GFI MailEssentials 14 administration and configuration manual
Contents
1. Except if recipient is Add Remove ceo company com OK Cancel Apply Screenshot 82 Creating an exception 4 Select the Exceptions tab to add senders or recipients who will be excluded from the new rule The available options are e Except if sender is Excludes the specified sender from the list e Except if recipient is Excludes the specified recipient from the list NOTE 1 When specifying exceptions for inbound monitoring rules the Sender list contains non local email addresses and the Recipient list addresses are all local When specifying exceptions for an outbound monitoring rule the Sender list contains local email addresses whilst the Recipient list contains only non local email addresses Administration and configuration manual Miscellaneous e 101 NOTE 2 Both exception lists apply and all senders listed in the sender exception list and all recipients listed in the recipient list will not be monitored 5 Click OK to finalize settings NOTE New email monitoring can be renamed by clicking on the email monitoring rule and pressing the F2 key 5 3 Synchronizing configuration data When GFI MailEssentials is installed on more than one server it is important to keep the anti spam and configuration data synchronized between servers so that email identified as spam on one server would be caught as spam on another server as well if it passes through it GFI MailEssentials automate2. meconfigmgr import c MailEssentials Settings verbose replac Note Replace C MailEssentials Settings with the desired source path a GFI MailEssentials Configuration Export Import Tool ntials Settings autowhitelist mdb gt C Program Files GFI hitelist mdb tten ntials Settings weights bsp gt C Program Files GFI MailEs ntials Settings userlist mdb gt C Program Files GFI MailE ntials Settings reports mdb gt C Program Files GFI MailEs Donet Screenshot 88 Importing settings via command line e The verbose switch instructs the tool to display progress while copying files e The replace switch instructs the tool to overwrite existing files in the destination folder Administration and configuration manual Miscellaneous e 109 5 5 Configuring automatic updates GFI MailEssentials can be configured to automatically check for and download updates General Settings Properties xi General Updates Inbound Email Domains Bindings 3 _ Automatic checking for updates Specify update server for Bayesian and Anti Phishing update gfi com The email notifications sent for failed updates can be sent after a number of consecutive failures The number of consecutive failures can be configured below 3 consecutive failures Update requests can be configured to pass through a proxy server To enable this functionality and specify the proxy serve
3. Email backup before after processing When troubleshooting it is sometimes necessary to keep a backup copy of emails before and after being processed by GFI MailEssentials This can be done usina the option below I Keep a copy of every email before and after email processing Backup copies of the emails will be copied to the following folder Program Files GFI MailE ssentials SinkArchives A Applying changes to the above options requires a restart of GFI MailEssentials services and Microsoft IIS Admin service Screenshot 24 The GFI MailEssentials Switchboard Troubleshooting 2 From the Troubleshooting tab click e Disable Processing to disable email scanning e Enable Processing to enable email scanning Email processing can be enabled disabled through command prompt For more information refer to http kbase gfi com showarticle asp id KBID003468 36 Routine Administration Administration and configuration manual 4 Customizing GFI MailEssentials 4 1 Adding additional inbound email domains Inbound Email Domains enable GFI MailEssentials to distinguish between inbound and outbound email and therefore to identify which emails should be scanned for spam During installation inbound email domains are imported from the IIS SMTP service In some cases however local email routing in IIS might be required to be configured differently e Example To add domains which are local for email routin
4. 3 In the Enter Email Address Domain dialog specify e full email address or e emails from an entire domain for example companysupport com or e anentire domain suffix for example mil or edu NOTE When configuring entire domain suffices ensure that for example emails sent from military or educational domains are never marked as spam Also specify which email header field must be matched for the emails to be whitelisted by clicking Check e Example To whitelist all inbound email sent by a specific user select the Check MIME FROM option NOTE 1 Some newsletters use mailers that do not address the sender in the MIME TO field causing the GFI MailEssentials header checking feature to mark it as spam These should be whitelisted with the Check MIME TO option NOTE 2 To exclude a local user from spam filtering simply enter the email address of the user and select the Check MIME TO option NOTE 3 For more information about the difference between SMTP and MIME refer to http kbase gfi com showarticle asp id KBID002678 Click OK to finalize email domain entry Administration and configuration manual Customizing GFI MailEssentials 51 Whitelist Properties Ed Keyword Whitelist Subject IP Whitelist Actions Whitelist Auto Whitelist Keyword Whitelist Body eq Specify which email addresses will not be filtered for spam V Enable email whitelist Filter whitelist e
5. AWI Remove Starting point lt Default Web Site gt AWI Confiquration Execute permissions Scripts only Application pool DefaultAppPool T Maad Screenshot 10 Setting Virtual Directory properties 6 In the Virtual Directory tab of the Properties dialog check the Read Log Visits and Index this resource checkboxes Make sure that all the other checkboxes are unchecked In the Execute Permissions list box select Scripts only 7 Access the Documents tab Remove all the default documents except for default asp 8 Access the Directory Security tab and click on the Edit button in the Authentication and access control group NOTE Since the Archive Web Interface provides access to all the emails archived by GFI MailEssentials it is important to setup proper authentication and security for this web server and virtual directory There are three ways to secure the Search Interface These are Basic Authentication Digest and Integrated Windows Authentication Integrated Windows Authentication is the preferred choice in an Active Directory environment because it makes the authentication process seamless since initially it does not prompt the users for their username or password information Rather it uses the current Windows user information on the client computer for authentication If you are installing GFI MailEssentials in a DMZ use Basic authentication Administration and configuration manual Routi
6. 2 Entering too many keywords increases the possibility of spam getting though the spam filters Configuring Whitelist 1 Select Anti Spam gt Whitelist gt Properties Administration and configuration manual Customizing GFI MailEssentials o 49 50 e Customizing GFI MailEssentials Whitelist Properties Ed Keyword Whitelist Subject IP Whitelist Actions Whitelist Auto whitelist Keyword Whitelist Body eq Specify which email addresses will not be filtered for spam geesesescesesossesesoesososcesesesesoesoesesoseseeg Filter whitelist entries Show all Search Add Email Address Domain a afi com sales gfi com gfi com gfiusa com EE ofisoftware com MIME ofisoftware de E TO E afiap com FROM Remove Import M Esport ofi co uk oficom at ofihispana com Screenshot 34 Whitelisted domains 2 From the Whitelist tab add a whitelisted domain or email address by clicking Add Enter Email Address Domain xi A Enter the email address or domain to use Email Address D omain trusteddomain cord eg someone companysales com eg companysupport com eg companysupport com eg com Check MIME TO Check MIME FROM Check SMTP TO C Check SMTP FROM Cancel Screenshot 35 Adding a whitelisted email entry Cancel Apply Administration and configuration manual
7. 109 117 Microsoft Exchange 2010 5 7 9 72 109 117 Microsoft Exchange Server 5 6 7 8 9 72 74 96 108 114 115 122 Microsoft SQL Server 20 21 27 85 MSMQ 134 N New Senders 3 39 68 69 70 71 75 newsletter 15 50 65 84 85 86 87 88 89 90 134 O Outbound mail filtering 128 P P2E Logging 17 Phishing 3 38 42 43 44 48 63 108 116 134 POP2Exchange 93 95 POP3 1 17 93 94 124 133 134 post install actions 3 public folder scanning 6 7 8 11 16 140 e Glossary R Remote commands 2 109 110 111 113 114 125 134 Reports 27 Rules Manager 114 115 116 117 122 S Sender Policy Framework 44 45 46 47 61 123 SMTP Server 44 46 60 61 62 122 SMTP transmission filtering 56 SMTP Virtual Server 108 109 Spam Actions 4 6 39 41 44 48 55 58 60 62 64 66 68 70 71 116 spam database 16 60 130 Spam digests 17 Spam review 15 Spam URI Realtime Blocklists 39 62 63 64 SpamRazer 39 40 41 SPF See Sender Policy Framework Statistics 17 27 SURBL See Spam URI Realtime Blocklists T Tag Email 73 117 Tracing 118 119 Troubleshooting 16 35 36 119 121 U updates 39 40 41 43 44 60 105 108 123 124 W WebDAV 8 135 Whitelist 1 6 15 16 47 48 49 50 51 52 53 65 69 75 123 135 Administration and configuration manual
8. AWI access 21 B Bayesian 1 58 59 60 108 109 112 113 123 129 130 131 133 BITS server 101 Blacklist 1 3 6 16 39 56 57 60 61 63 69 70 109 110 111 112 133 C configuration data 100 Configuration Export Import Tool 100 105 106 Custom blacklists 123 custom footer 87 D Dashboard 16 17 122 124 dialup downloading 17 93 Directory Harvesting 3 38 53 54 55 56 Disclaimers 1 2 76 77 79 80 81 124 133 discussion list 15 16 84 85 86 87 88 89 90 134 DMZ 8 55 133 DNS blacklists 60 61 73 DNSBL See DNS blacklists Administration and configuration manual E email archiving 20 96 Email monitoring 1 2 96 97 98 99 124 133 email processing 35 email routing 4 5 37 F Filter priority 55 75 76 G GFI MailEssentials reporter 27 H ham 16 52 58 59 109 112 129 130 Header Checking 3 5 39 64 65 Hiding user posts 10 IIS SMTP 37 109 122 123 IMAP 7 8 124 133 inbound email domains 37 38 128 Inbound mail filtering 127 Internal email 21 IP Whitelist 53 J Junk E mail folder 4 5 6 39 71 118 K Keyword Checking 1 28 67 71 110 111 112 123 Glossary e 139 L LDAP lookups 55 legitimate email 15 16 47 58 59 60 List servers 83 134 Lotus Domino 11 12 M MAPI 7 134 Microsoft Access 20 21 27 85 123 Microsoft Exchange 2007 5 7 9 72
9. Emails tagged as spam are archived 1 Launch Rules Manager on the Microsoft Exchange machine by double clicking on rulemgmt exe from the GFI MailEssentials 124 e Troubleshooting amp support Administration and configuration manual 2 AWI cannot be accessed with HTTP Error 404 File or directory not found message 3 Older data not available in database when using Microsoft Access folder 2 Enable the checkbox next to the name of the mailbox being polled by GFI MailArchiver for archiving 3 Click on Configure and ensure that the Rule Condition and Rule Action settings are correct Click Apply For more information on how to solve this issue refer to http kbase gfi com showarticle asp id KBID002747 By default Internet Information Services IIS disables dynamic content AWI requires this to be enabled since data is dynamically retrieved from the archive database 1 Load IIS Manager expand lt Server Name gt node gt Web service extensions and right click Active Server Pages 2 Click Allow to set status to Allowed For more information on how to solve this issue refer to http kbase gfi com showarticle asp id KBID002963 When the reports mdb database exceeds 1 7Gb the database is automatically renamed to reports_ lt data gt mdb and a new reports mdb is created For more information on how to solve this issue refer to http kbase gfi com showarticle asp id KBID003422 6 6
10. NOTE 2 To create a new database select the Automatic option 4 Configure the database type selected to store the newsletter discussion subscribers list The available options are Database type Database settings Microsoft Access with Key in the location where the new database is Automatic option stored in the File edit box Microsoft Access with In the File field specify the path to your existing Existing option Microsoft Access database that contains the newsletter discussion subscribers From the Table drop down list select the table where the subscribers list is stored Microsoft SQL Server Specify SQL server name logon credentials and with Automatic option database used to store newsletter discussion subscribers list Microsoft SQL with Specify SQL server name logon credentials and Existing option select the database and table where subscribers list is stored 88 e Customizing GFI MailEssentials Administration and configuration manual 5 For all database types with the Automatic option click Finish button to end the wizard or click Next to continue setup ariables xi JA Map variables to database fields by selecting them both and clicking on ay the Map Field button Variables Database Fields FirstName_To V LastName_To 1 Company Refresh Variable Field Map Field Email_To gt listid Unsubscribe lt gt subscribe Remove Map Screenshot
11. or received on the mail server where GFI MailEssentials is installed Mail Server Daily Usage Statistics Report Type lnboundianly C Gotboundianly io Both Directions m Report Options Sort column Email Direction Date he Inbound 7 T Highlight days when the following conditions match Direction Amount more than R d mail I Display top records only for current sort column icp 1 M Multiple page report Records per page 50 m Filter Options Specific Email Date Range No Date Range x rom ifs Screenshot 19 Mail server daily usage statistics filter dialog Report Type e Report Type The data for Mail Server Daily usage statistics is always reported for both inbound and outbound emails Report Options e Sort by Specify if report is sorted by date since the report is per day by number of emails or by the total size of the emails e Highlight days Identify the days on which you sent or received more than a number of emails or a number of megabytes of email e List top List only the top specified number of days in the report e Multi Page report Specify the number of days to display per page Filter options e Specific Email Limit the report to a specific domain e Date Range Limit the report to a specific date range When all report options are selected click Report button to generate report 32 e Routine Administration Administration and configurati
12. server databases list servers that have been used for spamming There are a number of third party DNS blacklists available ranging from reliable lists that have clearly outlined procedures for getting on or off the DNS blacklist to less reliable lists When an email is in transit from the sender to the recipient it goes through a number of SMTP servers until it reaches the final destination The IP address of each SMTP server is recorded in the email header This filter enables GFI MailEssentials to check all the public IP addresses found in the message header with the DNSBL database configured GFI MailEssentials checks all the public IP addresses found in the message header with the DNSBL database configured GFI MailEssentials records all the IP addresses checked in an internal database and will not perform further checks with the DNSBL for the same IPs The IP addresses are kept in the database for 4 days or until the Simple Mail Transport Protocol SMTP service is restarted This filter is enabled by default on installing GFI MailEssentials Important notes 1 The DNS server must be properly configured for this feature to work If this is not the case time outs will occur and email traffic will be slowed down For more information refer to http kbase gfi com showarticle asp id KBID001770 2 Querying a DNS blacklist can be slow depending on your connection so email can be slowed down a little bit especially if multiple DNS
13. 09 09 2008 11 06 24 postmaster Processed successfully Screenshot 5 GFI MailEssentials Dashboard 2 Click on e Status to view GFI MailEssentials services status and email processing activity e Statistics to view statistical charts showing email flow and spam blocked by all spam filters as well as counters with information on incoming and outgoing email and spam e P2E Logging Shows a log of the POP2Exchange activities NOTE For information on POP2Exchange refer to the Setting up POP3 and dialup downloading section in this manual 3 5 Generating spam digests The spam digest is a short report sent to an administrator or user via email This report lists the total number of emails processed by GFI MailEssentials and the number of spam emails blocked over a specific period of time since the last spam digest 3 5 1 Configuring spam digests Administrator spam digest 1 Select Anti Spam gt Spam Digest gt Properties Administration and configuration manual Routine Administration e 17 Spam Digest Properties Screenshot 6 Spam digest properties Administrator spam digest 2 From the Administrator Digest tab click Send administrator spam digest to enable spam digest 3 Configure the desired sending frequency Daily Weekly Monthly from the Sending schedule drop down 4 Specify the digest content that will be sent in the email either a Total count of processed email a
14. Administration and configuration manual Customizing GFI MailEssentials 79 2 Restart IIS services and GFI MailEssentials after disabling a disclaimer for the changes to take effect 4 3 1 Configuring disclaimers 1 Right click Email Management gt Disclaimers node and select New gt Disclaimer Add Disclaimer Ed be Select whether you would like to add this disclaimer for a User or for a Domain Disclaimer Type User Disclaimer Cancel Screenshot 60 Selecting a domain or user disclaimer 2 Select e Domain Choose the domain from the list of configured domains All emails sent from that domain will have the disclaimer added e User Specify a user or a group of users to whom the disclaimer will be added for outbound emails If GFI MailEssentials is in Active Directory mode pick users or groups of users directly from Active Directory else specify the SMTP email address of the user 80 e Customizing GFI MailEssentials Administration and configuration manual New Disclaimer Properties Bottom v Screenshot 61 New disclaimer general properties 3 In the General tab click Select to change the domain or user Select Top or Bottom option to configure if disclaimer should be located at the top or bottom of the email Administration and configuration manual Customizing GFI MailEssentials 81 New Disclaimer Properties xi General HTML Plain Text Zi Configure HTML disclaimer
15. Bayesian statistical probability index based on N ce fo analysis training from users is used to identify spam 4 2 1 Anti Spam actions GFI MailEssentials can take a number of actions when a message is identified as spam These include e Deleting the message e Moving it to a central folder e Forwarding it to an email address e Tagging the mail e Moving it to Junk E mail folder e Moving it to an Exchange sub folder NOTE For detailed information on anti spam actions refer to the Spam Actions What to do with spam email section in this manual 4 2 2 SpamRazer SpamRazer is GFl s primary anti spam engine and is enabled by default on installation Frequent updates are released for SpamRazer that will further increase the response time to new trends of spam NOTE SpamRazer is also the anti spam engine that blocks NDR spam For more information on GFI MailEssentials and NDR spam refer to http kbase gfi com showarticle asp id KBID003322 Configuring SpamRazer NOTE 1 Disabling SpamRazer is NOT recommended Administration and configuration manual Customizing GFI MailEssentials 39 NOTE 2 GFI MailEssentials downloads SpamRazer updates from http sn92 mailshell net 1 Select Anti Spam gt Anti Spam Filters gt SpamRazer gt Properties SpamRazer Properties Screenshot 26 SpamRazer Properties 2 From the SpamRazer tab perform any of the following actions e Select unselect Enable Sp
16. GFI MailEssentials from an email client within the domain Conditions for sending remote commands e The email must be in Plain Text format e The subject of the email is ignored e The following syntax must be used for all commands lt command name gt lt parameterl gt lt parameter2 gt lt parameter3 gt For example ADDSUBJECT sex porn spam e There can be more than one command in the body of an email with each command separated by a semi colon e f a password is configured for remote commands enter the password in the first line in the following syntax PASSWORD lt shared password gt For example PASSWORD mypassword e Command names are case sensitive and should be written in UPPER CASE e Conditions such as IF AND OR etc are not supported NOTE The robot can only add keywords but not delete or modify them 5 7 3 Keyword commands Use keyword commands to add keywords or combination of keywords in the body or subject lists in Keyword Checking filter Available commands are e ADDSUBJECT Adds keywords specified to the subject keyword checking database o Example ADDSUBJECT sex porn spam e ADDBODY Adds keywords specified to the body keyword checking database o Example ADDBODY free 100 free absolutely free NOTE When configuring phrases other than a single words enclose phrases in double quotes 5 7 4 Blacklist commands Usi
17. In Databases and Resources 2 Click Add Mail In Database and key in the New Mail In Database as follows e Mail in name Public Folders e Description The GFI MailEssentials Mailbox e Internet address lt public lt yourdomain com gt e Internet Message No Preference e Encrypt incoming mail No e Domain lt yourdomain gt e Server lt Your Domino server name gt e File name Public F nsf Administration and configuration manual Recommended post install actions e 11 NOTE You will need to associate a user with the Mail In database created above This account will be used by the GFI MailEssentials server to connect to the Lotus Domino Server Step 4 Configure GFI MailEssentials Define the shared namespace which will be used when connecting to the Lotus Domino IMAP service 1 Click Start gt Run and type Regedit 2 Locate the following Registry Key lt HKEY LOCAL MACHINE SOFTWARE GFI ME14 Attendant rpfo lders 8 gt 3 Create the following Keys Name FolderDelimiter Name SharedNamespace Type STRING Type STRING Value V Value lt Public Folder Prefix Name of new Mail In Database gt Get the values for the sharednamespace key as follows Public folder prefix name 1 From the IBM Domino Administrator click Configuration Tab 2 Expand Server gt Configurations click on your Domino Server and click Edit Configuration 3 From the IMAP tab s
18. Layer Simple Mail Transport Protocol SMTP Spam actions A special use of e mail systems that allows for widespread distribution of emails to multiple email users through discussion lists or newsletters A record used by DNS to provide the names of other entities to which the mail should be sent See Messaging Application Programming Interface See Microsoft Data Access Components A messaging architecture and a Component Object Model based API for Microsoft Windows A message queue implementation for Windows Server operating systems A Microsoft technology that gives developers a homogeneous and consistent way of developing software that can access almost any data store See Multipurpose Internet Mail Extensions See Microsoft Message Queuing Services A standard that extends the format of e mail to support text other than ASCII non text attachments message bodies with multiple parts and header information in non ASCII character sets See Non Delivery Report An automated electronic mail message sent to the sender on an email delivery problem The computer server in a LAN that is directly connected to an external network In GFI MailEssentials perimeter gateway refers to the email servers within the company that first receive email from external domains The process of acquiring sensitive personal information with the aim of defrauding individuals typically through the use of fake communications A system that coll
19. MailE ssentials logs headerchecking log oe T Generate Non Delivery Report NDR Cancel Apply Screenshot 57 The other actions tab Select the Other tab to specify a number of optional actions e Log occurrence to this file Log the spam email occurrence to a log file of your choice e Generate Non Delivery Report NDR Create and send a fake Non Delivery Report NDR This causes most bulk mailing software to remove your address from their database This option can also be used to notify sender that email has been considered as spam NOTE To customize the fake NDR edit ndr xml located in MailEssentials templates directory using notepad or any XML editor 4 2 15 Anti spam global actions A lot of spam is sent to email addresses that no longer exist Generally these emails are simply deleted however for troubleshooting or evaluation purposes you might want to move these emails to a folder or forward them to a particular email address NOTE This section applies only for installations on Microsoft Exchange Server that have the Move to subfolder of user s mailbox enabled Refer to the Spam Actions What to do with spam email section in this manual for more information on how to enable this Administration and configuration manual Customizing GFI MailEssentials 77 feature On other servers the anti spam global actions tab will not appear Configuring Anti spam global actions 1 Right click Ant
20. Password ADDBLIST spammer spamhouse com ADDSUBJECT sex 100 free ut Pil Screenshot 92 Adding an email address to the blacklist and keywords e Example 2 The same command can be specified more then once in this case ADDBODY The result is cumulative and in this case the keywords added to the body checking database are sex 100 free and instant money 114 e Miscellaneous Administration and configuration manual From max max com 192 168 206 1 00000220 To rcommands mailessentials locl G Ce Poo Subject Subject is ignored so you can put anything here or leave it blank Arial joz B 7 uA PASSWORD Password ADDBODY sex 100 free ADDBODY instant money Screenshot 93 Specifying the same commands more than once e Example 3 A spam email is added using the ADDASSPAM command A colon is not required for this type of command everything immediately after this command is treated as data Tou frcommands maiessentiasocal 0 lt i OO _ETE Bec Subject JFW Depressed ap O PASSWORD Password ADDASSPAM Original Message From Ty Westbrook mailto 266e5ohfnhw excite com Sent Thursday June 12 2003 9 38 PM To 20orders qfi com Ce Alexander Zammit bcdefbk gfi com Brian Azzopardi David Farinic David Vella Downloads Subject Depressed ap Human Growth Hormone As seen on NBC CBS and CNN and even Oprah The health discovery that actually reverse
