GFI MailSecurity User Guide
GFI MailSecurity 10.1 for
Exchange/SMTP
User Guide
http://www.gfi.com
Email: info@gfi.com
Information in this document is subject to change without notice. Companies,
names, and data used in examples herein are fictitious unless otherwise
noted. No part of this document may be reproduced or transmitted in any form
or by any means, electronic or mechanical, for any purpose, without the
express written permission of GFI Software Ltd.
GFI MailSecurity is copyright of GFI SOFTWARE Ltd. © 1999-2009 GFI
Software Ltd. All rights reserved.
Document Version: MSEC-UM-EN-1.00.002
Last updated: July 20, 2010
Contents
1 About GFI MailSecurity 1
1.1 Introduction to GFI MailSecurity .................................................................. 1
1.2 Key features of GFI MailSecurity ................................................................ 1
1.3 GFI MailSecurity components ..................................................................... 2
1.4 GFI MailSecurity from a user's perspective ................................................. 3
1.5 Add-ons - GFI MailEssentials...................................................................... 3
2 Installing GFI MailSecurity 5
2.1 Introduction ................................................................................................. 5
2.2 Typical deployment scenarios ..................................................................... 5
2.3 Which installation mode should I use? ........................................................ 9
2.4 Hardware requirements ............................................................................ 10
2.5 Software requirements .............................................................................. 10
2.6 Important installation notes ....................................................................... 11
2.7 Preparing to install GFI MailSecurity on an IIS mail relay server ............... 12
2.8 Preparing to install GFI MailSecurity on your mail server .......................... 19
2.9 Installing GFI MailSecurity ........................................................................ 19
2.10 GFI MailSecurity Post-Installation Wizard ................................................. 23
2.11 Adding GFI MailSecurity to the Windows DEP Exception List ................... 27
2.12 Securing access to the GFI MailSecurity configuration/quarantine ............ 28
2.13 Securing access to the GFI MailSecurity Quarantine RSS feeds .............. 32
2.14 Accessing the GFI MailSecurity Configuration and Quarantine Store........ 34
2.15 Upgrading from GFI MailSecurity 8 to GFI MailSecurity 10.1 .................... 36
2.16 Upgrading from GFI MailSecurity 9 to GFI MailSecurity 10.1 .................... 39
2.17 Quarantine Upgrade tool ........................................................................... 39
3 General settings 41
3.1 Introduction to settings .............................................................................. 41
3.2 Define the administrator‟s email address .................................................. 41
3.3 Configuring proxy server settings for automatic updates ........................... 41
3.4 Adding Local Domains .............................................................................. 43
3.5 SMTP server bindings .............................................................................. 43
3.6 Managing local users in SMTP mode ........................................................ 44
4 Configuring virus checking 47
4.1 Configuring Virus Scanning Engines ......................................................... 47
4.2 AVG configuration ..................................................................................... 48
4.3 Kaspersky configuration ............................................................................ 50
4.4 BitDefender configuration ......................................................................... 51
4.5 McAfee configuration ................................................................................ 52
4.6 Norman configuration ............................................................................... 54
4.7 Virus scanner actions ............................................................................... 55
4.8 Virus scanner updates .............................................................................. 57
4.9 Setting the Virus Scanning Engines scan priority ...................................... 58
4.10 Configuring Virus Scanning optimizations ................................................. 58
4.11 Configuring Information Store Scanning ................................................... 59
5 Configuring Content Filtering 63
5.1 Introduction ............................................................................................... 63
5.2 Creating a Content Filtering rule ............................................................... 63
5.3 Enabling/disabling rules ............................................................................ 70
5.4 Removing content filtering rules ................................................................ 70
5.5 Modifying an existing rule ......................................................................... 70
5.6 Changing the rule priority .......................................................................... 71
6 Configuring Attachment Filtering 73
6.1 Introduction to Attachment Filtering .......................................................... 73
6.2 Creating an Attachment Filtering rule ........................................................ 73
6.3 Removing attachment rules ...................................................................... 78
6.4 Make changes to an existing rule .............................................................. 79
6.5 Enabling/disabling rules ............................................................................ 79
6.6 Changing the rule priority .......................................................................... 79
7 Decompression engine 81
7.1 Introduction to the Decompression engine ................................................ 81
7.2 Configuring the decompression engine filters ........................................... 82
7.3 Configuring decompression filter actions .................................................. 86
7.4 Enable/disable decompression filters ........................................................ 87
8 The Trojan & Executable Scanner 89
8.1 Introduction to the Trojan & Executable Scanner ...................................... 89
8.2 Configuring the Trojan & Executable Scanner .......................................... 89
8.3 Trojan & Executable Scanner updates ...................................................... 91
9 The Email Exploit Engine 95
9.1 Introduction to e-mail exploits ................................................................... 95
9.2 Configuring the Email Exploit Engine ........................................................ 95
9.3 Email Exploit Engine updates ................................................................... 98
