MailMarshal SMTP 5.5 User Guide

Transcription

User Guide
MailMarshal SMTP 5.5
August 2006
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE
SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS
EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, MARSHAL
LIMITED PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT “AS IS” WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME JURISDICTIONS DO
NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE,
THIS STATEMENT MAY NOT APPLY TO YOU.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission
of Marshal, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement,
no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in
any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of Marshal. Some companies, names,
and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document
could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes
may be incorporated in new editions of this document. Marshal may make improvements in or changes to the software described in
this document at any time.
© 2006 Marshal Limited, all rights reserved.
U.S. Government Restricted Rights: The software and the documentation are commercial computer software and documentation
developed at private expense. Use, duplication, or disclosure by the U.S. Government is subject to the terms of the Marshal standard
commercial license for the software, and where applicable, the restrictions set forth in the Rights in Technical Data and Computer
Software clauses and any successor rules or regulations.
Marshal, MailMarshal, the Marshal logo, WebMarshal, Security Reporting Center and Firewall Suite are trademarks or registered
trademarks of Marshal Limited or its subsidiaries in the United Kingdom and other jurisdictions. All other company and product
names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective
companies.
Contents
About This Book and the Library ...........................................................................................................xv
Conventions ..............................................................................................................................................xvi
About Marshal .........................................................................................................................................xvii
Chapter 1
Introducing MailMarshal
1
What Does MailMarshal Do? ....................................................................................................................1
Where is MailMarshal Installed? ................................................................................................................2
How Does MailMarshal Work? .................................................................................................................3
Virus Scanning .............................................................................................................................................4
Encrypted Email ..........................................................................................................................................4
MailMarshal SMTP and MailMarshal Exchange ....................................................................................5
What’s New? ................................................................................................................................................5
New Features in MailMarshal 5.5 ..............................................................................................5
Online Help ..................................................................................................................................................6
Chapter 2
Pre-Installation
7
Hardware Required for MailMarshal Server ............................................................................................7
Software Required for MailMarshal Server .............................................................................................8
Software Required for Other Components .............................................................................................9
Email Routing ..............................................................................................................................................9
How MailMarshal Routes Email ..............................................................................................10
Setting up Outbound Routing ..................................................................................................10
Setting up Inbound Routing .....................................................................................................10
When Installing MailMarshal on the Existing Email Server ................................................11
Gathering Information Before Installation ...........................................................................................16
Contents
iii
Chapter 3
Installation
17
Procedures to Install MailMarshal Server ............................................................................................. 18
Preliminary Steps: ..................................................................................................................... 18
Configuration Wizard ................................................................................................................ 18
Configuring an Existing Email Server .................................................................................... 32
MailMarshal and Proxy Servers ............................................................................................... 33
MailMarshal Console Installation ........................................................................................................... 34
Console Security Issues ............................................................................................................. 35
MailMarshal Configurator Remote Installation .................................................................................... 36
Uninstalling MailMarshal ......................................................................................................................... 37
Chapter 4
Monitoring and Control
39
The Configurator ...................................................................................................................................... 39
Server Properties ........................................................................................................................ 41
Configurator Root ...................................................................................................................... 41
Services and Arrays .................................................................................................................... 41
Rulesets ........................................................................................................................................ 42
User Groups ............................................................................................................................... 42
POP3 Accounts .......................................................................................................................... 43
Virus Scanners ............................................................................................................................ 43
External Commands .................................................................................................................. 43
Folders ......................................................................................................................................... 43
Email Templates ........................................................................................................................ 43
TextCensor Scripts ..................................................................................................................... 44
Logging Classifications .............................................................................................................. 44
Message Stamps .......................................................................................................................... 44
LDAP Connections ................................................................................................................... 44
Secure Email ............................................................................................................................... 45
News and Support ..................................................................................................................... 45
Windows Event Log ................................................................................................................................. 45
iv
User Guide
Windows Performance Counters ............................................................................................................45
Chapter 5
Rulesets and Rules
47
Best Practices .............................................................................................................................................48
Viewing and Printing Rulesets .................................................................................................................49
Creating a Ruleset .....................................................................................................................................50
Editing a Ruleset .......................................................................................................................................54
To Copy or Move Rules Between Rulesets ............................................................................54
To Enable or Disable a Ruleset ................................................................................................54
Order of Evaluation .................................................................................................................................54
Adjusting the Order of Evaluation of Rulesets .....................................................................55
Adjusting the Order of Evaluation of Rules ..........................................................................55
Creating a New Rule .................................................................................................................................55
Copying a Rule ...........................................................................................................................................59
Editing a Rule .............................................................................................................................................59
User Matching Criteria ............................................................................................................................59
Contents
v
Rule Conditions–Standard Rules ............................................................................................................ 61
Where message attachment is of type ..................................................................................... 62
Where attachment fingerprint is/is not known ..................................................................... 63
Where message size is ............................................................................................................... 63
Where the estimated bandwidth required to deliver this message is ................................. 64
Where message contains attachments named ........................................................................ 64
Where message triggers text censor script(s) ......................................................................... 64
Where the result of a virus scan is ........................................................................................... 66
Where the external command is triggered ............................................................................. 69
Where attachment parent is of type ........................................................................................ 69
Where message attachment size is ........................................................................................... 70
Where number of recipients is count ...................................................................................... 70
Where message contains one or more headers ..................................................................... 70
Where number of attachments is count ................................................................................. 71
Where message is categorized as Category ............................................................................ 72
Where message spoofing analysis is based on criteria .......................................................... 72
Rule Actions–Standard Rules .................................................................................................................. 74
Copy the message ....................................................................................................................... 75
BCC a copy of the message ...................................................................................................... 75
Run the external command ...................................................................................................... 75
Send a notification message ...................................................................................................... 76
Strip attachment ......................................................................................................................... 76
Write log message(s) with classifications ................................................................................ 76
Stamp message with text ........................................................................................................... 76
Rewrite message headers ........................................................................................................... 77
Add attachments to valid fingerprints list .............................................................................. 77
Route the message to host ........................................................................................................ 78
Move the message ...................................................................................................................... 78
Park the message ........................................................................................................................ 78
Delete the message .................................................................................................................... 78
Pass the message to rule ............................................................................................................ 79
vi
User Guide
Rule Conditions–Receiver Rules ............................................................................................................80
Where message is of a particular size: .....................................................................................80
Where sender’s IP address matches address: .........................................................................81
Where sender has authenticated ...............................................................................................82
Where sender’s IP address is listed in DNS Blacklist ...........................................................83
Rule Actions–Receiver Rules ...................................................................................................................83
Accept message ...........................................................................................................................84
Refuse message and reply with message .................................................................................84
Chapter 6
User Groups
85
To Create a New Standard User Group ................................................................................................85
To Add Members to a Standard User Group .......................................................................................85
To Add an LDAP User Group ...............................................................................................................86
To Move and Copy User Groups ...........................................................................................................88
Chapter 7
POP3 Accounts
89
To Set Up POP3 Accounts ......................................................................................................................90
POP3 Accounts for Relaying Authentication .......................................................................................91
To Edit POP3 Accounts ..........................................................................................................................91
To Delete POP3 Accounts ......................................................................................................................91
Chapter 8
Virus Scanners
93
Best Practices .............................................................................................................................................95
Configuring a New Virus Scanner ..........................................................................................................96
Viewing Virus Scanner Properties ..........................................................................................................97
Command Line Scanner Properties .........................................................................................97
DLL Scanner Properties ............................................................................................................99
Using Other Virus Scanners ..................................................................................................................100
Testing Virus Scanners ...........................................................................................................................101
Contents
vii
MailMarshal Directories and Resident Scanning ................................................................................ 101
Details of Excluded Directories ............................................................................................ 102
Chapter 9
External Commands
105
Uses of External Commands ................................................................................................................ 107
Message Release ....................................................................................................................... 107
Chapter 10
Folders
111
Creating a New Folder ........................................................................................................................... 112
Standard Folders ...................................................................................................................... 112
Parking Folders ........................................................................................................................ 113
The Mail Recycle Bin ............................................................................................................... 114
Editing an Existing Folder ..................................................................................................................... 114
Changing the Default Folder Location ................................................................................................ 115
Folder Security ....................................................................................................................................... 115
Chapter 11
Email Templates
117
Creating an Email Template .................................................................................................................. 118
Duplicating an Email Template ........................................................................................................... 119
Editing an Email Template .................................................................................................................... 119
Deleting an Email Template .................................................................................................................. 120
Chapter 12
TextCensor Scripts
121
TextCensor Syntax .................................................................................................................................. 122
Weighting the Script ............................................................................................................................... 123
Adding a TextCensor Script .................................................................................................................. 125
Editing a TextCensor Script .................................................................................................................. 127
viii
User Guide
Duplicating a TextCensor Script ...........................................................................................................127
Importing a TextCensor Script .............................................................................................................128
Exporting a TextCensor Script ..............................................................................................................128
Testing TextCensor Scripts ....................................................................................................................129
Using TextCensor Effectively ...............................................................................................................130
Constructing TextCensor Scripts ...........................................................................................130
Decreasing Unwanted Triggering ..........................................................................................131
Chapter 13
Logging Classifications
133
Creating a Logging Classification ..........................................................................................................134
Editing a Logging Classification ............................................................................................................134
Duplicating a Logging Classification ....................................................................................................135
Deleting a Logging Classification ..........................................................................................................135
Logging Classification Usage .................................................................................................................135
Chapter 14
Message Stamps
137
Creating a New Message Stamp ............................................................................................................138
Duplicating a Message Stamp ................................................................................................................139
Editing a Message Stamp .......................................................................................................................139
Deleting a Message Stamp .....................................................................................................................139
Chapter 15
Header Matching and Rewriting
141
Header Wizard .........................................................................................................................................142
Field Matching ..........................................................................................................................143
Matching/Substitution Options .............................................................................................145
Naming and Testing .................................................................................................................148
Order of Evaluation .................................................................................................................149
Contents
ix
Regular Expression Syntax .................................................................................................................... 149
Shortcuts .................................................................................................................................... 149
Reserved Characters ................................................................................................................ 150
Examples ................................................................................................................................... 152
Map Files .................................................................................................................................. 153
Chapter 16
LDAP Connections
155
What is LDAP? ....................................................................................................................................... 155
Adding a New LDAP Server Connection ........................................................................................... 156
Editing an LDAP Server Connection .................................................................................................. 160
Deleting an LDAP Server Connection ................................................................................................ 161
Chapter 17
Server Properties
163
General ..................................................................................................................................................... 165
Export Configuration .............................................................................................................. 166
Import Configuration .............................................................................................................. 166
Local Domains ........................................................................................................................................ 167
To Create a New Local Domain ............................................................................................ 168
To Edit a Local Domain ......................................................................................................... 169
Wildcards .................................................................................................................................. 170
Logging ..................................................................................................................................................... 171
Secure Email ............................................................................................................................................ 173
Internet Access ........................................................................................................................................ 173
Updates ..................................................................................................................................................... 174
Delivery ................................................................................................................................................... 175
Batching & Dial-Up ................................................................................................................................ 177
Blocked Hosts ......................................................................................................................................... 181
Host Validation ....................................................................................................................................... 183
DNS Blacklist ........................................................................................................................... 184
DNS Validation ........................................................................................................................ 185
x
User Guide
Header Rewrite ........................................................................................................................................186
Anti-Relaying ............................................................................................................................................187
Block suspicious local-part relay attempt ..............................................................................189
License Info ..............................................................................................................................................190
Advanced ..................................................................................................................................................192
Change Folders .........................................................................................................................192
Additional Options ...................................................................................................................193
Chapter 18
Reports
199
To Install MailMarshal Reports .............................................................................................................201
Starting MailMarshal Reports ................................................................................................................202
Report Properties .....................................................................................................................203
Generating Reports ..................................................................................................................204
Report Parameters ....................................................................................................................205
Report Window .......................................................................................................................................208
Toolbar Options .......................................................................................................................208
Drill-down .................................................................................................................................209
Customizing Reports ...............................................................................................................209
Exporting Reports ..................................................................................................................................210
Export Options .........................................................................................................................211
Chapter 19
Arrays
215
What Information Is Replicated? ..........................................................................................................217
What Are the Limitations of Replication? ...........................................................................................217
Prerequisites ..............................................................................................................................217
Manual Settings .........................................................................................................................218
Items Not Replicated ...............................................................................................................218
Configuring Arrays and Replication .....................................................................................................218
Array Wizard .............................................................................................................................219
Replication Exclusions .............................................................................................................224
Contents
xi
Managing an Array .................................................................................................................................. 226
Making Changes to an Array ................................................................................................................. 227
Updating MailMarshal Arrays ................................................................................................ 228
Chapter 20
The Console
229
Connecting to the MailMarshal Server ................................................................................................ 230
Console Security Issues ........................................................................................................... 231
The Main Console Screen ...................................................................................................................... 231
The Services Screen ................................................................................................................................ 233
Receiver State ............................................................................................................................ 233
Domain Detail .......................................................................................................................... 235
Message Folders ....................................................................................................................... 235
Message Folder Actions .......................................................................................................... 236
Mail History .............................................................................................................................. 240
History Search .......................................................................................................................... 240
Alert History ............................................................................................................................................ 243
User Options ........................................................................................................................................... 243
News and Support .................................................................................................................................. 244
Chapter 21
Troubleshooting
245
MailMarshal Console .............................................................................................................................. 245
Windows Event Viewer ......................................................................................................................... 246
MailMarshal Working Directories ........................................................................................................ 246
MailMarshal Message Names ................................................................................................................ 247
MailMarshal Log Files ............................................................................................................................ 247
Running MailMarshal in Debug Mode ................................................................................................ 247
Some Common Issues ........................................................................................................................... 248
Error 2140 ................................................................................................................................. 248
Host Name or Unable to Determine the Domain ............................................................. 248
Moving MailMarshal to a New Server ................................................................................................. 249
xii
User Guide
DNS Blacklists .........................................................................................................................................249
Reports Issues ..........................................................................................................................................250
Unable to determine if [Name] is a valid MailMarshal database .......................................250
SQL script could not be loaded .............................................................................................251
SQL scripts failed to load. View errors? ...............................................................................251
Further Help .............................................................................................................................................251
Chapter 22
MailMarshal and the MMC
253
Configurator and Console in the Same MMC ....................................................................................254
Multiple Console Snap-ins in the Same MMC ....................................................................................254
Appendix A
Other Email Servers
257
Index
267
Configuring Microsoft Exchange 5.5 ...................................................................................................258
Exchange 5.5 and MailMarshal on Separate Machines .......................................................258
Exchange 5.5 and MailMarshal on the Same Machine .......................................................259
Configuring Lotus Notes 4 ....................................................................................................................261
Lotus Notes 4 and MailMarshal on Separate Machines .....................................................261
Lotus Notes 4 and MailMarshal on the Same Machine ......................................................261
Configuring Lotus Domino R5 .............................................................................................................263
Lotus Domino R5 and MailMarshal on Separate Machines ..............................................263
Lotus Domino R5 and MailMarshal on the Same Machine ..............................................264
• Contents
xiii
xiv
User Guide
About This Book and the Library
The User Guide provides conceptual information about MailMarshal SMTP. This book
defines terminology and various related concepts.
Intended Audience
This book provides information for individuals responsible for understanding
MailMarshal SMTP concepts and for individuals managing MailMarshal SMTP
installations.
Other Information in the Library
The library provides the following information resources:
User Guide
Provides conceptual information and detailed planning and installation
information about MailMarshal SMTP. This book also provides an overview of
the MailMarshal SMTP user interfaces and the Help.
MailMarshal Secure User Guide
Provides detailed information about how to configure and use the S/MIME
secure email functionality in MailMarshal SMTP.
Help
Provides context-sensitive information and step-by-step guidance for
common tasks, as well as definitions for each field on each window.
About This Book and the Library
xv
Conventions
The library uses consistent conventions to help you identify items throughout
the documentation. The following table summarizes these conventions.
Convention
Bold
Use
• Window and menu items
• Technical terms, when introduced
Italics
• Book and CD-ROM titles
• Variable names and values
• Emphasized words
Fixed Font
• File and folder names
• Commands and code examples
• Text you must type
• Text (output) displayed in the command-line interface
xvi
Brackets, such as [value]
• Optional parameters of a command
Braces, such as {value}
• Required parameters of a command
Logical OR, such as
value1 | value2
• Exclusive parameters. Choose one parameter.
User Guide
About Marshal
With new threats disrupting business, productivity and wrecking reputations every day,
Marshal content security solutions take a proactive approach to identifying email and web
vulnerabilities to protect over seven million international users in 17,000 companies from
the risks of email and Internet-based threats.
Marshal Products
Marshal's Content Security solution, which includes MailMarshal SMTP, MailMarshal
Exchange and WebMarshal, delivers a complete email and Web security solution to these
risks by acting as a gateway between your organization and the Internet. The products sit
behind your firewall but in front of your network systems to control outbound
documents and their content. By providing anti-virus, anti-phishing and anti-spyware
protection at the gateway, Marshal's Content Security solution offers you a strategic,
flexible and scalable platform for policy-based filtering that protects your network, and as
a result, your reputation.
Contacting Marshal
Please contact us with your questions and comments. We look forward to
hearing from you. For support around the world, please contact your local
partner. For a complete list of our partners, please see our website. If you cannot contact
your partner, please contact our Technical Support team.
Telephone:
+44 (0) 1256 848 080 (EMEA)
+1 404 564-5800 (Americas)
+ 64 9 984 5700 (Asia-Pacific)
Sales Email:
info@marshal.com
Support:
www.marshal.com/support
Website:
www.marshal.com
About Marshal
xvii
xviii
User Guide
Chapter 1
Introducing MailMarshal
MailMarshal SMTP is a fast, easy-to-use email scanning solution that enforces your
organization’s Acceptable Use Policy while protecting against viruses, Spam, and loss of
confidential data.
An Acceptable Use Policy for email typically regulates what content can be sent in and
out of the organization. A policy may also call for disclaimers or other official message
stamps, archive copies of messages, and encryption of sensitive email, as well as controls
on the size or volume of email allowed.
What Does MailMarshal Do?
MailMarshal scans the content of messages and attachments as they enter or leave the
organization. It can scan lexical content (such as subject lines, message text and attached
documents). It can also determine the structure and size of messages and attachments.
MailMarshal’s proprietary SpamCensor applies a variety of techniques to determine
whether messages are Spam. MailMarshal also allows scanning for and cleaning of viruses
using third-party virus scanners.
Based on the result of these scans, many actions may be performed. These include
blocking or quarantining of messages, making copies, stripping of attachments, sending
notifications, adding disclaimers, and many others.
Chapter 1 • Introducing MailMarshal
1
An optional module, MailMarshal Secure, allows signing, encryption and decryption of
email messages using the S/MIME standard. Certificate import, renewal, and revocation
are managed automatically.
Where is MailMarshal Installed?
MailMarshal SMTP is a server-based SMTP (Simple Mail Transfer Protocol) email
content scanner that can be easily installed into a new or existing network with other
gateway applications. It complements, and is compatible with, traditional Internet
firewalls, SMTP mail servers, anti-virus and security applications. The only pre-requisite is
that MailMarshal must reside on Windows 2000 Server, Windows XP Professional, or
Windows Server 2003.
MailMarshal consists of several pieces of software–the Server, Configurator, Console and
Reporting Database.
The MailMarshal Server software is installed as the email gateway of an organization. All
email entering or exiting the organization passes through it. MailMarshal can be installed
as a standalone server or an array of servers. Depending on load, it can reside on the
same physical machine as a corporate email server product (such as Microsoft Exchange).
It can also be installed as a standalone POP3 email server for small organizations.
The Configurator is installed on the same machine as the MailMarshal Server software,
and can also be run from a remote workstation. This module allows setup of the basic
connections required to use MailMarshal. It also allows configuration of email processing
rules and components, such as virus scanners and TextCensor scripts.
The flow of email through MailMarshal is monitored using the Console, which can be
installed on the email administrator’s workstation. Through the Console MailMarshal’s
logs can be reviewed and searched for specific messages, and blocked items can be
released if necessary.
MailMarshal can log email activity to a SQL Server database, and use the information to
produce detailed reports. The reporting suite, using a runtime version of Crystal Reports
(included), can be installed on any workstation.
2
User Guide
How Does MailMarshal Work?
MailMarshal is an SMTP gateway and is compatible with any SMTP email server on any
platform, e.g. Microsoft Exchange, Sendmail, Novell Groupwise or Lotus Notes. Where
the existing email server software is a Windows application, in most circumstances
MailMarshal can reside on the same physical server. Full details of installation scenarios
are given in Chapter 2, “Pre-Installation.”
The MailMarshal Server consists of four major system services: the Receiver, Engine,
Sender, and Controller. All email entering or leaving an organization enters the
MailMarshal Server software via the Receiver, and is processed in the Engine. The Engine
unpacks each email message (unzipping archive or compressed files if necessary) and
splits the message into its individual components. It then tests the whole message and
each component against the Rules that have been set up in the Configurator.
Rules are composed of three parts: User Matching, Conditions, and Actions. Details of
rule configuration are given in Chapter 5, “Rulesets and Rules.”
User Matching criteria allow filtering of messages by the sender and recipients. Other
Conditions may match based on the header information, text content of the message and
attachments, attached file types, message size, MailMarshal’s proprietary SpamCensor,
virus check by a third-party virus scanner, and other criteria.
Based on the results of User Matching and Condition testing, the email message is
accepted, modified or quarantined. Accepted email is passed to the MailMarshal Sender,
which then forwards it to the appropriate recipients.
Messages may be stamped with a notice and/or stripped of objectionable attachments.
Quarantined messages are placed into one of several folders defined for that purpose.
They may be retrieved by the email administrator (using the Console) for examination or
re-processing.
Messages which cannot be unpacked or delivered are directed to special DeadLetter
folders.
Where MailMarshal takes action on a message, notifications or copies of the original
message may be sent as required. These messages can be customized; see Chapter 11,
“Email Templates.”
3
All MailMarshal server activities are logged in detail to a text file. The relevant log may be
appended to a notification message.
Virus Scanning
MailMarshal invokes other vendors’ virus checking software to detect viruses. A number
of commercially available scanners have been tested and shown to work with
MailMarshal. For full virus protection, a licensed version of a virus scanner should be
installed and its virus definition files kept up to date. MailMarshal can use multiple virus
scanners to provide extra protection. Information on virus scanner configuration appears
in Chapter 8, “Virus Scanners.” MailMarshal can also invoke selected virus scanning
software to clean infected files.
Because many email viruses are associated with known message text or file types,
MailMarshal can also block viruses using these criteria. Where best security practices are
followed to block suspicious files, MailMarshal can often stop new viruses before scanner
updates arrive.
Encrypted Email
MailMarshal Secure is an optional module of MailMarshal that provides for server-based
handling of encrypted messages. MailMarshal Secure uses the S/MIME (Secure MIME)
standard for Public Key Encryption. MailMarshal Secure can communicate securely with
any other encryption product that uses the S/MIME standard; communication is not
limited to MailMarshal sites.
Where MailMarshal Secure is not installed (or the appropriate encryption key is not
available), MailMarshal will recognize the message as encrypted but will be unable to
access the message contents. Such messages may be blocked or passed through according
to local policy.
Detailed information on MailMarshal Secure may be found in the MailMarshal Secure
Manual, which is freely available from the Marshal website.
4
User Guide
MailMarshal SMTP and MailMarshal Exchange
MailMarshal SMTP shares many features with MailMarshal for Exchange, the Exchange
Server based Email Content Security product from Marshal.
MailMarshal for Exchange provides the ability to scan internal email within the Exchange
Server.
MailMarshal SMTP provides several components which are not available within
MailMarshal for Exchange, including Receiver Rules and other Receiver based functions,
and the MailMarshal Secure module for S/MIME email encryption. Where both sets of
functions are required, they can be obtained by running both products in the same
environment. MailMarshal for Exchange and MailMarshal SMTP can be run on the same
computer (subject to adequate system resources).
Within this Manual, “MailMarshal” always refers to MailMarshal SMTP unless otherwise
stated.
What’s New?
This section highlights the key new features documented in this manual. For a complete
list of changes in a particular release, please refer to the Release Notes and Reports
Release Notes included in the MailMarshal distribution package.
New Features in MailMarshal 5.5
• SpamCensor and Category Scripts: Introducing MailMarshal’s proprietary anti-Spam
technology. Complex analysis of messages filters Spam efficiently. Scripts are updated
automatically. Additional scripts and exceptions can be created locally.