21. Q If enabled the auto whitelist check adds the recipients email address to the whitelist This automatically enables replies from such recipients to go to the sender without being checked for spam After this check emails are sent to the recipients 130 e Appendix 1 How does GFI MailEssentials work Administration and configuration manual 8 Appendix 2 Bayesian Filtering The Bayesian filter is an anti spam technology used within GFI MailEssentials It is an adaptive technique based on artificial intelligence algorithms hardened to withstand the widest range of spamming techniques available today This chapter explains how the Bayesian filter works how it can be configured and how it can be trained NOTE The Bayesian anti spam filter is disabled by default It is highly recommended that you train the Bayesian filter before enabling it IMPORTANT GFI MailEssentials must operate for at least one week for the Bayesian filter to achieve its optimal performance This is required because the Bayesian filter acquires its highest detection rate when it adapts to your email patterns How does the Bayesian spam filter work Bayesian filtering is based on the principle that most events are dependent and that the probability of an event occurring in the future can be inferred from the previous occurrences of that event NOTE Refer to the links below for more information on the mathematical basis of Bayesian filtering http www cc
22. Type aod list lt Public Folder Prefix Name of new Mail In Database gt 6 The output of the above command should show the public folders as in the following screenshot Telnet 12 OO x aoS list public folders public folder x HasChildren gt 48 gt Folderspublic folder GFI AntiSpam Folders NHasChildren gt NW 65 gt Folderspublic folder GFI AntiSpam Folders Add to blacklist HasNoChildren gt lt 75 Folderspublic folder GFI AntiSpam Folders Add to blacklist Processed lt HasChildren gt 65 gt Folderspublic folder GFI AntiSpam Folders fAdd to whitelist HasNoChildren gt d NN lt 75 gt Folderspublic folder GFI AntiSpam Folders fAdd to whitelist Processed HasChildren gt NW lt 76 Fo lderspublic folder GFI AntiSpam Folders I want this Discussion list HasNoChildren gt lt 86 Folderspublic folder GFI AntiSpam Folders I want this Discussion list Pro lt NHasChildren gt 732 Folderspublic folder GFI AntiSpam Folders This is legitimate email lt HasNoChildren gt d lt 83 Folderspublic folder GFI AntiSpam Folders This is legitimate email Proces NHasChildren gt NWN 67 gt Folderspublic folder GFI AntiSpam Folders This is spam email lt HasNoChildren gt lt 772 gt Folderspublic folder GFI AntiSpam Folders This i am email Processed 7 Type ao3 logout NOTE Use the Lotus notes designer
23. a table called listname_subscribers with the following fields as shown in the table below To import data into the list ensure that the database is populated with the correct data in the correct fields Field name Type Default Flags Description Value Ls_id Varchar 100 PK Subscriber ID Ls_first Varchar 250 First name Administration and configuration manual Customizing GFI MailEssentials o 93 Ls_last Varchar 250 Last name Ls_email Varchar 250 Email Ls_unsubscribed Int 0 NOT Unsubscribe flag NULL Is_company Varchar 250 Company name 94 e Customizing GFI MailEssentials Administration and configuration manual 5 Miscellaneous This section describes all the other features that fall outside the initial configuration daily management and customization of GFI MailEssentials 5 1 Setting up POP3 and dialup downloading Post office protocol POP3 RFC 1225 is a client server protocol for storing email so that clients can connect to the POP3 server at any time and read the email A mail client will make a TCP IP connection with the server and by exchanging a series of commands enable users to read the email All ISPs support POP3 The recommendation for GFI MailEssentials is to if possible avoid using POP3 and to use SMTP since POP3 is designed for email clients and not for mail servers Notwithstanding this fact and to cater for situations where a static IP address used with SMTP is not available GFI MailEssentials c
24. as Test Settings Cancel Screenshot 12 Internet Information Services IIS Manager Add application 5 Click OK to create the new Application 6 Click on the AWI application which was just created and double click the Authentication icon in the right pane Administration and configuration manual Routine Administration e 25 Internet Information Services IIS Manager of x oo D gt WINSERVB gt Sites Default WebSite gt AWI gt a Ra Fie view Help e Hile E Authentication Ou Start Page Online Help E WINSERVB TCDoMaTNB adi _ STOUR by No Grouping Application Pools Name Status Response Type B S Sites Anonymous Authentication Disabled E Default Web Site ASP NET Impersonation Disabled E aspnet_client Basic Authentication Disabled HTTP 401 Challenge P Autodiscover Digest Authentication Disabled HTTP 401 Challenge EP EWS Forms Authentication Disabled HTTP 302 Login Redirect 1 Exadmin Windows Authentication Enabled HTTP 401 Challenge 2 Exchange 2 Exchweb Microsoft Server Hy OAB H owa E Public H P UnifiedMessaging D AWI i gt E Features view i Content view Configuration Default Web Site AwT web config Screenshot 13 Internet Information Services IIS Manager 7 Right click on the Anonymous Authentication option and select Disable 8 R
25. contains checkbox to enable auto replies for emails containing specific text in the subject field 4 In the Auto Reply from field specify an email address in case where an autoreply is required from a different email address other than the email address to which the inbound email was addressed to 5 In the Auto Reply subject field specify the subject of the auto reply email 6 In the Auto Reply text edit box specify the text to display in the auto reply email NOTE Import auto reply text from a text file via the Import button Insert ariable Ed From Email Field From Name Field Subject Field To Email Field To Name Field Tam bain me DL me be me Screenshot 68 Variables dialog 7 Click on Variable to personalize auto replies using variables Select variable field to insert and click OK Available variables are e Date Field Inserts the email sent date e From Email Field Insert sender email address e From Name Field Inserts the display name of the sender e Subject Field Inserts email subject e To Email Field Inserts the recipient s email address e To Name Field Inserts the recipient s display name e Tracking Number Inserts tracking number if generated 8 Click Add and select any attachments to send with the auto reply email Remove attachments using the Remove button 9 Select Include email sent option to quote the inbound email in auto reply 10 Select Gene
26. directly part of the Internet Its purpose typically is to act as a gateway between internal networks and the internet A statement intended to identify or limit the range of rights and obligations for email recipients A database used by TCP IP networks that enables the translation of hostnames into IP numbers and to provide other domain related information See Demilitarized Zone See Domain Name System See Mail Exchange Rules which enable the replication of emails between email addresses An incorrect result that identifies an email as spam when in fact it is not Legitimate e mail See Internet Information Services A set of Internet based services created by Microsoft Corporation for internet servers See Internet Message Access Protocol One of the two most commonly used Internet standard protocols for e mail retrieval the other being POP3 See Lightweight Directory Access Protocol An application protocol used to query and modify directory services running over TCP IP Glossary e 135 136 e Glossary List servers Mail Exchange MAPI MDAC Messaging Application Programming Interface Microsoft Message Queuing Services Microsoft Data Access Components MIME MSMQ Multipurpose Internet Mail Extensions NDR Non Delivery Report Perimeter server gateway Phishing POP2Exchange POP3 Post Office Protocol ver 3 Public folder RBL Realtime Blocklist Remote commands Secure Sockets
27. discussions After creating a newsletter discussion list users must subscribe in order to receive it The actions which users can perform when using newsletters discussions are e Sending a newsletter e Subscribing to a list e Completing the subscription process e Unsubscribing from the list Using newsletters e Subscribing to list Ask users to send an email to lt newslettername gt subscribe yourdomain com e Completing the subscription process Users first send a subscription request to lt newslettername gt subscribe yourdomain com On receiving the request the list server sends a confirmation email back Users must confirm their subscription via a reply email to be added as a subscriber NOTE The confirmation email is a requirement and cannot be turned off e Sending a_newsletter discussion post Members with permissions to send email to the list are required to send the email to the newsletter list mailing address lt newslettername gt yourdomain com e Unsubscribing from the list To unsubscribe from the list users must send an email to lt newslettername gt unsubscribe yourdomain com Tip To enable users to easily subscribe to newsletters add a web form asking for name and email address and direct output to lt newslettername gt subscribe yourdomain com 4 5 4 Importing subscribers to the list database structure When a new newsletter or discussion list is created the configuration will create
28. ly lv v4 lvl v vlvlvlv v y v vlv y v y y y v vlvy y ly vi v vlv v ylv viv y v y yly y y y v ly y mi Screenshot 78 Configuring when GFI MailEssentials should pick up email 4 Click on Schedule and specify the hours when GFI MailEssentials should dial up to pick up email A check mark indicates that GFI MailEssentials will dial out A cross indicates that GFI MailEssentials will not dial out at this hour 5 Click OK to finalize your configuration 5 2 Email monitoring Email monitoring enables the sending of copies of emails sent to or from a particular local email address to another email address This enables the creation of central stores of email communications for particular persons or departments This feature can also be used as a replacement for email archiving since emails are automatically sent to Microsoft Exchange Server or Microsoft Outlook store 98 e Miscellaneous Administration and configuration manual 5 2 1 Enabling Disabling email monitoring 1 Right click Email management gt Mail Monitoring and select Properties Mail Monitoring Properties x Mail Monitoring La Mail Monitoring configuration I Enable Outbound Monitoring Cancel Apply Screenshot 79 Enable or disable email monitoring 2 Enable disable all inbound and outbound email monitoring rules by checking unchecking Enable Inbound Monitoring and Enable Outbound Monitoring checkboxes 3 Click OK button to sa
29. priority of spam filter execution Specify filter priority Plug in Priority Filter Level 4 IP Whitelist 1 Full Email Sender Policy Framework 2 Full Email 4 y Emai DomainsAuto Whitelist 3 Full Email je Directory Harvesting 4 Full Email E Phishing URL Blacklist 5 Full E mail Be SpamRazer 6 Full Email y Keyword Whitelist 7 Full E mail 5 Custom Blacklist 8 Full Email L DNS Blacklists 9 Full E mail Spam URI Realtime Blocklists 10 Full Email ay Bayesian Analysis 11 Full Email os Header Checking 12 Full Email Ty Keyword Checking 13 Full Email Default Settings Screenshot 59 Assigning filter Priorities 1 Right click Anti Spam gt Filter Priority node and select Properties 2 Select a filter and click on the t up button to assign a higher priority to the selected filter or click on the 4 down button to assign a lower priority to the selected filter NOTE Click on the Default Settings button to restore the filter order to the default order 3 Click OK button to finalize your configuration Changes take effect immediately 4 3 Disclaimers Disclaimers are standard text added to the bottom or top of outbound email for legal and or marketing reasons These assist companies in protecting themselves from potential legal threats resulting from the contents of an email and to add descriptions about the products services offered Important notes 1 Disclaimers are only added to outbound email
30. profile to login when using the Rules Manager the first time only 3 Click OK to launch the Rules Manager Rules Management Ed Rules bob jones Configure V Administrator V System Attendant Remove all V journal M Select mailboxes All With rules Without rules john smith Screenshot 96 The GFI MailEssentials Rules Manager 4 The main window of the rules manager displays all the mailboxes enabled on the Microsoft Exchange Server The color of the mailboxes indicates the status of that mailbox e Blue mailbox has rules configured e Black mailbox has no rules configured Setting new rules 1 Check the mailboxes to set a rule on and click Configure to launch the Configure global rule dialog NOTE 1 New rules can be added to mailboxes which already contain rules NOTE 2 Select multiple mailboxes to configure the same rule applicable to all mailboxes Administration and configuration manual Miscellaneous e 117 Configure global rule x Rule condition Check if subject contains JUNK m Rule action C Delete Move to Inbox unk Cancel Screenshot 97 Adding a new rule in Rules Manager 2 In the Rule Condition text box type the tag given to the spam email in the GFI MailEssentials spam actions 3 Specify the Rule action e Select Delete to delete an email which has a subject that contains the rule conditi
31. send email to this newsletter Only users that are present on the list below are permitted to send email to this newsletter You can optionally set a password that permitted users will be required to use when sending email to the list eee amp a Remove MV Password required ieee Screenshot 73 Setting permissions to the newsletter 2 In the Permissions tab click the Add button and specify the users with permissions to submit an email to the list Email addresses are added to Email list 3 Enable passwords by selecting the Password required checkbox and providing a password For more information on how to use this feature refer to the next section Securing newsletters with a password Securing newsletters with a password NOTE Discussion lists cannot be secured with passwords 1 Right click the list to set permissions for and select Properties 2 In the Permissions tab select Password required checkbox and provide a password IMPORTANT Users must authenticate themselves by including Administration and configuration manual Customizing GFI MailEssentials 91 the password in the email subject field on sending emails to the newsletter The password must be specified in the subject field as follows PASSWORD lt password gt lt The Subject of the email gt e Example PASSWORD letmepost Special Offer If password is correct list server will remove the password details from the subject and relay o
32. showarticle asp id KBID003267 1 Ensure that your license key is valid 2 Ensure that the required ports are open and that your firewall is configured to allow connections from the GFI MailEssentials server to connect to any proxy server as defined in your configuration For more information on how to solve this issue refer to http kbase gfi com showarticle asp id KBID002184 As per the Sender Policy Framework standard GFI MailEssentials Sender Policy Framework will only verify the SMTP From header information within an email and disregards the MIME From Troubleshooting amp support e 125 header A recent trend adopted by spammers is to use an SMTP From address which does not have an SPF record If GFI MailEssentials Sender Policy Framework has been configured on Low or Medium such emails will not be blocked by Sender Policy Framework as this does not result in an SPF fail It is not recommended to set Sender Policy Framework to High since the majority of mail servers do not yet have an SPF record Such emails have a high chance of being blocked by SpamRazer or DNS Blacklists 6 7 Disclaimers Issue encountered Solution 1 No disclaimers are added to Ensure that local domains are configured correctly Refer to the outbound emails Getting Started guide for more information 2 Some characters in disclaimer text Configure Microsoft Outlook not to use automatic encoding and are not displayed corr
33. sure that these are the correct IP s before enabling the Botnet Zombie Check Configured IP s 192 168 1 220 Screenshot 47 Current Perimeter SMTP Server setup 7 lf this computer is NOT your SMTP server a dialog box showing the perimeter SMTP server settings that you have configured in GFI MailEssentials i e the IPs specified for your perimeter SMTP server is displayed If GFI MailEssentials is not installed on a perimeter gateway server then the Perimeter SMTP Servers option in the Anti Spam node properties has to be configured for the Botnet Zombie Check to Function correctly Screenshot 48 Reminder SPF must be installed on the perimeter SMTP server 7 If this installation is on the SMTP server or if the mail server where GFI MailEssentials is installed is not yet specified a dialog box will remind that this computer is not a perimeter server 8 Click Actions or Other tab to select the actions to perform on messages identified as spam For information on the actions to perform refer to the Spam Actions What to do with spam email section in this manual 9 Click OK to finalize your configuration 4 2 10 Spam URI Realtime Blocklists SURBL A Universal Resource Identifier URI is a standard means of addressing resources on the Web Common URIs such as Uniform Resource Locators URLs and Uniform Resource Names URNs are used to identify the destination of hypertext links as well as the sources of i
34. the Edit or Delete button to edit or delete it 12 Click the OK button to save the settings 104 e Miscellaneous Administration and configuration manual 5 3 3 Installing BITS Server Extension on the master server 1 Download BITS v1 5 Server Component Microsoft and run it on the master server from http Awww microsoft com downloads details aspx FamilyID 1796784 8 be86 4cd6 89 1c ec824161 1ad4 amp displaylang en 2 Follow BITS Server Setup Wizard instructions to finalize installation 3 From Control Panel load Add or Remove Programs and select Add Remove Windows Components tab 4 From the Windows Components Wizard dialog select Application Server from the Components list and click Details 4 From the Application Server dialog select Internet Information Services IIS in the Subcomponents of Application Server list and click Details 5 Check the Background Intelligent Transfer Service BITS Server Extension checkbox from Subcomponents of Internet Information Services IIS list and click OK button 6 Click OK to close the Application Server dialog 7 From the Windows Components Wizard dialog click Next button to start the installation 8 On completion click Finish to close the Windows Components Wizard 5 3 4 Configuring a slave server Important notes To configure a server as a slave server it must meet one of the following system specifications e Microsoft Windows 2003 It is recommend that you do
35. to a database of URIs known to be used in phishing attacks Phishing also looks for typical phishing keywords in the URIs The Phishing filter is enabled by default on installation Configuring Phishing NOTE 1 Disabling Phishing is NOT recommended 1 Select Anti Spam gt Anti Spam Filters gt Phishing gt Properties 42 e Customizing GFI MailEssentials Administration and configuration manual Phishing Properties x Phishing Keywords Updates Actions Other Phishing URI Realtime Blocklist PURBL configuration IV Check URI s in mail messages for typical phishing keywords Keyword Keywords 1 paypal ebay lloydstsb Edits W barclays citifi citibank W wellsfargo w chaseonline amazon w bankofamerica W abbeynational W bankofthewest W firsttennessee Import 1l chase Export OK Cancel Apply Screenshot 28 Phishing keywords 2 From the Phishing tab perform the following actions e Select unselect Check mail messages for URI s to known phishing sites option to enable disable Phishing 3 From the Keywords tab perform the following actions e Select unselect the Check URIs in mail messages for typical phishing keywords option to enable disable checks for typical phishing keywords e Click Keyword button and enter keywords in the Enter a keyword dialog to add keywords to the Phishing filter e Select a keyword and click Edit or Remove
36. to edit or remove a keyword previously keyed in the Phishing filter e Click Export to export current list of keywords in XML format e Click Import button to import a keyword list previously exported to XML Administration and configuration manual Customizing GFI MailEssentials o 43 Phishing Properties x Phishing Keywords Updates Actions Other f D Automatic Anti phishing updates It is recommended to check for updates every 10 minutes To minimize bandwidth consumption only the difference between the local data and that on the update server is downloaded IV Automatically check for updates every 10 minutes I Send a notification email when an update succeeds IV Send a notification email when an update fails Download updates now Cancel Apply Screenshot 29 Automatic anti phishing updates 4 From the Updates tab perform any of the following actions e Select unselect Automatically check for updates checkbox to enable or disable the automatic check for and download of any anti phishing updates NOTE It is highly recommended to enable this option so that frequent updates enable Phishing to be more effective in detecting the latest phishing emails e Select unselect Send a notification email when an update succeeds checkbox to be informed via email when new updates are downloaded e Select unselect Send a notification email when an update fails to be informed when a download or inst
37. to non local domains Domain Usage Statistics Report Type nbound Gnl G Gothoundi Ony Report Options Sort column Email Direction Domain x Inbound T Highlight domain records when the following conditions match Direction Amount more than 1 MBytes l Display top records only for current sort column lop D I Multiple page report Records per page 50 Filter Options Specific Domain Date Range No Date Range x Screenshot 18 Domain usage statistics filter dialog Report Type e Report Type By default report data for domain usage statistics is always for both inbound and outbound emails Report Options e Sort by Specify if the report is sorted by domain name by number of emails or by the total size of the emails e Highlight domains Identify domains that send or receive more than a specific number of emails or a specific number of megabytes of email e List to List only the top number of domains in the report e Multi Page report Specify the number of domains to display per page Filter options e Specific domain Limit the report to a specific domain e Date Range Limit the report to a specific date range When all report options are selected click Report button to generate report Administration and configuration manual Routine Administration e 31 3 7 7 Mail Server Daily Usage Statistics This report gives an overview of how many emails per day are sent
38. to remove any unwanted views and forms from the database created previously Administration and configuration manual Recommended post install actions e 13 3 Routine Administration 3 1 Reviewing spam email 3 1 1 Spam review process 1 Instruct the individual email users to periodically review spam emails 2 In case of legitimate emails being identified as spam refer to the Managing legitimate email section below to instruct GFI MailEssentials on how not to classify similar emails as spam 3 In case of spam emails being incorrectly identified as spam false positives refer to the Managing spam section below for instructions on how to instruct GFI MailEssentials on how to classify similar emails as spam 3 2 Managing legitimate email As with any anti spam solution GFI MailEssentials might require some time until the optimal anti spam filtering conditions are achieved In cases where this is not yet achieved there might be instances where legitimate email might be identified as spam In such cases users should add emails incorrectly identified as spam to the Add to whitelist and to the This is legitimate email folders to teach GFI MailEssentials that the email in question is not spam Important notes In Microsoft Outlook dragging and dropping email moves the email to the selected folder To retain a copy of the email hold down the CTRL key to copy the email rather than moving it 3 2 1 Adding s
39. to retrieve scan email from public folders Users will have access to the GFI AntiSpam folders 1 Create a new Active Directory AD user with power user privileges 2 From the Microsoft Exchange System Manager expand Folders gt Public Folders node 3 Right click GFI AntiSpam Folders public folder and select Properties 4 Click Permissions tab and select Client permissions 8 e Recommended post install actions Administration and configuration manual Client Permissions Ed Name Role Author Contributor Add GFI AntiSpam Remove Wu Properties m Permissions Roles Owner z V Folder owner IV Folder contact lV Create items MV Read items MV Create subfolders MV Folder Visible Edit items Delete items C None C None C Own Own All All Cancel Help Screenshot 4 Setting user role 5 Click Add select new user and click OK 6 Select new user from the client permissions list and from provided list set its role to Owner Ensure that all checkboxes are selected and the radio buttons are set to All 7 Click OK to finalize your configuration 8 From the Microsoft Exchange System Manager right click GFI AntiSpam Folders and select All tasks gt Propagate settings NOTE For Microsoft Exchange Server 2003 SP2 select click GFI AntiSpam Folders and select All tasks gt Manage Settings option 9 Select the Folder rights or Modify c