10 The HTML Sanitizer 101
10.1 Introduction to the HTML Sanitizer .......................................................... 101
10.2 Configuring the HTML Sanitizer .............................................................. 101
11 Patch Checking 103
11.1 Introduction to Patch Checking ............................................................... 103
11.2 Downloading and installing software patches .......................................... 103
12 Quarantine 105
12.1 Introduction to the Quarantine Store ....................................................... 105
12.2 The Quarantine Store ............................................................................. 105
12.3 Search Folders ....................................................................................... 107
12.4 Approving emails from the Quarantine Store .......................................... 112
12.5 Deleting emails from the Quarantine Store ............................................. 113
12.6 Rescanning emails from the Quarantine Store ........................................ 114
12.7 View the full security threat report of an email ......................................... 115
12.8 Enable email approval via HTML approval forms .................................... 117
12.9 Quarantined mail from the user point of view .......................................... 118
12.10 Enable quarantine RSS feeds ................................................................. 119
12.11 Enable the Directory Harvesting filter on quarantined emails .................. 122
13 Reporting 127
13.1 Introduction to GFI MailSecurity Reporting.............................................. 127
14 Realtime Monitor 137
14.1 About the Realtime Monitor .................................................................... 137
14.2 Monitoring email activity .......................................................................... 137
15 Miscellaneous 139
15.1 Version Information ................................................................................. 139
16 Advanced topics 141
16.1 Customizing the notification templates .................................................... 141
16.2 Setting Virus Scanning API Performance Monitor Counters .................... 144
17 Troubleshooting 148
17.1 Introduction ............................................................................................. 148
17.2 Knowledge Base ..................................................................................... 148
17.3 Web Forum ............................................................................................. 148
17.4 Request technical support ...................................................................... 148
17.5 Build notifications .................................................................................... 148
18 Index 149
1 About GFI MailSecurity
1.1 Introduction to GFI MailSecurity
The need to monitor email messages for dangerous, offensive or confidential
content has never been more evident. The most deadly viruses, able to
cripple your email system and corporate network in minutes, are being
distributed worldwide via email in a matter of hours (for example, the
MyDoom worm). Products that perform single vendor anti-virus scanning do
not provide sufficient protection. Worse still, email is likely to become the
means for installing backdoors (Trojans) and other harmful programs to help
potential intruders break into your network. Products restricted to a single
anti-virus engine will not protect against email exploits and attacks of this
kind.
Your only defense is to install a comprehensive email content checking and
anti-virus solution to safeguard your mail server and network. GFI
MailSecurity acts as an email firewall and protects you from email viruses,
exploits and threats, as well as email attacks targeted at your organization.
GFI MailSecurity is totally transparent to your users and does not require
additional user training.
1.2 Key features of GFI MailSecurity
Virus checking using multiple virus engines
GFI MailSecurity scans email for viruses using multiple anti-virus engines.
Scanning email at the gateway and at mail server level prevents viruses from
entering and/or spreading within your network. Furthermore, you can avoid
the embarrassment of sending infected emails to customers as GFI
MailSecurity also checks outgoing mail for viruses. GFI MailSecurity includes
the industrial strength Norman and BitDefender anti-virus engines that have
received various awards. You also have the option to add the AVG, McAfee
and Kaspersky anti-virus engines. Multiple anti-virus engines give you a
higher level of security since anti-virus engines complement each other and
lower the average response time to a virus outbreak. GFI MailSecurity also
includes an auto-update facility that allows you to configure the anti-virus
engines so that they automatically check and download any available updates
without administrator intervention.
Email attachment checking/filtering
GFI MailSecurity's key feature is the ability to check all inbound and outbound
email. It can quarantine all email with dangerous attachments, such as *.exe,
*.vbs and other files. Such attachments are more likely to carry a virus, worm
or email attack. Since email viruses can spread so quickly and cause
immense damage, it is best to quarantine such emails before they are
distributed to your email users. When GFI MailSecurity quarantines an email,
the administrator can review it and then delete or approve the message.
Furthermore, you might choose to quarantine mails carrying *.mp3 or *.mpg
files, as these hog bandwidth and can needlessly burden a mail server's disk
space.
Installing GFI MailSecurity GFI MailSecurity 10.1 1
The Attachment Checking module has effectively saved thousands of
companies from the LoveLetter virus.
Trojan and Executable Scanner
GFI MailSecurity is able to analyze incoming executables and rate the risklevel of an executable through a GFI patented process. Through the Trojan
and Executable Scanner, GFI MailSecurity can detect and block potentially
dangerous and unknown Trojans before they enter your network.
HTML Sanitizer
The advent of HTML email has made it possible for hackers/virus writers to
trigger commands by embedding them in HTML mail. GFI MailSecurity scans
the email body parts and any .htm/.html attachments for scripting code, and
cleans up the HTML by removing all the scripting code. The HTML Sanitizer
thus protects you from potentially malicious HTML email, containing HTML
viruses and attacks launched via HTML email.
Decompression filter
The decompression filter is used to decompress and analyze compressed
files (archives) attached to emails. This filter is able to check for and block
password-protected archives, corrupted archives and recursive archives.
Furthermore, this engine can also monitor the size and amount of the files
included in an archive. You can configure this filter to quarantine or delete
archives that exceed the specified file count or file size.
