Sonicwall EMAIL SECURITY ADMINISTRATOR GUIDE
SonicWALL® Email Security
Appliance Administrator Guide
Version 7.3
SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124-3452
Phone: +1.408.745.9600
Fax: +1.408.745.9300
E-mail: info@sonicwall.com
Part Number: 232-001974-00
Rev A
SonicWALL® Email Security
Appliance Administrator’s Guide
Version 7.3
SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124-3452
Phone: +1.408.745.9600
Fax: +1.408.745.9300
E-mail: info@sonicwall.com
Copyright Notice
© 2010 SonicWALL, Inc.
All rights reserved.
Under the copyright laws, this manual or the software described within, can not be copied, in whole or part, without the written consent of the
manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to
any permitted copies as were affixed to the original. This exception does not allow copies to be made for others, whether or not sold, but all of
the material purchased (with all backup copies) can be sold, given, or loaned to another person. Under the law, copying includes translating
into another language or format.
Specifications and descriptions subject to change without notice.
Trademarks
© 2010 SonicWALL, Inc. All rights reserved. SonicWALL is a registered trademark of SonicWALL, Inc. Other product names
mentioned herein may be trademarks and/or registered trademarks of their respective companies.
Limited Warranty
SonicWALL, Inc. warrants that commencing from the delivery date to Customer (but in any case commencing not more than ninety (90) days
after the original shipment by SonicWALL), and continuing for a period of twelve (12) months, that the product will be free from defects in
materials and workmanship under normal use. This Limited Warranty is not transferable and applies only to the original end user of the product.
SonicWALL and its suppliers' entire liability and Customer's sole and exclusive remedy under this limited warranty will be shipment of a
replacement product. At SonicWALL's discretion the replacement product may be of equal or greater functionality and may be of either new or
like-new quality. SonicWALL's obligations under this warranty are contingent upon the return of the defective product according to the terms of
SonicWALL's then-current Support Services policies.
This warranty does not apply if the product has been subjected to abnormal electrical stress, damaged by accident, abuse, misuse or
misapplication, or has been modified without the written permission of SonicWALL.
DISCLAIMER OF WARRANTY. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING FROM A
COURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT ALLOWED BY
APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION
TO THE WARRANTY PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN
IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL
RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and
exclusion shall apply even if the express warranty set forth above fails of its essential purpose.
DISCLAIMER OF LIABILITY. SONICWALL'S SOLE LIABILITY IS THE SHIPMENT OF A REPLACEMENT PRODUCT AS DESCRIBED IN
THE ABOVE LIMITED WARRANTY. IN NO EVENT SHALL SONICWALL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION, LOSS OF
INFORMATION, OR OTHER PECUNIARY LOSS ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT, OR FOR SPECIAL,
INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF
LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE HARDWARE OR SOFTWARE EVEN IF SONICWALL OR ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall SonicWALL or its suppliers' liability to
Customer, whether in contract, tort (including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall
apply even if the above-stated warranty fails of its essential purpose. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW
LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
NOTE: The SonicWALL Email Security software service is an annual subscription that is subject to the terms and conditions of SonicWALL,
Inc.’s applicable subscription agreement and includes:
Product updates, SonicWALL threat signature updates, and standard technical support for one (1) year from the date of purchase.
SonicWALL Email Security appliances are integrated hardware and software solutions, which include SonicWALL Email Security software.
SonicWALL Email Security appliances are subject to the terms and conditions of SonicWALL, Inc.’s applicable license agreement. Updates to
the SonicWALL Email Security software, SonicWALL Spam Signature Updates, and technical support may be purchased on an annual basis.
AntiVirus support is optionally available.
Table of Contents
Preface ...................................................................................................................................1
About this Guide............................................................................................................ 1
Documentation Conventions.................................................................................. 1
Documentation Overview ...................................................................................... 1
Finding Online Help.............................................................................................. 1
Chapter 1 Planning SonicWALL Email Security Deployment ..................................2
SonicWALL Email Security and Mail Threats....................................................................... 2
Defining SonicWALL Email Security Deployment Architecture............................................... 3
Inbound and Outbound Email Flow ......................................................................... 4
Proxy versus MTA ................................................................................................ 5
Should You Choose an All in One or a Split Architecture?........................................... 5
Typical SonicWALL Email Security Deployments ................................................................. 6
SonicWALL Email Security as the First-Touch / Last-Touch Server .............................. 6
SonicWALL Email Security Not as a First-Touch / Last Touch Server............................ 7
Chapter 2 System ...............................................................................................................8
Introduction.................................................................................................................. 8
Setting Your Network Architecture ................................................................................... 8
Adding an Inbound Mail Server for All in One Architecture ......................................... 8
Source IP Contacting Path............................................................................................... 9
Adding an Outbound Mail Server for All in One Architecture ..................................... 10
Adding a Server for Split Architecture................................................................... 11
Adding a Control Center...................................................................................... 11
Adding a Remote Analyzer .................................................................................. 11
Configuring Inbound Email Flow for a Remote Analyzer........................................... 11
Configuring Outbound Email Flow for a Remote Analyzer......................................... 11
Configuring Remote Analyzers to Communicate with Control Centers ........................ 12
Deleting a Remote Analyzer from a Split Configuration............................................ 12
Testing the Mail Servers ..................................................................................... 12
Changing from an All in One Configuration to a Split Configuration ........................... 12
Configure MTA......................................................................................... 13
Certain fields in the subject line, body, and sender of the DSN can be specified by the ad-
ministrator: ................................................................................................................ 13
Email Address Rewriting ........................................................................... 14
Trusted Networks..................................................................................... 14
LDAP Configuration ...................................................................................................... 14
Configuring LDAP............................................................................................... 14
LDAP Query Panel.............................................................................................. 15
Advanced LDAP Settings ..................................................................................... 16
Multiple LDAP Server Support.............................................................................. 17
Configuring SonicWALL ES for Multiple LDAP Servers .................................... 17
Administering Multi-LDAP Environments...................................................... 18
Editing LDAP Connection Information.......................................................... 18
SonicWALL Email Security Administrator Guide
i
Email Address Rewriting ........................................................................... 18
Default Message Management Settings........................................................................... 19
Junk Box Summary...................................................................................................... 19
User View Setup.......................................................................................................... 20
Updates ..................................................................................................................... 21
Web Proxy Configuration .................................................................................... 21
Test Connectivity to SonicWALL Email Security ............................................ 21
Monitoring .................................................................................................................. 22
About Alerts...................................................................................................... 22
Viewing Alert History.......................................................................................... 23
Alert Suppression Schedule................................................................................. 23
Using Syslog ..................................................................................................... 24
Connection Management .............................................................................................. 25
Intrusion Prevention........................................................................................... 25
Directory Harvest Attack (DHA) Protection .................................................. 25
Denial of Service (DoS) Attack Protection.................................................... 26
Quality of Service .............................................................................................. 27
BATV ..................................................................................................... 27
Sender IP Reputation ............................................................................... 28
GRID Connection Management with Sender IP Reputation and Connection Management
Precedence Order ........................................................................................................ 29
Using GRID IP Reputation ......................................................................... 29
Greylisting .............................................................................................. 30
Benefits of Greylisting .............................................................................. 30
Greylisting and Connection Management Precedence Order ........................... 30
Enabling and Disabling Greylisting.............................................................. 31
Throttling (Flow control) ........................................................................... 31
Connections ............................................................................................ 32
Messages................................................................................................ 32
Manually Edit IP Address List............................................................................... 32
Backup/Restore Settings .............................................................................................. 33
Manage Backup ................................................................................................. 33
Snapshots .............................................................................................. 33
Scheduled Backup ............................................................................................. 33
Manage Restores ............................................................................................... 33
Host Configuration....................................................................................................... 34
Changing the Hostname ..................................................................................... 34
Date & Time Settings ......................................................................................... 34
Network Settings ............................................................................................... 34
CIFS Mount Settings .......................................................................................... 35
Configuring Advanced Settings ...................................................................................... 35
Upload Patch........................................................................................... 36
Download System/Log Files....................................................................... 36
Reinitialize to Factory Settings................................................................... 37
Branding .................................................................................................................... 37
Quick Settings................................................................................................... 37
Text Preferences...................................................................................... 37
Image Preferences ................................................................................... 38
Junk Summary Preferences ....................................................................... 38
Packages .......................................................................................................... 38
Chapter 3 Anti-Spam Anti-Phishing Techniques ...................................................... 39