40. 00 risk free 4 100 true 418 to enter Screenshot 52 Anti spam keyword checking properties 2 Choose Scan e mail body for the following keywords or combinations of keywords checkbox to enable this feature 3 Click Keyword button to enter keywords If multiple words are keyed in then GFI MailEssentials will search for that phrase e Example For Basketball sports GFI MailEssentials will check for the phrase Basketball sports Only this phrase would activate the rule not the word basketball OR sports separated by some other words 70 Customizing GFI MailEssentials Administration and configuration manual Specify a combination of keywords to search for Create a combination of keywords that will identify a particular e mail as spam For example IF word AND word2 OR word3 will classify an e mail as spam if both word and word2 are in the e mail or if just word3 is in the e mail mo efor Operator Word __Bemave y IF sports LIOR basketball Move Up Move Down OK Cancel Screenshot 53 Adding a condition 4 Add logical operators by clicking the Condition button NOTE Conditions are combinations of keywords using the operands IF AND AND NOT OR OR NOT Using conditions specify combinations of words that must appear in the email e Example A condition If Word1 AND Word will check for Word1 and Word2 Both words would have to be present in the email to act
41. 5 Adding additional inbound email domains Anti spam filters Disclaimers Auto replies List servers 5 Miscellaneous Setting up POP3 and dialup downloading Email monitoring Synchronizing configuration data GFI MailEssentials Configuration Export Import Tool Configuring automatic updates Selecting the SMTP Virtual Server to bind GFI MailEssentials Remote commands Moving spam email to user s mailbox folders Tracing 6 Troubleshooting amp support Introduction User manual Common issues Managing Spam Archiving and Reporting Anti Spam filters amp actions Administration and configuration manual NNa OAU W 120 123 123 123 123 124 124 125 Contents e i 10 ii e Contents 6 12 6 13 6 14 6 15 6 16 Disclaimers Email monitoring List Servers Miscellaneous Knowledge Base Common checks Web Forum Request technical support Build notifications Documentation Appendix 1 How does GFI MailEssentials work 7 1 7 2 Inbound mail filtering Outbound mail filtering Appendix 2 Bayesian Filtering Glossary Index 126 126 126 126 127 127 127 127 128 128 129 129 130 131 135 139 Administration and configuration manual 1 About GFI MailEssentials 1 1 Introduction GFI MailEssentials is a server based anti spam solution that provides key corporate email anti spam features for your mail server Installed as an add on to your mail server GFI MailEss
42. 71 Mapping custom fields 6 Select a variable from the Variables list and the corresponding Database Field option and click Map Field button to Map the required fields with the custom fields found in the database Click Finish to finalize your configuration The fields to map are e FirstName_To Map to a string field containing the first name of a subscriber e LastName_To Map to a string field containing the last name of a subscriber e Company Map to a string field containing the company name of a subscriber e Email_To Map to a string field containing the email address of a subscriber e Unsubscribe Map to an integer or Boolean value field which is used to define whether the user is subscribed to the list or not Administration and configuration manual Customizing GFI MailEssentials 89 4 5 2 Configuring advanced newsletter discussion list properties After creating a new list further options can be configured which enable the customization of elements and behavior of the list The available options are e Creation of a custom footer Configure a custom HTML or text footer A footer will be added to each email e Setting permissions to the list Specify who can submit an email to the list If list is not secured anybody can send an email to the entire list by sending an email to the list address NOTE Permissions are not configurable for discussion lists e Secure newsletter discussion with
43. Administration and configuration manual Customizing GFI MailEssentials 47 Sender Policy Framework Properties x General Exceptions Actions Other Configure any IP addresses and recipients that should be excluded from SPF checks IV IP exception list Add 192 134 23 42 Remove IV Recipient exception list Add recipient company com Remove gessoeoseesosseseeseoeoocossesesosoesososossososossssosoesososocessososocsoessoocossesosossesesososscsossssossesseg M Use the Trusted Forwarder SPF Global Whitelist Cancel Apply Screenshot 33 Configuring the SPF exceptions 6 Select the Exceptions tab to configure IP addresses and recipients to exclude from SPF checks e IP exception list Entries in this list automatically pass SPF checks Select Add to add a new IP address or select entries from the list and click Remove button to remove entries To disable the IP exception list unselect the IP exception list checkbox e Recipient exception list This option ensures that certain recipients always receive emails even if the messages are rejected A recipient exception can be entered in any of three ways o localpart abuse matches abuse abc com abuse xyz com etc o domain abc com matches john abc com jill abc com etc o complete joe abc com only matches joe abc com To disable the recipient exception list unsel
44. Anti Spam filters amp actions 1 Spam is delivered to users mailbox 2 Email blacklists and or keyword checking pages take long to load or appear to hang 3 SpamRazer updates not downloading 4 Some Spam emails bypass the Sender Policy Framework filter Administration and configuration manual Follow the checklist below to solve this issue 1 Check that GFI MailEssentials is not disabled from scanning emails Refer to Disabling Enabling email processing in this manual for more information on how to start scanning 2 Check if all required anti spam filters are enabled 3 Check if local domains are configured correctly 4 Check if emails are passing through GFI MailEssentials or if GFI MailEssentials is bound to the correct IIS SMTP Virtual Server 5 Check if TEMP location which by default is the C Windows Temp folder contains a lot of files 6 Check if the number of users using GFI MailEssentials exceeds the number of purchased licenses 7 Check if whitelist is configured correctly 8 Check if actions are configured correctly 9 Check if Bayesian filter is configured correctly For more information on how to solve this issue refer to http kbase gfi com showarticle asp id KBID003256 Limit the amount of entries in the GFI MailEssentials lists to 10 000 For more information on how to solve this issue refer to http kbase gfi com showarticle asp id KBID002915 and http kbase gfi com
45. Click Download updates now to download updates NOTE To download updates using a proxy server refer to Configuring automatic updates section of this manual 4 Click Actions or Other tab to select the actions to perform on messages identified as spam For more information refer to the Spam Actions What to do with spam email section in this manual Click OK to finalize your configuration Administration and configuration manual Customizing GFI MailEssentials 41 4 2 3 Phishing Phishing is an email based social engineering technique aimed at having email users disclose personal details to spammers A phishing email is most likely crafted to resemble an official email originating from a reputable business for example a bank Phishing emails will usually contain instructions typically requiring users to reconfirm sensitive information such as online banking details or credit card information Phishing emails usually include a phishing Uniform Resource Identifier URI that the user is supposed to follow to key in some sensitive information on a phishing site The site pointed to by the phishing URI might be a replica of an official site but in reality it is controlled by whoever sent the phishing emails When the user enters the sensitive information on the phishing site the data is collected and used for example to withdraw money from bank accounts The Phishing feature detects phishing emails by comparing URIs present in the email
46. Edit Import and Export buttons to modify existing keywords 54 Customizing GFI MailEssentials Administration and configuration manual Whitelist Properties xi Whitelist Auto whitelist Keyword Whitelist Body Keyword whitelist Subject IP Whitelist Actions Specify IP addresses of servers whose emails will bypass spam checking JV Enable IP Whitelist Mask 192 168 3 48 255 255 255 255 J Edit Delete i If perimeter servers are configured the verified IP address is the one sending to the perimeter If no perimeters are configured the verified IP address is the IP of the server sending to GFI MailEssentials OK Cancel Apply Screenshot 39 Whitelisting IPs 7 Select the IP Whitelist tab to automatically allow emails received from specific IP addresses Enable this feature by selecting the Enable IP Whitelist option and click Add button to key in a single IP address or subnet mask to bypass SPAM checks 8 Click Actions tab to enable disable logging of whitelist occurrence to a file Click Browse to specify a folder where to save logs 9 Click OK to finalize your configuration 4 2 6 Directory harvesting Directory harvesting attacks occur when spammers use known email addresses as a template to create other email addresses addressed to corporate or ISP email servers Spammers send emails to randomly generated email addresses and while some email addresses may match
47. GFI MailEssentials 14 1 Administration and Configuration Manual By GFI Software Ltd GFI http www gfi com Email info gfi com Information in this document is subject to change without notice Companies names and data used in examples herein are fictitious unless otherwise noted No part of this document may be reproduced or transmitted in any form or by any means electronic or mechanical for any purpose without the express written permission of GFI Software Ltd GFI MailEssentials was developed by GFI Software Ltd GFI MailEssentials is copyright of GFI Software Ltd 1998 2009 GFI Software Ltd All rights reserved GFI MailEssentials is a registered trademark and GFI Software Ltd and the GFI logo are trademarks of GFI Software Ltd in the Europe the United States and other countries Version ME ACM EN 1 02 005 Last updated December 15 2009 Contents 1 About GFI MailEssentials Introduction Using this manual Licensing Minimum Requirements amp Installation 2 Recommended post install actions 2 1 2 2 2 3 Introduction Route spam to dedicated spam folders Enable public folder scanning 3 Routine Administration Reviewing spam email Managing legitimate email Managing spam Viewing anti spam status on dashboard Generating spam digests Creating email archives Spam status and email processing reports Disabling Enabling email processing 4 Customizing GFI MailEssentials 4 1 4 2 4 3 4 4 4
48. Interface AWI on Microsoft IIS 7 0 x86 systems To install AWI on Microsoft IIS 7 0 you need to e Install the IIS Web Server Role Services e Configure the IIS Web application which will be used by AWI AWI requires the following IIS Web Server Role Services in order to work correctly e ASP e Windows Authentication 24 e Routine Administration Administration and configuration manual To install IIS Web Server Role Services on Microsoft Windows 2008 1 Open the Server Manager 2 Expand the Roles node and select Web Server IIS 3 From the right pane click on the Add Role Services button 4 Select the ASP and the Windows Authentication role services and click Next 5 Click on the Install button to install the role services Configure the IIS Web application to be used by AWI on IIS 7 0 To configure AWI on IIS 7 0 1 Open Administrative Tools 2 Enter the Internet Information Services IIS Manager 3 Right click on the website under which will host AWI web interface and click Add Application 4 Enter AWI as the Alias and enter the path to the AWI wwwroot folder located at lt GFI MailEssentials AWl wwwroot gt Add Application HEI Site name Default Web Site Path l Alias Application pool awr DefaultAppPool Select Example sales Physical path c Program Files GFI MailEssentials A WIiwwwroot Ade Pass through authentication Connect
49. MIME to fields are the same The spammers email server always has to include an SMTP to address However the MIME to email address is often not included or is different NOTE This feature identifies a lot of spam however some list servers do not include the MIME to either It is therefore recommended to whitelist newsletter sender address to use this feature e Check if email contains remote images only Flag emails that only have remote images and a minimal amount of text as spam Administration and configuration manual Customizing GFI MailEssentials 67 Assists in identifying image only email spam e Verify if sender domain is valid Performs a DNS lookup on the domain in the MIME from field and verifies the domain validity NOTE Ensure that the DNS server is properly configured to avoid timeouts and slow email flow In addition a lot of valid email can be tagged as spam Test your DNS server services by clicking Test button e Maximum numbers allowed in MIME FROM Identifies the presence of more than 3 numbers in the MIME from as a spam message Spammers often use tools that automatically create reply to addresses Frequently they use 3 or more numbers in the name to make sure the reply to is unique e Checks if the email subject contains the first part of the recipient email address Identifies the personalized spam email where spammers frequently include the first part of the recipient email address in the subj
50. P configuration settings NOTE 1 Specify authentication credentials using Domain User format for example master domain administrator NOTE 2 In an Active Directory the LDAP server is typically the Domain Controller 3 In the Block if non existent recipients equal or exceed option specify the amount of non existent recipients that will qualify the email as SPAM If the total amount of recipients is less than the number specified the action configured is triggered only if ALL the recipients do not exist otherwise the email is not marked as SPAM NOTE Avoid false positives by configuring a reasonable amount in the Block if non existent recipients equal or exceed edit box This value should account for users who send legitimate emails with mistyped email addresses or to users no longer employed with the company 4 Click Actions or Other tab to select the actions to perform on messages identified as spam For information on the actions to perform refer to the Spam Actions What to do with spam email section in this manual NOTE If Directory Harvesting is set at SMTP protocol sink level only the Log Occurrence option will be available in the Actions tab Stage 2 Selecting the Directory Harvesting method 1 Navigate to Anti spam gt Filter Priority gt Properties and click the SMTP Transmission Filtering node Administration and configuration manual Customizing GFI MailEssentials e 57 Filter Priority x Filter Prio
51. Policy Framework filter on a non gateway server installation 1 Right click Anti spam gt Anti Spam Settings gt Properties and select Perimeter SMTP Servers tab 2 Click Auto Discovery button in the Perimeter SMTP setup option to perform a DNS MX lookup and automatically define the IP address of your perimeter SMTP server Configuring the Sender Policy Framework 1 Select Anti Spam gt Anti Spam Filters gt Sender Policy Framework gt Properties Administration and configuration manual Customizing GFI MailEssentials o 45 Sender Policy Framework Properties Screenshot 30 Configuring the SPF block level 2 Define the sensitivity of the SPF test using the slider and click Apply Choose between four levels e Never Do not block any messages SPF tests are omitted e Low Only block messages that are determined to have a forged sender This option treats any message with forged senders as spam e Medium Block messages which appear to have a forged sender This option treats all messages that appear to have a forged sender as spam NOTE This is the default and recommended setting e High Block all messages that are not proven to be from a sender This option treats all email as spam unless it could be proven that the sender is not forged NOTE Since the majority of mail servers do not yet have an SPF record this option is not recommended 46 e Customizing GFI MailEssentials Administration and conf
52. Programs gt GFI MailEssentials gt GFI MailEssentials Dashboard EQ GFI MailEssentials Dashboard Eile Options Programs Help Status Statistics P2E Logging Status of key services GFI MailE ssentials Managed Attendant Service is Running oO GFI MailEssentials Legacy Attendant Service is Running v GFI MailEssentials Enterprise Transfer Agent is Running GFI List Server is Running o GFI MailE ssentials POP2E xchange Service is Running o GFI MailE ssentials Scan Engine is Running MTA Logging Received Time Processed Time Engine Sender Recipients Subject Description fal postmaster postmaster 09 09 2008 11 06 24 09 09 2008 11 06 24 h 09 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 8 09 09 2008 11 06 24 09 09 2008 11 06 24 h 09 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 03 09 2008 11 06 24 03 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 postmaster postmaster postmaster postmaster postmaster postmaster jens exteral ext jens extermal ext jens extemal ext jens exteral ext jens extermal ext jens external ext jens extermal ext jens extemal ext Undel Undel Undel Undel Undel Undel Undel Undel liverable liverable liverable liverable iverable liverable liverable liverable Processed successful Processed successful Pro
53. Public Folder Scanning ub Configure use of public folders for classification of emails V Enable Public Folder Scanning Interval in hours between scanning of the public folder 2 Poll public folders via IMAP bd scan hay IMAP configuration Server win2k8sv Port 1143 I Use SSL Username administrator Password p Test NOTE IMAP cannot be used to access Exchange 2007 Public Folders Cancel Apply Screenshot 2 Configuring Public folder scanning 2 Select Public Folder Scanning tab and click on Enable Public Folder Scanning checkbox 3 From the Poll public folders via list select the method GFI MailEssentials uses to retrieve emails from public folders e Exchange Server 2000 2003 Select MAPI IMAP or WebDAV e Exchange Server 2007 Choose WebDAV or Web Services e Exchange Server 2010 Choose Web Services Available options are e MAPI To use MAPI GFI MailEssentials must be installed on the machine on which Microsoft Exchange Server is installed No other settings are required e IMAP Requires Microsoft Exchange IMAP service IMAP enables remote scanning of public folders and works well in environments running firewalls In addition IMAP can be used with other Mail servers that support IMAP Parameters required are o Mail server name o Port number default IMAP port is 143 o Username password o Select the Use SSL option to use a secure connection A
54. W anti spam data to slave servers MV This GFI MailEssentials server is also a master server There should only be 1 master server Published IIS virtual directory from where the anti spam data will be distributed Wait for data from the following slave servers hostnames before merging server2 master domain com servers master domain com Edit Delete Merge data now OK Cancel Apply Screenshot 83 Configuring a master server 9 From the Master tab check This GFI MailEssentials server is also a master server checkbox and key in the full path of the folder configured to hold the contents of the virtual directory 10 Click Add button and enter the hostname of the slave server in the Server edit box Click OK to add it to the list Repeat this step and add all the other slave servers configured NOTE 1 Ensure that you configure all the machines you add to this list as slave servers else the anti spam synchronization agent on the master server will never merge the data NOTE 2 A master server can also be a slave server at the same time In this case the server will merge its own anti spam settings data to the ones uploaded by the other slave servers For this to work it is required to add the master server hostname to the list of slave servers as well For more information refer to the Configuring a slave server section in this manual 11 If required select a slave server from the list and click
55. a password Set a password which secures access to newsletter discussion in case someone else makes use of the email client or account details of a permitted user e Adding subscribers to the list Add users to newsletters discussions without any action on their behalf Creating a custom footer for the list Company_Activities Properties General Database Footer Variables Permissions b Configure the text and HTML footers for emails generated by this list HTML Footer List address Company _Activities master domain com Unsubscribe Company _Activities unsubscribe master domain com Edit HTML Text Footer List address Company_Activities master domain com Unsubscribe Company_Activities unsubscribe master domain com Variable OK Cancel Apply Screenshot 72 Newsletter footer properties 1 Right click the list to add a footer to and select Properties 90 Customizing GFI MailEssentials Administration and configuration manual 2 In the Footer tab click Edit HTML to create an HTML footer NOTE Use the footer to communicate how users can subscribe and unsubscribe from the list Setting permissions to the list NOTE Permissions are not configurable for discussion lists 1 Right click the list to set permissions for and select Properties Company_Activities Properties General Database Footer Variables Permissions wb Specify users allowed to
56. ady connected Dial on demand router Username Password Dial every minutes fi 0 Schedule Cancel Apply Screenshot 77 Dial up options 3 Select a dial up networking profile and configure a login name and password The following options are available e Use this Dial Up Networking profile Choose the Dial up Networking profile to use e If not connected dial GFI MailEssentials will only dial up if there is no connection e Username Enter the username used to logon to your ISP e Password Enter the password used to logon to your ISP e Process only when already connected GFI MailEssentials will only process email if a connection already exists e Dial on demand router In case of an internet connection that is automatically established such as a dial on demand router select this option GFI MailEssentials will pick up email at the specified interval without triggering a dial up connection e Process every minutes Enter the interval at which GFI MailEssentials must either dial up or check if a connection already Administration and configuration manual Miscellaneous e 97 exists depends on whether you set GFI MailEssentials to dial up or to only process email when already connected Dialup Scheduler x Specify weekly dialing hours Dial allowed only at the following hours of the week Te 03h 06h 03h 12h 15h 18h 2th 24h vv lle vv lvl lvl v vlvlv y v v ylviv v v vly vivly v v
57. allation fails NOTE To download updates using a proxy server refer to Configuring automatic updates section of this manual 5 Click Actions or Other tab to select the actions to perform on messages identified as phishing emails For more information refer to the Spam Actions What to do with spam email section in this manual Click OK to finalize your configuration 4 2 4 Sender Policy Framework SPF The Sender Policy Framework filter is based on a community based 44 Customizing GFI MailEssentials Administration and configuration manual effort which requires that the senders publish their mail server in an SPF record This filter detects forged senders e Example If an email is sent from xyz CompanyABC com then companyABC com must publish an SPF record in order for SPF to be able to determine if the email was really sent from the companyABC com network or whether it was forged If an SPF record is not published by CompanyABC com the SPF result will be unknown For more information on SPF and how it works visit the Sender Policy Framework website at http www openspf org The SPF filter is NOT enabled by default and should only be enabled in cases where you think that the threat of forged senders is high GFI MailEssentials does not make it a requirement to publish any SPF records To publish SPF records use the SPF wizard at http Avww openspf org wizard html Prerequisites Before enabling the Sender
58. amRazer engine checkbox to enable or disable SpamRazer 40 e Customizing GFI MailEssentials Administration and configuration manual SpamRazer Properties x SpamRazer Updates Actions Other f a Automatic SpamRazer updates lt It is recommended to check for updates every 10 minutes To minimize bandwidth consumption only the difference between the local data and that on the update server is downloaded IV Automatically check for updates every 30 minutes IV Send a notification email when an update succeeds IV Send a notification email when an update fails Last attempt 2 Jun 2009 12 56 52 Last attempt result Successful Current version 2009 06 08 13 01 11 Download updates now Cancel Apply Screenshot 27 Automatic SpamRazer updates 3 From the Updates tab perform any of the following actions e Select unselect Automatically check for updates checkbox to configure GFI MailEssentials to automatically check for and download any SpamRazer updates Specify the time interval in minutes when to check for updates NOTE It is recommended to leave this option enabled for SpamRazer to be more effective in detecting the latest spam trends e Select unselect Send a notification email when an update succeeds checkbox to be informed via email when new updates are downloaded e Select unselect Send a notification email when an update fails to be informed when a download or installation fails e
