advertisement
5
Message Security
SMTP Mail Access
The Mail Access screen allows you to configure features that provide security when the system is accepting mail during an SMTP connection.
To configure your SMTP mail access settings:
1. Select Configuration > Mail > Access .
User Guide 91
Message Security
Specific Access Patterns
Specific Access Patterns can be used to search for patterns in a message for filtering during the
SMTP connection. See “Specific Access Patterns” on page 94 for detailed information on
configuring these filters.
Pattern Based Message Filtering
Enable this option to use Pattern Filters to reject or accept mail based upon matches in the
message envelope, header, or body. See “Pattern Filters” on page 137 for detailed information on
configuring Pattern Filters.
Maximum recipients per message
Set the maximum number of recipients accepted per message. A very large amount of recipients means the message is more likely to be spam or bulk mail. The default is set to 1000.
Maximum recipients reject code
Allows administrators to define other errors to return instead of the default “452 Error: too many recipients” error, such as permanently rejecting the connection “554”.
Maximum message size
Set the maximum message size (in bytes) that will be accepted by the system. The default is
10240000 bytes. Note that processing large messages decreases mail processing performance.
The Attachment Size Limit option configured in Security > Content Control > Attachment
Control is also set to 10240000 bytes, and the threshold will be exceeded if the attachment size is close to the attachment size limit. We recommend that you set the Maximum Message Size value to at least 1.5 times the value of the Attachment Size Limit option. When attachments are sent with most email messages, the message size grows considerably due to the encoding methods used. The maximum message size should be set accordingly to accommodate attachments. Attachments are sent base64 encoded, not in their binary form. Base64 encoding can increase the size of a file to up to 140% of its original size. This means that a 9MB attachment is actually 13MB in size, and would exceed a message size limit of 10MB. The additional overhead caused by base64 encoding should be considered when deciding a maximum message limit.
Minimum Queue Free Space (Cluster Primary Only)
This option only appears on a Cluster Primary system and allows administrators to set the minimum amount of free space in kilobytes that is required in the queue file system to receive messages. If the system has less than the specified free space, messages will be rejected with a
“452: Insufficient system storage” error. This value must at minimum be greater than 1.5 times the specified Maximum message size , and at maximum 50 GB. The default value is automatically calculated for clusters with all the same hardware, and this configuration is replicated across all cluster systems. In a cluster that contains systems of different types of hardware, you must set this value to 20% of the total System Data Storage Area space available according to the cluster member with the least space. This information can be obtained via Activity > Status > Status &
Utility on the cluster member. For example, if the cluster system with the least amount of System
Data Storage Area space has 10 GB available, then set this value to 2097152 KB (2 GB).
The Minimum Queue Free Space value is not synchronized via Centralized Management.
Maximum Unknown recipients per message
This value determines how many unknown recipients are allowed in the message before it will be rejected by the system. A high number of unknown recipients indicates the message is likely spam or a denial of service attempt.
92 WatchGuard XCS
User Guide
Message Security
Maximum Unknown recipients reject code
This value indicates the SMTP reject code to use when the maximum unknown recipients value is exceeded. This should be set to either “421” (temporary reject) or “554” (permanent reject).
SMTP Authenticated Relay
This feature allows authenticated clients to use the system as an external mail relay for sending mail. For example, you may have remote users who need to send mail via this system. Clients must use a login and password to authenticate to the system before being allowed to relay mail.
These accounts can be local or they can be authenticated via LDAP.
LDAP SMTP Authentication
SMTP authentication can also be performed via an LDAP directory server. Select the check box to enable LDAP Authenticated Relay, and select the link to configure its options. This feature can also be configured via Configuration > LDAP > Relay
SMTP Banner
The SMTP banner is exchanged during the HELO/EHLO session of an SMTP connection. This banner contains identifying information for your mail server which can be used as information to launch attacks against the system. This option allows you to customize the SMTP banner and also remove the system’s hostname by using the Domain only option.
