information and maintenance options appliance s backup policy exporting configuration...

Page 11: ...e 5 2 Figure 5 2 Server name field and the associated tooltip Here you will be able to validate the following information Server name the name you would like to give with your domain extension e g mailcubename yourdomain com Primary Network Interface Network information for the first interface of the appliance IP address Subnet Mask IP Gateway Secondary Network Interface network information for th...

Page 12: ...ace This interface offers a security policy on the web interface access using the connection IP and a SSL management in order to activate the HTTPS by using either an auto signed certificate or a certificate provided by an authority of certification Figure 5 4 Access to the security settings interface HTTPS When the IPs or networks authorized to connect list is empty IP addresses trying to log on ...

Page 13: ... compatible with encrypted inbound connections by receiving the content of these connections and receiving also non encrypted connections The restrictive mode makes the MaiLCube compatible with encrypted inbound connetions but by activating this setting the mailcube received only encrypted connections and rejects all non encrypted connections Figure 5 5 Access to the security settings interface In...

Page 14: ... emails using a normal connection The restrictive mode allows sending emails only when the recipient s server is compatible with TLS This restrictive mode can be applied only for a list of domain names Figure 5 5 Access to the security settings interface Outbound TLS Domain declaration interface Declaring domains will allow MailCube to intercept e mails you wish to filter The appliance will analyz...

Page 15: ... enter domain names The syntax to follow is the one shown in Figure 5 6 Figure 5 6 Adding new domains The IP address to enter is the address of your mail server or a router that redirects traffic to your mail server The Default Route s will define an e mail server router common to all domains Your MailCube appliance will now filter your e mail traffic An advanced setup interface allows you to defi...

Page 16: ...iving messages Queuing messages Sending messages The terms Receiving and Sending are to be taken into account for the direction of e mail traffic Thus for the incoming traffic what is received is what enters the MailCube appliance what is sent is what goes out to your e mail server Receiving messages Several elements can be customized here figure 6 2 The server name sent to the server that sends t...

Page 17: ...ection sub section Reception Queuing In this sub section you can customize queue management on your MailCube Figure 6 3 Maximum number of queued messages Maximum retention time of a queued message Maximum retention time of a queued non delivery notification message Please note that when the queue is full new messages are automatically rejected Figure 6 3 E mail server section sub section Queue ...

Page 18: ...ection Sending Interface for outgoing server configuration To access the integrated e mail server configuration in the left menu click on Mail Server under Outgoing Figure 6 5 Figure 6 5 Outgoing server configuration This section allows you to set 4 elements of your e mail server Activation and configuration of the outgoing routing filter Receiving messages Queuing messages Sending messages The te...

Page 19: ...erequisite for this feature is the redirection of the connectors coming out of your e mail server towards MailCube s IP address Figure 6 6 Outgoing e mail server configuration Receiving messages Several elements can be customized here figure 6 8 The server name sent to the server that sends the message during the HELO command Some servers check whether the domain shown in the HELO and sender domai...

Page 20: ...er section sub section Reception Queuing In this sub section you can customize queue management on your MailCube Figure 6 9 Maximum number of queued messages Maximum retention time of a queued message Maximum retention time of a queued non delivery notification message Please note that when the queue is full new messages are automatically rejected Figure 6 9 E mail server section sub section Queue...

Page 21: ...4 vents 59 510 HEM France RCS Rbx Tourcoing 509 568 416 10C 1V2 01 11 FR 21 Sending messages In this sub section you have an option to configure the default outgoing route your firewall for instance to redirect traffic towards the internet Figure 6 10 E mail server section sub section Sending ...

Page 22: ... have the various following configuration options Figure 7 1 Activation of RBLs Real time Blackhole Lists A number of providers offer lists of IP addresses from servers reputed for sending spam This option is blank by default Before activating a server ensure that you read their sales policy first as some are fee based spamhaus The addition of IP addresses known to be spam sources The addition of ...

Page 23: ... of domain filter settings Figures 7 3 and 7 4 Protocol senders Mail From You can deny or allow certain mail domains If allowed the messages will be tested by sender domains Message senders From You can deny or allow certain message senders the name is the one seen in the e mail software DNS You can enable this check which ensures that the domain name announced exists in the DNS entries You can al...

Page 24: ...France RCS Rbx Tourcoing 509 568 416 10C 1V2 01 11 FR 24 DKIM Domain Key Identified Mail You can enable DKIM the standard for authenticating the domain name of an e mail sender This is an additional effective protection against spam and phishing Figure 7 3 Filtering section sub section Domain filtering 1 st part ...