59. an forward and distribute email from POP3 mailboxes to mailboxes on the mail server e Email monitoring Central information stores are typically easier to manage than distributed information GFI MailEssentials enables sending of email copies to a central store of email communications of a particular person or department For more information on how GFI MailEssentials filters emails for inbound and outbound emails refer to Appendix 1 How does GFI MailEssentials work in this manual 1 2 Using this manual This user manual is a comprehensive guide that aims to assist systems administrators in configuring and using GFI MailEssentials in Administration and configuration manual About GFI MailEssentials e 1 the best way possible It builds up on the instructions provided in the GFI MailEssentials Getting Start Guide and describes the configuration settings that systems administrators must do so to achieve the best possible results out of the software This manual contains the following chapters Chapter 1 Introduces this manual Chapter 2 Provides detailed information on the routine administration tasks that administrators must perform on a day to day basis Chapter 3 Gives detailed information on how customize GFI MailEssentials This includes customizing anti spam filters and their actions as well as disclaimers and auto replies Chapter 4 Provides detailed information on how to perform other maintenance and setup tasks tha
60. an use POP3 to retrieve email 5 1 1 Configuring the POP3 downloader 1 Select POP2Exchange node and double click General item POP2E xchange Configuration 20x POPS Dialup Configure downloading of emails from POPS server M Enable POP2E xchange POPS Server Alternate address Add Hemave gt Edit Check every 10 minutes Do not download mails larger than 2000 KBytes If mail is larger then Delete it Re Cancel Apply Administration and configuration manual Miscellaneous e 95 Screenshot 75 The GFI MailEssentials pop3 downloader 2 In the POP3 tab select Enable POP2Exchange checkbox to enable POP3 downloader 3 Click Add to add a POP3 mailbox from which to download email Add POP3 Mailbox Ed i Specify POP3 download details POP3 Server I Login Password Delivery options Please provide an alternate address for this mailbox If the recipient is not on a localdomain the email will be forwarded to this address Alternate address for this mailbox Send mail to address stored in To field x Cancel Screenshot 76 Adding a POP3 mailbox 4 Key in the POP3 server details mailbox login name and password of the mailbox Choose between e Send mail to address stored in To field GFI MailEssentials will analyze the email header and route the email accordingly If email analyzing fails email is sent to the email addr
61. and configuration manual Routine Administration e 29 User Usage Statistics Report Type i C Qutbound Only C Both Directions Report Options Sort column Email Direction Email ddress fal nbound vu P Highlight user records when the following conditions match Direction Amount more than I Display top records only for current sort column Multiple page report sds Ber Page Filter Options Specific Email Date Range No Date Range Cram PL oe Screenshot 17 User usage statistics filter dialog Report Type e Report Type Specify reporting on inbound emails outbound emails or both Report Options e Sort by Specify sorting by email address by number of emails or by the total size of the emails e Highlight users Identify users who send or receive more than a specific number of emails or specific number of megabytes of email e List top List only the top number of users in the report e Multi Page report Specify the number of users to display per page Filter options e Specific Email Limit the report to a specific email address e Date Range Limit the report to a specific date range When all report options are selected click Report button to generate report 3 7 6 Domain Usage Statistics The domain usage statistics report gives an overview of how many 30 e Routine Administration Administration and configuration manual emails are sent or received
62. aster domain com 3 68 KBytes 2 0 00 KBytes 0 vickyp master domain com 1 83 KBytes 1 0 00 KBytes o Total IN Size Total IN Emails Total OUT Size Total OUT Emails 659 93 KBytes 713 0 00 KBytes D Copyright GFI Software Ltd Screenshot 20 The user communications report shows exact email trail Report Type e Report Type Specify reporting on inbound emails outbound emails or both Report Options e Sort by Specify if the report should be sorted by email address by number of emails or by the total size of the emails e Highlight users Identify users who sent or received more then a number of emails or a number of megabytes of email e List top List only the top specified number of users in the report e Multi Page report Specify the number of users to display per page Filter options Administration and configuration manual Routine Administration e 33 e Specific Email Limit the report to a specific email address e Date Range Limit the report to a specific date range User Communications Email Address aram oso872003 z ovos z Screenshot 21 User communications filter dialog On selecting the required options click Report button to generate report 3 7 9 Miscellaneous options e Excluding users from reports The exclude users tool enables users to be exempted from reports From the Tools gt Excluded Users List click on Add button and Add or Remove SMTP e
63. ation problems next refer to the Knowledge Base The Knowledge Base always has the most up to date listing of technical support questions and patches Access the Knowledge Base by visiting http kbase gfi com 6 12 Common checks If the information contained in this manual and the knowledge base repository do not help you solve your problems 1 Ensure that all service packs for your operating system mail server and GFI MailEssentials are installed 2 Reinstall Microsoft Data Access Components MDAC to ensure its correct operation 6 13 Web Forum User to user technical support is available via the GFI web forum After referring to the information in the user manual and in the knowledge base access the web forum by visiting http forums gfi com 6 14 Request technical support If none of the resources listed above assist you in solving your issues contact the GFI Technical Support team by filling in an online support request form or by phone e Online Fill out the support request form and follow the instructions on this page closely to submit your support request on http support gfi com supportrequestform asp e Phone To obtain the correct technical support phone number for your region please visit http www gfi com company contact htm NOTE Before contacting GFl s Technical Support ensure to have your Customer ID available Your Customer ID is the online account number that is assigned to you when you fi
64. bability is greater than a threshold the message is classified as spam NOTE For more information on Bayesian Filtering and its advantages refer to http kbase gfi com showarticle asp id KBID001813 Administration and configuration manual Appendix 2 Bayesian Filtering e 133 9 Glossary Active Directory AD Auto reply Bayesian Filtering Background Intelligent Transfer Service BITS Blacklist Botnet Demilitarized Zone Disclaimer Domain Name System DMZ DNS DNS MX Email monitoring rules False positives Ham Is Internet Information Services IMAP Internet Message Access Protocol LDAP Lightweight Directory Access Protocol Administration and configuration manual A technology that provides a variety of network services including LDAP like directory services See Active Directory An email reply that is sent automatically to incoming emails An anti spam technique where a statistical probability index based on training from users is used to identify spam A component of Microsoft Windows operating systems that facilitates transfer of files between systems using idle network bandwidth See Background Intelligent Transfer Service A list of email users or domains from whom email is not to be received by users Malicious software that runs autonomously and automatically and is controlled by a hacker cracker A section of a network that is not part of the internal network and is not
65. blacklists are queried Configuring DNSBL 1 Select Anti Spam gt Anti Spam Filters gt DNS Blacklists gt Properties 2 Check the Check whether the sending mail server is on one of the following DNS Blacklists checkbox 3 Select the appropriate DNS blacklists to check incoming email against and click the Test button to check if the selected blacklists are available P Specify a domain below Domain o oO eg sbl spamhaus org eg bl spamcop net Cancel Screenshot 46 Adding more DNS blacklists Administration and configuration manual Customizing GFI MailEssentials 63 4 If required add more DNS Blacklists to the ones already listed by clicking Add button and keying in the domain containing the DNSBL NOTE The order of reference for an enabled DNS blacklist can be changed by selecting a blacklist and clicking on the Up or Down buttons 5 Select the Block emails sent from dynamic IP addresses listed on SORBS net to enable GFI MailEssentials to detect spam sent from botnet zombies by looking up the incoming connection IP with known Botnet Zombie IP addresses in the Sorbs net database 6 Click Apply to save the configuration i According to your configuration in the Perimeter SMTP Servers option in the Anti Spam node properties this computer is not on the e perimeter The IP s configured as your perimeter servers in the Perimeter SMTP Servers option are listed below Please make
66. cessed successfully Processed successfully Processed successful Processed successful Processed successful Processed successfully 09 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 h 09 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 09 09 2008 11 06 24 postmaster 09 09 2008 11 06 24 09 09 2008 11 06 24 postmaster 09 09 2008 11 06 24 09 09 2008 11 06 24 postmaster h 09 09 2008 11 06 24 09 09 2008 11 06 24 postmaster h 09 09 2008 11 06 24 09 09 2008 11 postmaster jens extermalext Undeliverable Processed successfully jens extermal ext Undeliverable jens extemalext Undeliverable jens extemalext Undeliverable jens external ext Undeliverable jens extermalext Undeliverable jens extermal ext Undeliverable jens extermal ext Undeliverable jens extemalext Undeliverable jens external ext Undeliverable jens externalext Undeliverable jens extermal ext Undeliverable Processed successful Processed successful Processed successful Processed successfully postmaster postmaster postmaster postmaster postmaster Processed successfully Processed successful Processed successful Processed successful Processed successfully Processed successfully 06 24 postmaster 09 09 2008 11 06 24
67. ch page Click on the Full Archive link in the top right corner to access the full archive page 3 7 Spam status and email processing reports GFI MailEssentials enables you to create reports based data archived to database These reports assist you in knowing what spam is being filtered out by GFI MailEssentials and what are the use levels of your mail server and domain resources Important notes Enable GFI MailEssentials archiving to use reporting Refer to Enable archiving section in this manual for details on how to enable archiving 3 7 1 Enabling reporting 1 Select Email Management gt Reporting gt Properties and click Configure button 2 Select database type e Microsoft Access Specify the file name and location e Microsoft SQL server Specify server name logon credentials and database 3 Click Test button to test the database configuration Click OK to save settings 3 7 2 Using Reports 1 Launch the GFI MailEssentials Reporter by clicking Start All Programs gt GFI MailEssentials gt GFI MailEssentials Reports Administration and configuration manual Routine Administration e 27 2 Click Reports Option and select any Report or Statistics option 3 Select File gt Print menu option to print reports NOTE Select File gt Print Preview to preview how the report will be printed 4 To save a report click File Save As Specify a name and a location for the saved file and click the Save butto
68. ction in this manual Only inbound or outbound emails are being processed 2 Check for multiple Microsoft IIS SMTP virtual servers and ensure that GFI MailEssentials is bound to the correct virtual server 3 MX record for domain not configured correctly Ensure that the MX record points to the IP address of the server running GFI MailEssentials 4 If inbound emails are passing through another gateway ensure that the mail server running on the other gateway forwards inbound emails through GFI MailEssentials 5 Ensure that outbound emails are configured to route through GFI MailEssentials Refer to installation manual for more details 6 Verify that the SMTP virtual server used by Microsoft Exchange Server for outbound emails is the same SMTP server GFI MailEssentials is bound to For more information on how to solve this issue refer to http kbase gfi com showarticle asp id KBID003286 2 After installing GFI MailEssentials This problem occurs for emails that use one character set for the some emails show a garbled message message header and a different character set for the message body when viewed in Microsoft Outlook body When such emails are processed by Microsoft Exchange or GFI MailArchiver 2003 the emails will be shown garbled in Microsoft Outlook and GFI MailArchiver Microsoft has released a hotfix to resolve this issue For more information on how to solve this issue refer to http kbase gfi com showarticle as
69. ction in this manual 2 2 Route spam to dedicated spam folders To filter out spam from the recipients Inbox configure GFI MailEssentials to route emails to dedicated spam folders You can setup a different spam folder for every anti spam filter This allows you to categorize email spam and have an insight on which filter blocked your spam a function important to identify false positives and tweak your filters accordingly Enable spam email routing to folders Different anti spam move to folder actions are available depending on the type of setup you have 4 e Recommended post install actions Administration and configuration manual If you are running a Microsoft Exchange 2003 2007 2010 infrastructure the following move to folder actions can be triggered e In Inbox Use this option to route spam to the user s Inbox e In Exchange junk email folder Use this option to route all spam to the user s default Junk E mail folder e In Exchange mailbox sub folder Use this option to route all spam to a specific folder in the user s mailbox On other infrastructures user is allowed to route spam emails to a specific folder on the client end user side 2 2 1 Configuring email routing to folders NOTE This section is applicable when GFI MailEssentials is installed on the Microsoft Exchange Server only If GFI MailEssentials is installed on a separate machine then refer to section Moving spam email to user s mailbox fold
70. d configuration manual Spam Microsoft Outlook File Edit View Go Tools Actions Folder List All Folders 3 Public Folders 0 Favorites 3 59 All Public Folders 4 Admissions Applications 5 8 Contacts a I Email Templates 3 9 GFI AntiSpam Folders B C Add to blacklist 5 Add to whitelist a C I want this Discussion list 4 J This is legitimate email Screenshot 44 Supplying ham to the Bayesian filter 2 Manually through existing email Copying between 500 1000 mails from your sent items to the This is legitimate email sub folder in the GFI AntiSpam Folders public folders trains the Bayesian filter in the same way as live outbound email sending Stage 2 Enabling the Bayesian filter After the Bayesian filter is trained it must be enabled Administration and configuration manual Customizing GFI MailEssentials 61 Bayesian Analysis Properties x General Updates Actions Other mS Configure the Bayesian Analysis settings M Enable Bayesian Analysis Allow G to learn for a minimum of one week depending on your mail volume from your outbound mail before enabling Alternatively run the Bayesian wizard see the manual for more information IV Automatically learn from outbound e mails Amount of emails in Bayesian database Legitimate emails HAM 45819 Spam emails 73378 If you rarely send and receive English emails then it is recommended to have a minimum of 3000 HAM and spam emails to en
71. der E Mail Recipient Name Recipient E Mail i Cancel Screenshot 65 Including variables in your disclaimer NOTE The recipient display name and email address variables will only be replaced if the email is sent to a single recipient If emails are sent to multiple recipients the variables are replaced with recipients 9 Specify the encoding to be used for the plain text disclaimer if the email body s character set is not plain text e Convert to Unicode convert both email body and disclaimers to Unicode so that both are properly displayed e Use character set of the email body the disclaimer is converted to the email body s character set Note If this option is selected some of the disclaimer text might not be displayed properly 10 Import or export a plain text disclaimer format using the Import and Export buttons The newly created disclaimer is displayed in the right pane of the GFI MailEssentials configuration console To give the new disclaimer a more useful name right click on the disclaimer and select Rename 4 3 2 Disabling and enabling disclaimers By default new disclaimers are automatically enabled To disable or enable a disclaimer 1 Right click the disclaimer to disable 2 Select Disable or Enable to perform the desired action 4 4 Auto replies The Auto reply feature enables sending of automated replies to specific inbound emails A different auto reply for each email address or sub
72. dministration and configuration manual Recommended post install actions e 7 e WebDAV Specify Mail server name port default WebDAV port is 80 username password and domain To use a secure connection select the Use SSL checkbox By default public folders are accessible under the public virtual directory If this has been changed specify the correct virtual directory name to access the public folders by editing the text in the URL box e Web Services Specify Mail server name port default Web Services port is 80 username password and domain To use a secure connection select the Use SSL checkbox By default public folders are accessible under the EWS exchange asmx virtual directory If this has been changed to something else specify the correct virtual directory name to access the public folders by editing the text in the URL box GFI MailEssentials Configuration Ed e h r The test succeeded You are ready to use IMAP Screenshot 3 Public folder scanning test succeeded 4 Click Scan Now to automatically create Public folders 5 Click Test if you are setting up IMAP WebDAV or Web Services On screen notification will confirm success failure If the test fails verify update credentials and re test 2 3 2 Configure a dedicated user account for Exchange Server 2000 3 When GFI MailEssentials is installed in a DMZ it is highly recommended that for security reasons a dedicated user account is created
73. e anti spam synchronization agent e GFI MailEssentials Configuration Export Import Tool This application enables the export and import of all GFI MailEssentials configuration settings and enables the configuration of a new GFI MailEssentials installation with the same exact settings of an already working GFI MailEssentials installation 5 3 1 Anti spam synchronization agent configuration The Anti Spam Synchronization Agent requires that the following steps are followed in order 102 Miscellaneous Administration and configuration manual Step 1 Configure the master server Step 2 Install BITS Server Extension on the master server Step 3 Configure slave server 5 3 2 Configuring the master server Important notes 1 Only one server can be configured as master server at any one time 2 To configure a server as a master server it must meet one of the following system specifications e Microsoft Windows Server 2003 with SP1 or later and IIS6 0 with BITS server extension installed Further information on how to install the BITS server extension is provided below e Microsoft Windows 2000 with SP3 or later and IIS5 0 with BITS server extension installed Further information on how to install the BITS server extension is provided below NOTE A Microsoft Windows XP machine cannot be configured as master since Microsoft BITS server extension is not supported Master server configuration 1 Install the Microsoft BITS s
74. e directory harvesting protection Use native Active Directory lookups Use LDAP lookups LDAP settings Server win2k3entsvr Port 389 Version 3 7 I Use SSL Base DN DC master domain DC com v H I Anonymous bind User administrator Password mA Block if non existent recipients equal or exceed f Test Screenshot 40 The directory harvesting feature 2 Select the lookups method to use e Use native Active Directory lookups option if GFI MailEssentials is installed in Active Directory user mode NOTE 1 Where GFI MailEssentials is installed in Active Directory user mode on a DMZ the AD of a DMZ usually will not include all 56 Customizing GFI MailEssentials Administration and configuration manual the network users email recipients In this case perform directory harvesting using LDAP lookups NOTE 2 When GFI MailEssentials is behind a firewall the Directory Harvesting feature might not be able to connect directly to the internal Active Directory because of Firewall settings Use LDAP lookups to connect to the internal Active Directory of your network and ensure to enable default port 389 on your Firewall e Use LDAP lookups to configure your LDAP settings if GFI MailEssentials is installed in SMTP mode If your LDAP server requires authentication unmark the Anonymous bind option and enter the authentication details that will be used by this feature Click on Test button to test your LDA
75. ecipients list tab add the users to receive the spam digest and select the method used to determine who should receive the spam digest Available options are e Only users listed below should receive the recipient spam digest e All users except the ones listed below will receive the recipient spam digest NOTE The required list of users can also be imported from a file in XML format in the same structure that GFI MailEssentials would export files 6 Select Apply and OK to finalize settings 3 6 Creating email archives GFI MailEssentials includes an archiving feature which enables the retention of historical records related to your email communications Since GFI MailEssentials is an anti spam solution the built in archiving feature is not intended to replace replicate the functionality provided by comprehensive email archiving solutions such as GFI MailArchiver Archiving requires database technology GFI MailEssentials supports both Microsoft Access and Microsoft SQL server 20 Routine Administration Administration and configuration manual Important notes 1 Internal email is not archived 2 For larger networks Microsoft SQL Server is recommended 3 Using Microsoft Access limits the size of the database to 2 GB MSDE and SQL Server Express are limited to 2 and 4 gigabytes respectively 4 When a Microsoft Access database reaches 1GB an email is sent to the administrator recommending to switch to a Microsoft SQL ser
76. ect NOTE Ensure that email addresses for which this check should not be done is configured by clicking on the Except button This enables generic email addresses to which customers reply with for example emails from sales company com with a subject Your email to sales not to be marked as spam e Check if email contains encoded IP addresses Checks the message header and body for URLs which have a hex octal encoded IP http 0072389472 hello com or which have a username password combination for example www citibank com scammer com o The following examples are flagged as spam http 12312 www microsoft com hello 01 123123 e Check if email contains embedded GIF images Checks if the email contains one or more embedded GIF images Embedded GIF images are often used to circumvent spam filters IMPORTANT Since some legitimate emails contain embedded GIF images this option is prone to false positives e Check if email contains attachment spam Checks email attachments for properties that are common to attachments sent in spam email This helps in keeping up with the latest techniques used by spammers in using attachments to send spam 68 e Customizing GFI MailEssentials Administration and configuration manual Header Checking Properties x General General contd Languages Actions Other ba Configures the Language Settings IV Block mails that use these languages character sets Block the
77. ect the Recipient exception list checkbox e Trusted Forwarder SPF Global Whitelist This whitelist www trusted forwarder org provides a global whitelist for SPF users It is a way of allowing legitimate email that is sent through 48 e Customizing GFI MailEssentials Administration and configuration manual known trusted email forwarders NOTE By default this setting is enabled It is highly recommended to leave this option always enabled 7 Click Actions or Other tab to select the actions to perform on messages identified as phishing emails For more information refer to the Spam Actions What to do with spam email section in this manual Click OK to finalize your configuration 4 2 5 Whitelist The Whitelist is a list of email addresses and domains from which to always receive emails Emails sent from these email addresses or domains will never be marked as spam Keywords can also be configured which if found in the body or subject will automatically whitelist the email GFI MailEssentials also features an automatic autowhitelist option that automatically whitelists email addresses to whom emails are sent This enables the receipt of emails from anyone to whom an email is sent to The whitelist and autowhitelist features are enabled by default on installing GFI MailEssentials Important notes 1 It is highly recommended to leave the auto whitelist feature enabled since this eliminates a high percentage of false positives