1.3 GFI MailSecurity components
GFI MailSecurity scan engine
The GFI MailSecurity scan engine analyzes the con tent of all inbound and
outbound email. If you install GFI MailSecurity on the Microsoft Exchange
machine, it will also scan the information store. If installed on a Microsoft
Exchange 2007/2010 machine, GFI MailSecurity will scan the information
store only if the Mailbox Server Role is installed. If you install GFI
MailSecurity on a Microsoft Exchange 2007/2010 machine with the Hub
Transport Server Role, it will also analyze internal email. When GFI
MailSecurity quarantines an email, it informs the appropriate
supervisor/administrator via Email/RSS feed, depending on the options you
configure.
GFI MailSecurity configuration
Through the GFI MailSecurity configuration, you can configure GFI
MailSecurity to fit your needs.
2 GFI MailSecurity 10.1 Installing GFI MailSecurity
Screenshot 1 - GFI MailSecurity Configuration
1.4 GFI MailSecurity from a user's perspective
GFI MailSecurity is totally transparent to the user. This means that the user
will not notice that GFI MailSecurity is active until it blocks an email that
triggers a rule, for example, an email that contains a forbidden attachment or
a virus.
In the case of a suspicious attachment, GFI MailSecurity will quarantine the
email for review by the administrator. Optionally, the recipient will receive a
message indicating that the mail is awaiting administrator review. As soon as
the administrator approves the email, GFI MailSecurity will forward the email
to the recipient.
1.5 Add-ons - GFI MailEssentials
A companion product to GFI MailSecurity is GFI MailEssentials. GFI
MailEssentials adds a number of corporate email features to your mail server,
notably:
Anti-spam, using a variety of methods including Bayesian analysis
Installing GFI MailSecurity GFI MailSecurity 10.1 3
Email management, including disclaimers, POP3 downloader and server-
based auto replies and more.
For more information, please visit the GFI website at http://www.gfi.com.
NOTE: GFI MailEssentials is available at a bundle price if purchased in
combination with GFI MailSecurity.
4 GFI MailSecurity 10.1 Installing GFI MailSecurity
2 Installing GFI MailSecurity
2.1 Introduction
This chapter explains how to install and configure GFI MailSecurity. You can
install GFI MailSecurity directly on your mail server or you can choose to
install it on a separate machine configured as a mail relay/gateway server.
When installing on a separate machine, you must first configure the machine
to relay the inbound and outbound emails to your mail server prior to installing
this mail security software.
In order to function correctly, GFI MailSecurity requires access to the
complete list of all your email users and their email addresses. This is
required in order to configure content policy rules such attachment checking
and content checking. GFI MailSecurity can access the list of email users in
two ways: either by querying your Active Directory (requires installing this
software in Active Directory mode) or by importing the list from your SMTP
Server (requires installing this software in SMTP mode). The mode to be
used depends entirely on your network setup and the machine on which you
will be installing this mail security software. You can choose the required
access mode during the installation of GFI MailSecurity.
2.2 Typical deployment scenarios
Installing GFI MailSecurity on your mail server
Figure 1 - Installing GFI MailSecurity on your mail server
You can install GFI MailSecurity directly on your mail server, without any
additional configuration required. Moreover you can also choose any of the
two installation modes (i.e., Active Directory mode or SMTP mode) to define
how GFI MailSecurity will retrieve the list of email users since your mail server
will have access to both the Active Directory as well as to the list of SMTP
users which is contained on the mail server itself.
NOTE: GFI MailSecurity can be only installed in the following Microsoft
Exchange 2007/2010 installations:
Edge Server Role
Hub Transport Role (and any other Microsoft Exchange 2007/2010 server
roles which are irrelevant to GFI MailSecurity)
Mailbox and Hub Transport Server Role (and any other Microsoft
Exchange 2007/2010 server roles which are irrelevant to GFI
MailSecurity)
Installing GFI MailSecurity GFI MailSecurity 10.1 5
Installing GFI MailSecurity on a mail relay server
Figure 2 - Installing GFI MailSecurity on a mail gateway/relay server
When installing on a separate server (i.e., on a server which is not your mail
server), you must first configure that machine to act as a gateway (also
known as “Smart host” or “Mail relay” server) for all your email. This means
that all inbound email must pass through this machine for scanning before
being relayed to the mail server for distribution (i.e., it must be the first to
receive all emails destined for your mail server). The same applies for
outbound emails: The mail server must relay all outgoing emails to the
gateway machine for scanning before they are conveyed to the external
recipients via Internet (i.e. it must be the last 'stop‟ for emails destined for the
Internet). In this way, GFI MailSecurity checks all your inbound and outbound
mail before this is delivered to the recipients.
NOTE: You must install GFI MailSecurity in SMTP Gateway mode if you are
running Lotus Notes or another SMTP/POP3 server.
NOTE: If you are running a Windows NT network, the machine running GFI
MailSecurity can be separate from your Windows NT network - GFI
MailSecurity does not require Active Directory when installed in SMTP mode.
6 GFI MailSecurity 10.1 Installing GFI MailSecurity
Installing GFI MailSecurity in front of your firewall
Figure 3 - Installing GFI MailSecurity on a separate machine on a DMZ
If running a Windows 2000/2003 firewall such as Microsoft ISA Server, a
good way to deploy GFI MailSecurity is to install it on a separate machine in
front of your firewall or on the firewall itself. This allows you to keep your
corporate mail server behind the firewall. GFI MailSecurity will act as a smart
host/mail relay server when installed on the perimeter network (also known as
DMZ - demilitarized zone).