Managing Spam .......................................................................................................... 39
Spam Identification............................................................................................ 39
SonicWALL Email Security Administrator Guide
ii
Managing Spam through Default Settings.............................................................. 39
Adding People to Allowed and Blocked Lists for the Organization .............................. 40
Companies or Domains....................................................................................... 41
Mailing Lists ...................................................................................................... 42
Anti-Spam Aggressiveness .................................................................................. 42
Configuring SMART Network Aggressiveness Settings ................................... 42
Configuring Adversarial Bayesian Aggressiveness Settings............................. 42
Determining Amounts and Flavors of Spam ................................................. 43
Authenticating the Sender’s Domain via Sender ID ...................................... 43
About Sender ID and SPF.......................................................................... 43
Sender ID or SPF Implementation Notes ..................................................... 43
Effects of SPF on Email Security Behavior.................................................... 44
Publishing Your SPF Record ....................................................................... 44
Languages ........................................................................................................ 44
Black List Services (BLS) .................................................................................... 44
Add........................................................................................................ 44
Email that Arrives from Sources on the Black Lists Services........................... 45
Managing Spam Submissions and Probe Accounts .................................................. 45
Managing Miscategorized Messages ...................................................................... 45
What Happens to Miscategorized Email Messages ......................................... 46
Forwarding Miscategorized Email to SonicWALL Email Security....................... 46
Configuring Submit-Junk and Submit-Good Email Accounts ........................... 46
Problem with Forwarding Miscategorized Email............................................. 47
Probe Accounts.................................................................................................. 47
Managing Spam Submissions .............................................................................. 47
Anti-Phishing .............................................................................................................. 48
What is Enterprise Phishing? ............................................................................... 48
Preventing Phishing ..................................................................................................... 48
Configuring Phishing Protection ..................................................................................... 49
Use SonicWALL Email Security’s Community to Alert Others .................................... 49
Report Phishing and Other Enterprise Fraud to SonicWALL Email Security.................. 49
Chapter 4 Anti-Virus Techniques ..................................................................................50
How Virus Checking Works............................................................................................ 50
Preventing Viruses and Likely Viruses in Email ....................................................... 50
Checking for Updates ......................................................................................... 51
Zombie and Spyware Protection..................................................................................... 52
Chapter 5 Auditing ...........................................................................................................54
Email Auditing............................................................................................................. 54
Searching Inbound and Outbound Emails ........................................................................ 54
Audit Simple View.............................................................................................. 54
Audit Advanced View.......................................................................................... 55
Configure Auditing ....................................................................................................... 56
Message Audit............................................................................................................. 56
Judgment Details............................................................................................... 57
Using Judgment Details ............................................................................ 57
SonicWALL Email Security Administrator Guide
iii
Chapter 6 Policy & Compliance .....................................................................................59
Standard Module vs. Compliance Module......................................................................... 59
Basic Concepts for Policy Management ........................................................................... 59
Defining Word Usage.......................................................................................... 60
Defining Email Address Matching ......................................................................... 60
Defining Intelligent Email Attachment Matching ..................................................... 60
Defining Disguised Text Identification ................................................................... 62
Inbound vs. Outbound Policy Filters ............................................................................... 62
Preconfigured Inbound Filters .............................................................................. 63
Strip Potentially Dangerous File Attachments............................................... 63
Junk Emails with Attachments over 4MB ..................................................... 63
Strip Picture and Movie Attachments .......................................................... 63
Detect Personal Financial Information (PFI) Records in Inbound Mails ............. 63
Detect Personal Health Information (PHI) Records in Inbound Mails ................ 63
Detect Corporate Financial Information in Inbound Mails ............................... 63
Preconfigured Outbound Filters............................................................................ 64
Detect Personal Financial Information (PFI) Records in Outbound Mails ........... 64
Detect Personal Health Information (PHI) Records in Outbound Mails .............. 64
Detect Corporate Financial Information in Outbound Mails ............................. 64
Language Support ............................................................................................. 68
Managing Filters .......................................................................................................... 68
Editing a Filter................................................................................................... 68
Deleting a Filter................................................................................................. 68
Changing Filter Order ......................................................................................... 68
Advanced Filtering ............................................................................................. 68
Creating a Multi-Layered Filter................................................................... 68
Configuring a Policy Filter for Outbound Email to Include
a Company Disclaimer Message ..................................................................................... 69
Configuring a Policy Filter for Inbound Email................................................ 70
Exclusive Actions ..................................................................................... 70
Parameterized Notifications ....................................................................... 70
Policy Groups .............................................................................................................. 71
Multiple LDAP Groups ............................................................................... 71
Email Address Rewriting ........................................................................... 72
Compliance Module ...................................................................................................... 72
Dictionaries....................................................................................................... 72
Approval Boxes ................................................................................................. 73
Encryption ........................................................................................................ 74
Record ID Definitions ......................................................................................... 74
Archiving .......................................................................................................... 75
Chapter 7 User and Group Management ...................................................................76
Working with Users...................................................................................................... 76
Searching for Users............................................................................................ 76
Sort ................................................................................................................. 76
Signing In as a User........................................................................................... 76
Resetting User Message Management Setting to Default ......................................... 77
Edit User Rights................................................................................................. 77
Import ............................................................................................................. 77
Export.............................................................................................................. 77
Add ................................................................................................................. 77
Remove............................................................................................................ 77
SonicWALL Email Security Administrator Guide
iv
Working with Groups.................................................................................................... 77
About LDAP Groups............................................................................................ 77
Add a New Group..................................................................................... 78
Removing a Group ................................................................................... 78
Listing Group Members ............................................................................. 78
SonicWALL Email Security Roles .................................................................................... 78
Setting a LDAP Group’s Role.......................................................................................... 79
Setting Spam Blocking Options for LDAP Groups .............................................................. 79
User View Setup ................................................................................................ 79
Rules and Collaborative Settings .......................................................................... 79
Configuring Foreign Language for Groups.............................................................. 80
Managing the Junk Box Summary ........................................................................ 80
Spam Management ............................................................................................ 80
Phishing Management ........................................................................................ 80
Virus Management ............................................................................................. 80
Assigning Delegates ........................................................................................... 81
Users and Groups in Multiple LDAP................................................................................. 81
Users ............................................................................................................... 81
Groups ............................................................................................................. 82
Administering groups ............................................................................... 82
Setting Junk Blocking by Group ................................................................. 83
Chapter 8 Junk Box .......................................................................................................... 84
Junk Box - Simple View ................................................................................................ 85
Junk Box - Advanced View ............................................................................................ 85
Outbound Messages Stored in Junk Box.......................................................................... 86
Working with Junk Box Messages................................................................................... 87
Unjunk ............................................................................................................. 87
Send Copy To.................................................................................................... 87
Release ............................................................................................................ 87
Delete .............................................................................................................. 87
Message Details................................................................................................. 87
Managing Junk Summaries ........................................................................................... 87
Supported Search in Audit and Junkbox .......................................................................... 87
Boolean Search ....................................................................................... 87
Wildcard Search ...................................................................................... 88
Phrase Search ......................................................................................... 88
Fuzzy Search........................................................................................... 88