78. ectly force GPO to use correct encoding For more information on how to solve this issue refer to http office microsoft com en us ork2003 HA011402641033 aspx 3 Disclaimer is being sent out even if Restart GFI MailEssentials and IIS services after disabling a disabled disclaimer for the changes to take effect 6 8 Email monitoring Issue encountered Solution 1 Emails sent from certain users or Email monitoring rules do not monitor emails sent from or to the sent to certain users are not monitored GFI MailEssentials administrator and the email address to which the monitored emails are being sent to Email monitoring rule also not available for emails sent between internal users of the same information store 6 9 List Servers Issue encountered Solution 1 Emails sent to the list server are Emails sent to the List server are converted to plain text emails converted to Plain Text only when the original format of the email is RTF Send email in HTML format to retain original format 2 Internal users receive a non delivery For more information on how to use the List Server feature if GFI report when sending email to list server MailEssentials is installed on a gateway refer to when GFI MailEssentials is installedon http kbase gfi com showarticle asp id KBID002123 a Gateway machine 6 10 Miscellaneous Issue encountered Solution 1 Dashboard reports Bad user or Ensure that the Microsoft Exchange Information Store is
79. ects email messages from POP3 mailboxes and routes them to mail server See Post Office Protocol ver 3 A protocol used by local email clients to retrieve emails from mailboxes over a TCP IP connection A common folder that allows Microsoft Exchange user to share information See Realtime Blocklist Online databases of spam IP addresses Incoming emails are compared to these lists to determine if they are originating from blacklisted users Instructions that facilitate the possibility of executing tasks remotely A protocol to ensure an integral and secure communication between networks An internet standard used for email transmission across IP networks See Simple Mail Transport Protocol Actions taken on spam emails received e g delete email or send to Junk email folder Administration and configuration manual SSL See Secure Sockets Layer WebDAV A HTTP extensions database that enables users to manage files remotely and interactively Used for managing emails in the mailbox and in the public folder in Microsoft Exchange Whitelist A list of email addresses and domains from which emails are always received Zombie See Botnet Administration and configuration manual Glossary e 137 10 Index A Active Directory 8 9 10 23 24 53 54 55 72 77 133 Anti Spam actions 4 39 Anti spam global actions 74 Anti Spam Synchronization Agent 100 101 102 103 Auto Whitelist 51 Auto replies 1 81 82 83
80. elect Public and Other Users Folders tab The Public Folder Prefix can be found under the Public Folder Section Mail In database name 1 From the IBM Domino Administrator select People amp Groups tab 2 Click on Mail In Databases and Resources node Name of the New Mail In Database is listed within the right pane Step 5 Restart the IMAP Service on the Domino Server 1 Open the Lotus Notes Console 2 Type tell imap quit and wait until the task completes 3 Once the above is complete type load imap Step 6 Configure GFI MailEssentials Configure the GFI MailEssentials Public Folder Scanning properties 1 From the GFI MailEssentials Configuration right click Anti Spam Node and select Properties 2 Select Public Folder Scanning tab and key in the following values e Server lt P Address of Domino Server gt e Port 143 default e Username Username associated with the mail in database e Password User password 3 Test configuration by clicking Test button and click Scan now to generate the public folders Step 7 Ensure the Public Folders are created Using telnet to determine if Public folders were created successfully 1 From the GFI MailEssentials machine load up command prompt 12 e Recommended post install actions Administration and configuration manual 2 Type telnet 3 Type Open lt P ADDRESS gt 143 4 Type ao1 login lt public yourdomain com gt lt password gt 5
81. ely identify why email was marked as spam as well as make it easier to perform operations on emails blocked by a particular filter e Example Delete emails marked by the blacklist spam filter but do not delete emails marked as spam by the keyword checking filter NOTE The options in the actions tab are identical for each spam filter except for Whitelist spam filters bypass and New Senders cannot move spam to Junk E mail folder Configuring Spam Actions Header Checking Properties x General General contd Languages Actions Other Lab Select the action to perform when this filter blacks a spam email C Delete the email Perform the following action s V Deliver email to mailbox In Inbox C In Exchange junk email folder In Exchange mailbox sub folder Configure I Send to email address administrator master domain com I Save to specified folder on disk Email content modifications IV Tag the email with specific text Configure J Append block reason to email subject Cancel Apply Screenshot 56 Configuring the action that should be taken 1 In the Actions tab select an option that defines which action to take on emails marked as spam e Delete the email Delete an email which is blocked by that particular spam filter Other spam actions are disabled if the email is deleted e Deliver email to mailbox choose the folder where to deliver the email o In Inb
82. enders or newsletters to the whitelist 1 In the public folders locate the GFI AntiSpam Folders gt Add to whitelist public folder 2 Drag and drop emails or newsletters to the Add to whitelist public folder 3 2 2 Adding discussion lists to the whitelist Discussion lists NOT newsletters are often sent out without including the recipient email address in the MIME TO and are therefore marked as spam To receive these discussion lists whitelist the email addresses of these valid list mailers Administration and configuration manual Routine Administration e 15 Add discussion lists to the whitelist 1 In the public folders locate the GFI AntiSpam Folders want this Discussion list public folder 2 Drag and drop discussion lists to the want this Discussion list public folder 3 2 3 Add ham to the legitimate email database 1 In the public folders locate the GFI AntiSpam Folders gt This is legitimate email public folder 2 Drag and drop emails to the This is legitimate email folder 3 3 Managing spam While GFI MailEssentials starts identifying spam emails right out of the box there might be instances where spam makes it through undetected to the users mailbox Typically this might be either due to configuration settings that have not yet been performed or to new forms of email spam to which GFI MailEssentials has not yet adapted itself In both cases these situations are resolved when GFI MailEssentials is con
83. entials is completely transparent to users with no additional user training required The key features of this solution are e Server based anti spam Spam protection is an essential component of your network s security strategy GFI MailEssentials offers advanced anti spam filters which include blacklist whitelist Bayesian filtering keyword checking and header analysis e Company wide disclaimer footer text Companies are responsible for the content of their employees email messages GFI MailEssentials enables the automatic addition of disclaimers on top or the bottom of an email together with fields variables that personalize the disclaimer according to the recipient e Email archival to database Archiving email is not only good practice but also may be a legal requirement GFI MailEssentials provides the facility to archive all inbound and outbound email e Reporting GFI Mail Essentials can produce various useful reports on email usage and anti spam operations e Personalized auto replies with tracking number More than just an out of office replies auto replies enable customers to know that their email has been received and that their request is being handled Assign a unique tracking number to each reply to give your customers and employees an easy point of reference e POP3 downloader Smaller businesses may not have the necessary facilities to use SMTP based email GFI MailEssentials includes a utility that c
84. er Description Enabled by Default An anti spam engine that determines if an email is spam by using email reputation SpamRa er message fingerprinting and content Yes analysis Stops email which is randomly generated Directory towards a server mostly addressed to Yes Harvesting 3 non existent users Blocks emails that contain links in the ied message bodies pointing to known Phishing phishing sites or if they contain typical ne phishing keywords Sender Policy Stops email which is received from No Framework domains not authorized in SPF records Administration and configuration manual Addresses to which an email is sent to Auto Whitelist are automatically excluded from being Yes blocked Whitelist A custom list of safe email addresses Yes Email blacklist A custom list of blocked email users or Ves domains Checks if the email received is from DNS blacklists senders that are listed on a public DNS Yes blacklist of known spammers Spam URI Stops emails which contain links to Realtime domains listed on public Spam URI Yes Blocklists Blocklists such as sc surbl org Header A module which analyses the individual checkin fields in a header by referencing the Yes 9 SMTP and MIME fields Keiword Spam messages are identified based on ywo blocked keywords in the email title or No checking body Emails that have been received from New Senders senders to whom emails have never been No sent before An anti spam technique where a
85. ers of this manual 1 Launch GFI MailEssentials configuration console by clicking Start gt All Programs gt GFI MailEssentials gt GFI MailEssentials Configuration 2 From the list of filters in Anti Spam gt Anti Spam Filters node right click on the filter to be configured e g Header Checking and select Properties Header Checking Properties x General General contd Languages Actions Other Lab Select the action to perform when this filter blacks a spam email C Delete the email Perform the following action s V Deliver email to mailbox C InInbox C In Exchange junk email folder In Exchange mailbox sub folder Configure I Send to email address administrator master domain com I Save to specified folder on disk Email content modifications I Tag the email with specific text Configure J Append block reason to email subject Cancel Apply Screenshot 1 Configuring the action that should be taken Administration and configuration manual Recommended post install actions 5 3 Click on the Actions tab to access options for anti spam filter actions configuration 4 Select Deliver email to mailbox and choose one of the following options e In Inbox Use this option to route spam to the user s Inbox e In Exchange junk email folder Use this option to route all spam to the user s default Junk E mail folder e In Exchange mailbox sub folder Use th
86. erver extension For further information refer to the Installing BITS Server Extension on the master server section in this manual 2 From the Administrative Tools group load the Internet Information Services IIS Manager console right click on the website of your choice and select New Virtual Directory from the context menu 3 Follow the Virtual Directory Creation Wizard steps and create the new virtual directory NOTE Ensure that only the Read and Write checkboxes are enabled and that all other checkboxes are unchecked 4 Right click new virtual directory and select Properties Select Directory Security tab and click Edit in the Authentication and access control group 5 Check Basic Authentication checkbox and specify Default domain and Realm to which the username and password used for authentication by the slave machines belong NOTE Ensure that all other checkboxes are unchecked 6 Click OK and close Authentication Methods dialog 7 Access the BITS Server Extension tab and check Allow clients to transfer data to this virtual directory checkbox 8 Select Start gt GFI MailEssentials gt GFI MailEssentials Anti Spam Synchronization Agent right click Anti Spam Synchronization Agent gt Configuration node and select Properties Administration and configuration manual Miscellaneous e 103 Configuration Properties x Master Slave m Configure this server as a master server if it merges and distributes
87. es List address Company_Activities master domain com Subscribe Company_Activities subscribe master domain com Unsubscribe Company_Activities unsubscribe master domain com Screenshot 69 Creating a new newsletter list 2 In the List name field key in a name for the new list and select a domain for the list only if you have multiple domains Click Next to continue setup Administration and configuration manual Customizing GFI MailEssentials 87 Database Ea Tr Select type of database to use Select whether you would like to use an Microsoft Access database or a Microsoft SOL MSDE database Microsoft Access C Microsoft SOL MSDE m Database type Select whether you would like to use a Custom or Automatic database If you chose the automatic database the subscribers database will be automatically created If you chose the custom database you will be able to use an existing database for your subscribers list Database type e C Existing be sure to have reviewed the manual and made a backup first lt Back Cancel Screenshot 70 Specifying database backend 3 Select Microsoft Access or Microsoft SQL Server MSDE as database and from the Database type group select if GFI MailEssentials should create a new database or connect to an existing database Click Next to continue NOTE 1 For small lists of up to 5000 members you can use Microsoft Access as a backend
88. ess specified in the alternate address field e Send mail to alternate address All email from this mailbox is forwarded to one email address Enter full SMTP address in the Email address field o Example john company com 5 Provide the alternate address and click OK NOTE 1 When specifying the destination email address the address where GFI MailEssentials will forward the email to ensure that you have set up a corresponding SMTP address on your mail server NOTE 2 Multiple POP3 mailboxes can be configured 6 In the POP2Exchange configuration dialog configure other available options e Check every minutes Specify the download interval e Do not download mail larger than Kbytes Specify a maximum download size If email exceeds this size it will not be downloaded 96 e Miscellaneous Administration and configuration manual e If mail is larger then Choose to delete email larger than the maximum allowed size or send a message to the postmaster 5 1 2 Configure dial up connection options 1 Select POP2Exchange node and double click General item 2 From the Dialup tab select Receive mails by Dial Up or Dial on Demand checkbox to enable dialup POP2E xchange Configuration 21x POP3 Dialup Configure connection for POP3 downloading MV Receive mails by Dial Up or Dial on Demand Use this Dial Up Networking profile Virtual Private Connection If not connected dial C Process only when alre
89. f every email before and after email processing checkbox to store a copy of each email processed in folder SinkArchives within the GFI MailEssentials installation folder Administration and configuration manual Miscellaneous e 121 6 Troubleshooting amp support 6 1 Introduction This chapter explains how to resolve GFI MailEssentials issues encountered during installation Use the following sources of information in the order listed below 1 This manual 2 The common issues sections below 3 GFI Knowledge Base articles 4 Common checks 5 Web forums 6 Contacting GFI Technical Support 6 2 User manual Use the information in this user manual to get an understanding of what might be causing any issues with your GFI MailEssentials installation The information sections together with the common issues sections below will give you guidelines on what can be done to resolve any issues that might be due to misconfigurations or human error 6 3 Common issues The common issues listed below will enable you to investigate common issues encountered by users during their use of GFI MailEssentials Administration and configuration manual Troubleshooting amp support e 123 6 4 Managing Spam Issue encountered Solution 1 Dashboard shows no email is being 1 Ensure that GFI MailEssentials is not disabled from scanning processed Or emails For more information on how to start scanning refer to Disabling Enabling email processing se
90. figured to capture such spam NOTE For information on how to resolve issues related to emails not detected as spam refer to the Troubleshooting amp support chapter in this manual In these cases users should add such emails to Add to blacklist and to the This is spam email folders to teach GFI MailEssentials that the email in question is spam Important notes 1 In Microsoft Outlook dragging and dropping email moves the email to the selected folder To retain a copy of the email hold down the CTRL key to copy the email rather than moving it 2 Refer to the Enable public folder scanning section in this manual for more information on how to automatically create the GFI AntiSpam folders 3 3 1 Adding senders to the blacklist 1 In the public folders locate the GFI AntiSpam Folders Add to blacklist public folder 2 Drag and drop emails to the Add to blacklist public folder 3 3 2 Adding spam to the spam database 1 In the public folders locate the GFI AntiSpam Folders gt This is spam email public folder 2 Drag and drop the spam email to the I want this Discussion list public folder 3 4 Viewing anti spam status on dashboard The GFI MailEssentials Dashboard shows the status of your anti 16 e Routine Administration Administration and configuration manual spam system including email processing activity and statistics Use the GFI MailEssentials Dashboard as follows 1 Click Start gt All
91. g purposes but are not local for your mail server The instructions in this section show how to add or remove inbound email domains after installation Important notes Any domain on which you receive email that is not listed in the inbound domains setup is not protected against spam by GFI MailEssentials 4 1 1 Adding and removing inbound domains 1 Right click General gt General Settings select Properties and click on Inbound Email Domains tab Administration and configuration manual Customizing GFI MailEssentials e 37 General Properties xi General Updates Inbound Email Domains Bindings 3 d Specify the inbound email domains which will be filtered for spam Below please add all the inbound email domains on which you receive email For example if your email address is user gfi com you must enter gfi com Inbound domains Inbound Domain master domain co uk master domain edu Add Email received on inbound domains not specified in the above list will not be processed by GFI MailE ssentials Cancel Apply Screenshot 25 Adding an inbound email domain 2 Click Add button and key in domain details to add new inbound email domains To remove domains select the domain to remove and click Remove 3 Click OK to finalize settings 4 2 Anti spam filters 38 e Customizing GFI MailEssentials GFI MailEssentials uses various scanning filters to identify spam Filt
92. g to be used for the HTML disclaimer if the email body s character set is not HTML e Use HTML encoding use HTML encoding to define character sets for email body and disclaimer This option is recommended e Convert to Unicode convert both email body and disclaimers to Unicode so that both are properly displayed e Use character set of the email body the disclaimer is converted to the email body character set Note If this option is selected some of the disclaimer text might not be displayed properly 7 Import or export an HTML disclaimer in htm or html format using the Import and Export buttons New Disclaimer Properties xi General HTML Plain Text Da Configure plain text disclaimer text amp character set conversion Text Disclaimer This is a plain text disclaimed oft Variable Import Export Select how disclaimer should be set if the specified disclaimer is not representable in the email body s character set Convert to unicode UTF 8 Use character set of email body Cancel Apply Screenshot 64 Plain text disclaimer Administration and configuration manual Customizing GFI MailEssentials 83 8 A text based version of your disclaimer can also be included for use in plain text only emails Select the Plain Text tab and insert the text directly into the Text Disclaimer field Use the Variable button to add variables Insert ariable Ea Sender Name Sen
93. her im Configure NewSenders exception list Configure any MIME TO addresses that should be excluded from the New Senders checks MV Enable NewSenders exception list Address administrator master domain com Delete gi fo iz Cancel Apply Screenshot 55 New Senders Exception setup 3 Select Exceptions tab and check the MIME TO exception list checkbox to configure local recipients whose emails are excluded from the New Senders check 4 Click on Add button and key in the email address of the sender e Example administrator master domain com Repeat for each address to add and click Apply button to save NOTE To temporarily disable your exception list do not delete all address entries made but uncheck the MIME TO exception list checkbox 5 Click Actions tab to select the actions to perform on messages identified as spam For information on the actions to perform refer to the Spam Actions What to do with spam email section in this manual 6 Click OK to finalize setup 4 2 14 Spam Actions What to do with spam email The Actions tab in the Anti Spam filter dialogs define what should be done with emails marked as spam Different actions can be defined for each of the spam filters This feature conveniently enables the use of Administration and configuration manual Customizing GFI MailEssentials 73 separate folders for storing spam detected by each filter This enables you to immediat
94. i Spam gt Anti Spam Settings node and select Properties Anti Spam Settings Properties xi DNS Server Public Folder Scanning Remote Commands Global Actions Perimeter SMTP Servers es Specify global actions to be performed Configures the actions that will be performed when spam cannot be moved to a user s Exchange folder because the user does not exist on the Exchange server Delete C Forward to email address administrator masterdomain com C Program Files GFI MailE sse E V Log occurrence to this file c Program Files GFI MailE ssentials logs antispamglobal log w Cancel Apply Screenshot 58 Global actions 2 Select Global Actions tab and choose whether to Delete the email Forward it to an email address Move it to a specified folder 3 Select the Log occurrence to this file to log spam to a log file 4 2 16 Sorting anti spam filters by priority In GFI MailEssentials the order in which the anti spam checks are applied to inbound messages can also be customized NOTE The order of all available filters can be customized except for the New Senders filter which is always automatically set to the lowest priority This is due to its dependency on the results of the Whitelist checks and the other anti spam filters 78 e Customizing GFI MailEssentials Administration and configuration manual Filter Priority Ea Filter Priority SMTP Transmission Filtering kd Configure the
95. ies Ea General Updates Inbound Email Domains Bindings ve Specify SMTP server bindings 4 Select the SMTP virtual servers which GFI MailEssentials will bind with Bindings SMTP virtual server name Default SMTP Virtual Server O Secondary SMTP Server Cancel Apply Screenshot 90 SMTP Virtual Server Bindings 2 From the SMTP virtual server name list select the checkbox of the SMTP Virtual Server to bind GFI MailEssentials to 3 Click OK button to finalize setup NOTE The GFI MailEssentials configuration will ask to restart services such as the IIS SMTP Service for the new settings to take effect Click Yes button to restart services 5 7 Remote commands Remote commands facilitate adding domains or email addresses to the spam blacklist as well as update the Bayesian filter with spam or ham valid emails Remote commands work by sending an email to GFI MailEssentials Addressing an email to rcommands mailessentials com configurable will have GFI MailEssentials recognize the email as containing remote commands and will process the commands Administration and configuration manual Miscellaneous e 111 With remote commands the following tasks can be achieved 1 Add Spam or ham to the Bayesian module 2 Add keywords either to the subject keyword checking feature or to the body keyword checking feature 3 Add email addresses to the blacklist feature 5 7 1 Configuring remote commands Anti Spa
96. ight click on the Windows Authentication option and select Enable 3 6 3 Accessing the Archive Web Interface 1 Launch internet explorer 2 Key in http lt machine_name gt lt awi_virtual_folder_name gt e Example http master domain com awi 26 Routine Administration Administration and configuration manual 3 Email Archive Web Client Microsoft Internet Explorer Ol x File Edit View Favorites Tools Help ay Address amp http master domain com awi search asp SUID 7b 1dbdc333cdba8 Go Search Email Archive EP Full archive Search for an email or email thread by entering one or more fields below You do not have to fill in all the fields For example if you specify from a local user but no external recipient then all mails sent by that user will be displayed Specify whether you want to search inbound or outbound mail From Outbound v Specify the local user email address pem o oO Specify the external email address pomem ooo Note Operands are not supported in this search interface A more powerful archiving add on product will be available soon Specify a word or phrase to search for in the subject ee Specify a word or phrase to search for in the body ooo Note Specify a minimum of 3 characters and at least a local or external email address II Trusted sites Screenshot 14 Archive Web Interface AWI search page The AWI will load the sear