• Virus Cleaning: DLL based virus scanners can now be used to clean infected
attachments.
• Additional Virus Scanners: Symantec AntiVirus Scan Engine and Panda Antivirus
join the list of high speed, cleaning-capable scanners.
5
• More Document Types Scanned: TextCensor now checks within Microsoft Excel,
Microsoft PowerPoint, and Adobe PDF files. Embedded objects within Excel and
PowerPoint files are extracted.
• Rule-Based DNS Blacklist support: Use DNS Blacklists (such as ORBS or MAPS)
within Receiver Rules.
• New Reports:Now report easily on virus related activity and Rules triggered.
• Array Replication: An array of MailMarshal servers can be managed from a master
Configurator. Configuration changes can be automatically replicated to other
members of the array.
• Join Array on Install: Bypass the Configuration Wizard by choosing to import a
complete configuration from an Array master.
• Mail Recycle Bin: Helps guard against accidental deletion of messages from the
Console.
Online Help
MailMarshal provides online help for assistance during installation and use of the
software. Help is accessed through the Help menu or by pressing the [F1] key.
Extended up-to-the-minute support is available on the Marshal website. The website at
http://www.marshal.com features news, a support Knowledge Base, User Forum, and
maintenance upgrades.
6
User Guide
Chapter 2
Pre-Installation
MailMarshal consists of several components, which may be located on different
machines within an organization’s network. The components are:
• MailMarshal Server
• MailMarshal Configurator
• MailMarshal Console
• MailMarshal Reports
All components can be installed under Windows 2000, Windows XP Professional, or
Windows Server 2003.
Hardware Required for MailMarshal Server
MailMarshal will run on almost any Pentium-class machine. Hardware requirements
naturally vary depending on the number of email users and the amount of email traffic.
The following minimum specifications are suggested as a guideline:
• 1000 users: Pentium III 600, 5GB HD, 128MB RAM
• 10000 users: Dual Pentium III 1000, 20 GB HD, 512MB RAM
Chapter 2 • Pre-Installation
7
Sites with more than 10000 users may require enhanced hardware. MailMarshal supports
multi-processor computers and arrays of servers for very high traffic sites. Please contact
Marshal for a recommended configuration.
Note
MailMarshal will not accept new messages if there is less than 100MB of free disk space
available in the disk partitions where its working directories reside.
Software Required for MailMarshal Server
All prerequisite software (with the exception of the Windows operating system) is
available on the installation CD-Rom, or by download from the Marshal web site. The
prerequisites may be installed, if necessary, during the MailMarshal installation from CDRom. It is recommended that you install the pre-requisites before installing MailMarshal
so as to isolate any installation issues to the specific package. MailMarshal requires:
• Windows 2000, Windows XP Professional, or Windows Server 2003.
• Microsoft Data Access Components (MDAC) 2.7 or above.
• SQL Server 2000 or SQL Server 7.0 to log data for reporting–if not available,
Microsoft Data Engine (MSDE) can be installed. MSDE is a free runtime version of
SQL Server. The latest Service Pack is recommended for installation on either SQL
Server or MSDE.
Notes
8
•
Due to Microsoft licensing restrictions, MailMarshal cannot be installed on Windows
Server 2003, Web Edition.
•
Installation of prerequisites may require system restart.
•
MailMarshal must be installed on a NTFS partition. Due to the limitations on
database size in MSDE, SQL Server is recommended for sites over 500 users in size.
•
Some items previously listed as minimum prerequisites are included in the above
operating systems. These include Microsoft Management Console (MMC) 1.2, and
Microsoft Internet Explorer (IE) 5.01.
User Guide
Software Required for Other Components
MailMarshal Configurator, Console, and Reports may be run under Windows 2000,
Windows XP Professional, or Windows Server 2003.
Note
Windows 95, Windows 98, Windows ME, and Windows NT 4.0 are no longer supported.
For MailMarshal Secure, we recommend a 128 Bit Encryption version of the Windows
operating system. (Some early international releases of Windows 2000 were only 40 bit.)
To check the encryption level of a machine, within Internet Explorer click on Help >
About. The ‘Cipher Strength’ value shows the encryption level installed on the machine.
To upgrade to 128 Bit Encryption, install the High Encryption Pack, or Windows 2000
SP2 or above. SQL Server 2000, SQL Server 7.0, or MSDE is required for the
MailMarshal Secure Certificate Database. It is strongly recommended that this be present
on the local system.
Email Routing
Internet email travels from server to server using SMTP (Simple Mail Transfer Protocol).
MailMarshal functions as a SMTP relay. Logically, MailMarshal is situated on the local
network so that email entering or leaving the organization is routed through it. Physically,
MailMarshal Server can be installed in several scenarios. It may share a computer with
other software or be run on a dedicated computer. Before installing MailMarshal it is
necessary to determine which functions MailMarshal will serve and how it will handle
incoming and outgoing email.
In general, SMTP email servers may route email in four ways:
1. By delivering a message to a “local user” (another user on the same server).
2. By sending email for a specific domain (e.g. wellknown.com) to a fixed address
entered by the administrator.
9
3. By sending all outbound email to a specific server (email relay).
4. By performing a Domain Name Service (DNS) lookup to determine the appropriate
email server for a domain, and attempting to contact that host directly.
How MailMarshal Routes Email
MailMarshal can use any of the four methods described above.
• If MailMarshal has been configured as a POP3 server, the POP3 mailboxes are
“local” to it.
• MailMarshal uses the term “Local Domains” to name the specific domains for which
MailMarshal functions as the Internet email gateway. The local domains should
include all of the domains hosted by other email servers within the organization
(such as Exchange or Groupwise servers). Messages for these domains will be
delivered to fixed addresses.
• Where the address does not match any local domain, MailMarshal can be configured
to deliver it either using DNS or by relaying to a specific downstream host for
delivery.
Setting up Outbound Routing
Take note of how the existing email server sends email to the Internet. In general
MailMarshal should be configured to use the same process. For instance, email may be
delivered to a firewall or ISP (email relay), or directly using DNS.
The existing email server must be reconfigured to forward all outbound Internet email to
MailMarshal.
Setting up Inbound Routing
Determine how inbound email is currently delivered to your server. If the MailMarshal
server retains the IP address and server name of the previous email server (e.g. if
MailMarshal is installed on the same physical server as the other email server software),
then no change to inbound settings will be required.
10
User Guide
If the MailMarshal server will have a different IP address and server name, in most cases
the route must be changed to ensure that inbound email messages are sent to the
MailMarshal server.
Before sending email messages to your organization, an email server on the Internet
performs a DNS lookup to see which server (IP address) accepts email for your domain.
The address returned may be that of your email server, firewall, proxy server or a
downstream email relay (e.g. an ISP).
If email messages were formerly sent directly to your organization’s email server (i.e. the
DNS MX lookup returned the email server’s IP address), then the DNS MX record
should be changed to the IP address of the new MailMarshal machine. Firewall
permissions may also require modification to permit SMTP delivery to MailMarshal.
If the DNS lookup returns the address of the firewall, and the firewall employs address
translation, the translated address for incoming email must be changed to the address of
the MailMarshal machine. If the firewall acts as an email relay, then the address to which it
forwards inbound email must be changed to that of the MailMarshal machine.
If the DNS lookup returns the address of an upstream email relay, then the forwarding
address setting used by that email relay should be changed to that of the new MailMarshal
machine.
When Installing MailMarshal on the Existing Email Server
When MailMarshal is installed on the same machine as the existing email server software,
normally no changes to the inbound routing are required. However, as MailMarshal will
take over the role of listening for SMTP traffic on port 25, the existing email server must
be configured to listen for SMTP traffic on another port (port 97 is usually available, but
any free TCP port will do).
MailMarshal should be configured, via its Local Domains information, to forward all
inbound email messages to the local machine on the new port. It is recommended that
you use the localhost IP address 127.0.0.1.
The existing email server should be configured to forward all outbound email messages
to the local machine (127.0.0.1) on port 25.
Installation Scenarios
11
MailMarshal can be installed in a variety of scenarios. More detailed instructions and
some examples are given in Chapter 3, “Installation.”
1. On its own physical server, as an email relay within an organization.
Workstation
SMTP
Port 25
Firewall
Internet
SMTP
Port 25
Workstation
MailMarshal Server
Email Server
Workstation
Email Admin
In this example, all email sent from within the organization should be delivered to the
email server. The email server forwards all external messages to the MailMarshal server
for processing and delivery.
The DNS MX record (or the firewall’s relay setting) is also set to deliver all inbound email
to the MailMarshal server.
12
User Guide
2. As a standalone POP3/SMTP server for a small organization.
Workstation
Internet
connection
SMTP Port 25
POP3 Port 110
Internet
Workstation
MailMarshal
Server
ISP
Workstation
Email Admin
In this example, all email sent from within the organization should be sent to the
MailMarshal server on port 25 for processing. Email for internal addresses will be
delivered to MailMarshal’s POP3 boxes for collection by email clients using port 110.
Email to and from external addresses is delivered over a dial-up or other link to an
ISP.
13
3. On the same physical server as the organization’s email server software.
MailMarshal
Workstation
Port 25
Firewall
Internet
Localhost
Port 25
Localhost
Port 97
Other Email
Software
Workstation
Email Server
Computer
Workstation
Email Admin
All email sent from outside the organization should be delivered to the email server
computer on port 25. MailMarshal forwards processed inbound email to the other
server software using the “localhost” IP address and port 97. The other server sends
email for outside delivery to MailMarshal at “localhost” port 25.
14
User Guide
4. On a separate computer in a DMZ.
Workstation
Internet
Firewall
Port
25
TCP
Port
19001
Workstation
Email Server
Workstation
MailMarshal Server
Email Admin
The advantage of DMZ installation is that all messages must pass through the
firewall twice–there is no direct access through the firewall.
This is a variation on scenario #1. If the administrator Console is required to
communicate with the MailMarshal server from the internal network, TCP port
19001 must be opened in the firewall. Use of the logging/reporting function from
the internal network will require TCP port 1433 to be opened.
Note
Direct Configurator access through a firewall is not recommended since this would
require opening additional NetBios ports. If access through a firewall is required, use
of a remote access tool such as Microsoft Terminal Services is recommended
15
Gathering Information Before Installation
Before beginning installation of MailMarshal, information about the environment should
be gathered. A basic list of required information is given below.
• The organization’s Internet domain name (e.g. ourcompany.com).
• Names of any other local domains for which MailMarshal will process email (e.g.
oursubsidiaries.com).
• The IP address of the existing local email server.
• The administrator’s email address.
• The virus scanning software (with an appropriate license) to be used with
MailMarshal.
• The IP addresses of DNS servers.
• Who provides DNS? What is the lead time to alter settings, if necessary?
• Are all prerequisites present? (If not, system restart may be required to install them.)
• Is a Firewall in use? If so, who administers it and what is the lead time to change
settings, if necessary?
• What is the outbound email delivery method now in use?
• What is the inbound email delivery method–will any changes be required?
16
User Guide
Chapter 3
Installation
The MailMarshal Installation process consists of two parts: installation of the software
and any prerequisites onto the server, and configuration of the software to send and
receive email.
Installation optionally includes setting up the MailMarshal Reports database, which stores
usage information.
After installation and configuration, Rules must be customized to implement the desired
policies.
The MailMarshal Server, Configurator, Console, and Reports may be installed on
different computers. The Configurator and Console will always be installed on the
MailMarshal server computer, but may also be installed elsewhere. MailMarshal Reports
installation is covered later in this Manual.
This chapter assumes that decisions have been made as to where in the network
MailMarshal will be installed, and how email will be forwarded. Several typical installation
scenarios are presented in Chapter 2, “Pre-Installation.”.
Chapter 3 • Installation
17
Procedures to Install MailMarshal Server
Preliminary Steps:
1. Log on to the server as a user with administrative privilege. Insert the MailMarshal
disk into the server CD-Rom drive and select Install MailMarshal 5.5. Or, run the
downloaded MailMarshal Installer file.
2. Carefully read the information given on the License Agreement page. By selecting I
accept the terms of the license agreement, you agree to the terms of the License.
3. On the Select Setup Type page, select the components to be installed.
4. On the Choose Destination Location page, the default installation location is shown.
To change the location, click Change then browse to the desired location.
Note
MailMarshal must be installed on a NTFS partition. For MailMarshal Secure it is
strongly recommended that SQL Server 7.0/2000 or MSDE be available on the local
system.
5. Click Next, then Install to start installation. The selected components (and any
required prerequisites, if installing from CD-ROM) will be installed.
6. When the Setup Wizard Completed page appears, choose whether or not to launch
the Configurator. You must run the Configurator to complete the installation.
Configuration Wizard
When the MailMarshal Configurator is first run, MailMarshal launches a wizard which
requests the configuration information needed to complete installation. For more
information on configuration options, please refer to Chapter 17, “Server Properties.”
The Wizard process includes the following steps:
18
User Guide
1. Welcome
The first page of the Configuration Wizard gives basic welcome information. Click Next
to continue.
2. Configuration Source
This page allows you to create a new MailMarshal configuration or use an existing one.
To create a new configuration on this server, accept the default choice This is a new
single computer installation (See below).
To import a configuration (to restore a backup or use a prepared custom configuration),
select I have an existing MailMarshal Configuration to import.
Enter or browse to the location of the import file. When you click Next, the Wizard will
attempt to import this file. If import is successful, the Wizard will report the key details
imported and continue with step 9 (An Array of MailMarshal Servers).
19
To import a configuration from an existing array of MailMarshal servers, select I wish to
join an existing MailMarshal array. Enter or browse to the name of a MailMarshal
server in the array. When you click Next, the Wizard will attempt to export the array
configuration and import it to your computer. A dialog shows the progress of this
process. If import is successful, the Wizard will display the next page (License Key), skip
any pages not required, and continue with step 9 (An Array of MailMarshal Servers).
For additional information on the MailMarshal Array facility, see Chapter 19, “Arrays.”
20
User Guide
3. License Key
Enter your Company Name. Enter your License Key, provided by Marshal or your local
Marshal reseller. If you do not have a License Key, contact Marshal to obtain one.
Note
By default, when a license key becomes invalid or expires MailMarshal continues to
accept messages, subject to available disk space. The email will be held in the Incoming
directory and will not be processed or delivered. To change this behavior see the License
Info tab of Server Properties.
Click Next. An information box will report the validity details of the key you entered.
21
4. Local Domains
This page specifies the names of local domains for which MailMarshal will accept
inbound email (See below). The list should include all (and only) the domains of email
addresses your organization actually uses through this gateway. (The Local Domains list
should exactly match the DNS MX records pointing at this server.)
Local domains may be of two types: Relay and POP3. Email for a relay domain is sent on
to another email server. Email for a POP3 domain is delivered to a mailbox hosted by the
MailMarshal server. Most often there will be a single entry in this section for the local
email server. However, if the email server handles more than one domain, multiple entries
may be needed. Note that all relay servers defined here will also be allowed to relay
outbound email through MailMarshal.
Note
If POP3 service for a domain is already provided by other software (such as Microsoft
Exchange), that domain should be configured as a Relay domain in MailMarshal.
22
User Guide
Click New to start the New Local Domain Wizard (See below). Choose whether
MailMarshal will host any POP3 mailboxes for the domain. On the final page, enter the
domain name. Enter the IP address of the server to which email should be relayed.
Optionally enter a second email server address (used only as a fail-over if the first server
does not respond).
If this is a POP3 domain, choose the action to be taken for undeliverable messages.
Click Finish to return to the Local Domains page.
Multiple Relay local domains may be entered using wildcards (e.g. *.ourbusiness.com
may be entered to direct email for all subdomains of ourbusiness.com to a single address).
For a description of MailMarshal’s wildcard syntax, see “Wildcards” on page 170
Note
MailMarshal’s permanent License Keys are bound to the list of local domains specified in
this list. Each time the list of domain names changes, a new key is required. Changes in IP
addresses or ports, or between relay and POP3 domains, do not require a new key. For
information on requesting a new key, see“License Info” on page 190.
23
Repeat the New Local Domain Wizard for each local domain required. When all domains
have been entered, adjust the order of matching by highlighting a domain from the list
and using the up and down arrows.
Note
Ensure that local domains are matched in the correct order; otherwise email may be
misdirected. E.g. use the following sequence to direct email to POP3 mailboxes within
MailMarshal:
pop.example.com
POP3
10.2.5.4:25
*.example.com
Relay
10.1.2.1:25
If this sequence is reversed, POP3 mailboxes will be ignored and all email will be
delivered to the relay address, i.e. 10.1.2.1 port 25, because *.example.com will match
for messages addressed to pop.example.com.
24
User Guide
5. Administrative Notifications
Administrative notifications (such as DeadLetter reports) will be sent to the address
specified in the Recipient Address field. This should be a valid and appropriate mailbox
or group alias. Administrative and user notifications and other automated email from
MailMarshal will be sent “from” the address entered in the From Address field (See
below). This should also be a valid address to allow for replies to notifications.
6. DNS Servers
MailMarshal performs DNS lookups independently of the Windows DNS settings.
25
The primary DNS (Domain Name Server) address used by the organization must be
entered, and a secondary address is recommended (See below). These servers should be
located no further away than the ISP.
Note
If MailMarshal must perform DNS lookups through a firewall, the firewall must permit
both TCP and UDP based lookups.
26
User Guide
7. Delivery
Select how you want MailMarshal to deliver external messages. Two options are available
(See below):
MailMarshal will deliver external email itself:
This is the default option. MailMarshal will use DNS resolution to determine the
appropriate destination for outbound email and attempt to deliver messages
directly.
If this option is selected, you may optionally enter the name or IP address of a
fallback host. The fallback host will be used as a forwarding host for messages
which MailMarshal is unable to deliver immediately (for instance, if MailMarshal
encounters a DNS or greeting failure while attempting to connect to the original
destination server).
27
MailMarshal will forward email to another SMTP server:
Select this option to immediately send all outbound email (not for local domains)
to a firewall or a fixed relay server (such as an ISP). The other server will be
responsible for final delivery.
Enter the host name or IP address of the relay or firewall in the Forwarding
Host box.
Optionally enter an alternate host (used only if MailMarshal encounters a DNS
or greeting failure while attempting to connect to the main forwarding host).
8. Logging
MailMarshal can log details of the processing and delivery status of messages to a
database. When logging has been enabled, the Mail History can be viewed in the Console
and a wide variety of reports run from MailMarshal Reports.
28
User Guide
To enable logging, check the I want to log message details checkbox. Check the I want
to report on email attachment details checkbox to enable reporting on attachments
within email messages.
To continue processing email if the log records cannot be written to the database, check
the box I want MailMarshal to continue if the database becomes unavailable. To
stop processing email when the database is unavailable, clear this box. (This option
should be chosen if logging of traffic is essential. Email will still be accepted and held in
the Incoming directory.)
The MailMarshal Console can log operator actions to the MailMarshal logging database.
Logged actions include deleting messages, moving messages into or out of the mail
recycle bin, emptying the mail recycle bin, passing through messages, forwarding
messages and moving messages from one folder to another.
Check the box I want to log file actions to the database to enable logging of these
actions. Uncheck the box to disable logging of these actions.
Note
Logging console actions can make a difference to perceived console speed, especially
when large numbers of messages are affected by a single action.
It is also possible to log selected types of console actions by adjusting a registry value. See
the Marshal Knowledge Base for details. Select the period for log retention (the default is
100 days). Most installations will want to retain logs for several months to allow flexibility
in reporting periods.
29
Click Select Database to choose the location of the SQL database where the
information will be stored.
In the Create/Select Database dialog, enter the name of the SQL Server (or MSDE)
computer in the first box. You can browse the network if necessary. Enter the name of
the database you wish to use, and the SQL user name and password. If you believe that a
MailMarshal database has previously been installed in the given location and you wish to
overwrite it, check the box to recreate the database.
Note
The database password may be changed using SQL administration tools or commandline SQL entry. However this procedure must be used with caution if other applications
may be using the database. For further information please see Marshal Knowledge Base
article Q10251.
If more than one MailMarshal server will be logging to the same database, check the box
I have more than one MailMarshal server on my site.
30
User Guide
9. An Array of MailMarshal Servers
If you have joined an array, or the box I have more than one MailMarshal server on
my site is checked on the Logging page, this page is displayed. Select a letter from the
drop-down box to uniquely identify logging records from this MailMarshal Server. If you
have joined an array, letters already in use will not be shown.
If a configuration has been imported, the box I have more than one MailMarshal
server on my site appears on this page. If more than one MailMarshal server will be
logging to the same database, check the box then select a letter.
10. Finished
Basic configuration of the MailMarshal Server is now complete. The MailMarshal
Configurator starts automatically on completion of the Wizard.
Changes to the configuration may be made through the Tools > Server Properties
menu in the Configurator. Several additional and advanced selections, including dial-up
configuration, are also available in that menu. For complete information see Chapter 17,
“Server Properties.”
To configure S/MIME (MailMarshal Secure) settings, check the box and the appropriate
tab of Server Properties will be presented when the Wizard exits.
Before MailMarshal can be put into production, the following steps should be
taken within the MailMarshal Configurator:
1. Configure virus scanners within MailMarshal, if desired. Most installations use a virus
scanner. See Chapter 8, “Virus Scanners.”
2. Customize Rulesets and enable Rule processing. See Chapter 5, “Rulesets and Rules.”
3. Start MailMarshal Services.
The following additional steps may be required:
1. Configure an existing email server to pass email through MailMarshal.
2. Install and configure third party virus scanning software.
31
Configuring an Existing Email Server
Typically MailMarshal receives inbound email, processes it, then relays it to the
organization’s internal email server as specified in the Local Domains list. Outbound
email is passed from the internal email server to MailMarshal for processing and external
delivery. For a variety of installation scenarios, see Chapter 2, “Pre-Installation.”
The internal email server software must be configured to send outgoing email to
MailMarshal for processing and delivery.
Where MailMarshal is installed on the same computer as the existing email server
software, the two applications must use different “ports” to receive email In this case, the
following steps are typically necessary:
• As the MailMarshal receiver is now accepting SMTP traffic on port 25, change the
SMTP port that the other email server uses for SMTP (port 97 is usually available,
although any free TCP port will do).
• Configure the other email server software to forward all Internet email to the local
machine (use the “localhost” IP address 127.0.0.1, port 25).
• Check that MailMarshal is configured, via its Local Domains information, to forward
all inbound email to the local machine on the alternative port (again, use the localhost
IP address and port, e.g. 127.0.0.1:97).
Specific details for configuring Microsoft Exchange 5.5 and Lotus Notes 4 and 5 are
given in Appendix A, “Other Email Servers.” For more detailed information, and to
configure other email server software, please refer to the product documentation for the
other software. The Marshal Knowledge Base also contains some additional setup
information.
32
User Guide
MailMarshal and Proxy Servers
MailMarshal can be installed in the same network as a proxy server, such as Microsoft
ISA Server or Microsoft Proxy Server 2.0. There are two possible scenarios:
• MailMarshal can be installed on a machine “inside” the proxy server (on the trusted
network) when the proxy server has two network cards. This scenario will require the
proxy server to be configured to route incoming connection requests through to the
MailMarshal receiver.
• MailMarshal can be installed as an email gateway separate to the proxy server. In this
case, MailMarshal could be installed on the same machine as the proxy server and
could replace an existing email relay. MailMarshal could also be installed on a
separate machine with two network cards and be used to route email from the
Internet to an internal email server.
Information on configuring MailMarshal with Microsoft Proxy 2.0 is available in Marshal
Knowledge Base article Q10279. Information on configuring MailMarshal with
Microsoft ISA Server is available in Marshal Knowledge Base article Q10380. To obtain
information on configuring other proxy server software, contact the proxy software
manufacturer.
Note
Microsoft Proxy can be configured to implement security at user level. Where this has
been done, MailMarshal should initially be configured to run under the same user
account as your existing email server, email relay or gateway.
33
MailMarshal Console Installation
The MailMarshal Console provides day-to-day administrative access to the MailMarshal
server and email stream, including a real-time view of email processing and management
of rejected and quarantined messages. The console is installed automatically on the
MailMarshal Server when a server install is performed. If the MailMarshal Console
software is to be used on any other machine it must also be installed on that machine. It
may be installed directly from the MailMarshal CD-ROM or from an install folder copied
from the CD-ROM. For a list of software prerequisites for the Console, see Chapter 2,
“Pre-Installation.”
To install the MailMarshal Console:
1. Log in with sufficient access rights to install software onto the local machine and to
access the install folder for MailMarshal.