Proximity Search ..................................................................................... 88
Chapter 9 Reports and Monitoring ...............................................................................89
Status Reports ............................................................................................................ 89
System Status................................................................................................... 89
MTA Status ....................................................................................................... 89
Real-Time System Monitor .................................................................................. 90
Performance Monitoring...................................................................................... 90
Reading Performance Monitoring................................................................ 90
Creating a Performance Monitoring Graph ................................................... 91
Monitored Metrics .................................................................................... 91
Metrics List ............................................................................................. 92
Reporting in SonicWALL Email Security........................................................................... 93
SonicWALL Email Security Administrator Guide
v
Generating Per-Domain Reports........................................................................... 94
Overview Reports .............................................................................................. 94
Reports Dashboard .................................................................................. 95
Good Email vs Junk Email ......................................................................... 95
Spam Caught .......................................................................................... 95
Junk Email Breakdown.............................................................................. 95
System Load Average (15 min).................................................................. 95
System % Processor Time (15 min)............................................................ 95
Top Spam Recipients................................................................................ 95
Top Outbound Email Senders.................................................................... 95
Return on Investment .............................................................................. 95
Determining the ROI for Your Organization.................................................. 96
Bandwidth Savings................................................................................... 96
Inbound Good vs Junk .............................................................................. 96
Outbound Good vs Junk............................................................................ 96
Inbound vs Outbound Email ...................................................................... 96
Top Outbound Email Senders..................................................................... 96
Junk Email Breakdown.............................................................................. 96
Anti-Spam Reports............................................................................................. 97
Anti-Phishing Reports ......................................................................................... 97
Anti-Virus Reports ............................................................................................. 97
Policy Management Reports ................................................................................ 98
Compliance Reports ........................................................................................... 98
Directory Protection Reports................................................................................ 98
Connection Management Reports ......................................................................... 99
Advanced ................................................................................................................... 99
Scheduled Reports ............................................................................................. 99
Custom Reports................................................................................................100
Configuring a Custom Report for Inbound Good versus Junk Email.................100
SNMP Monitoring ........................................................................................................101
Overview...................................................................................................................102
Multiple LDAP Server Support.......................................................................................102
Feature Overview .............................................................................................103
Using Multiple LDAP Servers...............................................................................103
Configuring SonicWALL ES for Multiple LDAP Servers ...................................103
Administering Multi-LDAP Environments.....................................................103
Editing LDAP Connection Information.........................................................104
Users and Groups ...................................................................................104
Users ....................................................................................................104
Groups ..................................................................................................106
Policy Groups .........................................................................................107
Email Address Rewriting ..........................................................................107
Per-domain DHA Settings ............................................................................................108
Introduction...............................................................................................................109
Logging into the CLI..........................................................................................109
Scripting..........................................................................................................110
Using the Command Line Interface................................................................................110
cleanupdcdatabase ...........................................................................................110
configurehttps ..................................................................................................110
createreportdb .................................................................................................110
date................................................................................................................111
deletebookmarks ..............................................................................................111
deletelastnotifiedfiles.........................................................................................111
deletereportdb .................................................................................................111
dig..................................................................................................................111
SonicWALL Email Security Administrator Guide
vi
dns .................................................................................................................112
esdu ...............................................................................................................112
eshostname .....................................................................................................112
esps................................................................................................................112
exit.................................................................................................................113
fdatadisk .........................................................................................................113
fetchurl ...........................................................................................................113
get .................................................................................................................113
gms ................................................................................................................113
help ................................................................................................................114
interface..........................................................................................................114
iostat ..............................................................................................................114
mlfdnstest .......................................................................................................115
mlfmta ............................................................................................................115
ns...................................................................................................................115
ntp .................................................................................................................115
ping................................................................................................................116
quit ................................................................................................................116
raidadd ...........................................................................................................116
raiddrives ........................................................................................................116
raidinfo ...........................................................................................................116
raidports .........................................................................................................117
raidrebuild .......................................................................................................117
raidremove ......................................................................................................117
raidstatus ........................................................................................................117
raidverify.........................................................................................................118
reboot.............................................................................................................118
rebuildreplicatorindex........................................................................................118
rebuildsearchdb................................................................................................118
rebuildwebroot .................................................................................................118
recreatereportdb ..............................................................................................119
redirecthttp......................................................................................................119
reinitializetofactorysettings ................................................................................119
repairdb ..........................................................................................................119
reportdbalert....................................................................................................120
reportdbupdate ................................................................................................120
reportdbupdatetocurver.....................................................................................120
restart.............................................................................................................120
route ..............................................................................................................120
sethostinheader................................................................................................121
setlog .............................................................................................................121
setsearchengineconfig [-memory <MemoryinMB / -1>] [-sort <true/false>] [-stats <number of
terms / -1>] ..............................................................................................................121
snmp ..............................................................................................................122
sshd ...............................................................................................................122
start ...............................................................................................................122
stop ................................................................................................................122
testdbspeed .....................................................................................................123
telnet..............................................................................................................123
time................................................................................................................123
traceroute .......................................................................................................123
tsr ..................................................................................................................124
validatedb .......................................................................................................124
Inbound TCP Traffic ....................................................................................................125
Outbound TCP Traffic ..................................................................................................125
SonicWALL Email Security Administrator Guide
vii
Split Configuration TCP Port Utilization...........................................................................126
Index ..................................................................................................................................130
SonicWALL Email Security Administrator Guide
viii
Preface
SonicWALL’s email threat protection solution is a dynamic, self-learning, and self-running system,
providing IT departments with the protection they need for inbound and outbound email.
SonicWALL Email Security offers redundancy, comprehensive reporting and central administration
across multiple data centers. The solution scales for organizations with 10 employees to enterprises
with 100,000 or more employees.
About this Guide
This guide describes how to configure SonicWALL Email Security and the SonicWALL Email Security
appliances. Information that is specifically about SonicWALL Email Security appliances is indicated
by a footnote at the bottom of the page.