Queue Monitoring
The Queue Monitoring feature allows administrators to modify the system’s behavior depending on how large the incoming mail queue is. Delivery of queued mail can be given higher priority than receiving new mail when a certain threshold is reached to process the current mail queue faster. At the maximum threshold, incoming requests can be temporarily rejected to allow the queue to process current messages first.
Select the Monitor Mail Queue Size option to enable incoming queue thresholds.
Minor Queueing — If the active queue size reaches this threshold, the system will slightly increase the priority of mail delivery over mail receiving.
Medium Queueing — If the active queue size reaches this threshold, the system will significantly increase priority of mail delivery over mail receiving.
Significant Queueing — If the active queue size reaches this threshold, the system will temporarily reject any new mail and notify the system administrator.
2. Click Apply .
93
Message Security
Specific Access Patterns
Specific Access Patterns are always enabled by default and can be used to either accept or reject mail during an SMTP connection. These rules override all others. Use these special cases to allow email where it would be otherwise blocked, or to block email when it would otherwise be allowed. Specific access patterns allow an administrator to respond to local filtering requirements such as the following:
Allowing other systems to relay mail through the system
Rejecting all messages from specific systems
Allowing all messages from specific systems (effectively trusting the server)
When you specify a Specific Access Pattern rule, it can take one of the following forms:
IP Address — The system will match the IP address such as, 192.168.1.10, or you can use a more general address form such as 192.168 that will match anything in that address space. For the Client
Access parameter, the system also supports CIDR (Classless Inter-Domain Routing) format so that administrators can specify a pattern for a network such as 192.168.0.0/24.
Domain Name — The system will match the supplied domain name, such as example.com, with any subdomain such as mail.example.com, sales.mail.example.com and so on.
Address — The system will match an exact email address, such as [email protected], or a more general rule such as @example.com.
To add a new Specific Access Pattern:
1. Select Configuration > Mail > Access .
2. Click Add Pattern .
94
3. In the Pattern field text box, enter a mail address, IP address, hostname, or domain name.
Client Access — Specify a domain, server hostname, or IP address. This item is the most reliable and may be used to block spam as well as trust clients.
HELO Access — Specify either a domain or server name.
Envelope-From Access — Specify a valid email address.
Envelope-To Access — Specify a valid email address.
Only the Client Access parameter can be relied upon since spammers can easily forge all other message properties. These parameters can be useful for trusting purposes.
WatchGuard XCS
advertisement
Related manuals
advertisement
Table of contents
- 13 About the WatchGuard XCS
- 13 WatchGuard XCS Overview
- 13 Firewall-level network and system security
- 13 Message delivery security
- 14 Web security
- 14 Content controls
- 14 Virus and spyware scanning
- 14 Outbreak control
- 14 Malformed message protection
- 15 Intercept Anti-Spam
- 15 ReputationAuthority
- 16 Image spam analysis
- 16 Threat prevention
- 16 Trusted and blocked senders list
- 16 Spam quarantine
- 16 Secure WebMail
- 17 Integrated and external message encryption
- 17 Mail delivery encryption
- 17 Policy controls
- 18 System management