2. Run the MailMarshal installation program or setup.exe to install the MailMarshal
Console software.
3. Under Setup, select Custom Setup and choose only the MailMarshal Console
component.
4. Run the newly installed software.
5. If the MailMarshal Server is not running on the same machine, a Change Server
dialog will prompt for the IP Address or name of the MailMarshal Server machine.
This dialog can be reached at any time by right-clicking on the MailMarshal Console
folder in the Console menu tree.
Configuration information for MailMarshal Console is stored in the client machine
registry.
Note
Whenever you update or upgrade the MailMarshal Server you must also upgrade the
Console on remote machines.
34
User Guide
Console Security Issues
MailMarshal Console uses the Windows secure RPC mechanism to communicate (via
TCP port 19001) with the MailMarshal Server. A console user must have an account and
password that can be validated by the MailMarshal Server. If the MailMarshal machine is
in a different domain you can either set up a trust relationship or create local accounts on
the MailMarshal Server computer. If the Console and the Server are separated by a
firewall (e.g. if the Server is located in a DMZ), port 19001 must be opened in the firewall
to allow remote Console access.
To view the messages in the quarantine folders the account in use must have read access
to the folders. If you wish to make changes to items (e.g. forward email, kill messages) the
account will also need write access. Access to the folders should be limited by using
Windows security.
To implement access control for other features, edit the access permissions on the
MailMarshal.key file (in the MailMarshal folder on the server). Read access to this file
allows the user to view the service status, queued domains and mail history. Write access
to this file gives the ability to kill messages, dial now, retry domains and reload services.
Note
To change the Console communication to another port, see the Advanced Properties
dialog found on the Advanced tab of Server Properties.
35
MailMarshal Configurator Remote Installation
The MailMarshal Configurator software provides access to all setup functions for
MailMarshal, including server configuration and setup of Rules and Rule elements. The
Configurator is installed automatically on the MailMarshal Server when a server install is
performed. If the MailMarshal Configurator software is to be used on any other machine
it must also be installed on that machine. It may be installed directly from the
MailMarshal CD-ROM or from an install folder copied from the CD-ROM. For a list of
software prerequisites for the Configurator, see Chapter 2, “Pre-Installation.”
Note
It is not recommended to connect the Configurator to the MailMarshal Server through a
firewall, as additional NetBios ports must be opened to make this possible. If access
through a firewall is required, use of a remote access tool such as Microsoft Terminal
Server is recommended.
To install the MailMarshal Configurator:
• Log in with sufficient access rights to install software onto the local machine and to
access the install folder for MailMarshal.
• Run the MailMarshal installation program to install the MailMarshal Configurator
software.
• Under Custom Setup, select only the MailMarshal Configurator component.
• Run the newly installed software.
• If the MailMarshal Server is not running on the same machine, a Change Server
dialog will prompt for the IP Address or name of the MailMarshal Server machine.
This dialog can be reached at any time by right-clicking on the MailMarshal
Configurator element in the left pane of the Configurator.
Note
Whenever you update or upgrade the MailMarshal Server you must also upgrade the
Configurator on remote machines.
36
User Guide
Uninstalling MailMarshal
Use the following steps to uninstall MailMarshal.
1. Before uninstalling, ensure that any settings changes made to the email system (e.g.
the DNS MX records and email server settings) are revised to exclude MailMarshal
from email processing.
2. If you are uninstalling one member of an array, use the MailMarshal Configurator to
remove the server from the array. For more information, see Chapter 19, “Arrays.”
3. Uninstall MailMarshal using the Control Panel Add/Remove Programs applet.
System restart may be suggested to remove some files.
4. Uninstall the MailMarshal Configurator, Console and Reports software on
workstations.
5. If appropriate, drop the MailMarshal and MailMarshalCertStore databases using SQL
administration tools.
37
38
User Guide
Chapter 4
Monitoring and Control
Operation of MailMarshal is monitored and controlled through three applications: the
Configurator, the Console and the Reports. Additional monitoring and control functions
are available through the Windows Event Log, Windows Performance Counters, and the
Message Release external command.
Detailed information on the Console, Reports, and External Commands (including
Message Release) is provided in other chapters of this manual.
The Configurator
The MailMarshal Configurator is used to set up and modify the Rules and rule elements
that control how email is processed by the MailMarshal Server. The Configurator also
allows advanced setup and modification of the Server Properties, which determine how
MailMarshal sends and receives email. The Configurator is always installed on the
MailMarshal Server computer during initial setup. It may also be installed on any
workstation.
The MailMarshal Configurator is implemented as a snap-in to the Microsoft Management
Console (MMC). For general information and tips about the MMC, see Chapter 22,
“MailMarshal and the MMC.” This manual assumes that the MMC is displaying both the
left (menu tree) and right (details) panes
Chapter 4 • Monitoring and Control
39
Start the Configurator from the Start menu. Ensure that the MailMarshal Configurator
folder is expanded. The left menu pane presents the top level functions of MailMarshal.
Detailed information is presented in the right pane.
Note
The Configurator should be closed when it is not actively in use. Automatic processes
such as Category Script updates and array replication will be affected if unused
Configurators are running. Only one instance of the MailMarshal Configurator can be
active per MailMarshal Server. Attempting to start a second Configurator results in the
notice “MailMarshal settings are locked.”
The following elements are available in the Configurator. Many of these elements are
covered in more detail in following chapters of this manual.
40
User Guide
Server Properties
Click Tools > Server Properties in the menu to view the MailMarshal Server Properties
dialog. The various tabs of this dialog allow setup of MailMarshal’s email delivery and
receipt options, report logging database, and receiver Header Rewrite function, as well as
several minor options. Backup and restore of the MailMarshal configuration is also
available. Detailed information on this dialog is available in Chapter 17, “Server
Properties.”
Configurator Root
When the Configurator is connected to a running MailMarshal Server, the server icon
(captioned MailMarshal Configurator) shows a green arrow. If the Configurator is
connected to another server (not the local computer), the name of the server is shown in
the caption. When changes to the Rules or rule elements have been made in the
Configurator but not yet reloaded on the Server, the caption will be followed by -*- . If
the changes require the services to be restarted, the caption will be followed by -!- To
reload the Server or restart the services, click the
Reload icon on the toolbar.
Changes will take effect immediately. Restarting the services takes only a few seconds and
does not seriously affect email flow.
Services and Arrays
When this item is selected in the left pane, the status of the MailMarshal services is
shown in the right pane. These will include the Engine, Receiver, and Sender. They may
also include the POP3 service if this option has been configured, and the Encrypt and
Decrypt services if MailMarshal Secure is installed and enabled. If this MailMarshal
server is a member of an array, summarized information about all members of the array is
shown.
To start or restart the MailMarshal services, click the
Restart icon in the toolbar. To
stop the services, click the
Stop icon in the toolbar. To reload the Server, click the
Reload icon on the toolbar.
If this server is a member of an array, these actions can optionally be applied to the entire
array or the local server.
41
An individual service may also be started or stopped by right clicking it then selecting the
appropriate menu item. The start/stop status of these services persists through server
restarts.
More information about arrays is available in Chapter 19, “Arrays.”
User Preferences
By default, MailMarshal prompts the user when the configuration must be reloaded or
services restarted. These prompts may be disabled through a selection on the prompting
message boxes. The prompts and default behavior may be set from the Tools >
Preferences menu.
Rulesets
Select this item to view a list of MailMarshal’s Rulesets in the right pane. Rulesets contain
the Rules which determine how email messages are processed. Rules may depend on
recipient, message size, and other factors. Available actions include content scanning,
third-party virus scanning, message stamping, and others. For detailed information on
Rules and Rulesets, see Chapter 5, “Rulesets and Rules.”
Note
When this item is selected, click the Print icon in the toolbar to view and optionally print
a list of all currently configured Rulesets and Rules.
User Groups
Select this item to view a list of MailMarshal’s User Groups. These Groups may be used
to apply different Rules to various email users–for instance, to apply different message
stamps to outbound email from various departments. User Groups may be created within
MailMarshal or imported via LDAP from any available directory server. For detailed
information see Chapter 6, “User Groups.”
42
User Guide
POP3 Accounts
Select this item to view a list of POP3 accounts which have been set up on the
MailMarshal server. MailMarshal is effective as a POP3 server for up to 300 users. POP3
accounts may also be used to provide relay access to MailMarshal’s rule processing and
SMTP sending abilities for remote users, even if inbound email is not delivered to POP3
mailboxes. For detailed information please see Chapter 7, “POP3 Accounts.”
Virus Scanners
Select this item to view a list of third-party virus scanners which have been configured for
use by MailMarshal. Scanners in the list may be used to check message content and
attachments. For more information on configuring virus scanners, please see Chapter 8,
“Virus Scanners.”
External Commands
Select this item to view a list of external commands which MailMarshal can invoke. Most
command-line executable programs can be used in this way. DLLs can also be invoked.
External commands can be used either to test the content of a message, or to perform an
action as a result of a condition being triggered by a message. For more information,
please see Chapter 9, “External Commands.”
Folders
Select this item to view a list of folders into which MailMarshal can place email items.
Folders may be used to quarantine items based on content, to take copies of selected
items, and to park messages for later delivery. Folder names, subfolders, and physical
locations may be changed. For more information please see Chapter 10, “Folders.”
Email Templates
Select this item to view a list of templates which may be used when MailMarshal sends an
automated message. Templates may contain variables and may have attachments. They
can be created and modified to suit any need. For more information please see Chapter
11, “Email Templates.”
43
TextCensor Scripts
Select this item to view a list of MailMarshal’s TextCensor Scripts. These Scripts are used
within Rules to review the content of email messages and attachments. A number of
scripts are installed by default. They may be edited and new scripts added. For more
information, please see Chapter 12, “TextCensor Scripts.”
Select this item to view a list of classifications available when message traffic is logged by
MailMarshal. Classifications may be added and modified to suit local need. For more
information, please see Chapter 13, “Logging Classifications.”
Message Stamps
Select this item to view a list of message stamps which may be appended by MailMarshal.
Stamps may be used for disclaimers, or to notify a recipient of action taken by
MailMarshal. Message stamps may be in HTML and plain text format, and may be
inserted at the top or bottom of an email message. For more information please see
Chapter 14, “Message Stamps.”
LDAP Connections
Select this item to view a list of LDAP (Lightweight Directory Access Protocol) server
connections which have been configured in MailMarshal. LDAP allows MailMarshal to
populate User Groups from remote directory servers. LDAP is also used by MailMarshal
Secure to retrieve user Certificates from a remote store. For more information on
configuring LDAP connections, please see Chapter 16, “LDAP Connections.”
Information on LDAP User Groups may be found in Chapter 6, “User Groups”;
information on using LDAP certificate stores is found in the chapter “Secure Email
Rules” of the MailMarshal Secure User Guide.
44
User Guide
Secure Email
Select this item to work with items related to email signing and encryption. These
features are only available if MailMarshal Secure has been installed and enabled. For more
information please see the MailMarshal Secure Manual.
News and Support
Select this item to view the Marshal website in the right pane. This site features the latest
support information, including a Knowledge Base and a User Forum. To access the full
range of resources, customers should log in to the site. Obtain login details, if necessary,
by contacting Marshal.
Windows Event Log
MailMarshal logs a number of events and alerts to the Windows Event Log. Each event
type is given a unique Event ID number. These events may be reviewed in the Event
Viewer. They may also be used to trigger automatic actions (e.g. pages, service restarts, or
popup notifications) via third-party products. The Event Log may be opened from the
Configurator by selecting Tools > Open Event Viewer.
Windows Performance Counters
Each core service of MailMarshal (the Engine, Receiver, and Sender) makes several
counters available to the Windows Performance Monitor. The Performance Monitor may
be opened from the Configurator by selecting Tools > Open Performance Monitor.
45
Please see the Performance Monitor documentation for full information on its
capabilities including remote monitoring.
Note
After installation of MailMarshal, system restart may be required before the MailMarshal
Performance Counters are visible in the Performance Monitor.
46
User Guide
Chapter 5
Rulesets and Rules
Rules define how MailMarshal treats email messages. For convenience, all Rules are
defined within Rulesets (groups of Rules that share base User Matching conditions).
Conditions defined for a Ruleset must be satisfied before any Rule in that Ruleset is
evaluated.
An organization may have just a few Rulesets, or many. For example, one Ruleset might
apply to all messages outbound from the organization, and another Ruleset apply to all
inbound messages. Alternatively or in addition, an organization may be divided into
departments, with Rules governing email to and from each department grouped into a
separate Ruleset. While some default Rulesets and Rules are provided with MailMarshal,
changes and additions should be made to meet local needs. A minimum of two Rulesets is
recommended: one for incoming email and one for outgoing email.
Each Rule has three parts: User Matching, Conditions, and Actions. The User Matching
and Conditions sections are used to evaluate each message. Messages which meet the
specified criteria are subjected to the specified Actions.
Chapter 5 • Rulesets and Rules
47
Best Practices
A wide variety of Rules may be created within MailMarshal. Marshal recommends the
following basic practices to ensure security and ease of administration:
• Keep rules simple. Simple rules are easier to debug and often faster to run.
• Archive messages. Archiving gives an extra layer of backup in case of email server or
delivery problems, as well as being useful for rule testing.
• Block most attached files by default (both by file extension and by file type).
MailMarshal is shipped with example Rules to accomplish this.
• Block password protected attachments.
• Block encrypted attachments (e.g. files of type ‘Encrypted Word Document’).
• Block encrypted messages which MailMarshal cannot decrypt (e.g. PGP messages,
and S/MIME messages if MailMarshal Secure is not installed).
• Subscribe to email notification lists for virus outbreaks (such lists are offered by
many anti-virus software companies). When an outbreak occurs, block the offending
messages by subject line or other identifying features.
48
User Guide
Viewing and Printing Rulesets
To view and optionally print a list of all currently configured Rulesets and Rules first
select Rulesets in the left pane of the Configurator. Click the Print icon in the toolbar to
view the Ruleset and Rule definitions in a new window (see example below). To view an
individual ruleset, select that ruleset in either pane and click the Print icon.
49
Creating a Ruleset
To create a Ruleset, in the MailMarshal Configurator, select Rulesets in the left pane.
Then click the New Ruleset icon in the toolbar to start the New Ruleset Wizard.
Select the conditions under which the Ruleset should be used by checking boxes in the
upper pane. Scroll down to see the full list of conditions. The conditions selected will be
presented in the lower pane.
Where the matching condition requires specific information to be completed, the
incomplete information appears in the rule description as a red hyperlink. Click on the
hyperlink to bring up a dialog allowing this information to be entered. Where specific
information has been entered the rule description displays the specifics as a blue
hyperlink; click on this link to edit them.
50
User Guide
Clicking on the hyperlink People opens the Enter Users dialog.
This dialog presents a list of MailMarshal User Groups. Expand any group in the right
pane of this dialog to see its members. Double-click on any user group or individual
address to add it to the list.
A new user may be added to the list by clicking New User. A new User Group may be
created by clicking New User Group.
Once the ruleset has been created the group should be populated using the functions
available in the User Groups item of the Configurator tree.
Delete a group or address from the list by clicking Delete. Close this dialog and return to
the New Ruleset Wizard by clicking OK.
51
On the final page of the New Ruleset Wizard, give the Ruleset a name.
Choose whether to enable the Ruleset. Optionally choose a starting and/or ending date
for the Ruleset to be enabled. Check the boxes for “from” and “to” then enter dates, or
click the arrow to view a calendar.
52
User Guide
Optionally choose a daily or weekly schedule for the Ruleset. Check the box then click
Schedule to open the Ruleset Schedule dialog.
Alter the schedule block if desired:
• Drag using the left mouse button to add to the blue “enabled” area.
• Drag using the right mouse button to erase from the blue “enabled” area.
• To reset the schedule to the default time block, click on Set Default Schedule.
• Choose to “snap” the schedule times to the nearest full, half or quarter hour using
the Snap to menu.
Click OK to save the schedule, or Cancel to lose any changes.
Finally, choose whether to launch the New Rule Wizard. A Ruleset must contain at least
one Rule to have any effect.
53
Editing a Ruleset
To edit a Ruleset, in the MailMarshal Configurator, select Rulesets in the left pane. Right
click the Ruleset to be edited in the right pane and select Properties from the context
menu. The Ruleset is presented in a dialog with two tabs, “General” and “Filtering”,
which allow all information in the Ruleset to be modified.
To Copy or Move Rules Between Rulesets
To move a Rule between Rulesets, select the Rule’s parent Ruleset in the left pane of the
Configurator. Drag the desired rule from the list in the right pane to a different Ruleset in
the left pane.
To copy a Rule, hold down the <CTRL> key while dragging the Rule.
To Enable or Disable a Ruleset
To enable or disable a Ruleset, edit it then check or uncheck the box Enable ruleset
after next reload. Alternatively, right click the Ruleset in the right pane and select All
Tasks > Enable or All Tasks > Disable from the popup menu.
Order of Evaluation
The order in which Rulesets and Rules are evaluated is significant. Certain Rule actions
are terminal (they stop further Rule processing). This is indicated in the Rule description.
For instance, a virus scanning rule will normally be evaluated first, and if a virus is found
the message will be quarantined immediately–no further rules will be evaluated.
Rulesets are evaluated in “top down” order as shown in the Configurator.
54
User Guide
Adjusting the Order of Evaluation of Rulesets
To adjust the order of evaluation of Rulesets, select Rulesets in the menu pane. Select a
Ruleset in the right pane, and move it up or down using the arrows in the toolbar. Click
the Reload Server Rules icon to effect the change in order.
Adjusting the Order of Evaluation of Rules
To adjust the order of evaluation of Rules, expand a Ruleset. Select a Rule in the right
pane, and move it up or down using the arrows in the toolbar. Click the Reload Server
Rules icon to effect the change in order.
Note
A rule containing a “Goto” action (Pass the message to rule) cannot be moved below the rule
it is set to go to. Attempting such a move raises a warning notice. See “Rule Conditions–
Standard Rules” on page 61 for more information.
Creating a New Rule
To create a new Rule, in the left pane of the Configurator, expand the Ruleset that should
contain the new Rule. Click the New Rule icon in the toolbar to start the Rule Wizard.
On the first page of the Rule Wizard, select the appropriate rule type.
Standard Rules
These rules are processed by the MailMarshal Engine and offer the full range of
Conditions and Actions. Most rules will be of this type.
Receiver Rules
These rules are processed by the MailMarshal Receiver before the receipt of the
message body. A limited number of conditions is available for Receiver Rules.
The advantage of Receiver Rules is that they may reduce traffic volume by
refusing delivery of messages before the body is received.
55
Secure Email Rules (available only when MailMarshal Secure is enabled)
These rules control the encryption, decryption and signing of S/MIME
messages. For information on Secure Email Rules, please see the chapter “Secure
Email Rules” in the MailMarshal Secure User Guide.
The next page of the Rule Wizard, User Matching, specifies to whom the rule will apply.
Check the appropriate boxes in the upper pane to add matching conditions to the rule
description. Scroll down to see the full list of conditions.
Note
If no User Matching boxes are checked, the Rule will apply to all messages (subject to the
limitations imposed by the parent Ruleset). Matching conditions determined by the
parent Ruleset are displayed in grey text and cannot be edited here. If these conditions
must be changed, edit the properties of the parent Ruleset.
56
User Guide
Where the matching condition requires specific information to be completed, the
incomplete information appears in the rule description as a red hyperlink. Click on the
hyperlink to bring up a dialog allowing this information to be entered. Where specific
information has been entered the rule description displays the specifics as a blue
hyperlink; click on this link to edit them.
The third page of the Rule Wizard, Conditions, specifies other tests to be performed on the
message and its attachments. Choices are made as on the previous page. Detailed lists of
Conditions are presented later in this chapter.
The fourth page of the Rule Wizard, Actions, sets the actions to be taken if a message
meets the specified conditions. Choices are made as on the previous pages. Detailed lists
of Actions are presented later in this chapter.
57
The fifth and final page of the Rule Wizard, Finish, presents the complete Rule in the
description pane where it may be edited. The rule must be named. By default the rule is
“turned on” (used to process messages).
Note
New Rules and changes do not take effect until the Rules are reloaded (using either the
Reload Server Rules icon in the toolbar or the menu item Tools > Reload Rules on
Server).
58
User Guide
Copying a Rule
To copy a Rule, right-click it in the Configurator. To make a copy in the current Ruleset,
choose Duplicate from the context menu. To make a copy in another Ruleset, choose
Copy from the context menu; then right-click the target Ruleset and choose Paste.
Editing a Rule
To edit a Rule, double click it in the right pane of the Configurator. The rule will be
presented in the Finish page of the Rule Wizard. Hyperlinked details may be edited from
this pane. If more basic changes to conditions or actions are required, use the Back
button to view the User Matching, Conditions, and Actions pages.
User Matching Criteria
When creating Rulesets and Standard and Receiver Rules, the following User Matching
criteria are available:
Where message is incoming
Action will be taken if the message is addressed to a domain within
MailMarshal’s Local Domains list.
Where message is outgoing
Action will be taken if the message is addressed to a domain outside
MailMarshal’s Local Domains list.
59
Where addressed to people
Action will be taken if a recipient of the message is found in the list of addresses
specified. See “Creating a Ruleset” on page 50 for details on choosing which
“people” are included in these conditions.
Note
Whenever a list of “people” is required in a condition, the list may contain
individual email addresses, domains, and MailMarshal user groups.
Where addressed from people
Action will be taken if the sender of the message is found in the list specified.
Where addressed either to or from people
Action will be taken if a recipient or sender of the message is found in the list
specified.
Where addressed both to and from people
Action will be taken if the sender of the message is found in the first list
specified, and the recipient of the message is found in the second list specified.
Except where addressed to people
Action will not be taken if a recipient of the message is found in the list specified.
Except where addressed from people
Action will not be taken if the sender of the message is found in the list specified.
Except where addressed either to or from people
Action will not be taken if a recipient or sender of the message is found in the list
specified.
Except where addressed both to and from people
Action will not be taken if the sender of the message is found in the first list
specified, and the recipient of the message is found in the second list specified.
Note
“Except” matching criteria are the key to creating exception based policies. Rules
which apply to all recipients with the exception of small specific groups help to
ensure that security policies are uniformly applied. For instance, a rule may apply
Where the message is incoming except where addressed to
Managers.
60
User Guide
Rule Conditions–Standard Rules
The following conditions are available for use in Standard Rules. They are further
explained below:
• Where message attachment is of type
• Where attachment fingerprint is/is not known
• Where message size is
• Where the estimated bandwidth required to deliver this message is
• Where message contains attachment(s) named (file names)
• Where message triggers text censor script(s)
• Where the result of a virus scan is
• Where the external command is triggered
• Where attachment parent is of type
• Where message attachment size is
• Where number of recipients is count
• Where message contains one or more headers (header match)
• Where number of attachments is count
• Where message is categorized as category
• Where message spoofing analysis is based on criteria
Note
If many conditions are specified in a single rule they must all be satisfied for the Rule
action to be taken. To match any of several single conditions, place each one in its
own Rule. It pays to keep rules simple and ensure they are logical–it is possible to
create nonsensical rules in MailMarshal!
61
Where message attachment is of type
MailMarshal checks the structure of all attached files to determine their type. Over 175
types are recognized as of this writing. Selecting the hyperlink file types opens a selection
dialog including several categories of files.
Select an entire category by checking the associated box. Expand any category to see the
list of types included, and check the required boxes. When satisfied click OK to return to
the Rule Wizard.
Note
Additional types can be added locally by entering the signature information in a file.
Information on the required procedures and structure of the file can be found in Marshal
Knowledge Base article Q10199.
62
User Guide
Where attachment fingerprint is/is not known
The “fingerprint” identifies a specific file (such as a particular image). Click the hyperlink
and choose to base the condition on fingerprints which are known or unknown. To add a
file to the list of “known” files, use the “add to valid fingerprints” rule action, or select
Add Fingerprints while processing messages in the Console (see Chapter 5, “Rulesets
and Rules” for further information). To delete a file from the list of “known” files, delete
the file from the ValidFingerprints subfolder of the MailMarshal install folder then reload
the MailMarshal configuration.
Note
This condition may be useful to exclude certain images, such as corporate logos or
signatures, from triggering quarantine rules. E.g. to take action only on unrecognized
images, use the following conditions:
When a message arrives
Where message attachment is of type IMAGE
And where attachment fingerprint is not known
Files may also be made known by placing them in the ValidFingerprints sub-folder and
restarting the Engine; however this must be done with care. See Marshal Knowledge Base
article Q10543 for further information.