NOTE: In a Microsoft Exchange Server 2007/2010 environment, the mail
relay server in the DMZ can be a machine running Microsoft Exchange Server
2007/2010 with the Edge Transport Server Role installed.
When GFI MailSecurity is not installed on your mail server:
You can perform maintenance on your mail server whilst still receiving
email from the Internet.
Fewer resources are used on your mail server.
Additional fault tolerance - if anything happens to your mail server, you
can still receive email. This email is then queued on the GFI MailSecurity
machine.
NOTE: GFI MailSecurity does not require a dedicated machine when not
installed on the mail server. For example, you can install GFI MailSecurity on
your firewall (i.e. on your ISA Server) or on machines running other
applications such as GFI MailEssentials.
Installing GFI MailSecurity on an Active/Passive Cluster
NOTE: Installing GFI MailSecurity on a Microsoft Exchange Server
2007/2010 cluster environment is currently not supported.
Installing GFI MailSecurity GFI MailSecurity 10.1 7
To install GFI MailSecurity on an Active/Passive cluster you must install GFI
MailSecurity on each node.
NOTE: Although you can install GFI MailSecurity on an Active/Passive
cluster, bear in mind that you still need to configure and manage a GFI
MailSecurity installation per node. The configuration settings and quarantine
emails are not shared between nodes.
On each node, you have to do the following:
Install GFI MailSecurity on the node local hard drive.
NOTE: Do not install GFI MailSecurity on the shared drive.
Install the GFI MailSecurity WWW virtual directory on the node‟s Default
Web Site.
If you are installing on an IIS cluster, make sure you bind GFI MailSecurity
to the Clustered SMTP Virtual Server instance.
The following steps show you how to install GFI MailSecurity in a typical
Active/Passive Cluster environment. For this scenario, assume the cluster,
named MAILCLUSTER, is made up of two nodes, named Node1 and Node2.
1. Using the Cluster Administrator console make Node1 active.
2. Install GFI MailSecurity on the local hard drive of Node2 as described in
the „Installing GFI MailSecurity‟ section of this chapter. When you reach the
IIS Setup step of the installation, select Default Web Site to host the GFI
MailSecurity WWW virtual directory.
NOTE: The Default Web Site IP address of Node2 should not be set to „All
unassigned‟. You should configure the Default Web Site to use the IP
address of the MAILCLUSTER machine.
3. When the GFI MailSecurity installation on Node2 completes, you should be
able to access the Node2 configuration using the following URL:
http://Node2/MailSecurity/
4. From the Cluster Administrator console, make Node2 active.
5. Install GFI MailSecurity on the local hard disk of Node1 as described in the
„Installing GFI MailSecurity‟ section of this chapter. When you reach the IIS
Setup step of the installation, select Default Web Site to host the GFI
MailSecurity WWW virtual directory.
NOTE: The Default Web Site IP address of Node1 should not be set to „All
unassigned‟. You should configure the Default Web Site to use the IP
address of the MAILCLUSTER machine.
6. When the GFI MailSecurity installation on Node1 completes, you should be
able to access the Node1 configuration using the following URL:
http://Node1/MailSecurity/
7. To access the product configuration of the currently active node use the
following URL: http://MAILCLUSTER/MailSecurity/.
NOTE: To access product configuration from a remote machine you must
configure the GFI MailSecurity SwitchBoard application, making sure that
the MAILCLUSTER name/IP is specified for IIS Mode. For more information,
8 GFI MailSecurity 10.1 Installing GFI MailSecurity
refer to Securing access to the GFI MailSecurity configuration/quarantine
section in this chapter.
NOTE: You will only be able to access the URL
http://MAILCLUSTER/MailSecurity/ if you assign the IP address of the
MAILCLUSTER machine to the Default Web Site for Node1 and Node2
during the IIS Setup installation step.
8. The installation of GFI MailSecurity on an Active/Passive cluster is now
complete.
NOTE: If Service Pack 2 for Microsoft Exchange Server 2003 is not installed
on a Microsoft Exchange Server 2003 cluster installation, Internet Information
Services Web sites that are hosted on the cluster will not start automatically
when an Exchange Server 2003 virtual server fails over to a cluster node.
More information about this issue can be found in Microsoft Knowledge Base
Article 885440.
Due to the above, the GFI MailSecurity configuration could become
unavailable following a failover or moving of an Exchange Virtual Server from
one node of the cluster to the other.
Installing Service Pack 2 for Exchange Server 2003 is thus recommended.
Guidelines on how to install Exchange Server 2003 service packs in a
clustered Exchange Server environment can be found in Microsoft Knowledge
Base Article 867624.
To uninstall GFI MailSecurity from the MAILCLUSTER cluster environment
outlined above, follow these steps:
1. Using the Cluster Administrator console make Node1 active.
2. Uninstall GFI MailSecurity from Node2.
3. Using the Cluster Administrator console make Node2 active.
4. Uninstall GFI MailSecurity from Node1.
5. The uninstallation of GFI MailSecurity on an Active/Passive cluster is now
complete.