Documentation Conventions
Font Meaning
Bold
Italic
Courier
Bold Courier
Terms you see in a SonicWALL Email Security window
Variable names
Text on a command line
Text that you type in a command line
Documentation Overview
SonicWALL Email Security provides the following documents to help in the installation,
administration, and use of its products to protect email users from phishing, spam, viruses, and to
manage the security policies you define for your organization.
Who Should Read this? Document Name
Network Administrators SonicWALL Email Security’s Getting Started Guide
SonicWALL Email Security’s Administrator Guide
Email Users SonicWALL Email Security’s User Guide
Finding Online Help
Click the What is this? button for in-depth online help on a specific area of the
SonicWALL Email Security interface.
Click the Help button on any UI web page for information on how to use the UI features on that
page.
Planning SonicWALL Email Security Deployment
Determine the appropriate architecture for SonicWALL Email Security before you deploy it in your
network. This section discusses the different modules available in SonicWALL Email Security and
network topology planning.
Note
z
For installation and set up instructions for your SonicWALL Email Security appliance, refer to
the SonicWALL Email Security Series Getting Started Guide document.
SonicWALL Email Security and Mail Threats
SonicWALL Email Security determines that an email fits only one of the following threats: Spam,
Likely Spam, Phishing, Likely Phishing, Virus, Likely Virus, Policy Violation, or Directory Harvest
Attack (DHA). It uses the following precedence order when evaluating threats in email messages:
z
Phishing
z
Likely Phishing
z
Virus
z
Spam
z
Likely Spam
z
Likely Virus
For example, if a message is both a virus and a spam, the message will be categorized as a virus
since virus is higher in precedence than spam.
If SonicWALL Email Security determines that the message is not any of the above threats, it is
deemed to be good email and is delivered to the destination server.
CHAPTER 1
SonicWALL Email Security Administrator’s Guide|3
Defining SonicWALL Email Security Deployment Architecture
SonicWALL Email Security can be configured in two ways:
z
All in One: In this configuration, all machines running SonicWALL Email Security analyze email,
quarantine junk mail, and allow for management of administrator and user settings.
A typical Al
l in One configuration:
In an All in One configuration, you can also deploy multiple SonicWALL Email Security servers
in a cluster setup wherein all of the gateways share the same configuration and data files. To
set up such a cluster, begin by creating a shared directory, on either one of the
SonicWALL Email Security servers or on another dedicated server
same operating system. This shared directory will be used to store data including user
settings, quarantine email, etc., from all the SonicWALL Email Security servers in the
z
Split: In a Split network configuration, there are two kinds of servers: Control Centers and
Remote Analyzers. In this configuration there is typically one Control Center and multiple
Remote Analyzers, but the Control Center can be set up in a cluster as well. The Split
configuration is designed for organizations with remote physical data centers.
The Split configuration allows you to manage SonicWALL Email Security so that email
ssages are filtered in multiple remote locations through multiple Remote Analyzers. The
me
entire setup is centrally managed from a single location through the Control Center.
(preferred) running the
cluster.
SonicWALL Email Security Administrator’s Guide|4
Control Center clusters are not supported by SonicWALL Email Security appliance.
z
The Control Center, in addition to managing all data files, controls, monitors and communicates
with all Remote Analyzers. The data files consist of statistical data such as how much email has
been received, network usage, remote hardware space used, and hourly spam statistics. The
Control Center stores or quarantines junk email it receives from the Remote Analyzers. It also
queries LDAP servers to ensure valid users are logging in to SonicWALL Email Security. End
users can log
z
Remote Analyzers analyze incoming email to determine whether it is good or junk. It sends junk
in to a Control Center to manage their junk mail.
email to the Control Center where it is quarantined. It routes good mail to its destination server.
Only administrators can log in to a Remote Analyzer.
Note:
z
The Replicator is the SonicWALL Email Security component that automatically sends data
updates from the Control Center to the Remote Analyzer, ensuring that these components are
always synchronized. Replicator logs are stored in the Control Center’s logs directory. You can
review replication activity from these logs for troubleshooting purposes.
Inbound and Outbound Email Flow
SonicWALL Email Security can process both inbound and outbound email on the same machine. In
an All in One configuration, each SonicWALL Email Security instance can support both inbound and
outbound email. In a Split configuration, each Remote Analyzer can support both inbound and
outbound email.
For inbound email flow, DNS configuration and firewall rules need to be set to direct email traffic to
SonicWALL Email Security. Whereas, for outbound email flow, the downstream email server must
be configured to send all email to Email Security (Smart Host Configuration).
SonicWALL Email Security Administrator’s Guide|5
Proxy versus MTA
SonicWALL Email Security can run either as an SMTP proxy or an MTA (Mail Transfer Agent).
The SMTP proxy operates by connecting to a destination SMTP server before accepting messages
from a sending SMTP server. Note that SMTP proxies can only send email to one server. Some
benefits of the SMTP proxy are:
z
All processing occurs in memory, significantly reducing the latency and providing higher
throughput
z
There is no queue and SonicWALL Email Security does not lose any email messages.
SonicWALL
infrastructure experiences a failure.
The MTA service operates by writing messages to disk and allows for routing of a message. Some
benefits of the MTA are:
z
Can route messages to different domains based on MX records or LDAP mapping.
z
Can queue messages by temporarily storing messages on disk and retrying delivery later in
case the receiving server is not ready.
z
Allows SonicWALL Email Security to be the last touch mail gateway for outbound traffic
Email Security automatically respects your existing fail over strategies if your mail
Should You Choose an All in One or a Split Architecture?
SonicWALL recommends the All in One configuration whenever possible because of its simplicity.
Choose a Split configuration to support multiple physical data centers and if you want to centrally
manage this deployment from a single location.
SonicWALL strongly recommends that after you deploy the chosen architecture, you do not change
the setup from a Control Center to a Remote Analyzer or vice versa, as there are no obvious
advantages, and some data might be lost. Thus, it is important to make the deployment
architecture decision before installing SonicWALL Email Security.
SonicWALL Email Security Administrator’s Guide|6
Typical SonicWALL Email Security Deployments
SonicWALL Email Security as the First-Touch / Last-Touch Server
In a deployment with first-touch and last-touch in the DMZ, change your MX records to point to the
SonicWALL Email Security setup. Also, all the inbound and outbound connections (typically port 25)
for SonicWALL Email Security must be properly configured in your firewalls.
In this configuration, SonicWALL Emai
a SMTP Proxy or a MTA. On the outbound path, it must be configured to be a MTA. This setup also
can be extended to a cluster with multiple SonicWALL Email Security servers all using a shared drive
for data location. For more information on routing using Smart Host, refer to “Adding an Inbound
Mail Server for All in One Architecture” on page 8.
X To configure SonicWALL Email Security in this configuration, you also need to:
1. Configure SonicWALL Email Security server with a static IP address on your DMZ.
2. In your firewall, add an inbound NAT Rules’s privat
address for TCP port 25 (SMTP).
3. In the public DNS server on th
smtp.my_domain.com, to the Internet addressable IP address you assigned in step 2.