Page 25: ...sted by sender domains DKIM SPF DNS etc Message senders You can deny or allow certain message senders the name is the one seen in the e mail software If allowed the messages from these addresses will be accepted without scanning content Remember protected addresses To reduce message traffic it is possible to filter recipients using either an LDAP directory Active Directory or a relay server able t...

Page 26: ... section allows you to more finely customize content filtering You can perform the following actions once you have subscribed to the corresponding options Figure 7 6 Enable additional filters heuristic antivirus commercial messages non delivery notifications or social network notifications The heuristic virus search analyzes message contents to identify behavior similar to viruses It is possible t...

Page 27: ...mail categorization advertising low medium or high spam probability etc Thus it will be possible to apply a specific action for each type of e mail route delete tag then route retain in user account This setting is valid for all domains You can refine it by customizing the configuration of each domain see Chapter 11 Attachments Accept or reject messages with attachments customized according to the...

Page 28: ...tering content filtering and virus detection filtering in an e mail or its attachment Domain filtering This sub section allows you to act on a number of domain filter settings Figure 7 8 Authorizations This setting allows you to limit the routing and filtering of outgoing e mails to the domains entered in the Domains tab Message senders From You can deny or allow certain message senders the name i...

Page 29: ...dify the settings of e mail sending addresses Figure 7 9 Message senders You can deny or allow certain message senders the name is the one seen in the e mail software If allowed the messages from these addresses will be accepted without scanning content Message recipients To You can deny or allow certain message recipient domains the name is the one seen in the e mail software allowing you to impl...

Page 30: ... deny messages with Cyrillic or Asian characters This option is used when the e mail exchanges in Russian Chinese Japanese etc are regular for a user or domain These e mails will then not receive a high score because they are written with a non Latin alphabet and will not be considered spam Actions Configuration of an action as a consequence of an e mail categorization advertising low medium or hi...

Page 31: ...s Each analyzed messages MailCube add these followind headers X VRSPAM SCORE Integer from minus infinity to plus infinity indicating the spammicity X VRSPAM STATE Classification of the message This header can show these values legit spam probablyvirus bounce virus uce error blacklisted whitelisted sus picious social X VRSPAM CAUSE encrypted string allowing post filtering analysis X VRSPAM UNSUBSCR...

Page 32: ...ed must be the one you have configured on your SNMP server Select SNMP port the default SNMP port used by the protocol is 161 IP addresses authorized to connect To secure SNMP queries sent to the appliance Recommended setting enter only your SNMP server Figure 8 1 Monitoring section Activation of SNMP Syslog export The Syslog export function allows you to extract log files written by MailCube in r...

Page 33: ... Syslog server Port listening port of the Syslog server By default the Syslog port is 514 Use the TCP protocol Allows you to use a Syslog transmission with data control Alerts Alerts can notify a contact that the appliance has raised an alarm This feature is very simple to configure Figure 8 2 Select the checkbox Enable system alerts to activate the feature Enter recipient e mail addresses to rece...

Page 34: ...6 10C 1V2 01 11 FR 34 9 Automatic updates This section covers updates of your antispam and Dr Web antivirus filters Figure 9 1 You can opt for an automatic update of these filters highly recommended with a search frequency that suits your bandwidth The latest version of filters installed is also indicated here Figure 9 1 Automatic update section ...

Page 35: ...ea Your users can still customize these items at their convenience directly in their own personal area The administration interface of user accounts can be accessed by clicking on the tab User Accounts Figure 10 1 User accounts section This screen contains 4 items Reports Purge Mailboxes Aliases Settings for account reports General settings Figure 10 2 In the account reports received by e mail the...

Page 36: ...to users You can modify the following elements time at which reports will be sent frequency number of messages to warrant the sending of a report number of messages listed per report and retention time of an e mail in the user account Figure 10 3 You can also set the title of e mails sent to notify a user that his account has been activated depending on the learning settings selected as well as th...

Page 37: ...to manage admin reports Figure 10 4 The mutual account will contain all e mails that have been withheld from the user You can modify the following elements time at which reports will be sent frequency number of messages to warrant the sending of a report number of messages listed per report Figure 10 4 User accounts section Mutual account settings Defining the purge In this section you can specify...

Page 38: ...efine the learning mode of the mailbox to create accounts Known mailboxes This section allows you to manage e mail accounts protected by MailCube You can delete the user account of a mailbox you no longer wish to protect force the activation of a mailbox or force the sending of e mail alerts The sections Select a domain and Search can make reading easier by providing display filters Figure 10 6 Fi...