Where message size is
The size of the entire message, before unpacking, will be considered. Choose a size and
matching method using the Message Size dialog.
Note
MailMarshal checks the size of the received message in its encoded format. This is
typically 33% larger than the size reported by an email client.
63
Where the estimated bandwidth required to deliver this message is
The bandwidth required to deliver a message is calculated by multiplying the message size
by the number of unique domains to which it is addressed. The intended use of this
criterion is to move high-bandwidth messages to a “parking” folder for delivery outside
peak hours. They could also be blocked entirely.
Where message contains attachments named
Enter a list of file names, separated by semi-colons. The * and ? wildcards are supported
(e.g. *.SHS;*.VBS;*.DO?). This condition is particularly useful for quickly blocking
dangerous file types such as VBS, or known virus attachments such as “creative.exe”.
However, it checks only the file name and not the internal type; use “Where message
attachment is of type” to check files by structure.
Where message triggers text censor script(s)
Choose a TextCensor script to be used in evaluating the message. Depending on the
settings of the individual script, various parts of the message and its attachments may be
scanned.
64
User Guide
Within the Select TextCensor Script dialog, select a script and click Edit Script to view or
change it; click New Script to create a new script which will be automatically selected
when you return to the dialog. See Chapter 12, “TextCensor Scripts” for detailed
information on creating Scripts.
Note
More than one TextCensor script may be included in a rule. However, for the rule to be
triggered all included scripts must trigger.
65
Where the result of a virus scan is
Choose the desired virus scanning action and the results to be checked for, using the
Select Virus Scanner Results dialog.
Note
With the exception of Contains Virus and Unexpected scanner error, these options can only be
used with DLL based scanners. If you attempt to select the other options when no DLL
based scanner is selected, a warning notice will be given.
Scan message with:
This option allows you to choose the virus scanners used by this condition.
• All Scanners: All configured virus scanners will be used to scan all parts of
the message and attachments. This option is the equivalent of earlier
MailMarshal virus scanning rules.
• Specific scanners: To limit the virus scan to specific installed scanners,
66
User Guide
choose this option then select the desired scanners from the list. This setting
may be useful for instance if only some installed scanners support virus
cleaning.
Where the result is:
This option allows you to choose the scanner results that will cause this
condition to trigger. Check the appropriate boxes.
• Contains Virus: The condition will trigger if any part of the message
contains a virus. This is the basic condition.
• ...and is Cleaned: When this box is checked, the condition will only trigger
if the code returned indicates that the virus was cleaned. This condition can
be used in a Clean Viruses rule. You cannot choose this option if any nonDLL scanners are selected. See below for further information on setting up
virus cleaning rules.
• ...and Name Matches: When this box is checked, the condition will only
trigger if the name of the virus as returned matches the text in the field. This
condition can be used in a rule to modify MailMarshal's response based on
certain virus behaviors (for instance to not send sender notifications for
viruses known to spoof the “from” address).
• Password Protected: When this box is checked, the condition will trigger if
the scanner reports the file as password protected.
• File is corrupt: When this box is checked, the condition will trigger if the
scanner reports the file as corrupt.
• Virus scanner signatures out of date: When this box is checked, the
condition will trigger if the scanner reports its signature files are out of date.
67
• Could not fully unpack or analyze file: When this box is checked, the
condition will trigger if the scanner reports that it could not unpack the file.
• Unexpected scanner error: When this box is checked, the condition will
trigger if the scanner reports an unknown error or the code returned is
unknown.
Note
These detailed failure results depend on the availability of return codes provided
by the individual scanner vendors. The option “Unexpected scanner error” can
be used to specify an action to take when the code returned by the scanner is not
configured in MailMarshal. If this option is not selected in a rule condition, an
unexpected return code will result in the message being deadlettered. For
command line scanners, the list of return codes can be configured in the virus
scanner properties.
Setting Up Virus Cleaning
To “clean” viruses from email messages, at least one DLL based virus scanner must be
installed. Two rules are required (and provided in the default configuration for new
installations of MailMarshal).
The first rule must have these options selected:
• Contains Virus
• and is Cleaned
The second rule must be a standard virus blocking rule (using the option Contains Virus
and invoking a move to folder or other blocking action).
If a virus cannot be cleaned, all remaining rules will be applied. If no quarantine (move to
folder) or other blocking rule is triggered after all rules have been applied, MailMarshal
will deadletter the affected message. The message log and MailMarshal Engine log will
indicate that the message still contains a virus.
In the MailMarshal Console view, a message that has not been cleaned will be shown with
an exclamation mark icon. If you choose to forward or process the affected message, a
popup warning will be raised indicating that the message contains a virus.
68
User Guide
Where the external command is triggered
Select one or more external commands to be used to test the message. If more than one
command is specified, all commands must be triggered for this condition to be triggered.
External commands can be executable programs or batch files. See Chapter 9, “External
Commands” for more information.
Where attachment parent is of type
This condition is intended to be used with the condition Where message attachment is of type,
and causes MailMarshal to consider the file type of the parent container as well as that of
the attachment (for instance, Microsoft Word documents containing images). Clicking the
hyperlink “parent types” opens a selection dialog offering all valid parent types. The
dialog also allows the condition to be applied to types in or out of the selected list.
.
Note
This condition may be useful to exclude images and other inclusions within MS Word
documents from quarantine rules. E.g.
Where message attachment is of type IMAGE
And where attachment parent is not of type: DOC
See also the condition Where attachment fingerprint is/is not known.
69
Where message attachment size is
The size of each attachment is evaluated after all unpacking, unzipping, etc. is complete.
An attachment size may be larger than the size of the original message, due to
decompression of archive files.
Where number of recipients is count
This condition is typically used to block messages with large recipient lists as suspected
Spam.
Where message contains one or more headers
This condition may be used to check for the presence, absence, or content of any
message header, including custom headers. It would typically be used to check for blank
or missing headers, or to reroute email.
Within the Header Match dialog (See below), click New to create a new header match
using the Header Matching Wizard.
See Chapter 15, “Header Matching and Rewriting” for more information on this Wizard.
More than one header match may be used in a single condition; however all matches must
be true for the condition to be true (logical ‘and’). To match any of several header
conditions (logical ‘or’), include more than one Rule with one condition per Rule.
70
User Guide
To edit any Header Match condition (or view its details), highlight it then click Edit to
restart the Header Matching Wizard. To delete a Header Match condition, highlight it
then click Delete.
Note
Header Match conditions are only available within the Rule where they are created. To
use the same condition in more than one Rule, create it in each Rule.
Where number of attachments is count
This condition is typically used to block messages with large numbers of attachments.
The number of attachments may be counted using top level attachments only, or top level
attachments to email messages including any attached messages, or all attachments at all
levels.
Note
“Top level attachments” are the files explicitly attached by name to an email message.
Other files, such as the contents of a zip archive or images within a Microsoft Word
document, may be contained within the top-level attachments.
71
Where message is categorized as Category
This Rule condition allows action to be taken on messages that trigger a category script.
Select a category script file using the Select Category Script dialog.
Updates to the category scripts (currently including the Spam category script) can be
downloaded automatically. Automatic download is enabled by default. To disable the
automatic download or update immediately, see the Internet Access tab of Server
Properties.
Category scripts can also be created and customized locally. See the example category
scripts provided with MailMarshal, and the Marshal Knowledge Base, for syntax and
suggested usage.
Note
The automatic category download depends on HTTPS connection to the Internet.
Connection settings can be configured on the Internet access tab.
Where message spoofing analysis is based on criteria
This Rule condition allows action to be taken on messages that may be “spoofed” (they
may not have originated within the domain of the claimed sender email address).
This condition will only be evaluated when the sender address (“From:” header or SMTP
“Mail From:” address) of a message is within a Local Domain (as specified on the Local
Domains tab of Server Properties).
72
User Guide
In the Spoofing Criteria dialog, select any of the detailed criteria to determine how this
condition is triggered.
The originating IP address:
Select this condition to check for spoofing based on the IP address of the
computer which originated the message. Choose one of the following options to
determine how the IP address is checked:
• Is not considered local as defined by the anti-relaying settings: When
this option is selected, email with a local sender address will be considered
“spoofed” if it does not originate from a computer allowed to relay. The list
of computers allowed to relay is determined by the IP address ranges
entered on the Anti-Relaying tab of Server Properties. This option can be
selected if multiple servers and workstations in the local network are allowed
to route email directly through MailMarshal.
• Does not match the IP address for that specific local domain: When
this option is selected, email with a local sender address will be considered
“spoofed” if it is not delivered to MailMarshal from the correct Local
Domain email server. The Local Domain server is the computer to which
MailMarshal delivers messages for the specific SMTP domain of the
“From:” address.
Note
This is the more restrictive option as it requires all email originating within the
organization to have been routed to MailMarshal from a trusted internal email
server. (Messages accepted by the internal email server will be accepted by
MailMarshal.) This option can stop local users from “spoofing” addresses within
the local domains.
73
The originating system did not use ESMTP authentication:
Select this condition to check for spoofing based on the login given by the
system routing the message to MailMarshal. Use this condition (and not an IP
address based condition) if roving users are allowed to send email through
MailMarshal using the POP3 Relaying Authentication feature.
Note
Before implementing the requirement for ESMTP authentication, check which
servers are required to authenticate. See Server Properties > Advanced >
Additional Options > Receiver. Be sure that all affected systems, possibly
including internal email servers such as Microsoft Exchange, are configured to
authenticate when connecting to MailMarshal.
Rule Actions–Standard Rules
The following actions are available for selection in Standard Rules. Details of each action
are given below.
• Copy the message to folder
• BCC a copy of the message
• Run the external command
• Send a notification message
• Strip attachment
• Write log message(s) with classifications
• Stamp message with message stamp
• Rewrite message headers
• Add attachments to valid fingerprints list
• Route the message to host
• Move the message (terminal action)
• Park the message (terminal action)
74
User Guide
• Delete the message (terminal action)
• Pass the message to rule
If a terminal action is performed, no further rules will be processed for the affected
message.
By default the following options are checked: send notification message, write log
message, move the message (to a folder).
Copy the message
Copy the email message file to the specified folder. To make the message processing log
available in the same folder, check the box at the bottom of the dialog. The message log
showing how the message was processed will then be available in the Console. If a new
folder is required, click New Folder to start the New Folder Wizard (see Chapter 10,
“Folders” for more information).
BCC a copy of the message
Send a blind copy of the message to one or more email addresses. These should be
entered as complete SMTP addresses (e.g. user@domain.topdomain), separated by
semi-colons. The original message will not be modified in any way by this action, so the
original recipient would not know a copy had been taken.
Note
You can use this action in combination with Delete the message to effectively forward
messages to a different recipient.
Run the external command
Choose one or more commands to be run from the list of pre-defined external
commands. See Chapter 9, “External Commands” for information on defining external
commands. To run the same application with different parameters under different
conditions, use more than one external command definition.
75
Send a notification message
Send one or more email messages based on the templates checked in the selection dialog.
To view or edit the details of a particular template, select it then click Edit Template. To
create a new template, click New Template; the new template will automatically be
selected for use when you return to the template selection dialog. For further information
on templates, see Chapter 11, “Email Templates.”
Strip attachment
Where the rule conditions are triggered by a specific attachment, remove this attachment
from the message. This action would typically be used to remove attachments of specific
file types or file names.
Note
When an attachment is stripped, normally the original message should be copied for later
retrieval if necessary, and stamped to inform the recipient that an attachment has been
stripped.
Write log message(s) with classifications
Select one or more logging classifications from the list. Check the box to write a logging
classification for every component of the message (e.g. a separate record for each image
file in a message). To view or edit the detailed information in the classification, click Edit
in the selection dialog. To create a new classification, click New in the selection dialog.
For details on classifications, see Chapter 13, “Logging Classifications.”
Stamp message with text
Choose one or more message stamps to be added to the message body. Stamps will be at
the top or bottom of the message as selected when they were created. To view or edit the
details of a particular message stamp, select it then click Edit Stamp. To create a new
stamp, click New Stamp; the new message stamp will automatically be selected when
you return to the stamp selection dialog. See Chapter 14, “Message Stamps” for details.
76
User Guide
Rewrite message headers
This action may be used to modify, add, or delete any message header, including custom
headers. It would typically be used to repair blank or missing headers, to insert a
notification into the subject, or to reroute email.
Within the Header Rewrite dialog, click New to create a new header rewrite rule using
the Header Rewrite Wizard. See Chapter 15, “Header Matching and Rewriting” for more
information on this Wizard.
More than one Rewrite rule may be included in the same action. The order of application
of the rules may be significant. Adjust the order by selecting a rule and using the up and
down arrows in the Header Rewrite dialog.
Note
Header Rewrite rules are only available within the Rule where they are created. To
perform the same action in more than one Rule (or within a Rule and the Header Rewrite
function of the MailMarshal Receiver), create it in each place.
Add attachments to valid fingerprints list
Add the attachments to MailMarshal’s list of “valid fingerprints” (normally used for
images or other files which require special treatment, such as company logos). Choose
whether to add all attachments, or only images, to the list. See the rule condition Where
attachment fingerprint is/is not known for more information.
77
Route the message to host
This action allows the message to be delivered to a selected server. This action might be
used to implement dynamic routing based on the recipient or other message headers.
Enter a host name or IP address to which the message should be delivered. This address
will be used when delivery is attempted, even if the message is “parked” first. If several
Rules invoke this action, the last selected address will be used.
Note
This action is not a terminal action. It sets the destination for the message, but it does not
send the message immediately or stop rule evaluation. All remaining applicable rules will
be evaluated. Do not use the action Delete the message with Route to Host: the message will be
deleted and not delivered!
Move the message
Move the email message file to the specified folder. To make the message processing log
available in the same folder, check the box at the bottom of the dialog. The message log
explaining how the message was processed will then be available in the Console. If a new
folder is required, click New Folder to start the New Folder Wizard (see Chapter 10,
“Folders” for more information). This is a terminal action–no further rules will be processed for a
message if this action is performed.
Park the message
Move the email message file to the specified parking folder for release according to the
schedule associated with that Folder. If a new folder with a different schedule is required,
click New Folder to bring up the New Folder Wizard (see Chapter 10, “Folders” for
more information). This is a terminal action–no further rules will be processed for a message if this
action is performed.
Delete the message
Delete the email message file. Do not send the message to its original destination. This is a
terminal action–no further rules will be processed for a message if this action is performed.
78
User Guide
Pass the message to rule
If no “terminal” rule action has been taken, this action allows a choice of which further
rules to apply.
Several choices are available (See below), including
• Skip the next rule (do not apply it).
• Skip to the next ruleset (do not apply further rules in this ruleset).
• Skip all further rules (pass the message through to the intended recipients).
• Skip to a particular ruleset or rule.
Note
It is only possible to skip to a rule which is evaluated after the current rule. (The
order of evaluation may be changed; see “Order of Evaluation” on page 54.)
When skipping to a rule in a different ruleset, remember that the parent ruleset
conditions may prevent its having any effect. For instance, skipping from
MailMarshal’s default Inbound ruleset to the Outbound ruleset is allowed, but rules
in the Outbound ruleset will have no effect on inbound messages.
79
Rule Conditions–Receiver Rules
The following conditions are available for use in Receiver Rules.
• Where message is of a particular size
• Where sender’s IP address matches address
• Where sender has authenticated
• Where sender’s IP address is listed in DNS Blacklist
Where message is of a particular size:
This condition is normally used with a “refuse message” action to refuse large messages.
Choose the size criteria in the Message Size dialog.
Note
Receiver processing of this condition depends on an ESMTP connection from the
outside server. This condition should be repeated in a Standard Rule to include messages
received from non-ESMTP sources.
80
User Guide
Where sender’s IP address matches address:
This condition can be used to permit relaying, or to refuse messages, from one or more
ranges of IP addresses. The configured ranges are shown in the Sender IP Address dialog.
To add a range to the list, click New to open the Enter Match IP Address dialog.
To modify an existing address, highlight it then click Edit. To delete an existing address
from the list, highlight it then click Delete.
In the Match IP Address dialog, add or modify an address or range.
81
Select one of the three choices using the option buttons:
• An IP Address: Enter a single IP address in dotted quad format.
• A range of IP addresses: Enter the starting and ending IP addresses (two dotted
quads).
• An entire network range: Enter an IP address and a netmask in dotted quad
format. For instance, enter “10.2.0.4” and “255.255.255.0” to match the entire
10.2.0.0 subnet.
The checkbox at the bottom of the dialog controls whether this address or range will be
included or excluded from the condition match.
• To include the address or range, check the box.
• To exclude the address or range, clear the box.
Note
A typical use of included and excluded ranges would be to match all IP addresses in a
given range, with one or two exceptions. For instance, all computers in the 10.2.0.0
subnet might be excluded from relaying, except for a specific email server 10.2.0.55.
Where sender has authenticated
This condition will trigger if the remote system has authenticated using a POP3 account
and password. See Chapter 7, “POP3 Accounts” for information on setting up accounts
for authentication.
This condition is normally used with the Accept message action to allow relaying by specific
users.
82
User Guide
Where sender’s IP address is listed in DNS Blacklist
This condition allows the DNS Blacklist (MAPS RBL and compatibles) tests to be
applied selectively. Choose the Blacklists to be used from the list in the DNS Blacklists
dialog.
The dialog shows a list of all enabled Blacklists. Check the box for each Blacklist you wish
to use. Clear the box for any Blacklist you do not wish to use in this Condition.
Note
Before selecting this Condition, enable at least one blacklist using the Host Validation tab
of Server Properties. Each DNS Blacklist you want to use in this Condition should have
the “Enable this DNS Blacklist” checkbox checked.
For details of how MailMarshal reacts when a Blacklist cannot be reached, see Chapter
21, “Troubleshooting.”
Click OK to return to the Receiver Rule Wizard.
Rule Actions–Receiver Rules
The following actions are available for use in Receiver Rules.
83
Accept message
If selected, this condition permits receipt of the message by MailMarshal for delivery
subject to Standard Rules. Furthermore the message may be relayed to an address outside
MailMarshal’s local domains. This condition is intended to be used in conjunction with
the condition Where sender has authenticated or an IP address match, to allow relaying by
specific email users.
Refuse message and reply with message
MailMarshal will refuse the message. A SMTP response refusing delivery will be
transmitted to the sending server. This action is intended to be used in conjunction with a
size-limiting condition to conserve bandwidth, or to refuse messages sent from specific
problem addresses as detected by User Match, IP Address, or DNS Blacklist Conditions.
Select the message to be returned using the Reply Message dialog.
In this dialog, enter the SMTP response code and message to be returned as the message
refusal.
• Message Number: Enter a SMTP message number (between 400 and 599) to
return. The default number 550 is a standard SMTP “message refused” response.
• Message Description: Enter a short message giving details of the reason for
refusal. Within this message, the following variables are available:
{Recipient} will be replaced by the “To:” SMTP address of the original message.
{Sender} will be replaced by the SMTP address of the sender. Uses the address in
the “From” field unless it is empty, in which case the “Reply to” address is used.
{SenderIP} will be replaced by the IP address of the sender.
84
User Guide
Chapter 6
User Groups
MailMarshal User Groups are used within Rulesets and Rules to specify to whom the
Rules apply. MailMarshal uses SMTP email addresses to perform user matching. User
Groups may be created and populated within MailMarshal by entering email addresses
manually (wildcards may be used). User Groups may also be imported from an LDAP
server (such as Microsoft Exchange or Lotus Notes), in which case their membership is
updated automatically on a defined schedule.
To create and maintain User Groups, in the Configurator, expand the element User
Groups.
To Create a New Standard User Group
Click the New User Group icon in the toolbar to open the New User Group dialog. Enter
a name for the User Group.
To Add Members to a Standard User Group
Select the appropriate User Group from the right pane of the Configurator. Click the
New Member icon in the toolbar to open the Insert into User Group dialog.
Chapter 6 • User Groups
85
In this dialog, enter an individual SMTP address, a wildcarded address, or a domain name
in the field. (The available wildcards are the same as those used for local domain names–
see “Wildcards” on page 170 for details.) Click Add (or use the <Enter> key) to add the
value. The dialog remains open and additional values may be added. If an individual
address was entered, the domain name portion of the address is retained and only the
new user name need be entered.
To Add an LDAP User Group
LDAP user groups are used in the same way as standard MailMarshal user groups.
However, MailMarshal populates an LDAP group by retrieving a list of members from an
LDAP server, such as Lotus Notes. The membership of LDAP groups is automatically
updated on the schedule specified in the LDAP connection dialog.
To work with LDAP User Groups, you must configure at least one LDAP User Group
Connection (see Chapter 16, “LDAP Connections”).
Click on the Add LDAP User Group icon, or right-click on User Groups in the tree
then click on New, then on LDAP user group... to open the New LDAP User Group
dialog.
Select the LDAP connection to be worked with from the drop down menu and click OK.
If no entries appear in the menu, no LDAP user group connections have been
configured.
86
User Guide
MailMarshal will then query the server for a list of available user groups, and display the
results in a list. (If MailMarshal is unable to connect to the server no groups will be
shown.)
Select an LDAP group from the list. This group will appear in the list of User Groups.
The group name will consist of the LDAP Connection name and the group name as
retrieved from the server. Repeat this action to add other user groups. When done, click
OK.
Initially, an LDAP group will be empty of users; it will be populated at the next scheduled
update. A group can also be populated by right clicking it in the list of groups, and
selecting All Tasks > Reload from LDAP Server. An LDAP user group can
immediately be specified in any MailMarshal rules; however, such rules should not be
made effective (i.e. the server should not be reloaded) until the group has been populated.
Note
Although MailMarshal does not prohibit adding and deleting members from LDAP
groups, such changes will not be sent to the LDAP server, and they will be lost during the
next scheduled update from the LDAP server.
Any changes to membership of these groups must be made at the LDAP server.
Chapter 6 • User Groups
87
To Move and Copy User Groups
To copy a User Group, right-click it in the Configurator. To make a copy, choose
Duplicate from the context menu.
To move a User Group so that it is included within another User Group, drag it over the
target Group.
To copy a User Group so that it is included within another User Group, hold down the
<CTRL> key while dragging.
88
User Guide
Chapter 7
POP3 Accounts
MailMarshal can function as a POP3 server for local domains (as specified during setup
or in Server Properties). A POP3 login must be created for each mailbox that will be
hosted by MailMarshal.
If MailMarshal receives an email message addressed to the POP3 domain but no
matching account has been created, the message will be dealt with (forwarded or refused)
according to the options set up for the domain. See“Local Domains” on page 167 for
more information on POP3 domains.
If a POP3 domain exists, MailMarshal automatically starts an additional service to
respond to POP3 requests. This POP3 service appears in the list of services in the
Configurator and Console.
POP3 accounts also permit email relaying. Since the MailMarshal server functions as an
email gateway, it is likely to be available from anywhere on the Internet. Traveling email
users who wish to send email from their business address, using the scanning and
stamping features of MailMarshal, can do so if they have MailMarshal POP3 accounts.
See “POP3 Accounts for Relaying Authentication” on page 91.
Note
The relaying authentication feature may be used regardless of where MailMarshal delivers
messages for an address, and without any POP3 local domains being configured. See
“POP3 Accounts for Relaying Authentication” on page 91.
Chapter 7 • POP3 Accounts
89
To Set Up POP3 Accounts
In the left pane of the Configurator, select POP3 Accounts. Click the New POP3
Account icon in the toolbar. Enter the details for the account holder and authentication
information in the New POP3 Account dialog.
If the account will be used for email delivery (if MailMarshal is operating one or more
POP3 local domains), MailMarshal will automatically enter an appropriate SMTP alias for
email delivery to this account’s mailbox. Make any desired changes to this alias, and enter
any additional SMTP addresses for which email should also be delivered to this account’s
mailbox. (The domain name of each alias address must be one for which MailMarshal is
functioning as a POP3 local domain server.)
If more than one POP3 account has the same SMTP alias, messages directed to that alias
will be delivered to all of the mailboxes.
If the password fields are left blank, MailMarshal will use Windows NT authentication to
determine access for this account. In this case, ensure that the account name matches the
name of a valid Windows NT user account permitting access to files on the MailMarshal
server computer.
Click Add to add the account. When all accounts have been added, click Close.