97. iguration manual GFI MailEssentials Configuration Ea i According to your configuration in the Perimeter SMTP Servers option in the Anti Spam J node properties this computer is not on the perimeter The IP s configured as your perimeter servers in the Perimeter SMTP Servers option are listed below Please make sure that these are the correct IP s before enabling SPF Configured IP s 192 168 1 98 192 168 1 220 Screenshot 31 Current Perimeter SMTP Server setup 3 If this computer is NOT your perimeter SMTP server a dialog showing the perimeter SMTP server settings previously configured is displayed l e the IPs specified for your perimeter SMTP server GFI MailEssentials Configuration x SMTP Servers option in the Anti Spam node properties has to be configured For SPF to f If GFI MailEssentials is not installed on a perimeter gateway server then the Perimeter Function correctly Screenshot 32 Reminder SPF must be installed on the perimeter SMTP server 4 If GFI MailEssentials is installed on your perimeter SMTP server or if you have not yet specified that the mail server running GFI MailEssentials is NOT a perimeter SMTP server then a dialog box is displayed Configure the Perimeter SMTP Servers option in the Anti spam node properties right click on the Anti Spam Anti Spam Settings gt Properties Perimeter SMTP Servers tab 5 Test the DNS settings services by clicking on Test
98. ion refer to the Spam Actions What to do with spam email section in this manual 6 Click OK to finalize your configuration 4 2 8 Bayesian analysis The Bayesian filtering is an anti spam technology in use within GFI MailEssentials that employs adaptive techniques based on artificial intelligence algorithms hardened to withstand the widest range of spamming techniques available today For more information on how the Bayesian filter works how it can be configured and how it can be trained refer to Appendix 2 Bayesian Filtering in this manual NOTE The Bayesian anti spam filter is disabled by default IMPORTANT Allow at least a week for the Bayesian filter to achieve its maximum performance after enabling it This is required because the Bayesian filter acquires its highest detection rate when it adapts to your email patterns Configuring the Bayesian filter Configuring the Bayesian filter requires 2 stages Stage 1 Training the Bayesian filter Stage 2 Enabling the Bayesian filter Stage 1 Training the Bayesian filter The Bayesian filter can be trained in two ways 1 Automatically through outbound emails GFI MailEssentials collects legitimate email ham by scanning outbound email The Bayesian filter can be enabled after it has collected at least 500 outbound emails If you send out mainly English email or 1000 outbound mails If you send out non English email 60 e Customizing GFI MailEssentials Administration an
99. is option to route all spam to a specific folder in the user s mailbox Click Configure to launch the Move to Exchange folder dialog and type the folder where to move spam email Example Inbox Spam Mail will create a sub folder in Inbox named Spam Mail 5 Click OK to save your configuration 6 Repeat for all enabled spam filters 2 3 Enable public folder scanning Spamming techniques are in continuously evolving and consequently you might encounter instances when spam still makes it through anti spam filters on to the recipient s Inbox Through public folder scanning users can manually classify email as spam and teach GFI MailEssentials spam patterns to classify similar email as spam Public folder scanning enables GFI MailEssentials to retrieve emails from public folders to add to whitelist blacklist and HAM SPAM databases On systems running Microsoft Exchange Server or Lotus Domino public folders are created automatically on completion of the configuration process To enable public folders scanning follow the instructions listed in the sections below 2 3 1 Public folder scanning setup for Microsoft Exchange Servers 1 From the GFI MailEssentials configuration console right click the Anti spam gt Anti Spam Settings and select Properties 6 e Recommended post install actions Administration and configuration manual Anti Spam Properties x Remote Commands Global Actions Perimeter SMTP Servers DNS Server
100. ivate the rule To add a condition click the Condition button 5 Choose the Subject tab and check the Scan e mail subject for the following keywords or combinations of keywords checkbox Configure the words to check for in the subject of the message e To enter single words or phrases without logical operators click the Keyword button e To enter keywords combined with logical operators click the Condition button 6 Click Actions or Other tab to select the actions to perform on messages identified as spam For information on the actions to perform refer to the Spam Actions What to do with spam email section in this manual 7 Click OK to finalize your configuration 4 2 13 New Senders filter The New Senders filter enables GFI MailEssentials to automatically identify emails sent from senders to whom emails have never been sent before Such senders are identified by referencing the data Administration and configuration manual Customizing GFI MailEssentials 71 collected in the Whitelist Only emails in which no spam was detected and whose senders are not present in any Whitelist are delivered in the New Senders folder Since such emails could also be sent from legitimate users these are collected in a dedicated folder This makes these emails easily identifiable Subsequently these can be reviewed emails and any undetected spam added to the email blacklist This filter is NOT enabled by default Importa
101. ject can be specified You can use variables in an auto reply to personalize an email Important notes 1 Do not include any body text beyond 30 40 characters per line and carriage returns Some older mail servers truncate lines at 30 40 characters 84 e Customizing GFI MailEssentials Administration and configuration manual 4 4 1 Configuring auto replies 1 Right click Email management gt Auto Replies node and select New gt Auto Reply Email Address x Specify the email address to be used below EA Email Address sales master domain com eg someone company com Cancel Screenshot 66 Creating a new auto reply 2 Key in the email address to configure an auto reply and click OK e Example If sales master domain com is provided emails sent to this email address will receive an auto reply sales master domain com Properties Ed General i Auto Reply configuration When email is sent to sales master domain com and subject contains Auto Reply from sales master domain com Auto Reply subject Thank you for your email Auto Reply text Attachment s C Documents and Settings Thank you for your email 4 Import Export Variable Add MV Generate tracking number in subject Cancel Apply Screenshot 67 Auto reply properties Administration and configuration manual Customizing GFI MailEssentials 85 3 Check the and subject
102. jim comp com_bob comp com MailOffers 1 e ml e Tag the email with specific text Select this option to add a tag to the email subject Click Configure to modify tagging options In the Tag Email dialog key in the text to use for tagging and specify where to place the tag o Prepend to subject to insert the specified tag at the start i e as a prefix of the email subject text Example SPAM Free Web Mail o Append to subject to insert the specified tag at the end i e as a suffix of the email subject text Example Free Web Mail SPAM o Add tag in an X header to add the specified tag as a new X header to the email In this case the X Header will have the following format X GFIME SPAM TAG TEXT X GFIME SPAM REASON REASON Example X GFIME SPAM This is SPAM X GFIME SPAM REASON DNSBL Check failed Sent from Blacklisted Domain e Append block reason to email subject If this option is enabled the name of the filter which blocked the email and the reason for blocking are appended to the subject of the blocked email 76 e Customizing GFI MailEssentials Administration and configuration manual Other options Header Checking Properties x General General contd Languages Actions Other E Select the action to perform when this filter blocks a spam email MV Log occurrence to this file c Program Files GFI
103. l actions Administration and configuration manual MailEssentials Public Folders to contributor where users can move emails to the Public Folders but cannot view or modify entries By default administrators are owners of the Public Folders and can view or modify entries For more information about Public Folders permissions in e Microsoft Exchange 2007 refer to http technet microsoft com en us library bb310789 aspx e Microsoft Exchange 2010 refer to http technet microsoft com en us library bb310789 EXCHG 140 aspx 2 3 5 Public folder scanning setup for Lotus Domino servers Step 1 Create a new database which used to store GFI MailEssentials Public folders 1 From the IBM Domino Administrator click on File gt Database gt New 2 Key in the following details for the new database e Server lt Your Domino Server details gt Title Public Folder e File name Public F nsf e Select Mail R7 as the template for the new Database 3 Click OK to create the database Step 2 Convert the database format of the newly created database 1 From the Lotus Domino server Console run the following command Load Convert e h lt Database Filename gt e Example Load Convert e h Public F nsf Step 3 Create a new Mail In database A new mailbox needs to be created in order to store the new GFI MailEssentials Public Folder 1 From the IBM Domino Administrator select People amp groups tab and click on Mail
104. l name of the domain for example URIBL com containing the blacklist NOTE 2 Multi surbl org combines the following lists in a unique list e sc surbl org Administration and configuration manual Customizing GFI MailEssentials 65 e ws surbl org e phishing data source from mailsecurity net au e phishing data source from fraud rhs mailpolice com e ob surbl org e ab surbl org e jp data source Disable all other SURBL lists when enabling multi surbl org as this might increase email processing time In case a high rate of false positives is experienced it is suggested that multi surbl org is disabled and the other SURBL lists are enabled For more information on SURBL lists refer to http Avww surbl org lists html 5 Click Actions or Other tab to select the actions to perform on messages identified as spam For information on the actions to perform refer to the Spam Actions What to do with spam email section in this manual 6 Click OK to finalize your configuration 4 2 11 Header checking The header checking filter analyses the individual fields in a header This method references SMTP and MIME fields where SMTP fields are specified by the mail server and the MIME fields are specified by the email client which encodes the email to MIME Configuring Header Checking 1 Select Anti Spam gt Anti Spam Filters gt Header Checking gt Properties 66 e Customizing GFI MailEssentials Administration and configura
105. lient permissions option and click OK or Next 10 Specify the credentials of power user account created in step 1 and test the setup to ensure the permissions are correct 2 3 3 Configure a dedicated user account for Exchange Server 2007 2010 When configuring a dedicated user account to retrieve the emails from the GFI AntiSpam Public folders the user would need to have owner access rights on the GFI AntiSpam Public Folders 1 Create a new Active Directory AD power user 2 Logon to the Microsoft Exchange Server using administrative privileges 3 Open Microsoft Exchange Management Shell and key in following Administration and configuration manual Recommended post install actions 9 command Get PublicFolder Identity GFI AntiSpam Folders Recurse ForEach 0Object Add PublicFolderClientPermission Identity _ Identity User USERNAME AccessRights owner Server SERVERNAME Change USERNAME and SERVERNAME to the relevant details of the Active Directory user in question e Example Get PublicFolder Identity GFI AntiSpam Folders Recurse ForEach 0Object Add PublicFolderClientPermission Identity _ Identity User mesuser AccessRights owner Server exch07 2 3 4 Hiding user posts in GFI AntiSpam Folders For privacy and security purposes it is highly recommended that you hide user posts made
106. list it will be processed by the list server 9 The incoming email is filtered using all the spam filters Any email that fails a spam filter check is sent to the anti spam email actions If an email goes through all the filters and is not identified as spam it then goes to the next stage Q If configured email is next archived to the reporting database Q If configured auto replies are next sent to the sender Q configured email monitoring is next executed and the appropriate actions taken Q The new senders filter is now executed Q Email is sent to the user s mailbox Administration and configuration manual Appendix 1 How does GFI MailEssentials work e 129 7 2 Outbound mail filtering Outbound mail filtering is the process through which email sent by users within a company is processed before it is sent out GFI MailEssentials op Ses Som Sa I Internet User Mailbox Reporting Database Figure 2 Outbound mail filtering 9 User creates and sends email 2 Remote commands check executes any remote commands in email if any are found If none are found email goes to the next stage 9 Email is next checked to see if it should be archived If archiving is enabled email is saved in the reporting database Q If configured the applicable disclaimer is next added to the email Email is checked for any mail monitoring which may apply and action is taken according to any rules configured
107. list below Block all except the list below Languages O Arabic O Armenian O Baltic J Central Europe O Cyrillic CO Georgian Greek O Hebrew O Indic C Japanese CO Korean Simplified Chinese Cancel Apply Screenshot 51 Language detection 3 In the Languages tab select the Block mails that use these languages character sets option to block emails sent using character sets which are not typical of the emails received for example Chinese or Vietnamese NOTE This feature does not distinguish between languages with the same character set for example Italian and French 4 Click Actions or Other tab to select the actions to perform on messages identified as spam For information on the actions to perform refer to the Spam Actions What to do with spam email section in this manual 5 Click OK to finalize your configuration 4 2 12 Keyword checking Keyword checking enables the identification of spam messages based on keywords in the email being received This filter is NOT enabled by default Configuring Keyword Checking 1 Select Anti Spam gt Anti Spam Filters gt Keyword Checking gt Properties Administration and configuration manual Customizing GFI MailEssentials 69 Keyword Checking Properties a UCE Mail Act H R 3113 6 100 confidential 4 100 free J 100 guaranteed a 100 legal 4 100 money 100 nude 4 100 proven Ms 1
108. lysis Stops email which is randomly generated towards a server mostly addressed to non existent users Blocks emails that contain links in the message bodies pointing to known phishing sites or if they contain typical phishing keywords Stops email which is received from domains not authorized in SPF records Addresses to which an email is sent to are automatically excluded from being blocked A custom list of safe email addresses A custom list of blocked email users or domains Checks if the email received is from senders that are listed on a public DNS blacklist of known spammers Stops emails which contain links to domains listed on public Spam URI Blocklists such as sc surbl org A module which analyses the individual fields in a header by referencing the SMTP and MIME fields Spam messages are identified based on blocked keywords in the email title or body Emails that have been received from senders to whom emails have never been sent before An anti spam technique where a statistical probability index based on training from users is used to identify spam EL by Default Yes Yes Yes No Yes Yes Yes Yes Yes Yes No No No As listed in the table above not all anti spam filters are enabled by Administration and configuration manual Recommended post install actions 3 default This is due to configuration settings which are network infrastructure dependent and ca
109. m Settings Properties x DNS Server Public Folder Scanning Remote Commands Global Actions Perimeter SMTP Servers a Configure email remote commands V Enable remote commands Email address to which administrator should send remote commands It is recommended to leave as is rcommands mailessentials com M Shared password M Security based on sender email Only allow senders below Administrator master domain com OK Cancel Apply Screenshot 91 Remote commands configuration 1 Right click Anti Spam gt Anti Spam Settings select Properties click Remote Commands tab and check the Enable remote commands checkbox 2 Edit the email address to which the remote commands should be sent NOTE The email address should NOT be a local domain It is recommended using rcommands mailessentials com A mailbox for the configured address does not need to exist but the domain part of the address must consist of a real email address domain that returns a positive result to an MX record lookup via DNS 3 Optionally configure some basic security for the remote commands 112 Miscellaneous Administration and configuration manual e Configure a shared password to include in the email For more information refer to Using remote commands section in this manual e Also configure which users are allowed to send emails with remote commands 5 7 2 Using remote commands Remote commands can be sent via email to
110. mages information and other objects in a Web Page URLs are most generally used in websites but can also be included as part of an email message body SURBLs differ from most other RBLs in that they are used to detect spam based on message body URIs Unlike most other RBLs SURBLs are not used to block spam senders Instead they enable blocking of messages that have spam hosts for example web servers 64 e Customizing GFI MailEssentials Administration and configuration manual domains websites which are mentioned in message bodies This filter is enabled by default on installing GFI MailEssentials Configuring Spam URI Realtime Blocklists Spam URI Realtime Blocklists Properties Ea Spam URI Realtime Blocklists Actions Other E Spam URI Realtime Blocklists SURBL configuration multi surbl org Enabled Edt di D own Screenshot 49 Spam URI Realtime Blacklist properties 1 Select Anti Spam Anti Spam Filters gt Spam URI Realtime Blocklists gt Properties 2 From the Spam URI Realtime Blacklist tab e Check Uncheck the Check if mail message contains URIs with domains that are in these blacklists option to enable disable this feature e From the available list select the blacklists used as reference when checking messages using the SURBL feature e Click Add button to add more SURBLs Test the connection to by clicking Test button and click Apply to save settings NOTE 1 Specify the ful
111. mail address for the user to exclude from reports 34 e Routine Administration Administration and configuration manual Excluded Users Users listed in the list below will not be included in any of the reports Excluded Users List ceo master domain com Screenshot 22 Excluded users dialog e Find Tool The find tool enables the finding of strings in reports From the Tools gt Find menu option key in the stings to find and select Find Next to search for strings Find 21 x Find what Edi ert Direction F Match whole word only Cancel C Down crea Match case Up Screenshot 23 Find dialog 3 8 Disabling Enabling email processing Disabling email processing disables all protection offered by GFI MailEssentials and enables all emails including Spam to get to your user s mailboxes To enable disable GFI MailEssentials from processing emails 1 Navigate to Start gt Programs gt GFI MailEssentials gt GFI MailEssentials Switchboard Administration and configuration manual Routine Administration e 35 E GFI MailEssentials SwitchBoard Bile E3 Troubleshooting Tracing bq Specify options which aid in troubleshooting GFI MailEssentials Enable Disable Email Processing When troubleshooting it is sometimes necessary to enable disable email processing without needing to uninstall the product This can be done using the buttons below Enable processing Disable processing
112. n NOTE Report is saved to the location selected with the name specified for the report In the folder specified two sub folders are created graphics and report The report sub folder contains the report files in HTML format The graphics sub folder contains graphics which are displayed in the HTML report 3 7 3 Daily Spam Report The Daily Spam Report shows the total emails processed total spam email caught the spam percentage of total emails processed and how many spam emails were caught by each individual anti spam feature Each row in the report represents a day GFI MailEssentials Reporter Oy x Eile Tools Reports Help Daily Spam Report Date range 5 19 2009 to 6 17 2009 Spam Phishing Directory Spam Ri URL SpamRazer Harvesting Blacklist Blacklist Percentage New Total Keyword Header 4 Bayesian ONS Processed Senders Spam Checking Checking Blacklist kist SPF Day Analysis Blaci 65 2009 2522 461 754 96 88 104 0 0 7 0 458 30 6A 6 2009 6952 1229 1276 172 82 258 2 0 0 745 18 677 2009 4823 5 968 47 5 44 104 0 267 0 501 20 5 Spam Phishing Total New Total Keyword Header Bayesian DNS Directory Spam URL SpamRazer Percentage Blacklist i i SPF Processed Senders Spam Checking Checking Analysis Blacklist Harvesting Blacklist Blacklist 14297 1695 2998 315 175 406 106 1 16 1 274 Oo 1704 21 Copyright GFI Software Ltd Screenshot 15 Daily spam report Report Opti
113. n enter whatever name you like as long as it follows the folder naming conventions used in Microsoft Windows 3 You now need to enter the path where the content is located Click Browse and folder AWl wwwroot folder in the GFI MailEssentials installation path Administration and configuration manual Routine Administration e 21 irtual Directory Creation Wizard Virtual Directory Access Permissions Set the access permissions for this virtual directory Screenshot 9 Setting permissions 4 Next you need to set the access permissions Check the Read and Run Scripts such as ASP checkboxes only Make sure all the other checkboxes are unchecked Click Next and on the finish page click Finish to finish the Virtual Directory Creation Wizard 5 Right click on the newly created virtual directory located under the web root of your website server and select Properties from the context menu 22 e Routine Administration Administration and configuration manual AWI Properties 24x Virtual Directory Documents Directory Security HTTP Headers Custom Errors The content for this resource should come from A directory located on this computer A share located on another computer C A redirection to a URL Local path C Program Files GFI MailEssentials aw Browse J Script source access V Log visits V Read IV Index this resource T Write Tl Directory browsing Application settings Application name
114. n the email to the Newsletter Adding subscribers to the list NOTE It is highly recommended that users subscribe to the list by sending an email themselves to the subscribe newsletter discussion address Adding users to lists without their explicit permission might generate spam complaints 1 Right click the list to set permissions for and select Properties Newsletter Properties Ea General Database Footer Permissions Subscribers XS List of subscribers The list below contains the complete list of subscribers for this list Use the buttons on the right to modify the subscriber list Add Remove Edit amp peter north othercompany com There are a total of 2 subscribers on this list x e e Screenshot 74 Entering subscribers to the newsletter 2 In the Subscribers tab click Add button 3 Key in Email Address First name Last name and Company fields and click OK button The new subscriber email address will be added to the Email list NOTE 1 First name last name and company fields are optional NOTE 2 Select the user and click the Remove button to remove 92 e Customizing GFI MailEssentials Administration and configuration manual subscribers from the list NOTE 3 To remove users from the subscription list table when unsubscribing from the list and not just flag them as unsubscribed select the Delete from database when user unsubscribes checkbox 4 5 3 Using newsletters
115. nd spam or Total spam captured per spam filter or both 5 Finalize settings by selecting Apply and OK Recipient spam digest 1 Select Anti Spam gt Spam Digest gt Properties 18 Routine Administration Administration and configuration manual Spam Digest Properties Screenshot 7 Recipient spam digest 2 From the Recipient Digest tab select Spam recipient spam digest to enable spam digest 3 Configure the desired sending frequency from Sending schedule 4 Specify the digest content that will be sent in the email e Total count of processed email and spam e Total spam captured per spam filter List of blocked spam or any combination of options as required Administration and configuration manual Routine Administration e 19 Spam Digest Properties x Administrator Digest Recipient Digest Recipients list Specify which recipients should or should not receive the spam digest via email For the recipient digest specify the inbound domain recipients that should or should not receive the spam digest niy users listed below should receive the recipient spam digest C Allusers except the ones listed below will receive the recipient spam digest Email Address 45 reuben master domain com HG john master domain com 45 olaf master domain com Import Add Remove Wud Expott Cancel Apply Screenshot 8 Spam digest recipient list 5 Click on the R
116. nd therefore the configured transport rules will not be applicable To create a Transport Rule in Exchange 2007 2010 1 Launch the Microsoft Exchange Management Console 2 Navigate to Microsoft Exchange gt Organization Configuration gt Hub Transport and select the Transport Rules node 3 Click on New Transport Rule to launch the wizard 4 Type a name for the new rule e g GFI MailEssentials SPAM and click Next 5 In the Conditions area select the option When the Subject field contains specific words 6 In the Edit rule area click Specific Words to enter the words used for tagging Type the tag specified in the Spam Actions of each Spam filter and click Add e g SPAM Click OK when all words are added and click Next Administration and configuration manual Miscellaneous e 119 7 In the Actions area select the option Set the spam confidence level to value 8 In the Edit rule area click 0 and set the confidence level to 9 Click OK and click Next 9 Optional Set any exceptions to this transport rule and click Next 10 Click New to create the new Transport Rule NOTE Ensure that the Junk E Mail folder is enabled for the users mailboxes The transport rule created will now forward all emails which contain the GFI MailEssentials tag to the users Junk E mail folder 5 9 Tracing GFI MailEssentials can create logs for debugging purposes When enabled GFI MailEssentials stores logs in folder DebugLogs