- 18 Clustering
- 19 Reporting
- 19 Security Connection
- 19 Internationalization
- 20 WatchGuard XCS on the DMZ of a network firewall
- 21 WatchGuard XCS on the internal network
- 22 Network firewall configuration
- 23 DNS configuration for mail routing
- 23 Outbound mail routing
- 24 Trusted messages
- 24 Inbound and outbound scanning
- 24 SMTP connection
- 25 Virus and spyware checking
- 25 Malformed message checking
- 25 Attachment size limits
- 25 Attachment control
- 25 Outbreak control
- 25 OCF (Objectionable Content Filter)
- 26 Pattern Filters and Specific Access Patterns
- 26 Trusted and Blocked Senders List
- 26 Content Scanning
- 26 Document Fingerprinting
- 26 Content Rules
- 26 Encryption
- 26 Anti-Spam processing
- 26 Mail mappings
- 26 Virtual mappings
- 27 Relocated Users
- 27 Mail Aliases
- 27 Mail routing
- 27 Message delivery
- 27 Message Processing Order Summary
- 27 SMTP Connection Checks
- 28 Message Checks
- 28 Intercept Anti-Spam processing
- 31 System Administration
- 31 Connect to the WatchGuard XCS
- 32 Navigate the Main Menu
- 32 Activity
- 33 Security
- 34 Configuration
- 35 Administration
- 36 Support
- 37 Console activity screen
- 37 Admin Menu
- 38 Repair Menu
- 38 Misc Menu
- 39 Configure the Admin User
- 40 Add additional administrative users
- 42 Admin automatic logout
- 42 Admin login lockout
- 44 External Proxy Server
- 46 Feature Display
- 47 Mail Delivery Settings
- 47 Network Configuration
- 49 Network interface configuration
- 50 Advanced parameters
- 51 Transparent mode and bridging
- 52 Support Access
- 53 Network Routing of Virtual Interfaces
- 54 Virtual interfaces and trusts
- 56 Subdomain routing via MX lookup
- 56 Subdomain routing and DNS caching
- 56 LDAP routing
- 57 Add rules for relays
- 58 Delivery settings
- 59 Gateway features
- 59 Default mail relay
- 59 Failback mail relay
- 60 BCC (Blind carbon copy) all mail
- 60 Annotations and delivery warnings
- 63 Advanced mail delivery options
- 63 Advanced SMTP settings
- 64 SMTP notification
- 64 Received header
- 65 Mail Aliases
- 65 Uploading Alias Lists
- 65 LDAP aliases
- 66 Mail Mappings
- 67 Mail mapping as access control
- 69 LDAP virtual mappings
- 75 Configure message archiving
- 76 Configure content control filters for archiving
- 76 Configure pattern filters for use with archiving
- 76 Configure OCF for archiving
- 77 Customizing archive headers using policies
- 79 LDAP Configuration
- 79 LDAP Overview
- 79 Naming conventions
- 80 LDAP schema
- 80 LDAP components
- 80 Clients
- 81 Protocol
- 81 Operations
- 81 Client session operations
- 81 Query operations
- 82 Modification operations
- 82 Extended operations
- 82 Security
- 83 Directory Servers
- 84 Testing LDAP servers
- 85 Searching the LDAP tree
- 89 Import settings
- 90 Mirror LDAP accounts as local users
- 90 Testing directory users
- 100 Cannot contact the LDAP server
- 100 LDAP user and group imports are failing
- 100 Mirror accounts are not created
- 101 LDAP authentication failures
- 103 Message Security
- 103 SMTP Mail Access
- 107 Anti-Virus
- 109 Updating pattern files
- 110 Spyware Detection
- 111 Configuring spyware detection in a policy
- 117 How message encryption works
- 118 Encryption configuration on the WatchGuard XCS
- 119 About Token files
- 120 Encryption with Pattern Filters
- 120 Encryption with the Objectionable Content Filter (OCF)
- 122 Manage accounts
- 123 Managing images
- 123 Managing users
- 124 Generate message activity reports
- 124 Manage secure messages
- 125 Read encrypted messages
- 126 Track encrypted messages
- 127 External Email Message Encryption
- 127 Configure the encryption server
- 128 Define mail routes for encryption and decryption