90
User Guide
POP3 Accounts for Relaying Authentication
A “POP3 account” may be used for relaying authentication only, and not for message
delivery. This feature may be useful, for instance, to traveling email users who wish to
send email from their business address, using the scanning and stamping features of
MailMarshal. In this case, enter an arbitrary value (such as “none”) in the SMTP Address
field. Delete any valid SMTP addresses that MailMarshal may have inserted automatically.
Before you can enable relaying authentication, MailMarshal must be configured to
request ESMTP authentication. See the Receiver tab of the Advanced Properties dialog
(found on the Advanced tab of Server Properties). The users’ email client software must
be configured to use authentication when sending outbound messages. Consult the client
software documentation for further information on how to do this.
To enable authentication on the MailMarshal server, create a rule using the Condition
Where sender has authenticated and the Action Accept Message.
To Edit POP3 Accounts
To edit an existing POP3 account, select POP3 Accounts in the left pane of the
Configurator. Double-click the account to be edited. Change the password and aliases as
required, then click OK.
To Delete POP3 Accounts
To delete a POP3 account, select POP3 Accounts in the left pane of the Configurator.
Select the account to be deleted then click the Delete icon in the toolbar.
Chapter 7 • POP3 Accounts
91
92
User Guide
Chapter 8
Virus Scanners
MailMarshal is not a traditional virus scanner; however MailMarshal does provide
substantial proactive protection against viruses through file name and file type checking,
as well as TextCensor scanning for virus-related text and harmful commands.
MailMarshal can also invoke third-party virus scanners to check email messages and
attachments for viruses. Nearly all MailMarshal installations use third-party virus
scanning.
MailMarshal allows one or more virus scanners to be used to check email for viruses.
Because virus scanners have differing architecture, some organizations choose to use
multiple scanners.
MailMarshal invokes the virus scanner after unpacking all elements of an email message.
MailMarshal then passes the elements to the scanner software for analysis, and takes
action based on the code returned from the scanner.
Selected virus scanners can be used to attempt to clean infected files.
Sample virus scanning and cleaning Rules are included in the MailMarshal default Rules.
These Rules may be modified to suit local conditions. For details on configuring virus
scanning Rules, see Chapter 5, “Rulesets and Rules.”
Chapter 8 • Virus Scanners
93
To work with MailMarshal, a virus scanner must have a command-line interface or a
special MailMarshal DLL. The scanner must return a documented response indicating
whether or not a virus is detected. Most commercially available virus scanners meet these
specifications.
Note
DLL based scanners are significantly faster than command line scanners, because the
scanner is always memory resident. Marshal recommends the use of DLL scanners for
sites with high message traffic.
The virus scanners listed below have been tested and validated for use with MailMarshal
as of this writing. Appropriate parameters for these scanners are pre-coded in the
Configurator, ready for selection. (Please see Marshal Knowledge Base article Q10923 for
the latest list.)
• Marshal Integrated McAfee Antivirus (DLL, Supports cleaning)
• Norman Virus Control (DLL, Supports cleaning)
• Panda Antivirus (DLL, Supports cleaning)
• Sophos Anti-Virus (DLL, Supports cleaning)
• Symantec AntiVirus Engine (DLL, Supports remote installation and cleaning)
• InnoculateIT 6.x
• Network Associates Netshield and McAfee Command Line Scanner
• NOD
• Vet Anti-Virus for NT Server
• PestPatrol (Requires additional software, available in USA only)
94
User Guide
Each virus scanner to be used should be installed on the MailMarshal Server computer
(or remotely, if remote access is available) according to the manufacturer’s instructions.
Note
Marshal Integrated McAfee Antivirus requires installation of the Marshal Integrated
McAfee Antivirus Console, available in a separate download from Marshal.
This interface is enabled through a special MailMarshal product key. MailMarshal trial
keys have this feature enabled. Permanent keys for Marshal Integrated McAfee Antivirus
are available from Marshal suppliers.
Best Practices
Marshal recommends the following basic practices to ensure security with respect to
viruses and virus scanning:
• Block messages and attachments which MailMarshal cannot scan, such as password
protected attachments and encrypted attachments (e.g. files of type ‘Encrypted Word
Document’).
• Block encrypted messages which MailMarshal cannot decrypt, such as PGP and S/
MIME messages.
• Block executable and script files by type and name. This helps to ensure that
unknown viruses will not be passed through.
• Subscribe to email notification lists for virus outbreaks (such lists are offered by
many anti-virus software companies). When an outbreak occurs, block the offending
messages by subject line or other identifying features.
Note
If resident or “on access” virus scanning is enabled, MailMarshal’s working folders
must be excluded from scanning. See “MailMarshal Directories and Resident
Scanning” on page 101.
95
Configuring a New Virus Scanner
To configure a new virus scanner within MailMarshal, in the left pane of the Configurator
select Virus Scanners. Click the New Virus Scanner icon in the toolbar to start the New
Virus Scanner Wizard.
Select a pre-configured scanner from the list, or select “Custom Scanner” to enter full
information about a scanner not on the list of supported scanners.
On the next wizard page, enter (or browse to) the location where the main executable
scanner file is located (e.g. c:\McAfee\Scan.exe). DLL based scanners do not require this
information to be entered. If this is a custom scanner, enter the other required
information–see “Viewing Virus Scanner Properties” for information on the fields.
Note
If further information about a pre-configured scanner is required, click Vendors Web Site
to open the manufacturer’s web site in a web browser window.
If this scanner is installed remotely, enter the server name or IP address and port where
the scanner can be accessed.
On the final page, click Finish to add the virus scanner; it will appear in the right pane of
the Configurator. When at least one scanner is configured, virus scanning rules may be
enabled.
96
User Guide
Viewing Virus Scanner Properties
Double click the name of any virus scanner in the right pane to review and change
MailMarshal’s configuration information for that scanner.
The fields shown will vary depending on whether the scanner is a command line or DLL
based scanner.
Command Line Scanner Properties
The Name is MailMarshal’s friendly name for this scanner. The Command Line refers to
the location of the executable file. The Parameters field allows entry of any necessary
additional command line parameters to ensure operation compatible with MailMarshal.
The Timeout values indicate how long MailMarshal will wait for the scanner to complete
its task. The default values are generous. If review of the MailMarshal logs indicates that
the virus scanner is timing out, these values may be adjusted; however repeated timeouts
probably indicate a need for greater system resources.
97
The checkbox Single Thread indicates whether the scanner must operate on one
message at a time, or may be invoked multiple times. Command line scanners will
generally have this box checked.
The two remaining fields are used to enter trigger values which specify the meaning of
the code returned from the virus scanner.
The field Command is triggered if return code is should include values used by the
virus scanner to indicate the presence of a virus or errors encountered scanning the file.
When one of these values is returned, the MailMarshal Rule condition Where message
contains a virus is triggered.
The field Command is not triggered if return code is should include values used by
the virus scanner to indicate the absence of a virus. When one of these values is returned,
the MailMarshal Rule condition Where message contains a virus is not triggered.
If the code returned matches neither field, the associated email message is moved to the
“Undetermined” deadletter folder and an email notification is sent to the MailMarshal
administrator.
Entries in both fields may be exact numeric values, ranges of values (e.g. 2-4), greater than
or less than values (e.g. <5, >10). More than one expression may be entered in each field,
separated by commas (e.g. 1-6,8,>10). Consult the virus scanner documentation for
details on return codes.
Note
Before entering new values for scanner parameters in MailMarshal, test the scanner from
the command line using the new parameters. If MailMarshal invokes a scanner with
invalid parameters, the result may cause all messages to be treated as infected.
98
User Guide
DLL Scanner Properties
This dialog is used to view and modify the parameters for communication between
MailMarshal and DLL based virus scanners. Most parameters cannot be changed.
The Name is MailMarshal’s friendly name for this scanner. The Manufacturer is the
name of the scanner manufacturer.
Version indicates the engine version of the installed scanner. Virus Signatures lists the
currently installed virus signature update.
Status indicates whether the scanner is installed and functioning correctly. If the scanner
supports virus cleaning this will also be noted.
Click Visit Web Site to open a web browser window to the scanner manufacturer's web
site.
99
Scanner Install Location:
If the scanner can be installed remotely, this section of the dialog will be enabled. A
choice of install location will have been made when the scanner was first configured in
MailMarshal. If you make a change here, MailMarshal will verify the presence of the
scanner in the location you specify before accepting the change.
• The scanner is installed on the local server: Select this option if the scanner is
installed locally.
• The scanner is installed on a remote server: Select this option if the scanner is
installed on a remote server. Enter the following information:
Server Name:
The name or IP address of the server where the scanner is installed.
Server Port:
The port on which scanning requests are accepted.
Using Other Virus Scanners
Most commercial virus scanners can be used as command line scanners with
MailMarshal. Generally, the following considerations apply when using an alternative
virus scanner.
Verify that a Windows 2000 (or XP) compatible version is available. The product must
have a command line interface and must be capable of running silently in the
background.
When entering the virus scanner information in the New Virus Scanner Wizard, choose
Custom Scanner. Enter the path to the executable file and the parameters for silent
operation. In the Parameters field, use the string “{CmdFileName}” (including the
quotation marks) to indicate to the scanner software which folders it is to scan. Review
the parameter syntax for a pre-configured scanner to understand the use of this entry.
100
User Guide
Testing Virus Scanners
Virus scanner setup may be tested by clicking the Test Virus Scanners icon in the toolbar
(visible when the Virus Scanners node is selected in the left pane of the Configurator).
You will be prompted to choose a file. All configured scanners will be used to scan the
selected file. The results will be displayed in a dialog.
If MailMarshal virus scanning rules are enabled, scanning can be checked by sending a
test virus in an email message. To create a test virus, open a new text file and paste in the
following string:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TESTFILE!$H+H*
Save the file as “eicar.com”. (A copy of this file may be found in the MailMarshal install
directory). Attach the file to an email message and send it through MailMarshal to an
external test email account. If the virus scanner and scanning Rule are correctly
configured to stop outbound viruses, your MailMarshal installation should take action on
the message. Alternatively, send an email message to test@marshal.com to receive
information on how to receive a message containing the file eicar.com (this is an
automated service).
MailMarshal Directories and Resident Scanning
Network servers are usually protected by virus scanning packages to search disk
directories for contaminated files, particularly newly-created or imported files.
However, you must ensure that certain directories, which are used by MailMarshal to
process and quarantine infected email messages, are excluded from any existing resident
or “on-access” anti-virus scanning. These include the Incoming, Explode (MMExp), and
Rulesets directories.
101
By default new MailMarshal installations create all of these directories within the
MailMarshal install directory. If the locations are changed then virus scanning exclusions
must be changed to reflect the new locations. The locations of these directories may be
verified from the Advanced tab of Server Properties.
Note
Prior to version 5.0, MailMarshal placed the default Explode directory in the root of the
system drive (e.g. C:\MMExp). This location will not be changed during product upgrade,
but may be changed from the Advanced tab of Server Properties if desired.
MailMarshal checks for resident file scanning by attempting to write the standard test
virus file eicar.com (not a real virus) in each of the directories which must be excluded
from scanning. If any of these files are removed or cleaned by a resident scanner, or
MailMarshal is denied access to the files, the MailMarshal engine may not start and the
email administrator will be notified.
If the check succeeds, MailMarshal deletes the eicar.com files (except for one copy left in
MMExp\avcheck.)
Please refer to the virus scanner manufacturer’s documentation for information on
excluding directories from on-access scanning (e.g. in Networks Associates NetShield,
exclusions are set via the Exclusions tab in Scan Properties). If the virus scanner does not
have the facility to exclude the appropriate directories, on-access scanning must be
disabled completely.
Details of Excluded Directories
Incoming
MailMarshal places received email in this directory before processing it.
Explode (MMExp)
MailMarshal copies files to the Explode directory and invokes virus scanners
explicitly to check for viruses. If a resident virus scanner found and cleaned a file
here, MailMarshal's virus scanning might then determine the file to be clean.
MailMarshal would then pass the original message through with the virus still
present.
102
User Guide
Rulesets
Folders within the Rulesets directory are used to store messages, including those
“quarantined” by virus scanning rule actions.
103
104
User Guide
Chapter 9
External Commands
An external command is a custom executable or batch file that can be run by
MailMarshal. The command can be used to check email messages for a condition, or to
perform an action when a message meets some other condition. MailMarshal is provided
with an external command for message release (see below), and some other suggested
uses are given later in this chapter.
In order for an external command to be used to check for a condition, the command
must return a standard return code.
Chapter 9 • External Commands
105
External commands must be defined within MailMarshal before they can be used in
Rules. To create a new external command, in the left pane of the Configurator select
External Commands. Click the New External Command icon in the toolbar to see the
New External Command dialog.
Enter a name for the external command. Type the path for the executable file (or browse
to it using the button provided). In the Parameters field, enter any command line
parameters necessary.
The Timeout and Timeout per MB values control how long MailMarshal will wait for a
response before ignoring the external command. The default values are very generous.
The Single Thread setting indicates whether the scanner must operate on one message
at a time, or may be invoked multiple times. In most cases this checkbox should be left
checked. Certain executables and DLL applications may be run multi-threaded.
The Only execute once for each message setting determines whether an external rule
condition command will be run for each component of a message, or only once. E.g. if an
external command definition is being used for policy-based virus scanning, this box
should be unchecked to ensure that each component of each message is scanned.
106
User Guide
Where the external command will be used as a Rule condition, set the trigger return code
information. This information should be specified in the documentation of the
executable.
Two fields are used to enter trigger values which further specify the meaning of the code
returned from the virus scanner.
• If the code returned matches any value entered in the field Command is triggered
if return code is, MailMarshal will consider the condition to be satisfied.
• If the code returned matches any value entered in the field Command is not
triggered if return code is, MailMarshal will consider the condition not to be
satisfied.
• If the code returned matches neither field, the file is moved to the Undetermined
deadletter folder and an email notification is sent to the MailMarshal administrator.
Entries in both fields may be exact numeric values, ranges of values (e.g. 2-4), greater than
or less than values (e.g. <5, >10). More than one expression may be entered in each field,
separated by commas (e.g. 1,4,5,>10).
Uses of External Commands
Custom executables or batch files may be used with the Rule condition Where message
triggers an external command. For instance, fgrep.exe can be used for advanced expression
matching.
Custom executables may also be used with the Rule action Run the external command.
For instance, a particular email subject line might invoke a batch file to start or stop a
system service, or to send a page or network notification to an administrator.
Message Release
MailMarshal is provided with a pre-configured external command,
MMReleaseMessage.exe This command allows email users to release selected messages
from MailMarshal folders. (Messages can also be released using the MailMarshal
Console.)
107
To Use Message Release
1. Create or modify a Mail Marshal Rule which moves certain messages to a Folder.
2. In this Rule, include a Rule Action which sends a Notification message. The body of
this message must contain the variable {ReleaseProcessRemaining} or
{ReleasePassThrough}. These variables allow a choice of release actions; see
“Processing a Message” on page 237 for details. MailMarshal includes a preconfigured template, Automatic Message Release Outbound, which includes the
{ReleaseProcessRemaining} variable.
Note
The From address must be one which guarantees that replies will pass through
MailMarshal. Do not use a local domain address to process requests from internal
users. The address need not be valid but it must be well-formed. For instance, the
template Automatic Message Release Outbound uses a From address of
MessageRelease@Release.it
3. To process message release requests, create a MailMarshal Rule similar to the
following:
Where addressed to MessageRelease@Release.it
Run the external command Message Release
And write log message(s) with Release Requests
And delete the message
(The logging classification “Release Requests” is pre-configured.)
Automatic Message Release should be used sparingly as it tends to defeat MailMarshal's
purpose. The {ReleaseProcessRemaining} variable is preferred because it forces all
messages to be evaluated against all Rules.
108
User Guide
Advanced Usage of Message Release
• If MailMarshal is used in an array, more complex Rules are required to route the
release requests to the correct MailMarshal server. Please contact Marshal support
for more information.
• If you want to be notified of failed message release attempts, run the external
command as a rule condition rather than an action. The Message Release executable
returns 0 on success and 1 on failure.
• By default the Message Release executable deletes the message after releasing it.
To leave a copy of the message on the server after releasing it, edit the external
command definition. In the properties, change the parameters field to read
{MessageName} -l (the last character is a lower case letter L).
Note
This option can result in a message being sent more than once.
109
110
User Guide
Chapter 10
Folders
MailMarshal uses folders for several purposes related to rule processing.
An email message which triggers a rule may be copied or moved to a folder. This action is
commonly taken for messages which are suspected of containing viruses, but may also be
used for archival or other purposes.
An outgoing email message may be “parked” to a folder for scheduled later delivery.
An email message which cannot be processed (due to addressing or structure problems)
will be placed in a subfolder of the DeadLetter folder.
MailMarshal also maintains a “Mail Recycle Bin” folder. By default, messages deleted by
user action within the Console are moved to this folder and retained for the period
specified in the folder properties.
To work with folders, select Folders in the left pane of the Configurator.
Chapter 10 • Folders
111
Creating a New Folder
To create a new folder, click the New Folder icon in the toolbar to start the New Folder
Wizard.
On the first page of the Wizard, choose whether the folder is to be a Standard or a
Parking folder. On the next page of the Wizard, give the folder a name. Further options
depend on whether the folder is a Standard or a Parking folder.
Standard Folders
A time limit may be set for message retention in the folder. This option is typically used
for “quarantine” folders where the message may be released on request from the user to
an administrator. Messages will be deleted automatically after the set time.
112
User Guide
Subdirectories may be created periodically within the folder This option is typically used
where a substantial volume of email is expected, so that messages are easier to find.
Check the box Folder is used for message archiving to create an Archive folder (See
below). Within the MailMarshal Console, messages in Archive folders are assumed to be
“stored”: they may be viewed and forwarded but not deleted. Messages in other Standard
folders are assumed to be “in process” and they may be reprocessed or deleted, among
other actions. See Chapter 20, “The Console” for further information.
Click OK to create the folder, or Cancel to lose any changes.
Parking Folders
When a Rule moves a message to this type of folder, it will be “parked” if the time is
within the blue schedule block and released (or sent immediately) when the time is
outside the blue schedule block.
113
Use the checkbox Continue processing rules on release to determine what happens to
parked messages when they are released from this Folder for delivery. If the box is
checked, the message will be evaluated against all rules after the Rule which placed the
message in this Folder).
• Drag using the left mouse button to add to the blue “parking” area.
• Drag using the right mouse button to erase from the blue “parking” area.
• To reset the schedule to the default time block, click Set Default Schedule.
• Choose to “snap” the schedule times to the nearest full, half or quarter hour using
the drop down box.
Click OK to create the folder, or Cancel to lose any changes.
The Mail Recycle Bin
This folder exists by default and cannot be deleted. A time limit may be set for message
retention in the folder. Messages moved to the Recycle Bin (using the MailMarshal
Console) will be permanently deleted after the set time. The default retention time is 7
days.
Editing an Existing Folder
To edit the properties of an existing Folder, double-click its name in the right hand pane
of the configurator. Make any required changes, then click OK.
114
User Guide
Changing the Default Folder Location
The default location for message folders is the Rulesets subfolder of the MailMarshal
install directory. The base physical path for all folders can be changed to any location on
a local drive. Please see “Advanced” on page 192 for details.
Note
If the folder physical path is changed, any messages in the old location must be moved
manually to the new location.
Folder Security
Permission to use the MailMarshal Console (to view and take action on messages in
folders) is controlled by setting user permissions on the MailMarshal.key file. See
“Console Security Issues” on page 231.
In some cases it may be desirable to set different access permissions for different folders
(for instance, if archived messages are to be available to the users who sent them). Such
permissions may be set using standard Windows security procedures for the physical
folder.
115
116
User Guide
Chapter 11
Email Templates
Email Templates allow notification email messages to be sent based on the outcome of
Rule processing. This facility is most often used to notify appropriate parties when a
message is blocked.
Notifications are a very powerful tool to inform and modify user behavior. When well
thought out and constructed, they can save the administrator a lot of time.
Notifications may also be used as a general autoresponder based on message headers or
content. For instance, a message to robot@ourcompany.com with the subject “Send
Catalog” might trigger a rule returning the product catalog to the sender as an email
attachment.
The same Rule outcome may send several notification messages. For instance, if a virus is
detected the email administrator, external sender, and intended internal recipient of the
message might each receive a different message.
Attachments to a notification may be made. Attachments may include the original
message, the MailMarshal processing log for the message, and any other file (such as a
virus scanner log file).
To work with Templates, select Email Templates in the left pane of the Configurator.
Chapter 11 • Email Templates
117
MailMarshal is provided with numerous templates by default. These are a good source of
ideas for the creation of new templates.
Note
In addition to Rule notification templates, MailMarshal uses a number of pre-configured
templates for administrative notifications (such as delivery failure notifications). To
modify these templates, see the Advanced tab of MailMarshal Server Properties.
Creating an Email Template
Click the New Template icon in the toolbar to see the New Email Template dialog.
118
User Guide
Give the Template a name.
MailMarshal allows variable information to be inserted into the message headers and
body from the original email (which triggered a Rule, invoking this Template). Variables
are enclosed within braces { }. To see a list of variables available in any field, type { to
bring up a context menu. Additional information on the variables is available in the
online help for this dialog.
Enter appropriate information in the Header Details section. For instance, enter the
email address to which replies should be sent in the Return Path field.
To attach the original message, the MailMarshal message processing log, or another file to
the notification, check the appropriate box and enter the file name if necessary.
Enter an appropriate message in the Message Body field. Variables marked with braces
{ } may be used. Variables may be nested and Windows environment variables may be
included using the variable {env=}
A file may be included in the body of a notification message using the variable
{file=filepath}
Note
When sending a notification to the original sender of an email message, use the
{ReturnPath} variable in the To: field to reduce the chance of looped messages.
Duplicating an Email Template
To copy a Template, right-click it in the Configurator. Choose Duplicate from the
context menu. After duplicating the Template, make any required changes to the copy.
Editing an Email Template
To edit a Template, double-click on its name in the right hand pane of the Configurator.
Make the required changes then click OK.
Chapter 11 • Email Templates
119
Deleting an Email Template
To delete a Template, select it in the right hand pane of the Configurator then click the
Delete icon in the toolbar.
120
User Guide
Chapter 12
TextCensor Scripts
TextCensor scripts are used to check for the presence of particular lexical content in an
email message. The check may include all parts of the message, including the message
headers, message body, and any attachments that can be lexically scanned. It may also be
limited to one or more of these areas.
A script may include many conditions based on text combined with Boolean and
proximity operators. Triggering of the script is based on the weighted result of all
conditions.
TextCensor scripts are invoked by Standard Rules.
To work with TextCensor Scripts, select TextCensor Scripts in the left pane of the
Configurator.
Chapter 12 • TextCensor Scripts
121
TextCensor Syntax
TextCensor scripts contain one or more lines, each consisting of a word or phrase.
• The wildcard character * may be used at the end of a word only (e.g. “be*” matches
“being” and “behave”).
• Parentheses should be used to set the order of evaluation and for grouping.
• Each line may include Boolean and proximity operators. The operators must be
entered in capital letters. The six supported operators are:
Operator
Function
Example
AND
Matches when all terms are present
Dog AND cat
OR
Matches when any term is present
dog OR cat
dog OR (cat AND rat)
NOT
Logical negation of terms; use after
other operators; means “anything
else but.”
Dog AND NOT cat
NEAR
Matches when two terms are found
within the specified number of words
of each other. The default is 5.
Dog NEAR=2 bone
FOLLOWEDBY
Matches when one term follows
another within the specified number
of words. The default is 5.
Dog FOLLOWEDBY=2 house
INSTANCES
Matches when a term is found the
specified number of times. You must
specify a value.
Dog INSTANCES=3
Dog FOLLOWEDBY (NOT house)
When you use NEAR and FOLLOWEDBY, a “word” is defined as any group of one or
more contiguous alphanumeric characters, bounded at each end by non-alphanumeric
characters. If any non-alphanumeric characters have been included as “special
characters”, each single special character is also counted as a “word”.
122
User Guide
For instance, by default “S-P-A-M” counts as four words. If the “-” character is entered
as a “special character,” then the same text counts as 7 words.
Note
The INSTANCES operator is provided for compatibility with earlier TextCensor scripts,
but its use is discouraged. The use of appropriate weighting (see below) will produce the
same result with improved performance.
Weighting the Script
Each script is given a trigger level, expressed as a number. If the total score of the content
being checked reaches or exceeds this level, the script is triggered. The total score is
determined by summing the scores resulting from evaluation of the individual lines of the
script.
Note
The script will be applied separately to each part of a message. E.g. if both Headers and
Message Body are selected for evaluation, the script will be evaluated once for the
headers, then again for the body. Script triggering is not cumulative over the parts.