117. ne Administration 23 Authentication Methods x Use the Following Windows user account For anonymous access IUSR_WIN2KSENTS R BROWSE User name Password CO Authenticated access For the Following authentication methods user name and password are required when anonymous access is disabled or access is restricted using NTFS access control lists I Integrated Windows authentication J Digest authentication for Windows domain servers I Basic authentication password is sent in clear text NET Passport authentication DeEfaull Gomainy Realm Screenshot 11 Select authentication method 9 Check the Integrated Windows authentication checkbox recommended if installed on the internal network OR Basic Authentication checkbox if installed in the DMZ Ensure that the Enable anonymous access checkbox is unchecked NOTE 1 If using Integrated Windows authentication then authentication will occur against Active Directory This means you do not need to configure additional users If you use basic authentication authentication will occur against the local user database on the machine In this case create usernames and passwords on that local machine For more information on securing IIS please review the IIS documentation NOTE 2 Be sure you do NOT allow anonymous access 10 Click OK to finalize your configuration Installing GFI MailEssentials Archive Web
118. ng blacklist commands to add a single email address or an entire domain to the email blacklist Available commands are Administration and configuration manual Miscellaneous e 113 e ADDBLIST lt email gt o Example ADDBLIST user somewhere com NOTE 1 Add an entire domain to the blacklist by specify a wildcard before the domain e Example ADDBLIST domain com NOTE 2 For security reasons there can be only one ADDBLIST command in an email and only one address can be specified as the command parameter The parameter is either a user email or a domain e Example spammer spam com or spammers org NOTE 3 Wildcards cannot be used in domain names e Example domain com will be rejected as invalid 5 7 5 Bayesian filter commands Add spam email or valid email ham to the Bayesian filter database Available commands are e ADDASSPAM instructs Bayesian filter to classify email as spam e ADDASGOODMAIL instructs Bayesian filter to classify email as HAM NOTE These commands do not have parameters the rest of the email is the parameter Examples e Example 1 Through this example the user adds spammer spamhouse com to the blacklist and add a few keywords to subject keyword checking database From max max com 192 168 206 1 GA To frcommands mailessentials local GA Ce Subject Subject is ignored so you can put anything here or leave it blank Arial hoz E B Z U A E PASSWORD
119. nload interval in hours which determines how often the slave server checks for updates on the master server and downloads them NOTE The hourly interval for upload and download cannot be set to the same value The hourly interval can be set to any value between 1 and 240 hours It is recommended that the download interval is configured to a smaller value than the upload interval and that the same interval settings for all the slave servers are set for all slave servers configured e Example If the download interval is set to 3 hours and the upload interval is set to 4 hours This way downloads are more frequent than uploads 7 Click the OK button to save the settings 5 4 GFI MailEssentials Configuration Export Import Tool The Configuration export import tool requires that the following steps are followed in the order below Step 1 Export existing GFI MailEssentials configuration settings Step 2 Manually copy the exported settings to the machine where you have recently installed GFI MailEssentials Step 3 Import settings to new GFI MailEssentials installation IMPORTANT When importing settings any GFI MailEssentials installation settings on the target installation are overwritten 5 4 1 Exporting GFI MailEssentials configuration settings GFI MailEssentials provides two methods of exporting configuration settings Via_the GFI MailEssentials Configuration Export Import_tool_ user interface Via the GFI MailEssentials Configu
120. nnot therefore be preset Although key filters like SpamRazer are enabled by default it is recommended that after installing GFI MailEssentials the rest of the anti spam filters and filtering mechanisms are reviewed and enabled accordingly For more information refer to the Anti spam filters chapter in this manual Anti Spam actions A number of actions can be triggered by anti spam filters on detection of spam email These actions determine what will happen to email spam detected and are configurable on a filter by filter basis Anti spam filter actions supported are e Tag spam email e Move email spam to a central folder e Move email spam to public folders e Moving email spam to Junk E mail folder e Forward email spam it to a specific email address e Delete spam Default Anti Spam actions The default action taken when GFI MailEssentials blocks a spam email depends where the software is installed GFI MailEssentials Deliver email in When a filter blocks a spam installed on the same Exchange mailbox email the email is moved to a computer as Microsoft sub folder sub folder in Inbox named Exchange Suspected Spam GFI MailEssentials not Tagging Anti spam filters adding the installed on the same prefix SPAM in the subject machine as Microsoft field of spam emails Tagged Exchange emails are still delivered in the user s Inbox For more information about anti spam actions refer to the Spam Actions What to do with spam email se
121. now No transfers Last update not available I Cancel Apply Screenshot 84 Configuring a slave server 3 From the Slave tab check This GFI MailEssentials server is a slave server checkbox and specify the full URL to the virtual directory hosted on the master server in the URL field e Example http master domain com messas 4 In the Port field specify the port used by the master server to accept HTTP communications NOTE By default it is set to port 80 which is the standard port used for HTTP 5 Check Credentials required checkbox and key in the username password used to authenticate with the master server 6 Select e Manual Upload and download the anti spam settings archive file manually To upload the anti spam settings of the slave server to the master server click Upload now button To download the updated merged anti spam settings from the master server click Download now button 106 e Miscellaneous Administration and configuration manual m Anti spam data transfers Automatic Upload every 8 hours C Manual Download every 4 hours Screenshot 85 Upload download hourly interval setting e Automatic Configures the anti spam synchronization to occur automatically In the Upload every field specify the upload interval in hours that determines how often the slave server will upload its anti spam settings to the master server In the Download every field specify the dow
122. nt notes 1 Enable at least one of the available Whitelist to use the New Senders function In the absence of the Whitelist functions should no spam be detected by the other filters received messages will be delivered to the recipients Inbox ONLY emails in which no spam was detected and whose senders are not present in the Whitelist are delivered in the New Senders folder Configuring New Senders Filter 1 Select Anti Spam gt New Senders gt Properties New Senders Properties Ea New Senders Properties Exceptions Actions Other me Configure New Senders The New Senders module automatically identifies emails which have been sent from senders to whom you have never sent emails These emails could be legitimate senders or else spam which were not detected by the GFI MailEssentials spam filters Please note that for the New Senders to work there has to be at least one whitelist enabled from the Whitelist configuration node i Please note that for the New Senders to work there has to be at least one Whitelist enabled from the Whitelist configuration node Screenshot 54 New Senders properties 2 In the New Senders Properties tab check the Enable New 72 e Customizing GFI MailEssentials Administration and configuration manual Senders checkbox to enable the check for new senders on all inbound messages and click on Apply button New Senders Properties x New Senders Properties Exceptions Actions Ot
123. ntries Show manually entered if Search Add Remove Email Address Domain afisoftware com ofisoftware de Import did Export MIME E TO FROM SMTP TO FROM Cancel Apply Screenshot 36 Search whitelisted email addresses and domains 4 To search in the list of whitelisted email addresses and domains type any search criteria in the Search text box Matching entries are automatically displayed underneath 52 Customizing GFI MailEssentials Administration and configuration manual Whitelist Properties xi Keyword Whitelist Subject IP Whitelist Actions Whitelist Auto Whitelist Keyword Whitelist Body Automatically whitelist recipients of outbound email genssesseesensensenssessnssensensesssensensnssnseessensesssssssensesssnssenscnsensenney This option instructs the auto whitelist module to automatically save the recipients of outbound email to the auto whitelist Maximum entries allowed in the Auto Whitelist 20000 There are currently 0 entries in the Auto Whitelist J Enable Email Auto Whitelist This option instructs the Email whitelist module to also make use of the Auto Whitelist when processing inbound email Cancel Apply Screenshot 37 Auto Whitelist options 5 Select the Auto Whitelist tab to configure the following auto whitelist options e Populate Auto Whitelist automatically If this option is selected the des
124. on e Select Move to to move spam email to a folder in the mailbox Key in the folder path where to save the spam email If you specify Inbox Spam then a spam folder will be created in the Inbox folder If you specify just Spam then the folder will be created at the top level same level as Inbox 4 Click Apply to save the set rules Managing multiple rules More than one rule can be set on the same mailbox Example Delete emails tagged with Phishing and move emails tagged with SPAM to Inbox Spam folder 1 Double click on a mailbox to launch the Rules dialog 118 Miscellaneous Administration and configuration manual Subject contains Action Folder Add rule Edit rule Delete rule Screenshot 98 List of rules in Rules Manager 2 A list of rules applicable to the selected mailbox is displayed Click Add rule to add a new rule Select a rule and click Edit rule to change settings of the selected rule Select a rule and click Delete rule to delete the selected rule w Click Apply to save settings 5 8 2 Microsoft Exchange 2007 2010 To configure Microsoft Exchange 2007 2010 to forward tagged emails to the user s Junk E mail mailbox folder a Transport Rule needs to be created IMPORTANT In GFI MailEssentials Spam Actions select the Tag the email with specific text option only If you select any other action the emails detected as spam will not reach the mailbox of the user a
125. on GFI AntiSpam folders This way users will only be able to post to the folders without viewing existing posts not even the ones they posted themselves To configure user privileges and hide posts for unauthorized users do as follows Microsoft Exchange 2000 2003 1 From the Microsoft Exchange System Manager expand Folders gt Public Folders node 2 Right click GFI AntiSpam Folders public folder and select Properties 3 Select the Permissions tab and click Client permissions 4 Click Add and select the user group to hide the posts from and click OK 5 Select user group configured earlier to the client permissions list and set its role to Contributor 6 Ensure that only the Create items checkbox is selected and the radio buttons are set to None 7 Click OK to finalize your configuration 8 From the Microsoft Exchange System Manager right click GFI AntiSpam Folders and select All tasks gt Propagate settings 9 Select Folder rights checkbox and click OK Microsoft Exchange 2007 2010 1 From Microsoft Exchange Management Shell key in the following command ReplaceUserPermissionOnPFRecursive psl Server server TopPublicFolder GFI AntiSpam Folders User Default Permissions Contributor Replace server with the full computer name 2 When prompted key in y to confirm permissions for each folder This command will set the default permissions for the GFI 10 e Recommended post instal
126. on manual 3 7 8 User Communications The User communications report enables you to review information on what kind of emails each user has sent Once a user communications report is generated the user record can be expanded to list the subject of sent or received emails Mail with the same subject is grouped These emails can be further expanded to reveal when and to whom email with that subject was sent Important notes 1 This report is a complex report that might take time to generate It is recommended that you limit the range to a specific user or to a particular date range GFI MailEssentials Reporter Eigi Lx Eile Tools Reports Help Composite User Communications Report Email IN Size IN No of Emails OUT Size OUT No of Emails Administrator master domain com 643 40 KBytes 703 0 00 KBytes 0 o jackh master domain com 11 03 KBytes 7 0 00 KBytes 0 Q notification gfi mailsecurity detected a threat in your email 6 49 KBytes 4 E a adcministrator master domain com 1 62 KBytes 14 11 2009 12 23 02 a administrator master domain com 1 62 KBytes 1411 2009 12 23 30 a administrator master domain com 1 62 KBytes 1441 2009 12 26 59 a administrator master domain com 1 62 KBytes 141112009 12 28 30 test 1 88 KBytes 16 notification gfi mailsecurity detected a threat 1 64 KBytes 4 G spam 100 free found word s 100 free in the subject 1 02 KBytes 4 E l adam external com 1 02 KBytes 01 11 2009 09 38 13 jsmith m
127. ons e Sort column Sort the report by date total spam processed keyword checking etc e Multi Page report Specify the number of days per page Filter options e Specific Email Limit report to a specific email address e Date Range Limit report to a specific date range When all report options are selected click Report to generate report 3 7 4 Anti Spam Rules Report The Anti spam Rules Report shows how much spam email each anti spam method caught 28 e Routine Administration Administration and configuration manual GFI MailEssentials Reporter OF x File Tools Reports Help Anti Spam Rules Report Blacklist Header Checking Number of numbers in MIME From exceeds maximum threshold Keyword Checking Found word s in the subject Found word s in the Text body Bayesian Analysis DHS Blacklist SPF null Directory Harvesting Local recipient does not exist SURBL Hew Senders Sender email unknown PURBL null SpamRazer Copyright GFI Software Ltd Screenshot 16 Anti spam Rules Report Report Options e Specific Email Limits the report to a specific email address e Date Range Limits the report to a specific date range When all report options are selected click Report button to generate report 3 7 5 User Usage Statistics The user usage statistics report gives an overview of how many emails users send or receive and how large their sent or received emails are Administration
128. ons What to do with spam email chapter of this manual If GFI MailEssentials is NOT installed on the Microsoft Exchange Server spam emails cannot be routed to a specific user s mailbox folder through the Spam Actions However emails can still be routed to the user s mailbox as described below 5 8 1 Microsoft Exchange Server 2000 2003 GFI MailEssentials includes a Rules Manager utility that automatically moves emails tagged as spam to the users mailbox NOTE The Rules Manager will only run on Windows 2000 and higher IMPORTANT To use the Rules Manager in Spam Actions select the Tag the email with specific text option and specify a tag Install Rules Manager on the Microsoft Exchange Server 1 From the GFI MailEssentials machine navigate to the GFI MailEssentials installation folder 2 Copy the following files to a folder on the Microsoft Exchange Server e rulemgmtres dll 116 e Miscellaneous Administration and configuration manual rulemgmt exe rule dll gfi_log dll 3 From the Microsoft Exchange Server open command prompt and change the directory to the location where the Rules Manager files were copied 4 In command prompt type regsvr32 rule dll 5 On confirmation click OK Launch the Rules Manager 1 From the Microsoft Exchange Server navigate to the location where the Rules Manager files were copied and open rulemgmt exe 2 Select a Microsoft Outlook profile MAPI profile or create a new
129. ox Use this option to route spam to the user s Inbox o In Exchange junk email folder Use this option to route all spam to the user s default Junk E mail folder 74 e Customizing GFI MailEssentials Administration and configuration manual o In Exchange mailbox sub folder Use this option to route all spam to a specific folder in the user s mailbox Click Configure to launch the Move to Exchange folder dialog and type the folder where to move spam email Example 1 Type Suspected Spam for a custom folder to be created in the same level of the Inbox folder Example 2 Type Inbox Suspected Spam for a custom folder to be created in the Inbox folder NOTE 1 This option requires that GFI MailEssentials is installed on the Microsoft Exchange Server machine If GFI MailEssentials is not installed on the Microsoft Exchange Server refer to the Moving spam email to user s mailbox folders chapter in this manual Active Directory mode is enabled Microsoft Exchange Server 2000 2003 or Microsoft Exchange Server 2007 2010 with the Mailbox Server Role present NOTE 2 For Microsoft Exchange 2010 a dedicated user is required to enable this option In the Actions dialog click Configure and click Specify user account to specify the dedicated user In the Move to Exchange configuration dialog select one of the following options Do not move spam to subfolders in user mailboxes Select this option to disable spam emails
130. p id KBID003459 and http support microsoft com kb 916299 3 Receiving Spam emails from my Some Spam emails contain a fake FROM email address domain consisting of the same domain as the recipient This may seem as if the email is coming from a local user 1 Configure the Sender Policy Framework filter to block emails originating from spoofed addresses 2 Create an SPF record for your domain For more information refer to http kbase gfi com showarticle asp id KBID003567 3 Ensure that Sender Policy Framework module is configured to run at a higher priority than the Whitelist module For more information refer to chapter Sorting anti spam filters by priority 4 Error when receiving emails Body This error occurs when email are relayed from the IIS SMTP server type not supported by Remote Host to the Microsoft Exchange server This happens because Microsoft Exchange Server versions 4 0 5 0 and 5 5 are not able to handle 8 bit MIME messages For instructions how to turn off 8BITMIME in Windows Server 2000 2003 refer to http support microsoft com default aspx scid kb en us Q262168 5 Processing of emails is very slow This may occur when there are DNS issues in the network If DNS is not working correctly the DNS lookups made by some anti spam filters in GFI MailEssentials will timeout For more information refer to http kbase gfi com showarticle asp id KBID001770 6 5 Archiving and Reporting 1
131. r details click on the Proxy Settings button below Configure proxy server Port Settings The port settings required for the updates can be found in the following GFI Knowledge Base article http kbase gfi com showarticle asp id KBID002184 Apply Cancel Screenshot 89 Configuring automatic updates 1 To configure automatic updates right click General gt General Settings node select Properties and click on Updates tab e Specify the updates server used to check for and download any Bayesian spam filter updates and Anti Phishing updates e Specify the number of consecutive update failures before sending an email notification e To download updates using a proxy server click Configure proxy server In the Proxy Settings dialog specify the settings of the proxy server 2 Click OK to finalize your configuration 5 6 Selecting the SMTP Virtual Server to bind GFI MailEssentials In case of multiple SMTP virtual servers it might be required that GFI MailEssentials is bound to new or different SMTP Virtual Servers NOTE The SMTP Virtual Server Bindings tab is not displayed if you installed GFI MailEssentials on a Microsoft Exchange Server 110 e Miscellaneous Administration and configuration manual 2007 2010 machine 5 6 1 Binding GFI MailEssentials to SMTP Virtual Servers 1 Right click General gt General Settings node select Properties and click Bindings tab General Settings Propert
132. rate tracking number in subject to enable the generation of tracking numbers in the auto replies NOTE This feature enables for example customers to reply quoting a tracking number that enables staff to track emails in a more coherent manner 11 Click OK button to finalize settings By default tracking numbers are generated using the following format ME YYMMDD nnnnnn Where e ME GFI MailEssentials tag e YYMMDD Date in year month and date format e nmnnnnn automatically generated tracking number 86 e Customizing GFI MailEssentials Administration and configuration manual 4 5 List servers List servers enable the creation of two types of distributions lists 1 Anewsletter subscription list Used for creating subscription lists for company or product newsletters to which users can either subscribe or unsubscribe 2 A discussion list Enables groups of people to hold discussions via email with each member of the list receiving the email that a user sends to it 4 5 1 Creating a newsletter or discussion list 1 From the GFI MailEssentials configuration console right click Email Management P List Server node and select New gt Newsletter or Discussion List taal Configure the list name domain and additional options for this list amp List name Company Activities Which domain will the list use Only relevant if you have multiple domains master domain com ba List email address
133. ration Export Import tool command line tool Exporting settings via User interface 1 Double click meconfigmgr exe located in the root folder of the GFI MailEssentials installation Administration and configuration manual Miscellaneous e 107 Mf GFI MailEssentials Configuration Export Import Tool x Use this tool to export the GFI MailEssentials configuration files to a specific location or to import an exported configuration back into GFI MailE ssentials Output Export Import Exit Screenshot 86 GFI MailEssentials Configuration Export Import Tool 2 Click Export button In the Browse for Folder dialog choose a folder to export the GFI MailEssentials configuration settings and click OK 3 On completion click the Exit button Exporting settings via the command line 1 From the command prompt browse to the GFI MailEssentials installation root folder 2 Key in meconfigmgr export c MailEssentials Settings verbose replac NOTE Replace C MailEssentials Settings with the desired destination path a GFI MailEssentials Configuration Export Import Tool Copying C Program Files GFI MailEssentials config mdb gt C MailEssentials sH ettings config mdb Done E Copying C Program Files GFI MailEssentials autowhitelist mdb gt C MailEssen tials Settings autowhitelist mdb Done Copying C Program Files GFI MailEssentials Data weights bsp gt C MailEssen
134. real users the majority of these messages is invalid and consequently floods the victim s email server GFI MailEssentials stops these attacks by blocking emails addressed to users not in the organizations Active Directory or email server Directory harvesting can either be configured to execute when the full email is received Transport sink or at SMTP level i e on receiving the sending IP email and recipients SMTP protocol sink SMTP level Administration and configuration manual Customizing GFI MailEssentials 55 filtering terminates the email s connection and therefore stops the download of the full email economizing on bandwidth and processing In this case the connection is terminated immediately and emails are not required to go through any other anti spam filters This filter is NOT enabled by default on installing GFI MailEssentials Configuring Directory Harvesting Directory Harvesting is set up in two stages Stage 1 Configuring Directory Harvesting properties Stage 2 Selecting the Directory Harvesting method Stage 1 Configuring Directory Harvesting properties 1 Select Anti Spam Anti Spam Filters gt Directory Harvesting gt Properties and click on Enable directory harvesting protection option Directory Harvesting Properties Ed General Actions Other This plug in checks if the SMTP recipients of incoming mail are real users or the result of a directory harvesting attack IV Enabl
135. rformed on the company s email and therefore is tailored to that particular company e Example A financial institution might use the word mortgage many times and would get many false positives if using a general anti spam rule set On the other hand the Bayesian filter if tailored to your company through an initial training period takes note of the company s valid outbound email and recognizes mortgage as being frequently used in legitimate messages it will have a much better spam detection rate and a far lower false positive rate Creating the Bayesian spam database Besides ham email the Bayesian filter also relies on a spam data file This spam data file must include a large sample of known spam In addition it must also constantly be updated with the latest spam by the anti spam software This will ensure that the Bayesian filter is aware of the latest spam trends resulting in a high spam detection rate How is Bayesian filtering done 132 e Appendix 2 Bayesian Filtering Administration and configuration manual Once the ham and spam databases have been created the word probabilities can be calculated and the filter is ready for use On arrival the new email is broken down into words and the most relevant words those that are most significant in identifying whether the email is spam or not are identified Using these words the Bayesian filter calculates the probability of the new message being spam If the pro