4. Update your email domain’s MX reco
SonicWALL Email Security for each MX record.
l Security can be configured on the inbound path to be either
e IP address to an Internet addressable IP
e Internet, create an A record, mapping a name such as
rd to point to the new a record. You need to deploy the
SonicWALL Email Security Administrator’s Guide|7
SonicWALL Email Security Not as a First-Touch / Last Touch Server
A network topology where Email Security is not the first-touch and last-touch SMTP server. is not
recommended because security mechanisms such as SPF and Connection Management cannot be
used.
In this configuration SonicWALL Email Security can be configured to be either an MTA or a proxy.
Introduction
CHAPTER 2
System
In this chapter, you will learn how to configure the system more extensively and learn more about
additional system administration capabilities.
This chapter contains the following sections:
z
“Setting Your Network Architecture” on page 8
z
“LDAP Configuration” on page 14
z
“Default Message Management Settings” on page 19
z
“Junk Box Summary” on page 19
z
“User View Setup” on page 20
z
“Updates” on page 21
z
“Monitoring” on page 22
z
“Connection Management” on page 25
z
“Backup/Restore Settings” on page 33
z
“Host Configuration” on page 34
z
“Configuring Advanced Settings” on page 35
z
“Branding” on page 37
Setting Your Network Architecture
There are different ways to configure and deploy SonicWALL Email Security, and the first decision
to make is the choice of network architecture. See “Planning SonicWALL Email Security
Deployment” on page 2 for more information on what network architecture is appropriate for your
need. You must decide whether you are setting up a Split or All in One architecture, as that choice
impacts other configuration options. You can change the architecture later, but if you do so, you will
need to add your mail servers and reset configuration options again.
To configure SonicWALL Email Security as your desired network architecture, click System >
Network Architecture.
Adding an Inbound Mail Server for All in One Architecture
Set this server to All in One configuration by choosing the radio button next to All in One.
Click the Add Path button in the Inbound Email Flow section. The Add Inbound Path window
appears.
Source IP Contacting Path
1. In this section you can configure from where you accept email. You can choose to
{
Accept connections for all senders. Use of this setting can make the product an open relay.
SonicWALL Email Security strongly recommends against an open relay. Open relays can
!
reduce the security of your email network and allow malicious users to spoof your email
domain.
{
Accept connections for all senders sending to the specified domains.
{
Accept connections from the specified senders
2. Path Listens On. In this section, you can specific which IP addresses and port number the
service is listening on for incoming email.
{
Listen for all IP address on this port - This is the typical setting for most environment
as the service listens on the specified port using the machine’s default IP address. The
usual port number for incoming email traffic is 25.
{
Listen only on this IP address and port - If you have multiple IP addresses configured
in this machine, you can specify which IP address and port number to listen on.
3. Destination of Path. In this section, you can specify the destination server for incoming
email traffic in this path.
{
This is a proxy. Pass all email to destination server - This setting configures this path
to act as a proxy and relay messages to a downstream email server. If the downstream
server is unavailable, incoming messages will not be accepted.
{
This is an MTA. Route email using SmartHost to - This setting is the same as the
above Proxy option, except that incoming messages will be accepted and queued if the
downstream server is unavailable. In this instance, this path acts as a SMTP smarthost.
{
This is an MTA. Route email using SmartHost with load balancing to the following
multiple destination servers - When a path is configured with this choice, messages
received will be routed to multiple downstream servers as follows.
{
If Round robin is specified, email will be load-balanced by sending a portion of the email
flow through each of the servers specified in the text box in round-robin order. All of the
servers will process email all the time.
{
If Fail over is specified, the first server listed will handle all email processing under
normal operation. If the first server cannot be reached, email will be routed through the
second server. If the second server cannot be reached, email will be routed through the
third server, and so on.
{
MTA with MX record routing - This setting configures this path to route messages by
standard MX (Mail Exchange) records. To use this option, your DNS server must be
configured to specify the MX records of your internal mail servers that need to receive the
email.
{
MTA with MX record routing (with exceptions) - This setting configures this path to
route messages by standard MX (Mail Exchange) records, except for the specified
domains. For the specified domains, route messages directly to the listed IP address.
Note:
z
You can specify email addresses in addition to domains in this routing table. Also, hostnames
can be specified instead of IP addresses. For example, if you want to route customer service
emails to one downstream server and the rest of the traffic to a different downstream server,
you can specify something like:
service@mycompany.com 10.1.1.1
mycompany.com internal_mailserver.mycompany.com
4. Advanced Settings
5. Use this text instead of a host name in the SMTP banner - Use this text to customize the
HELO banner. By default, the fully qualified domain name will be used
SonicWALL Email Security Administrator’s Guide|9
SonicWALL Email Security Administrator’s Guide|10
6. Set the action you want to take for messages for email recipients who are not listed in your
LDAP server. Typically, it is a good practice to set this path to adhere to corporate settings.
7. Enable StartTLS on this path - Check this check box if you want a secure internet
connection for email. If the check box is checked, SonicWALL
Email Security uses Transport
Layer Security (TLS) to provide the secure internet connection. When StartTLS is enabled,
email can be sent and received over a secure socket. The source and destination email
addresses and the entire message contents are all encrypted during transfer.
8. Click Add to add an inbound path for this All in One server.
Adding an Outbound Mail Server for All in One Architecture
1. Click the Add Path button in the Outbound Email Flow section. The Add Outbound Path
window appears.
2. Source IP Contacting Path. In this section, you can specify which servers within your
organization can connect to this path to relay outgoing email.
{
Any source IP address is allowed to connect to this path - This setting configures
this path to receive outgoing email from any server. Using this option could make your
server an open relay.
{
Only these IP addresses can connect and relay - This setting configures this path to
accept email only from the specified IP addresses.
Note:
z
You need to use this setting if you configure your SonicWALL Email Security installation to listen
for both inbound and outbound email traffic on the same IP address on port 25.
3. Path Listens On. In this section, you can specify the IP addresses and port number on which
this path listens for connections.
{
Listen for all IP address on this port - This is the typical setting for most environment
as the service listens on the specified port using the machine’s default IP address.
{
Listen only on this IP address and port - If you have multiple IP addresses configured
in this machine, you can specify which IP address and port number to listen to.
4. Destination of Path. In this section, you can specify the destination server for outgoing
email traffic in this path.
{
This is a Proxy. Pass all email to destination server - Use this setting if you want this
path to act as a proxy and relay messages to an upstream MTA. Enter the host name or IP
address of the upstream MTA and the port on which it should be contacted. If the
upstream MTA is unavailable, outgoing messages will not be accepted.
{
This is an MTA. Route email using SmartHost to - This setting is same as the Proxy
option above except that outgoing messages will be accepted and queued if the upstream
MTA is unavailable.
{
This is an MTA. Route email using SmartHost with load balancing to the following
multiple destination servers - When a path is configured with this choice, outbound
messages will be routed to multiple upstream MTAs as follows.
{
If Round robin is specified, email will be load-balanced by sending a portion of the email
flow through each of the MTAs specified in the text box in round-robin order. All of the
MTAs will process email all the time.
{
If Fail over is specified, the first MTA listed will handle all email processing under normal
operation. If the first MTA cannot be reached, email will be routed through the second
MTA. If the second MTA cannot be reached, email will be routed through the third MTA,
and so on.