Installing GFI MailSecurity on an Active/Active Cluster
Installing GFI MailSecurity on an Active/Active cluster is currently not
supported.
2.3 Which installation mode should I use?
Active Directory mode
When installed in Active Directory mode, GFI MailSecurity creates user-based
rules, such as Attachment Checking and Content Checking rules, based on
the list of users available in Active Directory. This means that the machine
running GFI MailSecurity must be behind your firewall and must have access
to the Active Directory containing all your email users (i.e., the machine must
be part of the Active Directory domain). You can install GFI MailSecurity in
Active Directory mode directly on your mail server as well as on any other
domain machine that is configured as a mail relay server in your domain.
Installing GFI MailSecurity GFI MailSecurity 10.1 9
SMTP mode
In SMTP mode, GFI MailSecurity will create user-based rules, such as
Attachment Checking and Content Checking rules, based on the list of email
users/addresses available on your mail server. This means that you must
install GFI MailSecurity in SMTP mode if your machine does not have access
to the Active Directory containing all your email users. This includes machines
that are not part of your Active Directory domain (i.e., non-domain machines)
as well as machines in a DMZ. However, you can still install GFI MailSecurity
in SMTP mode on your mail server as well as on any other machine that has
access to Active Directory containing all (email) users.
NOTE: Both installation modes have the same scanning features and
performance. The only difference between Active Directory and SMTP
installation mode is the way that GFI MailSecurity accesses/gathers the list of
email users for generating its scanning rules and notifications.
2.4 Hardware requirements
The hardware requirements for GFI MailSecurity are:
Pentium 4 (or equivalent) - 2Ghz
512MB RAM
1.5 GB of physical disk space
2.5 Software requirements
2.5.1 Supported Operating Systems
Windows Server 2008 Standard or Enterprise (x86 or x64) (R1 or R2)
Windows Server 2003 Standard or Enterprise (x86 or x64)
Windows 2000 Server/Advanced Server (Service Pack 1 or higher)
Windows XP professional
Windows Small Business Server 2000
Windows Small Business Server 2003
Windows Small Business Server 2008
2.5.2 Supported Mail Servers
Microsoft Exchange Server 2010, 2007, 2003, 2000 (SP1)
Lotus Notes 5.5, 5.0, 4.5, 4
Any SMTP/POP3 mail server
2.5.3 Other components
Microsoft .Net framework 2.0
MSMQ - Microsoft Messaging Queuing Service
Internet Information Services (IIS) - SMTP and World Wide Web services
Microsoft Data Access Components (MDAC) 2.8
10 GFI MailSecurity 10.1 Installing GFI MailSecurity
2.6 Important installation notes
Windows XP
Since in Windows XP the version of Internet Information Services (IIS), is
included and is limited to serve only 10 simultaneous client connections,
installing GFI MailSecurity on a machine running Windows XP could affect its
performance.
Windows Server 2008
When installing on Windows Server 2008, the following pre-requisites are
required:
Web Server (IIS) role
ASP.NET
Windows Authentication Services
Microsoft SMTP Services
For more information, refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID001596
Microsoft Exchange Server 2007/2010
If you are installing on Microsoft Exchange Server 2007/2010, you need to
install one of the following roles;
Edge Server Role,
Hub Transport Role or,
Mail Server and Hub Transport roles.
GFI MailSecurity cannot be installed on a Microsoft Exchange 2007/2010
machine with only Mailbox Server Role installed. In addition, IIS SMTP
service is not required, since it has its own built in SMTP server.
Windows Small Business Server
When using Small Business Server, ensure you have installed Service Pack 2
for Exchange Server 2000 and Service Pack 1 for Exchange Server 2003.
Other installation configurations
Disable anti-virus software from scanning the GFI MailSecurity directories.
Anti-virus products are known to both interfere with normal operation as well
as slow down any software that requires file access. In fact, Microsoft does
not recommend running file-based anti-virus software on the mail server. For
more information, please refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID001559.
GFI MailSecurity directories should never be backed up using backup
software.
Installing GFI MailSecurity GFI MailSecurity 10.1 11
2.7 Preparing to install GFI MailSecurity on an IIS mail relay server
In order to install GFI MailSecurity on a mail relay/gateway machine, it must
be running the IIS SMTP Service and World Wide Web service. You must
also configure the machine as an SMTP relay to your mail server. This means
that the MX record of your domain must be pointing to the gateway machine.
This section describes how you can configure your mail relay and install GFI
MailSecurity.
About Windows 2000/2003 IIS SMTP & World Wide Web services
The SMTP service is part of IIS, which is part of Windows 2000/2003/XP. It is
used as the message transfer agent of Microsoft Exchange Server
2000/2003, and has been designed to handle large amounts of mail traffic.
The World Wide Web service is also part of IIS. It uses the HTTP protocol to
handle web client requests on a TCP/IP network.
The IIS SMTP service and World Wide Web service are included in every
Windows 2000/2003/XP distribution.
Step 1: Verify installation of IIS SMTP and WWW services
GFI MailSecurity uses the Windows 2000/2003/XP IIS SMTP service as its
SMTP server.
1. On the taskbar, click Start ► Settings ► Control Panel. Double-click
Add/Remove Programs and then click Add/Remove Windows
Components.