- 128 Enable encryption and decryption on the WatchGuard XCS
- 129 Define filter rules for encryption
- 132 TLS and message history
- 135 Content Control
- 135 Attachment Control
- 135 Attachment stripping
- 136 Attachment stripping and DomainKeys signatures
- 136 Configuring attachment control
- 137 Editing attachment types
- 138 Attachment size limits
- 139 Attachment size reports
- 140 Unopenable attachments
- 140 Configuring content scanning
- 141 Using pattern filters for content scanning
- 141 Using a policy compliance dictionary for content scanning
- 145 Uploading training documents
- 147 Configuring Document Fingerprinting
- 148 Document Fingerprinting and policies
- 148 Reports
- 148 Message history
- 149 Email message structure
- 150 Message envelope
- 150 Message header
- 150 Message body
- 150 Message attachment
- 151 Credit card pattern filters
- 152 Configuring pattern filters
- 156 Pattern filter preferences
- 157 Rerouting mail using pattern filters
- 158 Configuring content rules
- 161 Rule ordering
- 161 Downloading and uploading content rules
- 163 Reporting
- 163 Message history
- 164 Connection rules
- 166 Rule ordering
- 166 Reporting
- 167 Character set support
- 169 Adding a dictionary
- 170 Financial and medical dictionaries
- 171 Weighted dictionaries
- 172 Negative dictionary weights
- 172 Using weighted dictionaries
- 175 Intercept Anti-Spam
- 175 Intercept Anti-Spam Overview
- 176 Trusted and Untrusted Mail Sources
- 177 Trusted subnet
- 177 Trusting via specific access patterns
- 178 Intercept connection control aggressiveness
- 179 Intercept Anti-Spam aggressiveness
- 179 Intercept Anti-Virus aggressiveness
- 180 Intercept Connection Control
- 181 ReputationAuthority, DNSBL, and Backscatter rejects
- 182 Intercept actions
- 183 Anti-Spam header
- 184 ReputationAuthority/DNSBL/UBL timeout setting
- 187 Adding a spam words dictionary
- 188 Mail Anomalies
- 192 DNSBL servers
- 192 Timeout mode
- 194 UBL whitelist
- 195 ReputationAuthority
- 195 Domain and sender reputation
- 196 ReputationAuthority statistics sharing
- 197 Trusted clients and known mail servers
- 198 Configuring ReputationAuthority checks
- 202 How Token Analysis works
- 202 Token Analysis training
- 203 Configuring Token Analysis
- 203 Database and Training
- 204 Token Analysis advanced options
- 204 Neutral words
- 204 Token Analysis and languages
- 205 Japanese, Chinese, and Korean languages
- 205 Image analysis
- 205 PDF spam analysis
- 206 Diagnostics
- 208 Spam training
- 208 Spam settings
- 209 Dictionary spam count
- 209 Troubleshooting Token Analysis
- 211 Anti-Spam header
- 212 Configuring Backscatter detection
- 213 Sender Policy Framework (SPF)
- 213 SPF records
- 214 Configuring SPF
- 214 DomainKeys
- 215 Configuring DomainKeys
- 215 DomainKeys log messages
- 216 DomainKeys outbound message signing
- 218 DomainKeys DNS record
- 220 Recommended strategy
- 223 Web Scanning
- 223 Web Scanning Overview
- 223 Web Content Inspection
- 224 Web Proxy authentication
- 224 Single sign-on IP address-based authentication
- 224 Single sign-on IP address and portal authentication notes
- 224 TrafficAccelerator
- 225 Web Proxy chaining
- 225 Automatic client web proxy configuration
- 225 Web Proxy best practices
- 226 Deployment
- 226 Full proxy parallel deployment
- 227 Disadvantages
- 227 Internal network deployment
- 227 Advantages
- 227 Disadvantages
- 228 Advantages
- 228 Disadvantages
- 231 Transparent Mode
- 232 Disabling the Web Proxy in Transparent Mode
- 232 Web Proxy network interface settings
- 233 Configuring LDAP Web User authentication
- 234 Enabling web proxy authentication
- 235 Web Proxy authentication logout