136. rity SMTP Transmission Filtering i y Specify if Directory Harvesting will filter spam during SMTP EJ transmission The Directory Harvesting spam filter can be run either when the full email is received or during SMTP transmission of the incoming email Filtering during SMTP transmission is done by checking if the email recipients exist before the email body amp attachments are received Status Filtering on receiving full email Switch to SMTP transmission filtering i When Directory Harvesting runs during SMTP transmission it will always execute before the other spam filters Screenshot 41 Anti spam ordering dialog 2 Click the button to switch between e Switch to full email filtering Filtering is done when the whole email is received e Switch to SMTP transmission filtering Filtering is done during SMTP transmission by checking if the email recipients exist before the email body and attachment are received NOTE If this option is chosen Directory Harvesting will always run before the other spam filters 3 Click OK to finalize your configuration 4 2 7 Email Blacklist The Blacklist is a custom database of email addresses and domains from which you never want to receive emails This filter is enabled by default on installing GFI MailEssentials Configuring Email Blacklists Select Anti Spam gt Anti Spam Filters gt Email Blacklist gt Properties 58 e Customizing GFI MailEs
137. rma stanford edu jos bayes Bayesian Parameter Estimation html http www niedermayer ca papers bayesian bayes html This same technique is used by GFI MailEssentials to identify and classify spam The loci is that if a snippet of text frequently occurs in spam emails but not in legitimate emails it would be reasonable to assume that this email is probably spam Creating a tailor made Bayesian word database Before Bayesian filtering is used a database with words and tokens for example sign IP addresses and domains etc must be created This can be collected from a sample of spam email and valid email referred to as ham Administration and configuration manual Appendix 2 Bayesian Filtering e 131 Figure 3 Creating a word database for the filter A probability value is then assigned to each word or token this is based on calculations that account for how often such word occurs in spam as opposed to ham This is done by analyzing the users outbound email and known spam All the words and tokens in both pools of email are analyzed to generate the probability that a particular word points to the email being spam This probability is calculated as per following example If the word mortgage occurs in 400 out of 3 000 spam emails and in 5 out of 300 legitimate emails then its spam probability would be 0 8889 i e 400 3000 5 300 400 3000 Creating a custom ham email database The analysis of ham email is pe
138. rst register your license keys in our Customer Area at http customers gfi com GFI endeavors to answer your query within 24 hours or less Administration and configuration manual Troubleshooting amp support e 127 depending on your time zone 6 15 Build notifications It is highly recommended that you subscribe to the build notifications list so that you are immediately notified about any new product builds To subscribe to our build notifications visit http Awww gfi com pages productmailing htm 6 16 Documentation If this manual does not satisfy your expectations or if you think that this documentation can be improved in any way let us know via email on documentation gfi com 128 e Troubleshooting amp support Administration and configuration manual 7 Appendix 1 How does GFI MailEssentials work 7 1 Inbound mail filtering Inbound mail filtering is the process through which incoming email are filtered before delivery to users D N Incoming message GFI MailEssentials Anti Spam Reporting Auto reply Actions Database message User Mailbox Figure 1 Inbound mail filtering When an email is received Oi Directory Harvesting filter is configured to execute at SMTP level it checks the recipient s email address If the recipient s email address is not found the email is blocked Othe email is checked to see if it is addressed to a list in the list server If the email matches a
139. s aging while burning fat without dieting or exercise And it s Guaranteed Doctor Formulated HGH Enhance sexual performance Remove wrinkles and cellulite Restore hair color and growth Strengthen the immune system Increase energy and cardiac output i Screenshot 94 Adding spam to the Bayesian filter database e Example 4 When Shared Password checkbox is unchecked remote commands can be sent without a password Administration and configuration manual Miscellaneous e 115 To rcommands mailessentials local c Bec No Subject PO ADDBLIST spamsender spam com Screenshot 95 Sending remote commands without security 5 7 6 Remote command logging To keep track of changes made to the configuration database via remote commands each email with remote commands even if the email with remote commands was invalid is saved under the ADBRProcessed subfolder located in GFI MailEssentials root folder The file name of each email is formatted according to the following format e lt sender_email_address gt _SUCCESS lt timestamp gt eml in case of successful processing e lt sender_email_address gt _FAILED_ lt timestamp gt eml in case of failure NOTE Timestamp is formatted as yyyyddmmhhmmss 5 8 Moving spam email to user s mailbox folders When GFI MailEssentials is installed on the Microsoft Exchange Server spam emails can be saved in a users mailbox folder as described in Spam Acti
140. s this process through two features that keep multiple GFI MailEssentials installations synchronized e Anti spam Synchronization Agent This service takes care of keeping anti spam settings synchronized between GFI MailEssentials installations using the Microsoft BITS service The Anti Spam Synchronization Agent works as follows 1 A server machine hosting GFI MailEssentials is configured as the master server 2 The other server machines where GFI MailEssentials is installed are configured as slave servers 3 The slave servers upload an archive file containing the anti spam settings to an IIS virtual folder hosted on the master server via the BITS service 4 When the master server has collected all the slave servers anti spam data the data is extracted from the individual archives and merged into a new up to date anti spam settings archive file 5 The slave servers download this updated anti spam settings archive file and take care of extracting it and updating the local GFI MailEssentials installation to make use of the new settings NOTE 1 The servers that collaborate in the synchronization of anti spam settings must all have GFI MailEssentials 14 1 installed NOTE 2 The files uploaded and downloaded by the anti spam synchronization agent are compressed to limit the traffic on the network Refer to the Anti spam synchronization agent configuration section in this manual for detailed instructions on how to set up th
141. sentials Administration and configuration manual Email Blacklist Properties xi Blacklist Actions Specify list of email addresses whose emails will always be blocked as spam Email Address Domain Add sexymailer com list adult newsletter com Remove Import Export ui MIME TO FROM Cancel Apply Screenshot 42 The email blacklist 2 Click Add to add a blacklisted domain or email address Enter Email Address Domain xi amp Enter the email address or domain to use Email Address D omain ic sexy com eg someone companysales com eg companysupport com eg companysupport com eg com Check MIME TO Check MIME FROM Cancel Screenshot 43 Adding a blacklisted email entry 3 In the Enter Email Address Domain dialog specify a full email address or an entire domain for example spammer com or an entire domain suffix for example tv Also specify which email header field is to be matched for the emails to blacklist by clicking Administration and configuration manual Customizing GFI MailEssentials e 59 Check MIME TO or Check MIME FROM 4 To search in the list of blacklisted email addresses and domains type any search criteria in the Search text box Matching entries are automatically displayed underneath 5 Select Actions or Other tab to select the actions to perform on spam For a more informat
142. started password error occurred while trying to 5 For more information on how to solve this issue refer to connect to POP3 server error http kbase gfi com showarticle asp id KBID001805 2 Clients connected to Microsoft Connect to Microsoft Exchange using IMAP Exchange via POP3 are not able to View mails blocked as SPAM For more information on how to solve this issue refer to http kbase gfi com showarticle asp id KBID002644 3 Auto updates fail however manual Ensure that un authenticated connections are allowed from the GFI download via the GFI MailEssentials MailEssentials machine to http update gfi com on port 80 configuration works fine For more information on how to solve this issue refer to http kbase gfi com showarticle asp id KBID002116 4 Configuration data cannot be Ensure that the GFI MailEssentials version and build is identical 126 e Troubleshooting amp support Administration and configuration manual imported across both source and target installations For more information on how to solve this issue refer to http kbase gfi com showarticle asp id KBID003182 5 Remote commands do not work For information on how to solve this issue refer to http kbase gfi com showarticle asp id KBID001806 6 11 Knowledge Base GFI maintains a comprehensive Knowledge Base repository which includes answers to the common user problems If the information in this manual does not help you solve your install
143. sure effective filtering If however you send and receive mostly English emails then a minimum recommendation of 2500 HAM and spam email should be enough to ensure effective filtering Cancel Apply Screenshot 45 Bayesian analysis properties 1 From the GFI MailEssentials configuration console select Anti Spam P Anti Spam Filters gt Bayesian Analysis gt Properties From the General tab select Enable Bayesian Analysis checkbox 2 Ensure that Automatically learn from outbound emails option is enabled This continuously updates the legitimate email database with data from outbound emails 3 In the Updates tab configure the frequency of updates to the spam database by enabling Automatically check for updates and configuring an hourly interval NOTE 1 Click the Download updates now button to immediately download any updates NOTE 2 For more information on how to select preferred servers and how to download updates using a proxy server refer to Configuring automatic updates of this manual 4 Click Actions or Other tab to select the actions to perform on messages identified as spam For information on the actions to perform refer to the Spam Actions What to do with spam email section in this manual 5 Click OK to finalize your configuration 62 e Customizing GFI MailEssentials Administration and configuration manual 4 2 9 DNS blacklists DNSBL GFI MailEssentials supports a number of DNS blacklists These SMTP
144. t ials Settings weights bsp Done Copying C Program Files GFI MailEssentials userlist mdb gt C MailEssentials Settings userlist mdb rogram Files GFI MailEssentials data reports mdb gt C MailEssent rveports mdb Done press lt Enter gt to continue Screenshot 87 Exporting settings via command line e The verbose switch instructs the tool to display progress while copying the files 108 Miscellaneous Administration and configuration manual e The replace switch instructs the tool to overwrite existing files in the destination folder 5 4 2 Importing GFI MailEssentials configuration settings GFI MailEssentials provides two methods of importing configuration settings Via_the GFI MailEssentials Configuration Export Import_tool_ user interface Via the GFI MailEssentials Configuration Export Import tool command line tool Importing settings via user interface 1 Double click meconfigmgr exe located in the root folder of the GFI MailEssentials installation 2 Click Import button choose the folder which contains the exported GFI MailEssentials configuration settings and click OK 3 On completion click Exit button Importing settings via the command line 1 Stop IIS Admin and GFI MailEssentials Managed Attended services by running services msc and stopping services 2 From a command prompt browse to the GFI MailEssentials installation root folder 3 Key in
145. t fall beyond the scope of the previous two chapters These include setting up the P2E feature email monitoring and remote commands Chapter 5 A troubleshooting and support section where information on how to solve common problems is given Appendices Gives additional information related to how spam filtering and Bayesian filtering work and information on MSMQ 1 3 Licensing For information on licensing refer to http www gfi com products gfi mailessentials pricing licensing 1 4 Minimum Requirements amp Installation For information on system requirements and installation refer to the GFI MailEssentials Getting Started Guide http Awww gfi com mes mes14qsgmanual pdf 2 e About GFI MailEssentials Administration and configuration manual 2 Recommended post install actions 2 1 Introduction About anti spam filters Out of the box GFI MailEssentials includes a number of specialized anti spam filters Each one of these filters target one or more types of spam The filters which ship with GFI MailEssentials are listed below Filter SpamRazer Directory Harvesting Phishing Sender Policy Framework Auto Whitelist Whitelist Email blacklist DNS blacklists Spam URI Realtime Blocklists Header checking Keyword checking New Senders Bayesian analysis Description An anti spam engine that determines if an email is spam by using email reputation message fingerprinting and content ana
146. text amp character set conversion HTML Disclaimer Click Edit HTML to insert an HTML disclaimer Import Esport Select how disclaimer should be set if the specified disclaimer is not representable in the email body s character set Convert to unicode UTF 8 Recommended C Use HTML encoding Use character set of email body OK Cancel Apply Screenshot 62 HTML disclaimer 4 To add a disclaimer in HTML format select the HTML tab Click Edit HTML to launch the HTML disclaimer editor and edit the HTML disclaimer text Edit HTML Editor Iof x Close Edit Yiew Format Insert Disclaimer for domain master domain com i m 4 Screenshot 63 The HTML disclaimer editor NOTE 1 For HTML disclaimers use the editor like a simple word processing application Insert variables using the Insert menu option Variables are replaced with the real recipient or sender name in the email Include the following fields in the disclaimer text e Date 82 e Customizing GFI MailEssentials Administration and configuration manual e Sender Name e Sender Email e Recipient Name e Recipient Email NOTE 2 The recipient display name and email address variables will only be replaced if the email is sent to a single recipient If emails are sent to multiple recipients the variables are replaced with recipients 5 Click Close to add the HTML disclaimer 6 Specify the encodin
147. tination email addresses of outbound emails are automatically added to the whitelist e Maximum entries allowed in Auto Whitelist Specify the number entries allowed in Auto Whitelist When the limit specified is exceeded the oldest entries are automatically replaced by the new entries e Enable Email Auto Whitelist If this option is selected incoming emails are scanned emails and the senders are matched against the auto whitelist If the sender is present in the list the email is forwarded directly to the recipient s Inbox NOTE Auto whitelist entries can be viewed in the Whitelist tab by selecting the Show automatically entered option from the Filter whitelist entries dropdown Administration and configuration manual Customizing GFI MailEssentials o 53 Whitelist Properties xi Whitelist Auto whitelist Keyword Whitelist Body Keyword Whitelist Subject IP Whitelist Actions ax Specify email subject keywords that classify email as not spam IV Enable email subject keyword whitelist Keyword Phrase MailEssentials Add Remove Edit Import iadi Export OK Cancel Apply Screenshot 38 Whitelisting keywords 6 Select the Keyword Whitelist Subject or Keyword Whitelist Body tabs to specify keywords that flag emails as ham valid email and automatically allows the email to skip all the anti spam filters Specify new keywords by clicking Add button or use the Remove
148. tion manual Header Checking Properties Ea General General contd Languages Actions Other 5 Specify which checks to perform on email header Mail can be identified as spam by analyzing the fields of an email header SMTF fields are specified by the SMTP server whereas MIME fields are specified by the client IV Checks if the email header contains an empty MIME FROM field IV Checks if the email header contains a malformed MIME FROM field I Maximum number of recipients allowed in email 20 I Marks emails with different SMTP TO and MIME TO fields in the email addresses as spam IV Check if email contains remote images only Minimum HTML body size 51 2 bytes Cancel Apply Screenshot 50 Header checking general tab 2 In the General and General Contd tabs enable disable or configure the following parameters e Checks if the email header contains an empty MIME FROM field Checks if the sender has identified himself in the From field If this field is empty the message is marked as spam e Checks if the email header contains a malformed MIME FROM field Checks if the MIME from field is a correct notation if the header matches the RFC e Maximum number of recipients allowed in email Identifies emails with large amounts of recipients and flags them as SPAM e Marks email with different SMTP TO and MIME TO fields in the email addresses as spam Checks whether the SMTP to and
149. to be moved to a special folder in the users mailboxes Move spam using an automatically created user Select this option to let GFI MailEssentials automatically create a user with all the required rights Move spam using the following user account Select this option to use a manually created user Specify the credentials Domain username and password of a dedicated user and click Set impersonation rights to assign the required rights to the specified user NOTE The manually specified user credentials must be dedicated to this feature only The username password or other properties must not be changed from Microsoft Exchange or Active Directory otherwise the Move to Exchange folder feature will not work e Send to email address Send email tagged as spam to a specific email address o Example An email address of a public folder This way someone can be assigned to periodically check email marked as spam and identify email that might have been wrongly marked as spam This feature can also be used to manually fine tune spam filtering The subject of the email will be in the recipient subject format e Save to specified folder on disk Saves email detected as spam to the path specified o Example C Spam Administration and configuration manual Customizing GFI MailEssentials 75 The file name of the saved email is in the following format Sender recipient subject number eml for example C Spam
150. und rule specify sender email or select user if using AD in the sender field and key in as the recipient s domain e All email sent to a particular user Create inbound rule specify recipient email or select user if using AD in the recipient field and specify as the sender s domain e Mail sent by a particular user to an external recipient Create an outbound rule specify sender or select user if using AD in the sender field Key in external recipient email in the recipient field e Mail sent to a particular user by an external sender Create an inbound rule and specify external sender email in the sender field Key in the username or user email address in the recipient field 100 Miscellaneous Administration and configuration manual e Mail sent by a particular user to a company or domain Create an outbound rule and specify sender or select user if using AD in the sender field Specify the domain of the company in the recipient field by selecting the domain via the recipient button e Mail sent to a particular user by a company or domain Create an inbound rule and specify domain of the company in the sender field Select domain when clicking on the sender button and enter username or user email address in the recipient field New Outbound Mail Monitoring Rule Properties Ea Mail Monitoring Exceptions A Specify sender recipient emails to be excluded from mail monitoring Except if sender is
151. ve changes NOTE Enable disable individual email monitoring rules by right click on the email monitoring rule and selecting Enable Disable 5 2 2 Configure email monitoring 1 Right click Email management Mail Monitoring node and select New gt Inbound Mail Monitoring Rule or Outbound Mail Monitoring Rule to monitor inbound or outbound email respectively Mail Monitoring Properties x Mail Monitoring Lak Mail Monitoring configuration V Enable Outbound Monitoring Cancel Apply Screenshot 80 Add Mail Monitoring rule Administration and configuration manual Miscellaneous e 99 2 Key in the destination email address mailbox to copy the emails to Click OK to continue New Outbound Mail Monitoring Rule Properties Mail Monitoring Exceptions L4 Send copy of specific emails to another email address Copy monitored email to user email Address manager master domain com Select gt If sender is Select gt and recipient is Select gt If sender is and recipient is icompany com 2 Add Remove Cancel Apply Screenshot 81 Configuring email monitoring 3 Click sender and recipient Select buttons to specify which emails this rule should monitor Click the Add to add filters to the list Repeat to specify multiple filters The following conditions can be monitored NOTE To monitor all mail key in e All email sent by a particular user Create outbo
152. ver 3 6 1 Enable archiving 1 From the GFI MailEssentials configuration console right click Email Management gt Mail Archiving and select Properties 2 Click Mail Archiving tab and select whether to archive inbound and or outbound emails 3 Select and configure the archival method e Archive emails to a text file Archives inbound and outbound emails to separate inbound and outbound text files Email attachments are not archived when this option is selected e Archive emails to a database Archives all email to a Microsoft Access or SQL SQL Server Express MSDE database This feature enables the archival of email attachments 4 To exclude archiving of emails received by certain users select the Exceptions tab tick Do not archive emails where the sender or recipient is in the list below click Add button and add user email address in the Email list 5 Click OK button to finalize your configuration 3 6 2 Enabling Archive Web Interface access from GFI MailEssentials Important notes GFI MailEssentials Archive Web Interface is not supported on 64bit Operating Systems Configure the IIS Web application to be used by AWI on IIS 6 0 1 Start up Internet Services Manager right click on the Website node and from the popup menu select New P Virtual Directory The Virtual Directory Creation Wizard is displayed Click Next to continue 2 Enter an alias for the virtual directory In this case it is AWI but you ca
153. within the GFI MailEssentials installation folder To configure Tracing 1 Navigate to Start gt GFI MailEssentials gt GFI MailEssentials Switchboard GFI MailEssentials SwitchBoard Biel Es Troubleshooting Tracing RS Configure tracing options M Tracing Options Tracing is 4 means of creating log files which are helpful for debugging purposes You can enable and disable the tracing option below IV Tracing enabled Tracing logs folder C Program Files GFI MailE ssentials debuglogs M Clear tracing logs folder The contents of the folder to which tracing logs are written could grow to a substantial size on disk Click the button below to delete the tracing logs Clear Tracing Logs A Applying changes to the above options requires a restart of GFI MailEssentials services and Microsoft IIS Admin service Cancel Apply Screenshot 99 Tracing 2 Select the Tracing tab and configure the following options 120 e Miscellaneous Administration and configuration manual e To enable disable tracing check uncheck the Tracing enabled checkbox This is enabled by default e Click Clear Tracing Logs to delete all logs Email backup before and after processing IMPORTANT It is highly recommended that this option is left unchecked and used only for troubleshooting purposes under the recommendation of professional personnel From the Troubleshooting tab check uncheck the Keep a copy o
154. wnload the BITS 2 0 client update from the following Microsoft link http www microsoft com downloads details aspx familyid 3FD31F05 D091 49B3 8A80 BF9B832613728 amp displaylang en e Microsoft Windows 2000 with SP3 or later You need to download and install the BITS 2 0 client from the following Microsoft link http www microsoft com downloads details aspx FamilyID 3ee866a0 3a09 4fdf 8bdb c906850ab9f28 amp DisplayLang en e Microsoft Windows XP Professional You need to download and install the BITS 2 0 client from the following Microsoft link http www microsoft com downloads details aspx FamilyID b93356b1 ba43 480f 983d eb19368f9047 amp DisplayLang en Slave server configuration 1 Click Start gt GFI MailEssentials gt GFI MailEssentials Anti Spam Synchronization Agent 2 Right click Anti Spam Synchronization Agent gt Configuration node and select Properties Administration and configuration manual Miscellaneous e 105 Configuration Properties Ea Master Slave m Configure this server as a slave server if it uploads anti spam data to W the master server IV This GFI MailEssentials server is a slave server Host name win2k3entsvr master domain com m Upload settings URL http master domain com messas Pott 20 MV Credentials required User administrator Password e Anti spam data transfers C Automatic Upigadlevern fo hours Manual Downoad every fp hours Upload now Download
Download Pdf Manuals
Related Search