123
Each line in a script must be given a positive or negative weighting level and a weighting
type. The type determines how the weighting level of the line is figured into the total
score of the script. There are four weighting types:
Weighting
Type
Description
Details
Standard
Each match of the words or
phrases will add the weighting
value to the total.
If the weighting level of this
item is 5, every match will add
5 to the total.
Decreasing
phrases will add a decreasing
(logarithmic) weighting value to
the total. Each additional match
is less significant than the one
before.
item is 5, the first five matches
will add 5, 4, 4, 3, and 3 to the
total.
Increasing
phrases will add an increasing
(exponential) weighting value to
the total. Each additional match
is more significant than the one
before.
item is 5, the first five matches
will add 5, 5, 6, 6, and 7 to the
total.
Once Only
Only the first match of the words
or phrases will add the weighting
value to the total.
item is 5, this item will
contribute at most 5 to the total,
no matter how many times it
matches.
Negative weighting levels and trigger levels can be used to allow for the number of times
a word may appear in an inoffensive message. For instance: if “breast” is given a positive
weighting in an “offensive words” script, “cancer” could be assigned a negative weighting
(since the presence of this word suggests the use of “breast” is medical/descriptive).
Note
Because script evaluation stops when the trigger level is reached, items with negative
weighting should be evaluated first. Use the Sort List button to set the order of evaluation
correctly.
124
User Guide
Adding a TextCensor Script
Click the New TextCensor Script icon in the toolbar to see the New TextCensor Script
dialog.
Give the script a name. Check the various boxes to select which portions of an email
message will be scanned by this script.
Note
The script will be applied separately to each part. E.g. if both Headers and Message Body
are selected, the script will be evaluated once for the headers, then again for the body.
Script triggering is not cumulative over the parts.
125
By default only alphanumeric characters may be entered in TextCensor items. If any nonalphanumeric characters are required, click on the checkbox to enable matching for
special characters and enter any special characters to be matched. For instance, to match
the HTML tag fragment “<script” you must enter the < in this field. To match
parentheses () you must enter them in this field.
Click on New to obtain the New TextCensor Item dialog.
Select a weighting level and type for this item (see “Weighting the Script” on page 123 for
more information)
Enter the item, optionally using the operators described earlier in this section, e.g.
(Dog FOLLOWEDBY hous*) AND NOT cat
In this example the item weighting will be added to the script total if the scanned text
contains the words “dog house” (or “dog houses”, etc.) in order, and does not contain
the word “cat”.
Note
TextCensor items are case insensitive by default. However, quoted content is case
sensitive. For instance, “textcensor” would not trigger on the title of this chapter.
Click Add (or press <Enter>) to add the item to this script. The dialog box remains open
and additional items may be created. When all items have been entered, click Close to
return to the New TextCensor Script dialog.
126
User Guide
Select a Weighting Trigger Level. If the total score of the script reaches or exceeds this
level, the script will be triggered. The total score is determined by evaluation of the
individual lines of the script.
Click Sort List to set the order of evaluation. Items with negative weighting levels will be
set to evaluate first.
Note
Because evaluation of a Script stops when the trigger level is first reached, setting
evaluation order is important.
Editing a TextCensor Script
Double-click the script to be edited in the right pane to bring up the Edit TextCensor
Script dialog.
A line may be edited by double-clicking on it or deleted by selecting it then clicking
Delete.
The script name, parts of the message tested, special characters, and weighting trigger
level may be changed. Use the Sort List button if necessary to adjust the order of items.
Click OK to accept changes or Cancel to revert to the stored script.
Duplicating a TextCensor Script
To copy a TextCensor Script, right-click it in the Configurator. Choose Duplicate from
the context menu. After duplicating the Script, make any required changes to the copy.
127
Importing a TextCensor Script
TextCensor Scripts may be imported from XML or CSV (comma separated) files.
Click the New TextCensor Script icon in the toolbar. Click Import.
Choose the file to be imported, and click Open. In the Edit TextCensor Script dialog,
click OK.
Note
TextCensor Scripts exported from MailMarshal 4.2.5 and earlier versions do not include
the Weighting Trigger Level, Special Characters, and Apply to following parts settings.
When importing such a script, this information must be added manually.
Exporting a TextCensor Script
TextCensor Scripts may be exported to XML or CSV (comma separated) files.
Double-click the script to be exported in the right pane to bring up the Edit TextCensor
Script dialog.
Click Export. Enter the name of the file to which the script should be exported, and
click Save.
In the Edit TextCensor Script dialog, click OK.
128
User Guide
Testing TextCensor Scripts
A TextCensor script may be tested against a file or pasted text. In the New or Edit
TextCensor Script dialog, click Test to use the Text TextCensor dialog.
• Select Test script against file. Enter the name of a file containing the test text (or
browse using the button provided).
• Select Test script against text. Type or paste the text to be tested in the field.
Click Test. The result of the test (including details of the items which triggered and their
weightings) will be shown in the Test Results pane.
129
Using TextCensor Effectively
The effective use of TextCensor scripts depends on understanding how the Text Censor
facility works and what it does.
Text censor rules are evaluated against text portions of messages (including headers,
message bodies, and attachment content).
Constructing TextCensor Scripts
The key to creating good TextCensor scripts is to enter exact words and phrases that are
not ambiguous. They must match the content to be blocked. Also, if certain words and
phrases are considered to be more undesirable than others, those words and phrases
should be given a higher weighting to reflect the level of undesirability.
In creating TextCensor scripts, a balance must be struck between over-generality and
over-specificity. For instance, suppose a script is required to check for sports-related
messages. To enter the words “score” and “college” alone would be ineffective in that
those words could appear in many messages. Hence the script would trigger too often,
potentially blocking general email content.
The same script (to find sports-related messages) would be better constructed using the
phrases “extreme sports”, “college sports” and “sports scores” as these phrases are sport
specific. However, using only a few very specific terms may mean that the script does not
trigger often enough.
Again using the sports example used above, the initials NBA and NFL, which are very
sports specific, should be given a suitably higher weighting (i.e. promoting earlier
triggering) than, e.g. “college sports”.
130
User Guide
Decreasing Unwanted Triggering
TextCensor scripts may trigger on message content which is not obviously related to the
content types they are intended to match. The recommended procedure to troubleshoot
this problem is:
1. Use the problem script in a Rule which copies messages and their processing logs to
a folder (e.g. “suspected sports messages”).
2. After using this rule for some time, check on the messages that have triggered the
script. Review the message logs to determine exactly which words caused the script
to trigger (see “Interpreting Message Logs” on page 238).
3. Revise the script by changing the weighting, weighting type, or key words, so as to
trigger only on the intended messages.
4. When satisfied, modify the Rule so as to block messages that trigger the script, and to
notify the sender and/or the intended recipient.
131
132
User Guide
Chapter 13
Log records are further categorized by Logging Classifications. Messages may be
classified within Standard Rule Actions. Both MailMarshal Reports and the Console
Message History/Search can show the classification of a message.
Each Rule should include a logging action. MailMarshal’s default Rules include such
actions.
Logging Classifications may be added and customized. To work with Logging
Classifications in the Configurator, select Logging Classifications from the left hand
menu tree.
For general information on logging and reporting see Chapter 18, “Reports.”
Chapter 13 • Logging Classifications
133
Creating a Logging Classification
Click the New Logging Classification icon in the toolbar to see the New Logging
Classifications dialog.
In the dialog, enter a meaningful name for the classification.
Enter a number as the classification code for this classification. Reports can be generated
using these codes. By default the next available number in sequence is used for a new
classification; however, any unused number may be entered.
Give a brief description of the classification and its purpose. This description will be used
in the Console and Reports, and may contain {} variables as in the Email Templates.
Click OK to add the classification.
Editing a Logging Classification
To edit an existing logging classification, double-click it in the right pane of the
configurator to view its properties. Make any required changes then click OK.
134
User Guide
Duplicating a Logging Classification
To copy an existing logging classification, right-click it in the Configurator. Choose
Duplicate from the context menu. After duplicating the classification, make any required
changes to the copy.
Deleting a Logging Classification
To delete a logging classification, select it in the right pane of the configurator, then click
the Delete icon in the toolbar.
Logging Classification Usage
Logging classifications are most commonly used to report on broad categories, such as
viruses or executable files quarantined. However they may also be used to record very
specific occurrences such as a specific file or size of file being sent. E.g. the question
“How many PDF files over 500K in size were sent by Sales” could be answered by
creating a Rule to log sending of such files.
Chapter 13 • Logging Classifications
135
136
User Guide
Chapter 14
Message Stamps
Message stamps are short blocks of text which may be applied to the top or bottom of an
email message body. MailMarshal message stamps may include a plain text and an HTML
version. The appropriate stamp format will be applied to the body text of the same type
in the message.
Message stamps are typically used for corporate disclaimers or advertising on outgoing
email. Message stamps can also be used by MailMarshal to notify the recipient that a
message has been processed (e.g. by having an offending attachment stripped).
To work with message stamps in the Configurator, select Message Stamps in the left
pane. Message stamps may also be created and edited from the stamp selection dialog
during Rule creation.
Chapter 14 • Message Stamps
137
Creating a New Message Stamp
In the Configurator, click the New Message Stamp icon to bring up the New Message
Stamp dialog.
Give the stamp a name and select whether it is to appear at the top or the bottom of
messages.
Enter a plain text version of the message stamp in the Plain Text tab. Then enter an
HTML version of the stamp, if desired, in the HTML tab. Various formatting, including
hyperlinks, may be applied to the HTML text using the buttons provided.
To view the raw HTML, right-click in the HTML pane and select Edit Raw HTML.
Edit the HTML, or paste HTML source from another editor, then click OK to return to
the message stamp dialog.
138
User Guide
Click OK to add the new stamp to the list of available message stamps.
Note
If RTF message stamping is enabled, the plain text message stamp will be used with RTF
messages. To enable RTF stamping, see the Advanced tab of Server Properties.
Both plain text and HTML message stamps may include the same variables available
within email notification templates. You will find more information on variables in the
example stamps provided with MailMarshal, the online help for this dialog, and Chapter
11, “Email Templates.”
Duplicating a Message Stamp
To copy a Message Stamp, right-click it in the Configurator. Choose Duplicate from the
context menu. After duplicating the Message Stamp, make any required changes to the
copy. Remember to make changes to both the Plain Text stamp and the HTML stamp.
Editing a Message Stamp
To edit a Message Stamp, double-click on its name in the right hand pane of the
Configurator. Make the required changes then click OK. Remember to make changes to
both the Plain Text stamp and the HTML stamp.
Deleting a Message Stamp
To delete a Message Stamp, select it in the right hand pane of the Configurator then click
the Delete icon in the toolbar.
Chapter 14 • Message Stamps
139
140
User Guide
Chapter 15
Header Matching and Rewriting
MailMarshal can apply Regular Expression matching to find and/or modify email header
and envelope detail.
Header matching is available as a Standard Rule condition. Header rewriting can be
performed as a global action by the MailMarshal Receiver during email message receipt,
or by a Standard Rule action.
Regular expressions are extremely powerful but somewhat difficult to construct.
Especially in the case of rewriting, great care should be taken to ensure that the rules
perform as expected.
Basics of Regular Expression syntax are given later in this chapter.
Some examples of actions that can be performed are
• Address modification - for example, changing user@host.domain.com to
user@domain.com.
• Field removal - for example, stripping out the received: lines from outbound
messages.
• Alias substitution - for example, replacing addresses via a lookup table, as in
user1@olddomain.com being replaced by user2@newdomain.com.
• Domain masquerading - for example, replacing all addresses in thisdomain.com
with identical addresses in thatdomain.com.
Chapter 15 • Header Matching and Rewriting
141
• Subject line modification - for example, notifying a user that attachments have
been stripped from a message.
• Adding header lines - for example, to mark a message as having been processed.
Note
Test any rewriting rules thoroughly, as errors may cause all affected messages to be
undeliverable.
Header Wizard
Header matching and rewriting rules are created using a wizard. To start the wizard, click
New within the parent dialog (Rule condition, Rule action, or Header Rewrite tab). The
pages in the wizard are as follows:
• An introduction page that gives warning information (for Rewriting only).
• A field matching page to select the header or envelope fields to be matched, and the
portion of the field to be modified.
• A substitution options page where matching and substitution expressions are
entered.
• A naming and test page for naming the rule and testing the matching and
substitution.
In addition, the order of evaluation of header rewriting rules may be adjusted using the
arrows at the bottom of the parent dialog. See “Order of Evaluation” on page 149.
142
User Guide
Field Matching
On this page of the Wizard, select the fields to be matched or rewritten from the list.
If the field you want is not in the list, click Add custom field then enter the field name
(e.g. x-Custom-Field).
Choose the appropriate parsing method using the drop-down list.
Note
If inserting a custom field, use the parsing method Entire Line.
As an example of different parsing methods, consider the following To: header.
To: (A User) auser@domain.com, “Another user at domain2.com”
buser@domain2.com
143
The following table shows the field data that is passed to the substitution engine for the
various parsing methods.
Parsing method
Data passed to the substitution engine
Entire line
(A User) auser@domain.com , “Another user at domain2.com”
buser@domain2.com
Email address
auser@domain.com
buser@domain2.com
Domain
domain.com
domain2.com
When matching or modifying address fields in the email header you would usually select
the field parsing method Email Address. Each email address in the field is then passed to
the substitution engine, while no other characters will be changed.
If the box Match Case is checked, field matching will be case sensitive. If this box is
cleared, matching will not be case sensitive.
Note
When matching email addresses be sure to clear this box. Email addresses are not case
sensitive.
144
User Guide
Matching/Substitution Options
On this page of the Wizard, set up the rules which match the selected fields.
Shortcuts to some common Regular Expression features are available from the arrow to
the right of each field. See “Regular Expression Syntax” on page 149 for details of the
available options.
Optional Exclusion Filter
This field allows you to ensure the Header Match or Rewrite does not occur, regardless of
whether the Field Search Expression is matched. The exclusion filter is provided since it
can be difficult to express exclusions in regular expressions.
To use the exclusion filter, check the box. In the field, enter a Regular Expression. If the
selected header(s) match this expression, they will not be matched or rewritten by the
rule.
145
Field Search Expression
In this field, enter a Regular Expression that is used to select the data for matching or
rewriting. If the selected header(s) match this expression, they will be matched or
rewritten by the Rule (subject to the exclusion filter, above).
Substitution Actions
When rewriting, three actions are available to be taken on the data matched.
Substitute into field using expression
This action allows the matched data to be replaced using a sed or Perl-like syntax.
Sub-expressions which were generated from the field search can be used here as
$1 through $9.
Note
When replacing the entire contents of a field, be sure to terminate the text with a
CRLF (\r\n). This value is available for insertion through the arrow to the right
of the field. If $0 (the tagged expression containing the entire input line) is
entered at the end of the substitution expression, a CRLF will already be
included.
Map using file
This action provides for substitutions from a file, to allow a level of indirection in
resolving what to substitute into the field. A map file must be plain text. Each line of the
file must contain a key and value pair separated by a comma–for example
john@domain.co.uk, john@domain2.co.uk peter@domain.co.uk,
peter@host1.domain.co.uk
The first entry in the line is a lookup key. The second value is the result to be substituted
in place of the original field when the key is matched. If the key value is not found in the
map file then it is returned unchanged as the result.
146
User Guide
Delete the field
When Entire line is selected in the parsing options, selecting Delete the field removes the
entire header line from the email.
A possible use may be to remove Received: lines from outbound email to hide internal
routing information from external recipients.
To achieve this effect, select the Received: field and a parsing method of Entire line, then
provide a search expression that will match the hosts you wish to hide and select Delete
field. For instance, your search expression might look like
from (secret.host | private.host).my.domain.com
Note
While such deletions give a higher level of security, they are not generally recommended
as they make tracing any email problems difficult.
Insert if missing
If any selected header does not exist, the text of this field will be used to create it. E.g. if
you have added the custom header x-My-new-field then you might enter the value
Created by Header Rewrite.
Note
When you insert a new field, MailMarshal automatically appends a CRLF (\r\n) to the
text.
147
Naming and Testing
On the final page of the Header Wizard, enter a name for the new Rule. Optionally enter
a comment which should explain the purpose of the rule.
Rule Test
Enter an input string in the Source field and click Test. The result will appear in the
Result field. For rewriting actions, the result will be the rewritten string. For matching, the
result will be “matched” or “not matched”.
If this is a rewriting rule, it is possible to select whether the changes will be actually
applied and/or logged. Check the box Enable field changes to apply this rule to
messages. Check the box Log changes to write a log of changes to the MailMarshal logs
for the message. If only Log changes is checked, the logs will show the changes that
would have occurred but no changes will actually be made.
148
User Guide
Order of Evaluation
When satisfied with the new Rule, click Finish to return to the parent dialog (Rule
condition, action, or Header Rewrite tab).
If several header matching rules are used within a single Standard Rule condition, all must
evaluate true for the condition to be true.
If several rewriting rules are in use for global Header Rewrite or used within a single
Standard Rule action, the order of evaluation will be significant. Rewriting actions will be
applied in top-down order as shown in the dialog. Adjust the order of evaluation using
the arrows provided below the list of rewriting actions.
Regular Expression Syntax
MailMarshal implements a full-featured regular expression syntax. Full documentation of
this syntax is beyond the scope of this manual. Additional documentation and links to
further information may be found in Marshal Knowledge Base article Q10520.
A few basics are given below.
Shortcuts
The arrow to the right of each field on the matching/substitution page of the header rule
wizard provides access to some commonly used Regular Expression features.
Selection
Inserts
Usage
Any Character
.
Matches any single character.
Character in range
[]
Enter a range or set of characters to be matched
within the brackets. For instance, to match lower
case characters you could enter a-z between the
brackets.
Character not in range
[^]
Enter a range or set of characters after the ^.
Matches any character not in the set.
149
Selection
Inserts
Usage
Beginning of line
^
Text to the right of the ^ will only match if found at
the beginning of the line.
End of line
$
Text to the left of the $ will only match if found at
the end of the line.
Tagged expression
()
The content within the parentheses will be
considered as a single expression for repeat
purposes. This expression will be saved for use
within the substitution field.
Or
|
The field will be matched if it matches either the
expression before the | or the expression after the
|.
0 or more matches
*
The expression before the * will be matched if it is
repeated any number of times, including zero.
1 or more matches
+
The expression before the + will be matched if it is
repeated at least once.
Repeat
{}
Enter a number or two numbers separated by a
comma within the braces. The expression before
the braces will be matched if it is repeated the
number of times specified. See “Repeat
Operators * + ? {}” on page 151.
Whitespace
[[:space:]]
Matches a single whitespace character (space,
tab, and so on.).
Alphanumeric character
[[:alnum:]]
Matches a single letter or number character.
Alphabetic character
[[:alpha:]]
Matches a single letter character.
Decimal digit
[[:digit:]]
Matches a single number character 0-9.
Reserved Characters
Some characters have special meanings within regular expressions.
150
User Guide
Operators
The following characters are reserved as regular expression operators:
* . ? + ( ) { } [ ] $ \ | ^
To match any of these characters literally, precede it with \
For example, to match marshal.com enter marshal\.com
Wildcard Character .
The dot character (.) matches any single character.
Repeat Operators * + ? {}
A repeat is an expression that occurs an arbitrary number of times.
An expression followed by * can be present any number of times, including zero. An
expression followed by + can be present any number of times, but must occur at least
once. An expression followed by ? may occur zero times or once only. You can specify a
precise range of repeated occurrences as a comma-separated pair of numbers within {}.
For instance,
ba* will match b, ba, baaa, etc.
ba+ will match ba or baaaa for example but not b.
ba? will match b or ba.
ba{2,4} will match baa, baaa and baaaa.
Parentheses ( )
Parentheses serve two purposes:
• To group items together into a sub-expression. You can apply repeat operators to
sub-expressions in order to search for repeated text.
• To mark a sub-expression that generated a match, so it can be used later for
substitution.
151
For example, the expression (ab)* would match all of the string
ababab
The expression “ab” would be available in a variable (tagged expression) with a name in
the range $1...$9 (see the matching and substitution examples in following sections).
Alternatives
Alternatives occur when the expression can match either one sub-expression or another.
In this case, each alternative is separated by a |. Each alternative is the largest possible
previous sub-expression (this is the opposite to repetition operator behavior).
a(b|c)
could match ab or ac
abc|def
could match abc or def
Examples
The following sections show examples of matching and substitution strings.
Matching
The expression
(.+)@(.+)\.ourcompany\.com$
will match a sequence of 1 or more characters followed by an @ followed by another
sequence of 1 or more characters, followed by .ourcompany.com at the end of the field.
That is, it will match john@host.ourcompany.com and
john.smith@host.subdomain.ourcompany.com but not
peter@host.ourcompany.com.au
Substitution
Using the example given in the preceding section, the substitution expression
$1@$2.co.uk.eu
152
User Guide
would yield john@host.co.uk.eu, john.smith@host.subdomain.co.uk.eu and
peter@host.ourcompany.com.au respectively. The last result may be somewhat
surprising, but data that does not match part of the regular expression is simply copied
across.
Map Files
MailMarshal SMTP allows substitution using regular expressions to search for an entry in
text file known as a map file. Each line in the map file contains two values separated by a
comma. If the search expression matches the first value in a line, MailMarshal SMTP
substitutes the second value. If the search expression does not match the first value in any
line, MailMarshal SMTP substitutes the search expression.
A typical use of map files is to redirect incoming email to arbitrary addresses. The
following simple example modifies email addresses using a map file.
Map file
john@domain.co.uk, john@domain2.co.uk
peter@domain.co.uk, peter@host1.domain.co.uk
Search expression
(.+)@domain\.co\.uk$
Lookup key
$1@domain.co.uk
153
Sample results
The following table shows the matching addresses when the sample mapping file above is
used.
154
Input Email Address
Result
john@domain.co.uk
john@domain2.co.uk
peter@domain.co.uk
peter@host1.domain.co.uk
alice@domain.co.uk
alice@domain.co.uk
User Guide
Chapter 16
LDAP Connections
What is LDAP?
LDAP (Lightweight Directory Access Protocol) is a system for retrieving directory
information, such as lists of users, from a remote source. The source may be public
(available for anonymous use) or private. Servers providing LDAP support include:
• Lotus Notes
• Microsoft Exchange
• Microsoft Active Directory
• Novell GroupWise
• Many Sendmail systems
Within MailMarshal, LDAP connections are used to import user and group information
for User Groups. MailMarshal Secure can use LDAP to retrieve Security Certificates for
use in S/MIME encryption. See Chapter 6, “User Groups” in this manual, and the
MailMarshal Secure Manual, for further information.
Before LDAP can be used to retrieve information, a connection to the remote LDAP
server must be established.
Chapter 16 • LDAP Connections
155
Adding a New LDAP Server Connection
Highlight LDAP Connections in the menu tree, then click the New LDAP Connection
icon in the toolbar to start the New LDAP Connection wizard.
In the first page of the wizard, choose whether this connection will be used to retrieve
User Groups or Certificates.
Note
To retrieve both User Groups and Certificates from the same server, create two
connections.
On the LDAP Connection Wizard–Server page, enter the name of the server to be
queried into the LDAP Server field. This may be a fully qualified Internet server name or
simply the name of a server on the local LAN. Examples of LDAP server names are:
ldap.netscape.com
directory.baycorpid.co.nz
IBMMAIL01
156
User Guide
If desired use the browse button provided to select a server on the LAN.
The Port number field is used to enter the port on which the remote LDAP server
accepts queries. The default value is port 389. However this may be changed where more
than one LDAP server is hosted at the same IP address. For example, when running
Microsoft Exchange 5.5 on a Windows 2000 Active Directory server, both Exchange and
Active Directory provide LDAP services. The network administrator will configure the
servers to use different port numbers.
Note
Server name, port, and login information should be obtained from the LDAP server
administrator.
Enter the logon name and password, if required, in the appropriate fields. If using
Windows integrated security, enter the logon domain as well.
Select an LDAP Search Root, if necessary, in the next page. The Search Root is used to
limit the amount of information returned in LDAP queries, and specifies the root
container of the LDAP server to be searched. This field is usually left blank; however, if
the search does not work, ask the LDAP server administrator for an entry. Typically the
entry would be the base LDAP Distinguished Name for the organization (e.g.
dc=ourcompany.com or o=OurCompany Corporation).
Alternatively, check the box to populate the list of available search roots from the remote
server (this may take some time). Then select a root from the list.