2. From the dialog on display, locate and click the Internet Information
Services (IIS) component, then click Details.
3. Select the SMTP Service check box and World Wide Web Service check
box. Click OK to start the installation of the selected services. Follow the
onscreen instructions and wait until the installation completes.
Step 2: Specify mail relay server name and assign an IP
1. On the taskbar, click Start ► Settings ► Control Panel. Double-click
Administrative Tools and then double-click Internet Information Services.
2. Expand the server name node, right-click the Default SMTP Virtual Server
node and then click Properties.
12 GFI MailSecurity 10.1 Installing GFI MailSecurity
Screenshot 2 - Assign an IP address to the mail relay server
3. Assign an IP address to the SMTP relay server from the IP address list
and then click OK.
Step 3: Configure the SMTP service to relay mail to your mail server
Now you must configure the SMTP service to relay inbound messages to your
mail server.
Start by creating a local domain in IIS to route mail:
1. On the taskbar, click Start ► Settings ► Control Panel. Double-click
Administrative Tools and then double-click Internet Information Services.
2. Expand the server name node then expand the Default SMTP Virtual
Server and then click Domains. By default, you should have a Local
(Default) domain with the fully qualified domain name of the server.
3. Configure the domain for inbound message relaying as follows:
a) Right-click the Domains node, and then click New ► Domain.
Installing GFI MailSecurity GFI MailSecurity 10.1 13
Screenshot 3 - SMTP Domain Wizard - Selecting domain type
b) Select Remote and then click Next.
c) Type the domain name in the Name box and then click Finish.
NOTE: Upon installation, GFI MailSecurity will import Local Domains from the
IIS SMTP service. If you add additional Local Domains in IIS SMTP service,
you must also add these domains to GFI MailSecurity because this does not
detect newly added Local Domains automatically. You can add more/new
Local Domains using the GFI MailSecurity configuration. For more
information, refer to the Adding Local Domains section in the General
Settings chapter of this manual.
Configure the domain to relay email to your mail server:
1. Right-click the domain you just created and then click Properties. Select
the Allow the Incoming Mail to be relayed to this domain check box.
2. In the Route domain dialog box, click Forward all email to smart host and
type the IP address (in square brackets) of the server which will handle the
emails addressed to this new domain. For example, [123.123.123.123]
NOTE: The square brackets are used to differentiate an IP address from a
hostname (which does not require square brackets), i.e., the server detects
an IP address from the square brackets.
3. Click OK.
14 GFI MailSecurity 10.1 Installing GFI MailSecurity
Screenshot 4 - Configure the new domain
Step 4: Secure your mail relay server
In this step, you will set up your SMTP virtual server‟s mail Relay Restrictions.
This means that you must specify which machines may relay email through
this virtual server (i.e., effectively limit the servers that can send email via this
server).
1. Right-click the Default SMTP Virtual Server node and then click
Properties.
2. In the properties dialog box, click the Access tab and then click Relay to
open the Relay Restrictions dialog box.
Screenshot 5 - Relay Restrictions dialog
3. Click Only the list below and then click Add to specify the list of permitted
computers.
Installing GFI MailSecurity GFI MailSecurity 10.1 15
Screenshot 6 - Specify machines which may relay email via virtual server
4. In the Computer dialog box, specify the IP of the mail server that will be
forwarding the email to this virtual server and then click OK to add the entry to
the list.
NOTE: You can specify the IP of a single computer, group of computers or a
domain:
Single computer: Select this option to specify one particular host that will
relay email via this server. If you want to look up the IP address of a
specific host, click DNS Lookup.
Group of computers: Select this option to specify the base IP address
for the computers that you want to relay.
Domain: Select this option to include all the computers of a specified
domain. This means that the domain controller will openly relay emails via
this server. Please note that this option adds processing overhead, and
may reduce SMTP service performance because it includes reverse DNS
Lookups to verify the domain name of all IP addresses that try to relay.
Step 5: Configure your mail server to relay email via the Gateway server
After you have configured the IIS SMTP service to send and receive email,
you must configure your mail server to relay all email to the mail relay server:
If you have Microsoft Exchange Server 4/5/5.5:
1. Start the Microsoft Exchange Administrator and double-click on Internet
Mail Service to open the properties configuration dialog box.
16 GFI MailSecurity 10.1 Installing GFI MailSecurity
Screenshot 7 - The Microsoft Internet mail connector
2. Click the Connections tab and in the Message Delivery area click
Forward all messages to host. Type the computer name or IP of the
machine running GFI MailSecurity.
3. Click OK and restart the Microsoft Exchange Server from the services
applet.
If you have Microsoft Exchange Server 2000/2003:
You will need to set up an SMTP connection that forwards all email to GFI
MailSecurity:
1. Start the Exchange System Manager.
2. Right-click the Connectors Node, click New ► SMTP Connector and
then specify the connector name.
3. Click Forward all mail through this connector to the following smart
host, type in the IP of the GFI MailSecurity server (the mail relay/Gateway
server) and then click OK.
NOTE: Always enclose the IP address within square brackets [ ]. For
example, [100.130.130.10].
Installing GFI MailSecurity GFI MailSecurity 10.1 17
4. Select the SMTP Server that must be associated to this SMTP Connector.
Click the Address Space tab, and then click Add. Click SMTP and then click
OK to accept the changes.