Page 39: ... be in automatic mailbox creation mode after its authenticity has been verified You can choose not to have user accounts using the checkbox Create User Accounts Figure 10 7 Figure 10 7 User accounts section mailboxes Deleting This section enables you to set the method of removing mailboxes that no longer exist on the e mail server or LDAP directory from the list of authorized mailboxes They may be...

Page 40: ...ance RCS Rbx Tourcoing 509 568 416 10C 1V2 01 11 FR 40 Figure 10 8 User accounts section deletion of mailboxes Aliases This section offers you a global view of all mailbox aliases You can delete an alias so that it will no longer be associated with the main mailbox Figure 10 9 User accounts section list of aliases ...

Page 41: ...ser accounts o Spam in this category are all the e mails identified as spam or containing a virus that could not be sent to user accounts choice to not create user accounts Outgoing o Spam e mails identified as spam sent by a user from your domain o Graymail e mails identified as commercial emails or newsletters sent by a user from your domain s Social network notifications are not filtered by the...

Page 42: ...e user or administrator according to the management policy defined This report lists all messages considered unwanted and are therefore retained in each individual user s personal area ie an isolation area outside his messaging system This report allows viewing blocked e mails and accessing the user account The report in both tables Graymail Spam Figure 10 11 A user account report On each listed e...

Page 43: ...low priority e mails in the user s area The green ticks indicate that the unsubscription from the selected newsletters was successful Figure 10 12 A user s personal area From his personal area the user can configure a number of items only available for his profile By clicking on the left menu Settings Figure 10 13 the user can configure the sending of reports but also enable the absence manager Fi...

Page 44: ...ned in the global administration allowing him to manage his user account on his return without losing e mails The menu Filtering Options allows the user to manage his own authorized and prohibited address lists Figure 10 15 Figure 10 15 Space for user account filtering options From this interface the user can manage his own aliases to merge his accounts into one From the link Merge accounts the us...

Page 45: ...VADE RETRO TECHNOLOGY SASU Au capital de 268 831 3 avenue Antoine Pinay Parc d activité des 4 vents 59 510 HEM France RCS Rbx Tourcoing 509 568 416 10C 1V2 01 11 FR 45 Figure 10 16 User alias management ...

Page 46: ...ording to the domain to protect Introduction to domain management interface When you select the tab Domains the interface shows all domains protected by MailCube figure 11 1 You can add or delete a domain to protect using the relevant buttons Figure 11 1 Interface to manage domains When you click on a domain you can access its security settings This area consists of 4 items situated on the left si...

Page 47: ...Figure 11 2 Routing Filtering Figure 11 3 In this section you can refine the filtering strategy to apply to each selected domain You have the following sub sections Domain filtering Address filtering Content filtering and Antivirus filtering For more information regarding the configuration of these sections please refer to chapter 6 of this guide Figure 11 3 Filtering ...

Page 48: ...nt to an address such as contact xxx fr may have multiple recipients Assuming that a mailbox can only have one user account if an activation alert is sent to a group of users accessing this mailbox the first user who activates the account of the related e mail address will automatically be assigned this account For such cases it is advisable not to send an activation alert and consequently exclude...

Page 49: ...ill never receive any e mail Figure 11 5 Mailboxes section 12 Maintenance Back up restore your configuration in a few clicks In this chapter you will learn how to access the maintenance area of your MailCube to back up or restore your configuration in the event of a system failure Presentation of the maintenance interface This maintenance screen consists of 4 items Queue management Backup Export c...

Page 50: ...urcoing 509 568 416 10C 1V2 01 11 FR 50 Queue management The queue management interface captures the content of the queue when you access the page The table lists messages in the queue and the action buttons on the right enable you to Force the sending of the e mail View the queued e mail Read the error message Figure 12 1 Queue ...

Page 51: ... on Restore In the unlikely event of a technical failure regarding network and cluster settings you can choose to restore these settings to the last backup done Figure 12 2 Backup section Configuration export Figure 12 3 This section allows you to export the configuration of your MailCube towards an external peripheral USB key external hard drive To do so click on Initiate export In case of a tech...

Page 52: ... Tourcoing 509 568 416 10C 1V2 01 11 FR 52 Update Figure 12 4 On this mask you can view available firmware versions and activate an update Caution updating the firmware of the appliance will force it to restart Figure 12 4 Update section System This menu allows you to Shut down or Restart the system Figure 12 5 System section ...

Page 53: ...configuration Secure your e mail filter architecture In this chapter you will learn how to set the High Availability mode on your MailCube This method only works if you have a second MailCube to secure your architecture Cluster mode settings The cluster function offers three operating modes Autonomous o The autonomous function is automatically selected when you only have one MailCube Master o By s...