157
In the final page of the Wizard, enter a name that will be used to identify the LDAP
connection (within MailMarshal only.)
If this is a User Groups connection, select an Update Interval. The default period
between updates is 240 minutes (4 hours). All groups derived from this connection will
be updated at the time specified. A shorter time may be desirable if, for example, this
option is used to synchronize user information between MailMarshal and Microsoft
Exchange Server, and many new users are being added. Conversely, if few users are ever
added, setting a longer interval will reduce overhead.
158
User Guide
The field Next Update shows the time when the next update is due.
Note
If the Next Update time is reset, updates will occur at the time set and at each Update
Interval thereafter. E.g. if the Next Update field is changed to 14:30 today and the Update
Interval field shows 240 minutes, the updates will occur at 14:30, 18:30, and each 4 hours
thereafter.
The Controller checks every 5 minutes to see if any LDAP user groups need updating. If
the Next Update field is used to schedule an immediate update, this may not occur for up
to 5 minutes.
A User Group may also be updated by right clicking it in the Configurator User Groups
list and selecting All Tasks > Reload from LDAP Server.
If this is a Certificates connection, it may be used to renew Certificates automatically for
any designated MailMarshal User Group. Click Add to select a User Group which will be
added to the field Automatically renew certs... Highlight a group and click Remove to
remove it from the list. To set the schedule for automatic renewal, see the Processing tab
of the Security Policies dialog (reached from the Secure Email tab of Server Properties).
Check the box Test the connection on finish then click Finish to test that the server
details are correct.
• If the connection type is User Groups, MailMarshal should state that the connection
has been made and some groups and members found.
• If the type is Certificates, MailMarshal will request an email address for which to seek
a certificate, and state whether one was found.
159
Note
If you enter an email address for which the LDAP server holds no certificate,
MailMarshal will report that no certificate was found. However, this result means that
the server name, logon, password and port number are correct.
Other messages are less specific. The information given (e.g. “no groups found”)
may not necessarily pinpoint the problem entry, so all information entered must be
checked. If necessary contact the LDAP server administrator.
A local network or LDAP server may be configured to allow access only from certain
machines or users. The Test button only tests the connection from the Configurator.
Because the MailMarshal Controller service may have different security permissions,
be sure to check that the Controller is updating LDAP groups correctly. The
Controller log file may show messages from the LDAP action. The membership of
the groups should change appropriately.
When all details are correct, click Finish in the New LDAP Connection wizard. The
LDAP connection is ready to be used. See Chapter 6, “User Groups,” and the
MailMarshal Secure Manual, for further information about using the connection.
Editing an LDAP Server Connection
To edit an existing LDAP connection, double-click it in the right pane of the
Configurator to restart the LDAP Connection Wizard.
160
User Guide
Deleting an LDAP Server Connection
To delete an existing LDAP connection, select it in the right pane of the Configurator
then click the Delete icon in the toolbar.
161
162
User Guide
Chapter 17
Server Properties
MailMarshal’s Server Properties include a variety of server setup information and
advanced options. During installation a wizard gathers enough of this information to
enable the product to function. To access the full range of Server Properties for
maintenance and reconfiguration purposes, choose Tools > Server Properties from the
Configurator menu to view the Server Properties dialog. This dialog includes the
following tabs, which are covered in detail in the sections of this chapter:
General:
Alter server email address information; import and export configurations.
Local Domains:
Select how MailMarshal should deliver inbound email.
Logging:
Choose whether, where, and how much information should be logged for
reporting.
Secure Email:
Enable and configure S/MIME features.
Internet Access:
Configure proxy settings for Updates and S/MIME CRL retrieval.
Delivery:
Select how MailMarshal should deliver outbound email.
Chapter 17 • Server Properties
163
Batching & Dial-Up:
Configure settings for batched email sending and Dial-Up connectivity.
Blocked Hosts:
Select which hosts may not send email to local domains.
Host Validation:
Enable DNS record checking; configure DNS Blacklists.
Header Rewrite:
Set up rules to modify message headers at the Receiver.
Anti-Relaying:
Choose which hosts if any may relay email through MailMarshal.
Updates:
Configure automatic Category Script updates.
License Info:
Make a Permanent Key request; see details of the current license key; enter a new
key.
Advanced:
Control folder location and special settings including ports, timeouts, server
threads and greeting strings.
(The tabs General, Delivery, Local Domains, and Logging are presented in the
Installation Wizard when MailMarshal is installed.)
164
User Guide
General
Administrative notifications (such as DeadLetter reports) will be sent to the address
specified in the Recipient address field. This should be a valid and appropriate mailbox or
group alias, which is regularly monitored by the email administrator. Administrative
notifications and other automated email from MailMarshal will be sent “from” the
address entered in the From address field. (Template generated messages may have a
different “from” address). This address should also be a valid SMTP address to allow for
replies to notifications.
165
Export Configuration
The MailMarshal configuration data, including server properties, Rulesets, and Rule
elements, is stored in the Windows Registry (with the exception of user group
information, which is found in the file UserGroups.txt in the MailMarshal install folder,
and files with known fingerprints, which are stored in the subfolder ValidFingerprints of
the MailMarshal install folder).
To export configuration data, click Export Configuration. Enter an appropriate file
name and location. To save User Group information, copy UserGroups.txt. To save userdefined file type signatures, copy filetype.cfg. To save fingerprint information, copy the
folder ValidFingerprints and its contents.
Import Configuration
MailMarshal Registry information can be imported, either to restore a previously created
configuration or to merge a partial configuration (See below).
Warning
Export configuration data safely before performing an import. The Merge function
requires a specially created file, and should be used only on advice from Marshal Support.
To import configuration data, click Import Configuration. Enter or browse to the
appropriate file name. Choose to overwrite or merge configurations using the radio
buttons. Click OK to perform the import. If User Group information is needed, copy
UserGroups.txt to the MailMarshal install folder. If user-defined file type signatures are
needed, copy filetype.cfg. If attachment fingerprint information is needed, copy the
required files to the folder ValidFingerprints in the MailMarshal install folder.
Note
If MailMarshal is being moved to a new server, you must also copy the Sequence file. See
“Moving MailMarshal to a New Server” on page 249.
166
User Guide
Local Domains
This tab specifies the names of local domains for which MailMarshal will accept inbound
email. The list should include all (and only) the domains of email addresses your
organization actually uses through this gateway. Each entry in this list should be matched
by DNS MX records (and firewall relay settings, if necessary) so that email for these
domains is passed to MailMarshal for delivery.
167
Local domains may be of two types: Relay or POP3. Email for a relay domain is sent on
to another email server. Email for a POP3 domain is typically delivered to a mailbox
hosted by the MailMarshal server. Often there will be a single entry in this section for the
local email server. However, if the email server handles more than one domain, multiple
entries may be needed. Note that by default all relay servers defined here will also be
allowed to relay outbound email through MailMarshal.
To Create a New Local Domain
Click New to start the New Local Domain Wizard. Choose the type of local domain
(relay to another server, or POP3). On the final page, enter the domain name.
Enter the IP address of the server to which email should be relayed. Optionally enter a
second email server address (used only if the first server is unavailable). Multiple Relay
local domains may be entered using wildcards (e.g. *.ourbusiness.com may be entered
to direct email for all subdomains of ourbusiness.com to a single address). See
“Wildcards” on page 170 for a description of MailMarshal’s wildcard syntax.
If this is a POP3 domain, choose the action to be taken for messages addressed to nonexistent mailboxes:
• Forward the message to the administrator account - The administrator email
address is entered in the installation wizard and may be changed on the General tab
of Server Properties.
• Reject the message - A non-delivery message will be returned to the sender with a
“Mailbox/User is unknown” reason code.
• Forward the message to the following Mail Server IP Address/Port - this allows
for messages not destined for POP3 accounts in MailMarshal to be passed on to
another email server for final delivery.
168
User Guide
Click Finish to return to the Local Domains tab.
Note
MailMarshal’s permanent License Keys are bound to the list of local domains specified
here. Each time the list of domain names changes, a new key is required. Changes in IP
addresses or ports, or between relay and POP3 domains, do not require a new key. See
“License Info” on page 190 for information on requesting a new key.
When invalidated because of a domain change, the key reverts to a fully functional 14 day
trial. This allows ample time to contact Marshal for a new permanent key. There is no
charge for the new key.
Repeat the New Local Domain Wizard for each local domain required. When all domains
have been entered, adjust the order of matching by highlighting a domain from the list
and using the up and down arrows.
Note
Ensure that local domains are matched in the correct order; otherwise email may be
misdirected. E.g. to enable a POP3 subdomain use the following sequence:
pop.example.com
POP3
10.2.5.4:25
*.example.com
Relay
10.1.2.1:25
If the sequence is reversed, POP3 mailboxes will be ignored and all email will be delivered
to the first address, i.e. 10.1.2.1 port 25, because all subdomains match *.example.com.
To Edit a Local Domain
Select the domain to be edited from the list and click Edit to start the Local Domain
Wizard. Make any changes required, then click Finish.
Note
To change a domain from POP3 to Relay or vice versa, the entry must be deleted and
recreated.
169
Wildcards
Local domains may be entered using several wildcard characters. The same characters are
used in User and Group matching for standard and receiver rules.
The following syntax is supported:
Character
Function
*
Matches any number of characters
?
Matches any single character
[abc]
Matches a single character from a b c
[!abc] or [^abc]
Matches a single character except a b or c
[a!b^c]
Matches a single character from a b c ! ^
[a-d]
Matches a single character in the range from a to d inclusive
[^a-z]
Matches a single character not in the range a to z inclusive
Examples
*.ourcompany.com matches
pop.ourcompany.com,hq.ourcompany.com, etc.
mail[0-9].ourcompany.com matches
mail5.ourcompany.com but
not maila.ourcompany.com
mail[!0-9].ourcompany.com matches
mails.ourcompany.com but
not mail3.ourcompany.com
Note
The !, -, and ^ are special characters only if they are inside [ ] brackets. To be a negation
operator, ! or ^ must be the first character within [ ].
170
User Guide
Logging
To enable logging of MailMarshal’s message processing, check the box Enable Logging.
When logging has been enabled, the Mail History can be viewed in the Console and a
wide variety of reports run from MailMarshal Reports.
Click Create/Select Database to choose the location of the SQL database where the
information will be stored. In the Create/Select Database dialog, enter the name of the
SQL Server (or MSDE) computer in the first box. Browse the network if necessary using
the button provided. Enter the name of the database to use, and the SQL user name and
password. The option Connect using TCP may be chosen where the database is behind
a firewall. TCP port 1433 must be opened through the firewall in this case.
171
If you believe that a MailMarshal database has previously been installed in the given
location and you do not wish to use it, check the box to recreate the database.
Note
The database password may be changed using SQL administration tools or commandline SQL entry. However this procedure must be used with caution if other applications
may be using the database. For further information please see Marshal Knowledge Base
article Q10251.
For maximum detail, check the Log Attachment Details checkbox. To continue
processing email if the log records cannot be written to the database, check the box
Continue Processing even if database becomes unavailable. To stop processing
email when the database is unavailable, clear this box. (This option should be chosen if
logging of traffic is essential. Email will still be accepted and held in the Incoming
directory.)
The MailMarshal Console can log operator actions to the MailMarshal logging database.
Logged actions include:
• deleting messages
• moving messages into or out of the mail recycle bin
• emptying the mail recycle bin
• passing through messages
• forwarding messages
• moving messages from one folder to another
To enable logging of these actions, check the box Enable console auditing. Uncheck
this box to disable logging of these actions.
Note
Logging console actions can make a difference to perceived console speed, especially
when large numbers of messages are affected by a single action.
You can choose to log only certain types of actions, by setting a value in the Registry. See
the Marshal Knowledge Base for details.
172
User Guide
Choose the period for retention of data (the default is 100 days). If more than one
MailMarshal server will log to this database, check the box MailMarshal is used in an
Array and select a unique letter for each server.
Secure Email
This tab allows configuration of the S/MIME email features of MailMarshal Secure. See
the MailMarshal Secure User Guide for further information.
Internet Access
This tab is used to configure the path for HTTP and FTP connection to the Internet.
This connection is used by the MailMarshal Category Update. It is also used by the
MailMarshal Secure (S/MIME) module to retrieve certificate revocation and renewal
information.
Select the method by which MailMarshal’s Internet connection should be configured
using the radio buttons:
• Preset Configuration: MailMarshal uses the Windows (Internet Explorer)
configuration settings for the account under which the MailMarshal Controller
service is running.
Note
By default the Controller service runs under the Local System account. For this
selection to be useful the Controller should be run using another account with
administrator privilege.
• Direct access: No special configuration is required; the Internet is available from
this computer without a proxy.
• Proxy: MailMarshal connects to the Internet using the proxy server details provided.
173
Name may be a local computer name, fully qualified domain name, or IP
address.
Port is the port number on which the proxy server accepts requests (typically
port 80).
User name may include Windows domain information in “backslash” format
(e.g. ourcompany\username).
Password is the associated password (entered twice for confirmation).
Updates
Check the box Automatically update to enable MailMarshal to check or updates to
Category Scripts daily. The update will occur at a random time. Clear this box to turn off
automatic updating.
Warning
If an update is downloaded, the configuration must be reloaded (or in some cases
services must be restarted) before the change takes effect. If the MailMarshal
Configurator is open on any workstation when an automatic update occurs, the reload
cannot be completed. In this case a notification dialog will be raised. It is strongly
recommended that the Configurator be closed when it is not in use.
Click Update Now to initiate an immediate check for Category Script updates.
Note
If an update is downloaded, the configuration must be reloaded (or in some cases
services must be restarted) before the change takes effect. When you “Update Now” you
will be asked to reload or restart as appropriate.
174
User Guide
Delivery
The primary DNS (Domain Name Server) address used by the organization must be
entered in the first field of this tab, and a secondary address is recommended. These
servers should be in the local network if possible, but in any case no further away than the
ISP. They must be able to resolve domain names outside your organization.
Note
If MailMarshal must perform DNS lookups through a firewall, the firewall must permit
both TCP and UDP based lookups.
175
Two delivery options are available:
• MailMarshal will deliver external email itself: This is the default option.
MailMarshal will use DNS resolution to determine the appropriate destination for
outbound email and attempt to deliver messages directly.
If this option is selected, you may optionally enter the name or IP address of a
fallback host. The fallback host will be used as a forwarding host for messages which
MailMarshal is unable to deliver immediately (for instance, if MailMarshal encounters
a DNS or greeting failure while attempting to connect to the original destination
server).
• MailMarshal will forward email to another SMTP server: Select this option to
immediately send all outbound email (not for local domains) to a firewall or a fixed
relay server (such as an ISP). The other server will be responsible for final delivery.
Enter the host name or IP address of the relay or firewall in the Forwarding Host box.
Optionally enter an alternate host (used only if MailMarshal encounters a DNS or
greeting failure while attempting to connect to the main forwarding host).
176
User Guide
Batching & Dial-Up
MailMarshal supports batch receipt and sending of email messages where on-demand
connection to the downstream email server is not desired. Normally this option will be
used with a dial-up connection. It may also be used with ADSL connections where the
MailMarshal server does not have a fixed IP address, or in situations where frequent
connections incur high cost. Check the box Enable Mail Batching to enable the fields
on this tab.
Note
Mail Batching must be enabled whenever Dial-Up Networking is used.
177
Click Configure Schedule to see the Delivery/Polling Schedule dialog.
• Drag using the left mouse button to add to the blue “business hours” area.
• Drag using the right mouse button to erase from the blue “business hours” area.
• To reset the schedule to the default time block, click on Set Default Schedule.
• Choose to “snap” the schedule times to the nearest whole, half or quarter hour using
the drop down box.
178
User Guide
• Select the frequency of connection for inbound and outbound email for business and
out-of-business hours.
Note
When MailMarshal delivers outgoing email it will always poll the server for inbound
email unless the “Never” option is selected in the Check for incoming mail every
drop-down list.
• Click OK to return to the Batching & Dial-Up tab.
Note
The selected Mail Batching schedule can be overridden from the MailMarshal
Console using the Send/Receive Now button at the bottom of the Console window.
Next choose how email retrieval will be requested.
If the downstream server controls delivery select No Action.
To send an ETRN command to a server, select Via ETRN to domain and enter the
host name or IP address of the downstream email server.
To collect email from a POP3 account, select Via POP3 account then click Modify...
to use the POP3 Email Collection dialog.
179
Complete the fields in this dialog and click OK. (POP3 can be used for multiple
addresses within a single account. The downstream server will have a POP3 account
containing an email alias for each user.)
The list of POP3 recipient fields is used by MailMarshal to determine the recipients for
messages addressed to multiple users. Additions and deletions should be made only if
problems with delivery occur. Consult the ISP for information on custom address
headers which may be added.
To collect email using a custom executable command, select Execute the
following command, then enter (or browse to) the full path of the executable
application. For instance, some ISPs use the finger command, e.g.
c:\winnt\system32\finger example.com@mailhost.com.
If a command is required, the ISP or downstream server operator will provide
instructions.
If outbound email is to be delivered over a dial-up connection, check the box Use DialUp Networking and fill in the appropriate information. Select a RAS entry from the
drop-down list, or click on New Phonebook Entry to add the appropriate information.
Fill in other information as appropriate. The correct settings should be obtainable from
existing email server settings or from the ISP.
Note
Test Dial-Up connections using the standard Windows Dial-Up Networking capabilities.
180
User Guide
Blocked Hosts
This tab is used to enter the names or IP addresses of SMTP servers which are not
allowed to deliver email to MailMarshal. MailMarshal will refuse SMTP connections from
these servers.
To activate host blocking, click the checkbox then click New. Enter a host name or IP
address in the field provided.
Host names must be entered in full. Wildcards are not supported for names.
You can also enter a single IP address, or a network block range.
181
For example, enter 10.2.0.1 to block connections from the single IP address. Enter
10.2.0.0/24 to block all connections from the 10.2.0.n subnet.
• To add an additional entry, click New again.
• To edit an entry in the list, double-click it to enable editing.
• To delete an entry, select it then click Delete.
Note
Because a variety of formats is possible, limited syntax checking is done on Blocked
Host entries. Make entries carefully.
182
User Guide
Host Validation
This tab is used to configure email blocking based on domain name information.
Messages may be blocked outright, or logged, if they come from a host listed in a DNS
Blacklist (MAPS compatible) database. These databases list open email relays and other
Spam related hosts.
183
Messages may also be blocked based on reverse DNS lookups to confirm the identity of
the sending host.
Note
These features may intentionally refuse email messages from sites that fail the validation
criteria. DNS Blacklist databases, in particular, are subject to change without warning.
Enable and use these features only after careful consideration and monitor the results
periodically.
DNS Blacklist
This section allows configuration of DNS Blacklist databases, used in the Receiver Rule
condition Where sender's IP address is listed in DNS Blacklist.
To add a new DNS Blacklist database to the list, click New to use the New DNS
Blacklist dialog.
The checkbox Enable this DNS Blacklist specifies whether the service will be available
for selection in Receiver Rules. To enhance processing speed, only the DNS blacklists
that are actually used in rules should be enabled here.
In the first text box, enter a name by which the service will be known within MailMarshal.
In the second text box, enter the domain name of the service (e.g. blackholes.mail-
abuse.org).
Click OK to return to the Host Validation tab.
To edit a DNS Blacklist database listing, select it and click Edit.
184
User Guide
To delete a listing entirely, select it and click Delete.
Note
If MailMarshal is attempting to query a blacklist server that is not responding, you may
experience some delays in processing. (The same issue can arise with a subscription
database if you are not a subscriber.) See “DNS Blacklists” on page 249 for more
information.
DNS Validation
To validate hosts sending incoming email against DNS information, click on the
appropriate checkbox. MailMarshal will perform a reverse DNS lookup on the IP address
from which email is being sent.
Select an option using the radio buttons.
• Choose to Accept unknown hosts if hosts without appropriate DNS information
are to be allowed to send email, but logged to the Windows event log. This option
annotates the message header as “not validated”. It is usually used for testing or
debugging purposes.
• Choose Host must have a PTR record to block messages from any host that does
not have a valid DNS PTR record.
• Choose PTR Record must match the HELO connection string to block
messages from hosts whose PTR domain does not match the HELO identification
sent by the server. This is the most restrictive option.
Note
Valid email traffic may be blocked by DNS checking if the sending site does not have
PTR records or they are faulty.
185
Header Rewrite
MailMarshal can modify email header and envelope detail (e.g. to allow email aliasing). In
addition to rewriting by Standard Rule actions, global modifications can be performed by
the MailMarshal Receiver during email message receipt. Global rewriting is controlled
through the Header Rewrite tab.
Note
Please note that this is an advanced option and most sites will not need to use this facility.
Test any rules thoroughly, as errors may cause all affected messages to be undeliverable.
186
User Guide
To create a new global Header Rewrite rule, click New. To edit an existing rule, highlight
it and click Edit. To delete a rule, highlight it and click Delete.
Information on the syntax and options for Header Rewrite rules is found in Chapter 15,
“Header Matching and Rewriting.”
The order of evaluation of header rewrite actions may be significant. To adjust the order,
select a rule and use the arrows to move it up or down in the list.
Anti-Relaying
This tab is used to control SMTP Relaying through MailMarshal.
187
Relaying is the passing of messages to another server for delivery. If an email server
allows open relaying, anyone (including bulk and spam senders) can use the name and
resources of that server. Best practices require relaying to be tightly controlled (See
below).
MailMarshal relaying control may be configured in three locations and by three different
methods: POP3 accounts (see Chapter 7, “POP3 Accounts”), Receiver rules (see Chapter
5, “Rulesets and Rules”), and this Server Properties tab.
By default MailMarshal is configured to stop all external domains relaying email through
it.
Note
The local domain email servers, entered in the Installation Wizard or the Local Domains
tab of Server Properties, are always allowed to relay through MailMarshal.
The list of “local network” addresses determines which additional computers are allowed
to relay email through MailMarshal. For instance, if email clients such as Eudora send
email directly to MailMarshal, their addresses (or the entire internal network) should be
added.
To disable anti-relaying completely (not recommended), click to uncheck the checkbox
Prohibit Relaying.
To add the addresses of local servers or networks to the list permitted to relay, click New
to use the New Local Network dialog.
• Enter the IP address of a computer or network in the dotted box.
• Enter the network mask. A 32 bit mask defines a single address (255.255.255.255);
a 24 bit mask includes a class C network (255.255.255.0)
188
User Guide
• Select the appropriate radio button to choose whether this range of addresses is to be
included in the local network (permitted to relay) or excluded (forbidden to relay).
Note
Since addresses not specifically permitted to relay will be forbidden, exclusions here
are only used for exceptions within a permitted group. For instance, a university
using POP3 email clients might include its entire private net block as permitted to
relay, but exclude the portion of the block assigned to public access computers.
• Click OK to add the address range to the list.
To edit an existing range, select it then click Edit. To delete a range, select it then click
Delete.
Block suspicious local-part relay attempt
A specially formatted Recipient field may be interpreted by some email systems as a relay
instruction. This may appear as an embedded standard email address within quotes
("user@domain"@domain), or an embedded % or ! character in the “user name”. If this
function is correctly handled by other servers in your environment, uncheck the box to
allow these messages.
189
License Info
This tab displays the details of the current Product License Key.
A new key must be requested if the local domain names are changed. A key may also be
requested to increase the licensed user count, or to purchase the product (if it is running
as a free trial).
190
User Guide
To request a new key click Request Key.
Enter the appropriate contact information in the form. MailMarshal automatically
appends the current local domain list and key details. Enter any additional comments
(such as the number of new user licenses desired) in the Additional Information field.
Click Send Request to email the data to Marshal.
Note
Changing or adding a local domain name will invalidate the license key. When invalidated
for this reason, the key reverts to a 14 day trial. This allows ample time to contact Marshal
for a new permanent key. There is no charge for this service.
191
Use the check box to select how MailMarshal behaves if a license key becomes invalid or
expires. In all cases, MailMarshal continues to accept messages, subject to available disk
space.
• Select Pass through to allow email delivery to continue, but without any evaluation of
content or virus scanning. Typically this option would be chosen for trial sites.
• Select Halt all processing to hold messages in the Incoming directory. Messages will
be held until a valid key is entered or this choice is changed. This is the more secure
option.
To enter a key click Enter Key, type or paste the key provided by Marshal, then click OK.
An information box will report the validity details of the key you entered.
Advanced
This tab collects several rarely changed but useful features.