5. Click OK. All emails will now be forwarded to the GFI MailSecurity
machine.
If you have Lotus Notes:
1. Double-click the Address Book in Lotus Notes.
2. Click on Server item to expand its sub-items.
3. Click Domains and then click Add Domains.
4. In the Basics section, click Foreign SMTP Domain from the Domain
Type field and in the Messages Addressed to area, type “*” in the Internet
Domain box.
5. Under the Should be routed to area, specify the IP of the machine
running GFI MailSecurity in the Internet Host box.
6. Save the settings and restart the Lotus Notes server.
If you have an SMTP/POP3 mail server:
1. Start the configuration program of your mail server.
2. Search for the option to relay all outbound email via another mail server.
This option will be called something like Forward all messages to host.
Enter the computer name or IP of the machine running GFI MailSecurity.
3. Save the new settings and restart your mail server.
Step 6: The MX record of your domain must point to the mail relay server
NOTE: If your ISP manages the DNS server, ask this provider to update it for
you.
Since the new mail relay server must receive all inbound email first, you must
update the MX record of your domain to point to the IP of the new mail
relay/Gateway server. Otherwise, email will continue to go to your mail server
and by-pass GFI MailSecurity.
Verify the MX record of your DNS server as follows:
1. Open the command prompt, type nslookup and press Enter.
2. Type set type=mx and press Enter.
3. Type your mail domain and press Enter.
4. The MX record should return a single IP that must correspond to the IP of
the machine running GFI MailSecurity.
18 GFI MailSecurity 10.1 Installing GFI MailSecurity
Screenshot 8 - Checking the MX record of your domain
Step 7: Test your new mail relay server
Before you proceed to install GFI MailSecurity, verify that your new mail relay
server is working correctly.
1. Test the IIS SMTP inbound connection of your mail relay server by sending
an email from an external account to an internal user (you can use web-mail,
for example MSN Hotmail, if you do not have an external account available).
Verify that the email client received the email.
2. Test the IIS SMTP outbound connection of your mail relay server by
sending an email to an external account from an email client. Verify that the
external user received the email.
NOTE: Instead of using an email client, you can send email manually through
Telnet. This will give you more troubleshooting information. For more
information, refer to this Microsoft Knowledge Base article:
http://support.microsoft.com/support/kb/articles/Q153/1/19.asp
Step 8: Install GFI MailSecurity on the mail relay server
For information on how to install GFI MailSecurity, refer to Installing GFI
MailSecurity section in this chapter.
2.8 Preparing to install GFI MailSecurity on your mail server
No additional configuration is required if you are installing GFI MailSecurity directly on your mail server. For information on how to install GFI MailSecurity, refer to Installing GFI MailSecurity section in this chapter.
2.9 Installing GFI MailSecurity
Before you install GFI MailSecurity, check the points below:
1. Make sure that you are logged on as Administrator or you are using an
account with administrative privileges.
2. Save any pending work and close all open applications on the machine.
3. Check that the machine you are installing GFI MailSecurity on meets the
system and hardware requirements specified earlier in this chapter.
To install GFI MailSecurity follow these steps:
Installing GFI MailSecurity GFI MailSecurity 10.1 19
1. Run the GFI MailSecurity setup program by double-clicking on the
MailSecurity10.exe file. The installation wizard will perform some unpacking
operations and then display the Welcome page. Click Next to continue.
2. Read the license agreement displayed in the License agreement page
and click I accept the terms in the license agreement if you accept the
terms of the license agreement. Click Next to continue the installation.
NOTE: If upgrading from a previous version than GFI MailSecurity 10.1 SR8,
you will be asked to upgrade to the Firebird database. Selecting import will
prompt GFI MailSecurity to automatically launch the quarantine upgrade tool
after the installation. If you select not to import the quarantine database, any
previous quarantine data will not be used by the upgraded version. For
information on the quarantine upgrade tool, refer to Quarantine Upgrade tool
section in this manual.
3. Type the administrator email address in the Administrator Email box. If
you bought a license for GFI MailSecurity, type it in the License Key box. If
you do not have a license yet and want to evaluate GFI MailSecurity, leave
the default evaluation license key in the License Key box. Click Next to
continue the installation.
Screenshot 9 - Define if the server has access to all email users in the Active Directory
4. Setup will now ask you to select the mode that GFI MailSecurity will use to
retrieve the list of your email users. You must select one of the following
options:
Yes, all email users are available on Active Directory - Select this
option to continue installing GFI MailSecurity in Active Directory mode. In
20 GFI MailSecurity 10.1 Installing GFI MailSecurity
this mode, GFI MailSecurity creates user-based rules, for example
Attachment Checking rules, based on the list of users available in the
Active Directory. This means that the machine on which GFI MailSecurity
is being installed must be behind your firewall (for example, Mail Server)
and must have access to the Active Directory containing all your email
users (i.e., the machine on which GFI MailSecurity is being installed must
be part of the Active Directory domain).
No, I do not have Active Directory or my network does not have
access to Active Directory (DMZ) - Select this option to continue
installing GFI MailSecurity in SMTP mode. In this mode, GFI MailSecurity
will create user-based rules, for example Attachment Checking rules,
based on the list of email users/addresses imported from your mail server.