- 236 Web Cache
- 237 Web cache disk usage
- 237 Flushing the web cache
- 238 Flush domain web cache
- 238 Web streaming Media Bypass
- 239 Configuring skipped MIME types
- 240 IP authentication browser configuration mode
- 241 PAC file
- 242 Load balancing via URL address
- 243 Bypassing the proxy for specific URLs/domains
- 243 WPAD using DNS
- 243 WPAD using DHCP
- 244 Internet Explorer client configuration
- 245 Client browser notifications
- 247 Create a trusted or blocked sites list
- 247 Configure trusted and blocked sites lists
- 248 Web Proxy URL and IP address blocking
- 253 Default blocked categories
- 253 Categories to block if required by an organization
- 254 Categories to block to enhance productivity
- 254 Configuring URL Categorization
- 255 Control list updates
- 255 Using URL categorization in policies
- 256 URL reject categorization
- 257 User Accounts
- 257 Local User Accounts
- 258 Upload and download user lists
- 258 Tiered Administration
- 260 Tiered Admin and WebMail access
- 260 Log in with Tiered Admin privileges
- 261 Delegated Domain Administration
- 261 Delegated domain administration and clustering
- 262 Creating delegated domains
- 263 Deleting a delegated domain
- 263 Uploading delegated domains
- 264 Uploaded delegated domain admin users
- 265 Delegated domain policies
- 265 Administering delegated domains
- 266 Log in to delegated domain administration
- 266 Managing the delegated domain
- 266 Viewing the delegated domain quarantine
- 267 Mirror Accounts
- 268 CRYPTOCard
- 268 SafeWord
- 268 SecurID
- 269 Remote Accounts and Directory Authentication
- 269 Configuring LDAP authentication
- 270 RADIUS authentication
- 271 POP3 and IMAP Access
- 272 Relocated Users
- 272 Vacation Notification
- 273 User vacation notification profile
- 275 Chapter 10 Spam Quarantine and Trusted/Blocked Senders
- 275 User Spam Quarantine
- 275 Local Spam Quarantine account
- 276 Configure the Spam Quarantine
- 277 Spam summary message
- 278 Accessing quarantined spam
- 278 Accessing the quarantine folder via IMAP
- 281 Trusted Senders List
- 281 Blocked Senders List
- 284 Import list file
- 287 Chapter 11 Secure WebMail
- 287 Secure WebMail Overview
- 288 Configure Secure WebMail
- 291 Enable the Secure WebMail OWA proxy
- 294 Exchange Authentication
- 300 Configuring WebMail client options
- 301 Chapter 12 Policies
- 301 Policy Overview
- 302 Policy hierarchy
- 302 Multiple group policies
- 303 Pattern filter priority
- 304 Define global settings
- 304 Configure the Default policy
- 305 Anti-Spam and Anti-Virus
- 306 Content Control policy settings
- 307 Email policy options
- 308 HTTP policy options
- 309 Add and define domain, group, and user policies
- 311 Uploading and downloading domain policy lists
- 312 Enabling Group Policy
- 313 Importing LDAP group information
- 314 Re-Ordering groups
- 315 Assigning group policies
- 315 Uploading group policy lists
- 315 Orphaned groups
- 317 Policy Diagnostics
- 319 Chapter 13 Threat Prevention
- 319 Threat Prevention Overview
- 319 How Threat Prevention works
- 320 Threat Prevention in a cluster
- 320 Configure Threat Prevention
- 323 Basic rule structure
- 323 Default connection rules
- 323 Blacklisted clients
- 324 Directory harvesters
- 324 Big virus senders
- 324 DNSBL clients (on more than one list)
- 325 Junk senders
- 325 Internal DoS
- 326 Excessive senders
- 326 Create connection rules
- 327 Build condition statements
- 327 General statistics
- 328 Email Statistics
- 330 Connection rules script error checking
- 332 Uploading and downloading addresses
- 333 Integration with F5 and Cisco devices
- 333 Configuring data groups
- 336 Configuring F5 data groups