{
This is an MTA. Route email using MX record routing - Use this setting to configure
this path to route outbound email messages by standard MX (Mail Exchange) records.
{
This is an MTA. Route email using MX record routing with these exceptions - Use
this setting to configure this path to route outbound email messages by standard MX (Mail
Exchange) records except for the specified domains. For the specified domains, route
messages directly to the listed IP address.
5. Advanced Settings
{
Use this string instead of a host name in the SMTP banner - Use this string to
customize the HELO banner. By default, the fully qualified domain name will be used.
Adding a Server for Split Architecture
If you chose Split Architecture, you must define whether the server is the Control Center or Remote
Analyzer, and then let each know about the other.
1. Go to System > Network Architecture.
2. Choose Split.
3. Click Control Center to configure the server as a Control Center or click Remote Analyzer to
configure the server as a Remote Analyzer.
4. Click Apply.
Adding a Control Center
X To add a Control Center:
1. Click Add Server in the Control Center section of the Network Architecture window.
2. Enter the Control Center hostname.
3. If feasible, use the default port number. If not, enter a new Control Center Server Address
Port Number.
4. Click Add.
SonicWALL Email Security Administrator’s Guide|11
Adding a Remote Analyzer
You must add one or more Remote Analyzers to a Split Configuration. Remote Analyzers can process
inbound messages or outbound messages or both.
1. Click the Add Server button in the Inbound Remote Analyzer or Outbound Remote Analyzer
section based on your need.
2. Enter the Remote Analyzer’s hostname or IP address.
3. Enter the Remote Analyzer Server Address Port number.
4. If your network requires SSL, check the Requires SSL check box.
5. Click the Add button.
Note:
z
If there is a high volume of network traffic, it might take some time before the new Remote
Analyzer is displayed in the System>Network Architecture window.
Any changes you make at the Control Center are propagated to the Remote Analyzers you just
added. You can monitor their status on the Reports page as well.
Configuring Inbound Email Flow for a Remote Analyzer
While logged into the Control Center, Click the Add Path button next to the Inbound Remote
Analyzer. An Add Inbound Path window appears. Follow the instructions in “Adding an Inbound
Mail Server for All in One Architecture” on page 8.
Configuring Outbound Email Flow for a Remote Analyzer
While logged into the Control Center, Click the Add Path button next to the Outbound Remote
Analyzer. An Add Outbound Path window appears. Follow the instructions in “Adding an Outbound
Mail Server for All in One Architecture” on page 10. Make sure that the Control Center can connect
and relay email messages through this path - step 1 in the Add Outbound Path dialog.
SonicWALL Email Security Administrator’s Guide|12
Configuring Remote Analyzers to Communicate with Control Centers
After you have set up the Control Center, configure each Remote Analyzer so that it can
communicate with its Control Center.
1. Log in to each server set up as a Remote Analyzer and go to Network Architecture.
2. Click the Add button to identify from which Control Center this Remote Analyzer will accept
instructions.
3. An Add Control Center screen appears. Enter the hostname of your Control Center.
If your Control Center is a cluster, you must add each individual hostname as a valid Control
Center.
Note:
z
If your Control Center is a cluster, add each individual hostname as a valid Control Center by
repeating steps 2-3.
All other configuration options for the Remote Analyzer are managed by the Control Center.
Deleting a Remote Analyzer from a Split Configuration
X Before deleting a Remote Analyzer, ensure there are no messages in the queue for
quarantine
1. Stop SMTP traffic to the Remote Analyzer by turning off the SonicWALL Email Security Service.
Click Control Panel>Administrative Tools>Services>MlfASG Software> Stop.
2. After a few minutes, view the last entry in the mfe log on the Remote Analyzer log.
3. View the mfe log in the Control Center logs directory to ensure the last entry in the mfe log for
the Remote Analyzer is there: this can take a few moments.
Turn off the ability of the associated email server to send ma i l to th i s Rem o te Ana l y zer, and / or poi n t
the associated email server to another installed and configured Remote Analyzer.
Testing the Mail Servers
Click the Test Mail Servers button. SonicWALL Email Security displays a window that indicates
either a successful test or an unsuccessful test.
Note:
z
It takes 15 seconds for SonicWALL Email Security to refresh its settings. If the first test fails,
try the test again.
Changing from an All in One Configuration to a Split Configuration
There are only two situations that warrant changing your configuration:
z
You are a current SonicWALL Email Security customer running All in One architecture and want
to upgrade to a Split Network configuration.
z
You are a new customer and have incorrectly configured for All in One architecture and you want
to configure for Split Network, or vice versa.
SonicWALL Email Security Administrator’s Guide|13
Configure MTA
You can configure the Mail Transfer Agent (MTA) Settings by navigating to the System>Network
Architecture> MTA Configuration screen. You can specify how the MTA will handle a case in
which Email Security is unable to deliver a message right away. Note that most installations will not
require any change to the MTA settings.
Delivery
Messages are bounced if the recipient domain returns a permanent failure (5xxx error code). In the
case of transient failures (4xx error codes, indicating a delay), the MTA will retry delivery of the
message periodically based on the schedule specified in the Retry interval field. Delayed
messages that cannot be delivered within the time period specified in the Bounce after field will
be bounced; no further attempts will be made to deliver them.
Non-Delivery Reports (NDR)
When an email cannot be sent due to either a transient delay or a permanent failure, the sender
may receive a notification email, or a Non-Delivery Report (NDR), describing the failure.
Administrators can use this pane to customize the schedule and contents of those notification
emails.
Transient Failure Settings
To enable Transient NDR, select the “Send NDR for transient failures” check box. Specify the interval
(days, hours, minutes) at which notifications are sent, the sender name and email address (for
example, “Eric Smith” and “ericsmith@example.com”), a customized subject line for the NDR (for
example, “Delay in sending your email”), and a customized body for the NDR.
Permanent Failure Settings
Choose a name and email address from which NDRs will be sent (for example, “Eric Smith” and
“ericsmith@example.com”), a customized subject line for the NDR (for example, “Your email could
not be sent”), and a customized body for the NDR. Note that Permanent Failure Settings cannot be
disabled.
General Settings
All NDRs include a diagnostic report about the problem that prevented delivery, including the
headers of the original message. Permanent NDRs may optionally have the contents of the original
message attached.
Customized Fields
Certain fields in the subject line, body, and sender of the DSN can be specified by the administrator:
z
$subject - the subject of the original email
z
$hostname - the hostname from which the NDR is sent
z
$originator - the sender of the original email
z
$recipient - the intended recipient of the original email
z
$timeQueued - the time at which the original email was queued
z
$date - the current date
z
$retryAfter - the interval at which delivery of delayed emails is retried
z
$bounceAfter - the time after which delivery attempts will cease for delayed emails
Example Sender - postmaster@$hostname
Example Subject - Delivery Status Notification (re: $subject)
Example Body - Your email from $originator regarding $subject has bounced. It was sent on
$timeQueued to $recipient. No further attempts at delivery will be made. Have a nice day!
Note:
z
Email Address Rewriting
Use this dialog to rewrite email addresses for inbound or outbound emails. These operations affect
only the email envelope (the RFC 2821 fields): the email headers are not affected in any way. For
inbound email, the “To” field (the RCPT TO field) is rewritten. For outbound email, the” From” field
(the MAIL FROM field) is rewritten.