Page 54: ...coing 509 568 416 10C 1V2 01 11 FR 54 Figure 13 1 High availability Cluster settings When you enable the Master Cluster mode the left hand menu opens new configuration options Figure 13 2 Figure 13 2 High availability Extra menus The Slave access will allow you to identify IP addresses of MailCubes configured as slaves figure 13 3 ...

Page 55: ...es settings Quarantine access enables you to setup an external MailCube as the external storage for user accounts and for mutual accounts figure 13 4 Figure 13 4 High availability Configuration of externalized quarantine On the MailCube configured as a slave an M S Synchronization menu enables you to launch synchronizations among appliances Figure 13 4 High availability Slave mode M S synchronizat...

Page 56: ...ipient message ID status but also details of e mail processing performed by your MailCube Presentation of the log access interface This screen allows you to quickly view the processing performed by your MailCube after an e mail arrives You can easily conduct searches using the available dialog box Figure 14 1 You can look for messages by recipient sender message ID or by date You can also perform ...

Page 57: ...et full details of the processing done by your MailCube details of the message header spam score and action taken delivered tagged retained deleted Figure 14 3 Log consultation interface 3 Log download interface If you wish to do so you can also download the entire log file figure 14 4 to process it using an appropriate tool or to forward it to Vade Retro Technology s support for an advanced behav...

Page 58: ... dashboards over a given period of time You can thus determine whether you are a prime target for spammers refine your filter settings and further secure your messaging system Statistics homepage interface Figure 15 1 The homepage of the statistics interface is organized under two main menus Incoming Outgoing To synthesize traffic in each direction the interface displays in four graphs the current...

Page 59: ... month For these three items you have the following information Figure 15 2 traffic status traffic divided by types of messages delivered deleted tagged retained percentage of deleted messages during the period percentage of retained messages during the period percentage of tagged messages during the period percentage of messages delivered during the period percentage of notification messages volu...

Page 60: ...ls deleted These e mails are definitely spam The sender is not informed of the deletion and the recipient will never retrieve these e mails o Retained Messages delivered to user or mutual accounts o Rejected Number of messages refused by the MailCube because the e mail server did not find the recipient The sender is notified about the rejection by an SMTP error number o Tagged Number of messages f...

Page 61: ...the activity of your messaging system and MailCube This dashboard shows complete encrypted information for protocol and content filtering The sending and receiving sections relate to steps in the SMTP protocol in the direction of the traffic and the rejections received for each of them You will also find indications about the types of messages received and their qualification This page is regularl...

Page 62: ...ngine What if a message is blocked by mistake Very rarely a legitimate e mail can be blocked in user account Many reasons can lead to this situation the reputation of the sending server the message format or its contents It is therefore not a malfunction of Vade Retro s filter but rather a safety action against a message with doubtful characteristics In this case the user can choose to release the...

Page 63: ...incoming and outgoing e mail filtering 80 in outgoing for filter engine updates in incoming for the user account to be accessible from outside 8666 to enable Vade Retro Technology support to connect to the appliance and to diagnose problems Between the appliance and your local network 25 from appliance to your e mail servers 8025 from your e mail server to your appliance 8080 between the administr...

Page 64: ...he task bar must have a login with a User with permissions level on his workstation in order for the MSI package to be installed To check or activate this mode in the Windows Server administration interface click on Start Launch then type lusmgr Select Users with permissions and ensure that the users concerned are associated with this group 2 Provisioning in a shared area The msi must be provision...

Page 65: ...t that makes it possible to apply the GPO on a group of workstations Creating the deployment policy GPO 1 Naming In Windows Server open the Group Policy Management tool To do so click on Start Launch then enter gpmc msc Once you are in the group policy manager select the target OU then create the GPO by clicking on Create a GPO in this domain and link it here then on OK 2 Targets In the GPO select...

Page 66: ... at the following location User configuration Policies Software settings Software installation Right click on Software installation then on Properties in order to select the location where the msi package was provisioned earlier Select the location using the Browse button click on Apply then OK Back in the group policy interface after having selected Software installation right click in the sectio...

Page 67: ... in the folder then click on Open Select the Advanced deployment method then click on OK Next right click on the new package configured in the group policy environment click on Properties then on the Deployment tab In the Deployment tab select the following deployment options Assigned Uninstall this application when it falls out of the scope of management Install this application at logon Maximum ...

Page 68: ...6 10C 1V2 01 11 FR 68 Then confirm by clicking on OK Link the GPO so that it will be applied To do so right click on Link enabled Results of the configuration The next time a session is opened on each workstation the toolbar will run as a background task Then in the Outlook environment it will be offered in the form of an additional tab like this ...