- 338 WatchGuard XCS and F5 integration notes
- 339 Enabling data transfer to a Cisco device
- 340 Cisco device configuration
- 343 Chapter 14 Clustering
- 343 Clustering Overview
- 343 Cluster architecture
- 344 Load balancing
- 344 Email load balancing via DNS
- 345 Traffic load balancing using a load balancing device
- 345 Configure Clustering
- 345 Hardware and licensing
- 345 Cluster network configuration
- 346 Select a cluster mode
- 347 Cluster Management
- 347 Cluster activity
- 348 HTTP statistics
- 349 Stop and start messaging queues
- 349 Changing cluster run modes
- 350 Cluster system maintenance
- 350 Updating cluster systems
- 350 Cluster reporting and message history
- 350 Cluster system failures
- 351 Backup and restore in a cluster
- 351 Recovering a primary cluster system
- 351 Recovering a Secondary and Client cluster system
- 351 Threat prevention and clustering
- 351 Clustering and centralized management
- 353 Chapter 15 Centralized Management
- 353 About Centralized Management
- 354 Centralized Management and Clustering
- 354 Centralized Management features
- 355 Centralized Management in a Cluster
- 356 Networking ports and addresses
- 357 Create a Centralized Management Federation
- 357 Enable Centralized Management on the Manager system
- 358 Configure Manager Systems in a Cluster
- 360 Enable Centralized Management on Entity systems
- 361 Adding Entities to a Federation via the Manager system
- 363 Configuration Set Features
- 365 Create a configuration set
- 366 Define a configuration set
- 367 Apply a configuration set
- 367 Viewing a configuration set on an Entity
- 368 Purge local settings
- 369 Entity Status
- 370 Centralized Management Reports
- 370 Viewing Centralized Management reports
- 373 Chapter 16 Reports and Logs
- 373 Reports Overview
- 374 Domain reporting
- 374 Inbound and outbound reporting
- 374 Scheduling reports
- 375 Create a new report
- 376 Domain reporting
- 377 View reports
- 383 Configure Reports
- 384 Spam logging
- 386 Searching the mail logs
- 387 Searching the system log
- 388 WatchGuard XCS Logs
- 389 Previous Searches
- 391 Log search configuration
- 393 Chapter 17 System Management
- 393 Backup and Restore
- 393 Restore from backup
- 394 Backup file naming conventions
- 394 Starting a backup
- 395 FTP backup options
- 396 SCP backup options
- 397 Local disk options
- 398 Restoring from backup
- 398 FTP restore options
- 399 Restore from SCP
- 400 Restore from local disk
- 401 Backup and restore errors
- 402 Reset the WatchGuard XCS
- 404 Get a feature key from LiveSecurity
- 405 Adding a feature key to your WatchGuard XCS
- 406 Updating a feature key
- 407 Removing a feature key
- 407 Feature key expiration
- 412 Selecting performance settings
- 417 Chapter 18 Monitor your WatchGuard XCS
- 417 Dashboard
- 418 Mail summary
- 418 Mail resources
- 419 Mail traffic summary
- 421 Web traffic
- 423 Recent web activity
- 424 Status and actions
- 427 System status
- 429 Diagnostics
- 429 Current admin and WebMail users
- 429 Configuration information
- 432 Quarantine expiry options
- 435 Advanced search
- 436 Message history search tips
- 436 System history
- 442 Configure SNMP
- 442 Permitted clients
- 443 MIB files
- 445 Alarms in a cluster
- 445 Configuring alarms
- 446 Alarms list
- 447 Chapter 19 Troubleshoot your WatchGuard XCS
- 447 Troubleshoot Message Delivery
- 448 Troubleshooting Tools
- 448 Monitoring the Dashboard
- 450 Examine Log Files
- 451 Flush mail queue
- 451 Flush DNS cache
- 451 Flush web cache
- 451 Flush domain web cache
- 452 Policy trace
- 452 Flush web single sign-on sessions
- 452 Hostname lookup
- 453 SMTP probe
- 457 Message history