Trusted Networks
When the SonicWALL Email Security receives email messages from an upstream server that us es a
non-reserved or public IP address, the GRID Network effectiveness may degrade. To avoid this
degradation on the GRID Network, users can put public IP addresses on a “privatized” list. To add
IP addresses to a Trusted Network, click the Add Server button. In the box that displays, type in
the IP addresses you want to add, then click Save. The IP addresses will now appear on the Server
List.
LDAP Configuration
SonicWALL Email Security uses Lightweight Directory Access Protocol (LDAP) to integrate with your
organization’s email environment. LDAP is an Internet protocol that email programs use to look up
users’ contact information from a server. As users and email distribution lists are defined in your
mail server, this information is automatically reflected in SonicWALL Email Security in real time.
SonicWALL Email Security Administrator’s Guide|14
Some mail servers, such as Microsoft Exchange, may send their own NDRs or rewrite the
contents of NDRs sent from other products. Please see the Administrator's Guide for information
on integrating this product's NDR functionality with Microsoft Exchange.
Many enterprise network use directory servers like Active Directory or Lotus Domino to manage
user information. These directory servers support LDAP and SonicWALL Email Security can
automatically get user information from these directories using the LDAP. You can run
SonicWALL Email Security without access to an LDAP server as well. If your organization does not
use a directory server, users cannot access their Junk Boxes, and all inbound email is managed by
the message-management settings defined by the administrator.
SonicWALL Email Security uses the following data from your mail environment.
z
Login Name and Password: When a user attempts to log into the SonicWALL Email Security
server, their login name and password are verified against the mail server using LDAP
authentication. Therefore, changes made to the user names and passwords are automatically
uploaded to SonicWALL
z
If your organization allows users to have multiple email aliases, SonicWALL Email Security
ensures any individual settings defined for the user extends to all the user’s email aliases. This
means that junk sent to those aliases aggregates into the same folder.
z
Email groups or distribution lists in your organization are imported into
SonicWALL
as a user’s settings.
LDAP groups allow you to assign roles to user groups and set spam-blocking options for user
groups.
Configuring LDAP
Use the LDAP Configuration screen to configure SonicWALL Email Security for username and
password authentication for all employees in the enterprise.
Note
z
Complete the LDAP configuration screen to get the complete list of users who are allowed to
login to their Junk Box. If a user does not appear in the User list in the User & Group screen,
their email will be filtered, but they cannot view their personal Junk Box or change default
message management settings.
Email Security in real time.
Email Security. You can manage the settings for the distribution list in the same way
SonicWALL Email Security Administrator’s Guide|15
Enter the server information and login information to test the connection to the LDAP server.
1. Click the Add Server button to add a new LDAP Server. Configuring the LDAP server is
essential to enabling per-user access and management. These settings are limited according
to the preferences set in the User Management pane. See the SonicWALL
Email Security
Administration Guide “User View Setup” in Chapter 6 for details.
2. The following checkboxes appear under the Settings section:
{
Show Enhanced LDAP Mappings fields: Select this option for Enhanced LDAP, or LDAP
Redundancy. You will have to specify the Secondary Server IP address and Port number.
{
Auto-fill LDAP Query fields when saving configurations: Select this option to
automatically fill the LDAP Query fields upon saving.
3. Enter the following information about your LDAP server:
{
Friendly Name: The friendly name for your LDAP server.
{
Primary Server Name or IP address: The DNS name or IP address of your LDAP
server. (Configuration checklist parameter M)
{
Port number: The TCP port running the LDAP service. The default LDAP port is 389.
(Configuration checklist parameter N)
{
LDAP server type: Choose the appropriate type of LDAP server from the dropdown list.
{
LDAP page size: Specify the maximum page size to be queried. The default size is 100.
{
SSL Connection: Select this box if your server requires a secured connection.
{
Type of LDAP Server: Choose the appropriate type of LDAP server from the list.
{
Allow LDAP referrals: Leaving this option unchecked will disable LDAP referrals and
speed up logins. You may select this option if your organization has multiple LDAP servers
in which the LDAP server can delegate parts of a request for information to other LDAP
servers that may have more information.
4. Specify if the LDAP login method for your server is by Anonymous Bind or Login. Specify the
Login name and Password. This may be a regular user on the network, and typically does
not have to be a network administrator.
Note:
z
Some LDAP servers allow any user to acquire a list of valid email addresses. This state of
allowing full access to anybody who asks is called Anonymous Bind. In contrast to Anonymous
Bind, most LDAP servers, such as Microsoft's Active Directory, require a valid
username/password in order to get the list of valid email addresses. (Configuration checklist
parameter O and P)
5. Click the Test LDAP Login button.
A successful test indicates a simple connection was made to the LDAP server. If you are using
anonymous bind access, be aware that even if the connection is successful, anonymous bind
privileges might not be high enough to retrieve the data required by
SonicWALL
Email Security.
6. Click Save Changes.
LDAP Query Panel
To access the LDAP Query Panel settings window, click the Friendly Name link or the Edit button
of the server you wish to configure.
Note:
z
SonicWALL Email Security does not require you to configure LDAP query information settings
for most installations.
X To configure advanced LDAP settings for users
1. Enter values for the following fields:
{
Directory node to begin search: The node of the LDAP directory to start a search for
users. (Configuration checklist parameter Q).
SonicWALL Email Security Administrator’s Guide|16
{
Filter: The LDAP filter used to retrieve users from the directory.
{
User login name attribute: the LDAP attribute that corresponds to the user ID.
{
Email alias attribute: The LDAP attribute that corresponds to email aliases.
2. Click the Test User Query button to verify that the configuration is correct.
3. Click Save Changes to save and apply all changes made.
Note:
z
You may click the Auto-fill User Fields button to have SonicWALL Email Security automatically
complete the remainder of this form.
X To configure LDAP Settings for Groups:
1. Enter values for the following fields:
{
Directory node to begin search: The node of the LDAP directory to start a search for
users. (Configuration checklist parameter Q).
{
Filter: the LDAP filter used to retrieve groups from the directory.
{
Group name attribute: the LDAP attribute that corresponds to group names.
{
Group members attribute: the LDAP attribute that corresponds to group members.
{
User member attribute: the LDAP attribute that specifies attribute inside each user's
entry in LDAP that lists the groups or mailing lists that this user is a member of.
2. Click the Test User Query button to verify that the configuration is correct.
3. Click Save Changes to save and apply all changes made.
Note:
z
Click the Auto-fill Group Fields button to have SonicWALL Email Security automatically
complete the remainder of this form. ‘
z
If you have a large number of user mailboxes, applying these changes could take several
minutes.
Advanced LDAP Settings
In a Microsoft Windows environment, you will need to specify the NetBIOS domain name,
sometimes called the pre-Windows 2000 domain name.
X To locate the pre-Windows 2000 domain name
1. Login to your domain controller.
2. Navigate to Start > All Programs > Administrative Tools > Active Directory Domains and
Trusts.
3. In the left pane of the Active Directory Domains and Trusts dialog box, highlight your domain
and click Action.