You must select this mode if you are installing GFI MailSecurity on a
machine that does not have access to the Active Directory containing the
complete list of all your email users. This includes machines on a DMZ or
machines that are not part of the Active Directory Domain. However, you
can still choose this mode to install GFI MailSecurity on machines that do
have access to the Active Directory containing all your email users.
Click Next to proceed with the installation.
Screenshot 10 - Define your SMTP server and GFI MailSecurity virtual folder details.
5. You now need to select the server where you want to host the GFI
MailSecurity configuration pages. On this server, two virtual directories are
created to host the configuration pages and the quarantine RSS feeds. You
can specify custom virtual directory names if you want, or else leave the
defaults.
Installing GFI MailSecurity GFI MailSecurity 10.1 21
NOTE: If you are installing on a Microsoft Exchange Server 2007/2010
machine, the IIS SMTP service is not required, since it has its own built in
SMTP server. In such a case, the SMTP Server Setup area is not displayed
and you can click Next to continue and go to step 7 directly.
GFI MailSecurity relies on the IIS SMTP service to send and receive SMTP
mail. It binds to your default SMTP virtual server (i.e., the server specified in
the MX record of your DNS Server). However, if you have multiple SMTP
virtual servers on your domain, you can bind GFI MailSecurity to any
available SMTP virtual server. To change the default SMTP connection,
select the required server from the list of available SMTP Virtual Servers
provided in this dialog box.
NOTE: After installing the product, you can still bind GFI MailSecurity to
another SMTP virtual server from the GFI MailSecurity Configuration (GFI
MailSecurity ► Settings ► Bindings). For more information, refer to SMTP
server bindings section in this manual.
Click Next to continue the installation.
6. Setup will now search your network and will import a list of your Local
Domains from the IIS SMTP service. GFI MailSecurity determines if an email
is inbound or outbound by comparing the domain in a sender‟s address to the
list of local domains. If the address exists in the list, then the email is
outbound. Check that all your Local Domains have been included in the list on
display. If not, make sure to add any unlisted domain after the installation
completes. For more information, refer to the Adding Local Domains section
in this manual. Click Next to continue.
7. Setup will now ask you to define the folder where you want to install GFI
MailSecurity. GFI MailSecurity requires approximately 50 MB of free hard disk
space. Additionally, you must also reserve approximately 200 MB for
temporary files. Click Change to specify a new installation path or click Next
to install in the default location and proceed with the installation.
NOTE: If you are installing GFI MailSecurity on a x64 machine, it will be
installed under the c:\program files (x86)\ folder.
8. The installation wizard has now collected all the required installation
settings and is ready to install GFI MailSecurity. If you want to make changes
to these settings, click Back. Otherwise, click Install to start the installation
process.
9. During the installation, you are prompted that the setup needs to restart the
SMTP services. Click Yes to restart these services and finalize the
installation.
NOTE: If you are installing on a Microsoft Exchange Server 2007/2010
machine, you will not be prompted to restart the SMTP service.
10. When the installation completes, click Finish to close the installation
wizard.
NOTE: If you are installing on a Microsoft Exchange Server 2007/2010
machine, the installation will launch the GFI MailSecurity Post-Installation
22 GFI MailSecurity 10.1 Installing GFI MailSecurity
Wizard. Refer to the following section for information on how to use this
wizard.
NOTE: If you are upgrading from a previous version (version 9 onwards) of
GFI MailSecurity, you might be prompted to upgrade your quarantine
database to a new Firebird database format. For more information, refer to
the Quarantine Upgrade tool section in this manual.
2.10 GFI MailSecurity Post-Installation Wizard
NOTE: This section applies only when installing GFI MailSecurity on a
Microsoft Exchange Server 2007/2010 machine.
IMPORTANT: You need to complete this wizard for GFI MailSecurity to work
with Microsoft Exchange Server 2007/2010.
The GFI MailSecurity installation wizard launches the GFI MailSecurity Post-
Installation Wizard when you click Finish. The GFI MailSecurity PostInstallation Wizard registers GFI MailSecurity with the local installation of
Microsoft Exchange Server 2007/2010 so that it can process and scan the
emails passing through the server.
To complete the GFI MailSecurity Post-Installation Wizard, follow these steps:
1. Click Next in the welcome page.
Screenshot 11 - GFI MailSecurity Post-Installation Wizard welcome page
2. The wizard will collect information from the Microsoft Exchange Server
2007/2010 installation, such as the list of local domains and the server roles
installed, for example Hub Transport Server Role.
Installing GFI MailSecurity GFI MailSecurity 10.1 23
Screenshot 12 - Collecting information from Microsoft Exchange Server 2007/2010
3. The wizard will display the accepted domain list collected from Microsoft
Exchange Server 2007/2010. If you need to specify another local domain,
type it in the Local domains box and click Add. If you want to remove a
domain that you added from this page, click on it from the list, and then click
Remove.
NOTE: The local domains you add from this page affect the GFI MailSecurity
installation only. The Microsoft Exchange Server 2007/2010 accepted
domains list is not modified.
24 GFI MailSecurity 10.1 Installing GFI MailSecurity
Loading...