4. Next, click Properties. The domain name or pre-Windows 2000 name will display in the
General tab.
On some LDAP servers, such as Lotus Domino, some valid email addresses do not appear in LDAP.
This panel provides two methods of managing such email addresses.
This panel provides a way to add additional mappings from one domain to another. For example, a
mapping could be added that would ensure emails addressed to anybody@engr.corp.com are sent
to anybody@corp.com.
It also provides a way of substituting single characters in email addresses. For example, a
substitution could be created that would replace all the spaces to the left of the "@" sign in an email
address with a "-". In this example, email addressed to Casey Colin@corp.com would be sent to
Casey-Colin@corp.com.
SonicWALL Email Security Administrator’s Guide|17
Note:
z
This feature does not make changes to your LDAP system or rewrite any email addresses; it
makes changes to the way SonicWALL Email Security interprets certain email addresses.
To access the Advanced LDAP Settings, click the Friendly Name link or the Edit button of the
server you wish to configure.
X To configure the advanced LDAP settings panel
1. Click the Add LDAP Mappings button.
2. From the first drop-down list, choose one of the following:
z
domain is - choose this to add additional mappings from one domain to another.
{
If replace with is chosen from the second drop-down menu, then the domain is replaced.
{
If also add is chosen from the second drop-down menu, then when first domain is found,
the second domain is added to the list of valid domains.
z
left hand side character is to add character substitution mappings.
{
If replace with is chosen from the second drop-down menu, then the character is replaced
in all characters to the left of the "@" sign in the email address.
{
If also add is chosen from the second drop-down menu, then a second email address is
added to the list of valid email addresses.
3. Click the Add Mapping button.
Multiple LDAP Server Support
The following table describes the actions that can be taken on a group, domain, or global level.
Function Domain LDAP Group Global
Directory Harvest Attack prevention Y - Y
Policy Y Y Y
Reporting Y - Y
Roles - Y Y
Settings Y* Y Y
* Requires creating a master group on the LDAP server.
Configuring SonicWALL ES for Multiple LDAP Servers
The LDAP configuration page allows administrators to configure more than one LDAP server. All
LDAP servers are listed. For each LDAP server, you can edit or delete it without affecting the
connection of other LDAP servers.
X To add an LDAP server:
1. Log in as the Email Security administrator.
2. Click System and then LDAP Configuration.
3. Click the Add Server button.
4. Fill in the connection information for the LDAP server you wish to add. Be sure to give it a
unique friendly name so that you can easily identify it in the list of servers.
5. When you are finished, click Apply Changes and use the test button to confirm that the LDAP
server is properly connected and configured.
SonicWALL Email Security Administrator’s Guide|18
Administering Multi-LDAP Environments
Administrators must log into a specific domain unless they are the SonicWALL Email Security
administrator. Once a domain administrator is logged in, she can modify the Email Security settings
for her domain, including the anti-spam settings. The Email Security administrator can see all the
LDAP servers attached to SonicWALL Email Security. The administrator logs in with no domain
specified.
Editing LDAP Connection Information
The Email Security administrator configures the multiple domains.
X To change the settings of an existing LDAP server
1. Log in as the Email Security administrator.
2. Click Syst
3. Click the server name link or the Edit (pencil) button associated with
LDAP server you want to change.
em and then LDAP Configuration.
the friendly name of the
4. Edit the details of the LDAP server using the information you have collected.
5. In the Global Con
example, the administrator can configure aliases (on the right side) to correspond with the
pseudo-domain. Aliases must be unique and can consist of lowercase alpha-numeric
characters and underscores. Aliases are separated by commas. If you set an alias to the
domain name, users can log in using their email address.
6. In the Set
dropdown box. If this box is checked, all users will be able to see all domains. If it remains
unchecked, users must log in with their fully-qualified login, such as user@sonicwall.com. You
can also choose how often SonicWALL ES refreshes the LDAP usermap.
7. When you are done, click App
server is properly connected and configured.
tings subsection, choose whether you want the domains to appear in the login
figurations section, you can enter aliases for your pseudo-domains. In this
ly Changes and use the test button to confirm that the LDAP
Email Address Rewriting
In a multiple LDAP server environment, administrators can map incoming or outbound email
addresses to new apparent domains. This feature also allows you to expand an email list into its
constituent members.
X To configure Email Address Rewriting on a per-LDAP basis:
1. Log in as the Email Security administrator.
2. Click Syst
3. Scroll down and click the Emai
4. Click the A
5. In Type
you could also choose LDAP Email List Expansion.
6. Enter the information for the
em and then Network Architecture.
l Address Rewriting button.
dd New Rewrite Operation button.
of Operation, choose LDAP Rewrite to Primary. If you are on the Inbound tab,
operation you have chosen.
7. Enter a name for the rewrite operation.
8. Click Save This Rewrite Operation.
Default Message Management Settings
The Default Message Settings window enables the administrator to set default settings for users’
messages.
The Default Message Settings window allows you to choose default settings for messages that
contain spam, phishing, virus, and policy management issues.
1. Choose the Number of Junk Box days from the drop-down list.
Set the enterprise-wide policy for the number of days email messages will remain in the Junk
Box before being automatically deleted. The maximum number of days is 180. This can be
adjusted for an individual user by an administrator or the user, if you allow it (See Configuring
the User View Setup on page 68.)
2. Choose the number of items to display in the Message Center from the drop-down list.
3. Review the four check box options that allow the user to define conditions for tagging
messages incoming to their inbox. Each of the tags below will be prefixed to the subject line of
the message.
{
To tag unjunked messages, check the Tag unjunked messages with this text added
to the subject line checkbox, and input word(s) to be used for tagging.
{
To tag messages which were considered as junk but will be delivered because the sender’s
domain is on the user’s Allow list, check the Tag messages considered junk, but
delivered because sender/domain/list is in Allowed list with the text added to
the subject line checkbox, and input word(s) to be used for tagging.
{
To tag messages which were considered as junk but will be delivered because of a Policy
action in effect, check the Tag messages considered junk, but delivered because of
a Policy action with the text added to the subject line checkbox, and input word(s)
to be used for tagging.
{
To tag all those messages that are processed by Email Security 6.0 Server for testing,
check Tag all messages processed by Email Security for initial deployment testing
with this text added to the subject line checkbox, and input word(s) to be used for
tagging.
4. Click the click here links to manage spam, virus, phishing, and policy.
5. Click the Apply Changes button.
SonicWALL Email Security Administrator’s Guide|19
Junk Box Summary
SonicWALL Email Security sends an email message to users listing all the messages that have been
placed in their Junk Box. The Junk Box Summary includes:
z
z
Users can unjunk items listed in the Junk Box Summary email by clicking links in the email. When
unjunking there is an option not to add a sender to the Allowed list.
X To manage the Junk Box summary
1. Choose Frequency of Summaries from the drop-down box.
2. Choose the dates and times to receive email notification.
3. Choose whether to include in message summary All Junk Messages or Likely Junk Only
4. Choose Language of summary emails from the drop-down list.
5. Choose a plain or graphics rich summary.
Good vs Junk count (organization)
Number of blocked messages (per user)
Individual users can override these settings.
(hide definite junk).
Loading...