Change Folders
Locations of the folders used by MailMarshal may be altered. Stop all MailMarshal
services using the Configurator before changing locations. The physical location of
folders should be on the local computer.
Before changing folder locations here, the new locations should be planned. MailMarshal
will create the folders, if necessary, during the change process. Any data (such as message
files) must be manually moved to the new folders.
Warning
Changing the directory paths may damage the MailMarshal installation if performed
incorrectly. Current settings and data should be backed up before performing this
procedure.
Folder locations are discussed in Marshal Knowledge Base article Q10423.
192
User Guide
Click Change Folders to see the MailMarshal Folders dialog. Enter or browse for the
appropriate location for each folder.
When done, click OK to close the dialog and return to Server Properties, or Cancel to
discard any folder location changes.
Additional Options
Clicking this button opens the Advanced Options dialog. The various tabs of this dialog
give access to a variety of rarely changed settings. To restore the default settings (for any
individual tab or all tabs within this dialog), click Default.
General
Engine:
• Enable RTF Stamping: Check this box to enable message stamping of messages
generated in RTF format by Microsoft software.
• Maximum Attachment Unpacking Depth: The number of levels of archive
recursion (e.g. zip file within a zip file) that MailMarshal will attempt to unpack
before deadlettering the email as “suspicious.”
• Maximum MIME Nesting Depth: The number of levels of MIME (email
encoding) recursion (e.g. message within a message) that MailMarshal will attempt to
unpack before deadlettering the email as “suspicious.”
Sender:
• Send HELO instead of EHLO: Check to use the SMTP (rather than ESMTP)
protocol when sending.
• Specify host name: MailMarshal requires a default domain name to be specified, so
it can identify the domain of origin for email it sends.
The preferred method of entering a host name is to insert a domain suffix within
Windows networking properties (see “Host Name or Unable to Determine the
Domain” on page 248 for more information).
193
To override the value set in Windows, check the Specify Host Name box and enter a
host name in the field (for example mailfilter.netgate.example.com).
Templates
This tab allows alternatives to the “built-in” administrative email messages used by
MailMarshal. To alter any of these messages, first create a suitable email template. Then
select your newly created template using the appropriate drop-down menu on this tab.
Please see Chapter 11, “Email Templates” for more details. The following functions are
covered by these templates:
• Dead Letter (Engine): Sent to the Administrator when the MailMarshal Engine places
an email in the DeadLetter folder.
• Undetermined: Sent to the Administrator when the MailMarshal Engine places an email
in the DeadLetter - Undetermined folder.
• Bad Domain: Sent to the “return path” address when MailMarshal is unable to deliver
a message to a remote domain (because the domain could not be found in the DNS).
• Dead Letter (Sender): Sent to the Administrator when the MailMarshal Sender places an
email in the DeadLetter - Routing folder.
• Expired: Sent to the “return path” address when MailMarshal cannot deliver a
message to a remote domain within the specified retry time.
• Failure: Sent to the “return path” address when MailMarshal cannot deliver a message
to a remote domain (for other reasons).
• Overdue: Sent to the “return path” address when MailMarshal encounters delay in
delivering a message to a remote domain.
• Forward Unknown: Sent to the Administrator when MailMarshal is configured to
deliver email for a domain to a local POP3 box, but no box has been configured for
the specific recipient.
• Undeliverable: Sent to the Administrator when MailMarshal cannot deliver a message
and cannot return it (usually because the failed message was auto-generated).
194
User Guide
• Certificate Expired: Sent to the Administrator when a S/MIME security Certificate that
is about to expire is used by the MailMarshal Secure module.
• CRL Update Failed: Sent to the Administrator when a configured automatic update of
a Certificate Revocation List fails.
Ports
• Controller RPC Port: The port used by the MailMarshal Configurator and Console
to communicate with the MailMarshal Server.
Note
The MailMarshal Controller service must be restarted (from the Service Control
Manager) in order for a change in this port assignment to take effect. Remember to
restart all dependent services. The port setting must then be changed in the
Configurator and Console.
• Receiver SMTP Port: The port on which the MailMarshal Server accepts incoming
email.
• Bind Receiver to: By default MailMarshal accepts email on every IP address
available. To limit MailMarshal to accept email on a single IP address, select the
appropriate radio button and enter the desired IP address.
• Sender SMTP Port: The port on which the MailMarshal Server sends outgoing
email.
Receiver
• Maximum number of recipients: If a remote host attempts to deliver a message
for more than this number of recipients, the Receiver will refuse delivery.
• ESMTP Authentication: MailMarshal can require authentication (using a Receiver
Rule) before allowing an external system to send email. Authentication is by
MailMarshal POP3 account and password. Choose the desired behavior using the
drop-down box:
Disabled: Do not advertise ESMTP authentication. Authenticated connections
from external systems will not be available.
195
Enabled: Advertise ESMTP authentication for all connections. The Receiver Rule
condition Where sender has authenticated can be used to control connections.
External only: Advertise ESMTP authentication only for connections from
clients outside the local “allowed to relay” network. The Receiver Rule condition
Where sender has authenticated can be used to control external connections. This is
the default value.
• Block bare line feeds: The LF (linefeed) character without a preceding CR
character is not allowed in email messages according to Internet standards, but some
legitimate email systems generate email with this character. Check this box to strictly
enforce blocking of email with bare LF characters. Clear the box to allow such email
(this is the default value).
• Greeting String: The text of the message sent to a remote system with the initial 220
“ready” response.
• Received Header: The text of the “received” header appended to each incoming
message.
Server Threads
Settings for small and large sites are preconfigured. Click on a radio button to select the
appropriate size site. The thread settings selected will be displayed, grayed out, in the spin
boxes.
If a custom setup is required, click the Custom Thread Settings radio button to enable
the spinner windows. The choices available for configuration are:
• Total Receiver Threads: the maximum number of simultaneous connections that
will be accepted by the MailMarshal Receiver.
• Total Engine Threads: the maximum number of simultaneous threads which will
be used by MailMarshal Engine to process messages.
• Total Sender Threads: the maximum number of simultaneous threads which will be
used by MailMarshal Sender to deliver messages.
196
User Guide
• Local Domain Threads: the maximum number of sender threads used to deliver
messages to local domains.
• External Domain Threads: the maximum number of sender threads used to
deliver messages to any one non-local domain.
Times
These settings control the time before timeout for various functions.
SMTP Transmission Timeouts:
• Initial Host Greeting: number of seconds MailMarshal will wait for a HELO
response when connecting to a remote server.
• Protocol/Data Send: number of seconds MailMarshal will wait for a response after
sending data (e.g. a RCPT or message body).
• Protocol/Data Receive: number of seconds MailMarshal will wait to receive data
after connecting or acknowledging previous data.
Message Transmission:
• Retry Periods: comma separated list of periods (in minutes) between attempts to
send messages to a remote domain. After each period has been used once, the final
value in this list will be used until the “expiration” time is reached.
• Expiration: Number of minutes for which MailMarshal will attempt to send a
message. The default is 4320 minutes (72 hours).
• Notification: Number of minutes before MailMarshal will send the first “delay”
notification to the sender. Optionally a comma separated list of three values (used for
high, normal, and low priority messages).
• Renotification: Number of minutes before MailMarshal will send an additional
“delay” notification to the sender. Optionally a comma separated list of three values
(used for high, normal, and low priority messages).
197
198
User Guide
Chapter 18
Reports
MailMarshal Reports allows generation of reports based on the information logged by
the MailMarshal Server. A wide range of reports is available including overall summaries
and per-user information.
In order for reports to be generated, logging must first be enabled, either in the
MailMarshal installation wizard or from the Reports tab of Server Properties.
Chapter 18 • Reports
199
MailMarshal Reports may be installed on any Windows 2000, Windows XP, or Windows
Server 2003 workstation which can connect to the logging database. MailMarshal Reports
is implemented as a MMC snap-in using a licensed runtime version of Crystal Reports.
For general information and tips on the MMC, please see Chapter 22, “MailMarshal and
the MMC.” This manual assumes that the MMC is displaying the left (menu tree) pane as
well as the right (details) pane.
200
User Guide
To Install MailMarshal Reports
The Reports application is included on the MailMarshal distribution CD-Rom, or as a
separate download from the Marshal website. Insert the MailMarshal CD-Rom and
choose Install Reports from the autorun or Setup Wizard application. Alternatively, run
the downloaded MailMarshal Reports installation file. Carefully read and accept the
license information. Choose a destination location and program folder. The location of
the MailMarshal database from which to produce reports is made when the Reports
application is run (see below).
Note
If the MailMarshal Reports application will be run by users who do not have
administrative rights (e.g. username “sa”), the administrator should run MailMarshal
Reports immediately after setup, connect to the database and select Tools > Load SQL
Scripts. The result should be “SQL scripts successfully loaded.” This need only be done
once and should prevent subsequent access rights failures. For further information, see
“Reports Issues” on page 250.
201
Starting MailMarshal Reports
Run the MailMarshal Reports application from the Start menu. Enter appropriate
information in the Database tab of the Report Group dialog, if it appears.
• SQL Server Name: the name of the computer where the MailMarshal Reports
database resides. Type in the name of the SQL Server (or MSDE) computer where
the MailMarshal database resides, or browse the local network using the browse
button provided.
• Windows NT or SQL Authentication: Choose whether to connect using the NT
logon of the active user, or a SQL username and password.
• User Name: If using SQL authentication, enter the SQL user name associated with
the MailMarshal database. By default the user name is “sa”
• Password: If using SQL authentication, enter the SQL password for the database.
By default the password for the “sa” account is blank.
• Database Name: Enter the name of the MailMarshal database. Choose a name
from the drop-down list, or type in a new name.
202
User Guide
• Always request database details: If this box is checked, this database connection
dialog will appear each time MailMarshal Reports is started.
• Connect to database using TCP/IP: If this box is checked, the database
connection will be attempted using TCP/IP. This setting may be useful where the
database server and the Reports workstation are separated by a firewall or not within
the same local network.
To view the list of available reports, expand the various branches of the left pane menu
tree. Basic information about each folder and report is given in the Description column.
Report Properties
To view the full definition of a particular report, highlight it then click the Properties
icon in the toolbar.
The Report Properties dialog has four tabs.
• General: the report name (as shown in the MMC) and a more complete description
are shown.
• Parameters: the report title (as seen when the report is generated) is shown. Click
Edit to view and change the parameters using the parameters detail dialog.
If the box Request parameters before running report is checked, the parameters
detail will be presented (for confirmation or change) each time the report is
generated. If this box is not checked, the parameters will not be requested when the
report is generated.
• Report: Information on the report definition file and DLL is shown.
• Select: A new report definition file may be selected from the list. This should only be
done when creating a new custom report.
203
Generating Reports
Begin generating a report by double-clicking on it in the right pane. Choose detailed
parameters in the parameter detail dialog.
When all options are chosen, click OK to view the report in a new window.
Note
Not all options are available for all reports.
The title of the dialog shows the title of the report as it will be generated. To change the
title use the Parameters tab of the Report Properties dialog.
204
User Guide
Report Parameters
Reporting Period
The period may be selected in any of 5 ways, each represented by a tab. When entering a
date, use the drop-down arrow at right of the date field to view a calendar.
• Common: Select a standard period from the list by clicking a radio button.
• Special: Select a reporting period by period type (e.g. month, day), number, and
starting day.
• Period: Select a reporting period by period type (e.g. month, day), number, and
starting date (dd/mm/yyyy).
• Date: Select a reporting period by starting and ending dates. If Inclusive is checked,
the ending date will be included in the report.
• Time: Select a reporting period by starting and ending dates and times.
Sort By
Many sorting options are provided. Not all options are available for all report types.
Domain, User, Subject, Message Name, Classification, Description
Optionally enter text to search for in any or all of these fields. Wildcard syntax is available
as supported in the Configurator for local domains. For a full description of the syntax,
see “Wildcards” on page 170.
A menu of available wildcards is available through the button at right of each field. The
following functions are available:
• Any Character: Match any single character (inserts “?” into query).
• Any String: Match any number of characters (inserts “*” into query).
• Character in Range: Match any character in the given range (inserts [ ] into query;
add a range of characters e.g. a-z).
205
• Character not in range: Match any character not in the given range (inserts [^] into
query; add a range of characters e.g. a-z after the ^).
• All: show all items without limits.
• Starting With: show items starting with the characters entered.
• Ending With: show items ending with the characters entered.
• Containing: show items containing the characters entered.
For the Classification field, click the button to the right of the field and choose Select...
to view a list of available items. To include one or more items in a report, check the
appropriate boxes.
Note
Either the Select option or wildcards may be used.
Size
Enter a minimum (and optionally a maximum) message size to search for. Select a size
unit from K (Kilobytes) or M (Megabytes).
Sent Messages Counted
If present this option provides a choice of the way in which sent messages are counted:
• Once (count of messages sent to MailMarshal by the sender.)
• Per Session (count of resulting messages sent outbound, normally one per recipient
domain.)
• Per Recipient (count of all recipients for all messages.)
Note
The “per session” method most closely reflects Internet bandwidth usage.
206
User Guide
Local Domains Only
When this box is checked only information on Local Domains will be reported.
Include Internal Traffic
When this box is checked messages sent through MailMarshal between Local Domains
will be included in the totals.
Costing
Enter values for the cost to send and to receive one megabyte of data. Do not include a
currency symbol; it will be supplied from the system settings.
Message Only
When this box is checked, only a list of messages will be shown. When the box is not
checked (default), actions taken on the messages will also be shown on the main page of
the report.
207
Report Window
Within the Report window, several options may be available to customize the view and
see additional details. The Help menu includes two choices: general help and help about
the specific report.
Toolbar Options
• Close Current View: close the drill-down tab currently showing.
• Print: print a copy of the report, or selected pages. (Printer setup is available from
the File menu)
• Toggle group tree: show a list of available detail items in a separate pane. Doubleclick on any of these items to jump to it in the main report. If the item is a group,
click the + icon to view the members of the group.
208
User Guide
• Magnification: choose the magnification of the report on screen.
• Page selector: shows the number of pages in the report. Choose the page to view.
Note
The scroll bar in the report window is limited to the current page. Use the page
selector to move between pages.
• Stop button (available while report is being generated): Stop generating the report.
Optionally show the partial report.
• Find: search the report for text.
Drill-down
Some fields in a report are linked to detailed information or limited views. The mouse
pointer shows a magnifying glass when moved over these fields. In addition, a tool tip will
indicate that drill-down is possible. Double-click to see the drill-down report.
Drill-down items which have been viewed within the current report window are saved as
tabs at the top of the window. Click any tab to view the associated report. Use the Close
current view icon to delete a drill-down view and its tab.
Note
If the text in a field is truncated, hold the mouse over the field to see the complete
information.
Customizing Reports
Existing MailMarshal Reports can be customized with local parameters. These reports
can then be run simply by double-clicking. Customized reports may be based on existing
reports, or on the default report types.
Note
It is not currently possible for users to create new report types.
209
Reports Based on Existing Reports
Choose an existing report type to use as a template. Make a copy of this report by
dragging it to the desired location while holding down the <CTRL> key.
Note
If the <CTRL> key is not held down the existing report will be moved.
Edit the copy of the report by double-clicking it (or right-click and select Properties).
Within the Report Properties dialog, make any desired customizations and changes.
To allow the report to be run without confirmation, uncheck the box Request
parameters before running report.
When satisfied, click OK in the Report Properties dialog. The custom report is now
available.
Reports Based on Default Types
Select the group (folder icon) where the custom report is to be placed. Choose New >
Report... from the Action menu to use the New Report wizard.
Complete the pages of the wizard to place the newly customized report in the group.
Details of the information required are given in “Report Properties” on page 203.
Exporting Reports
MailMarshal Reports can be exported (saved) in a variety of formats (as provided by the
Crystal Reports engine). The presentation quality varies depending on the format
selected. In general the best formats to use are: Crystal Report, DHTML, text, Excel, and
RTF.
210
User Guide
Export may be started by right-clicking on the report name and choosing Export, or by
clicking the Export icon from the report window toolbar.
Note
Drill-down pages are only available in the Crystal Report 8.0 export format. All other
export formats show only the main report view.
Export Options
The Export Options dialog is presented when Export is selected (from the report
window or by right-clicking on a report name).
This dialog can also be accessed by right-clicking on a report name and choosing Export
Options. The options selected are retained as the defaults for the report instance.
211
On the first page of the Export Options dialog, choose how to create the export.
• File: saves the export as a file. A name will be entered by default. To select a specific
name, use the browse button or type a file name in the field.
• Application: opens the export directly in the required application (such as Internet
Explorer or Lotus 123). Uncheck the box Use Temporary File to save the data in a
permanent named file as well.
• Email: attaches the exported data to an email message using the default email
application.
Depending on the type of export chosen, additional options may be available.
Email Options
The report will be attached to the email as a file of the type chosen in the export options
page.
• Send to: Enter the email address to which the message should be sent.
• Copy to: Optionally enter an email address to which the message should be CC'd.
• Subject: Optionally enter a subject for the email message.
• Message: Optionally enter a message body describing the attachment.
HTML Options
• Generate navigation buttons: add links at the bottom of each page to jump to the
first, next, previous, or last page of the report.
• Create all output on one page: Use one HTML document for all output. Page
divisions will be indicated graphically.
Pagination Options
• Lines per page: set the number of output lines between page break characters, using
the spin box. This option is used for export of a report to paginated text.
212
User Guide
Separator Options
These options are used when creating a values text file (character separated values,
comma separated values, data interchange format, and tab separated values).
• Format numbers as in report: Numbers are output with text formatting (such as
comma separation of thousands). Unchecking this option causes numbers to be
output in a basic format.
• Format dates as in report: Dates are output with text formatting. Unchecking this
option causes numbers to be output in a basic format.
The following additional options are available for character separated values only:
• Field separator: the character (or characters) marking the boundary between two
fields. In addition to printable characters, special separators include:
Field Entry
Separator used
\t
Tab character
\n
New Line character
\r
Carriage Return
\0
NUL character (Hexadecimal 00)
\\
\ (backslash)
\xHH
Any character (two hexadecimal digits)
• String delimiter: the character (or characters) marking the beginning and end of
field text. The same choices are available as for field separators. This field may also be
blank, in which case no delimiter is inserted
213
214
User Guide
Chapter 19
Arrays
MailMarshal provides support for arrays of servers.
Configuration information can be replicated from a master server to other servers in the
array.
Most often, all servers in the array will service a single gateway.
Multiple servers can log to the same SQL database. The log records show which server
processed a specific message. Reports will cover activity on all servers.
Chapter 19 • Arrays
215
Each server in the array could be running Microsoft Windows Network Load Balancing
(NLB) Clustering to share an IP address. Email will flow through this array in the same
way as through a single MailMarshal server.
Configurator:
Master IP
Port 19001
Email Admin
MailMarshal
Master Server
Firewall
Internet
Email Server
Replication
MailMarshal
Slave Server
Microsoft NLB
Cluster
SMTP Traffic:
Cluster External
IP Port 25
SMTP Traffic:
Cluster Internal
IP Port 25
It is also possible to configure arrays with separate servers for inbound and outbound
traffic, or separate servers for different local domains.
Arrays can also be used to replicate content security rules between geographically
separate gateways. In this case the logging databases and delivery information would
typically be different for each gateway.
Note
Replication requires several RPC related NetBios ports to be open on all servers. The
master server must have access to the Windows Registry on all other servers. For these
reasons, replication across the public Internet is not recommended.
216
User Guide
What Information Is Replicated?
The following configuration elements are replicated by default. (You can also exclude
certain items from replication; see “Replication Exclusions” on page 224 for more
details).
• Rulesets and Rules.
• Rule Elements, such as User Groups, Folder names and settings, TextCensor Scripts,
and Schedules.
• Database configuration for logging and Certificate storage (MailMarshal Secure).
• LDAP import configuration (used for User Group synchronization with other email
systems).
• Server Properties configuration.
• User account and connection details.
• POP3 Accounts (see “Replication Exclusions” on page 224 for cautions).
• Product License Keys.
• Custom filetype signatures.
What Are the Limitations of Replication?
Prerequisites
The following prerequisites must be loaded manually on each server before the associated
rule changes are made:
• Virus scanning software used in Rules.
• External Command executables.
• Cryptographic Providers (used by MailMarshal Secure only). The defaults provided
with the Windows operating system will be sufficient in most cases.
217
Manual Settings
The following configuration elements must be copied or added manually on each
member of the array:
• Private Keys for S/MIME encryption and decryption (MailMarshal Secure).
• The Host Name entry (not required in most installations; see “Host Name or Unable
to Determine the Domain” on page 248).
Items Not Replicated
The following configuration elements cannot be replicated:
• The ValidFingerprints directory. (The list of Valid Fingerprints will be maintained for
each server.)
• Updated SpamCensor files. (Each server must retrieve the updates individually from
the Internet.)
• The contents of the MailMarshal Folders.
Note
Replicating the contents of these items using Microsoft replication tools may be
possible; however this solution is not recommended or supported by Marshal.
When an array is configured, all configuration changes should be completed through the
array master server. Changes made directly on other servers will be overwritten by the
next replication.
When MailMarshal is updated to a new version, all servers in the array must be updated at
the same time. After updating all servers, reload the array configuration.
Configuring Arrays and Replication
A new array can be created, or a MailMarshal server can be joined to an array, from the
Services and Arrays node of the Configurator.
218
User Guide
When this node is selected in the left pane of the MMC, the status of the MailMarshal
services and array members (if any) is shown in the right pane.
For each server configured in an array, the server name and array logging ID are shown.
The status column indicates whether the server is running or some services are stopped,
and any other problems. The master server in the array is indicated.
To create a new array using the current server as master, click the Create/Join Array
icon in the toolbar to start the Array Wizard.
To add a server to an existing array, click the Add A New Member icon in the toolbar to
start the Array Wizard.
It is also possible to join a server to an array during initial server configuration. For details
of this process, see “Configuration Wizard” on page 18.
Note
Before you add or delete servers from an array, make sure that the MailMarshal
Configurator you are using is the only one running. If another Configurator is running,
you will be notified. Close the other Configurator and try again.
Array Wizard
This Wizard is used to create a new array of MailMarshal servers or add servers to an
existing array.
The initial page of the wizard indicates whether you have chosen to create or join an
existing array, or to add another server to an array. Click Next to continue.
219
Create or Join Array: If you have chosen to create or join an array, this page is shown.
Choose whether to create a new array or join an existing array.
If you create a new array, the server you are connected to will be the master of the new
array.
If you choose to join an existing array, enter the name of a server in the array. You can
browse the network neighborhood by clicking Browse [...].
Click Next to continue to the Array Member Logging ID page.
220
User Guide
Add Array Member: If this server is already part of an array and you have chosen to add
a member, this page is shown. Enter the name of the new server to be added. You can
browse the network neighborhood by clicking Browse [...]. Click Next to continue to the
Array Member Logging ID page.
221
Array Member Logging ID: On this page of the wizard, select a letter which will
uniquely identify the server you have just added. This letter will be used to identify the
server in log records and message names. You can choose any letter that is not already in
use in this array.
Click Next to continue.
222
User Guide
Array Replication Values: If you are creating a new array, this page will be shown. This
page also appears when you view the properties of an existing array.
Select the items to be replicated. The following choices are available:
• Tightly coupled array: Select this choice to replicate all settings that can be
replicated, including the database location and connection information. (See earlier
sections of this chapter for a discussion of the settings that can be replicated.) This
selection is appropriate where an array of MailMarshal servers is used at the same
gateway location.
• Geographically separated array: Select this choice to replicate content security
settings only. The following items will not be replicated (see “Replication
Exclusions” on page 224 for more information):
- Logging and S/MIME database location and connection accounts
- Internet connection details
- LDAP connection details
223
- DNS settings
- Forwarding host setting
• Custom: Select this choice to activate the list of individual items. Select items to be
replicated by checking the boxes in the list. See “Replication Exclusions” on page 224
for more information on each item.
Click Next to continue to the final page of the Wizard. Information about the changes
that will be made is shown.
Click Finish to commit the changes. If a new server has been added to an existing array,
the configuration will be replicated to the new server. The Replicate Configuration dialog
allows you to monitor the replication.
Note
Before putting any additional servers into production, make sure that all elements not
included in replication are installed on all servers.
Replication Exclusions
When you are replicating configuration to an array, you may wish to exclude some
configuration items. You can choose which items to exclude within the Array Wizard
when you create an array. All servers within the array will have the same exclusions.
Typically all items will be replicated where the array services a single gateway. Some items
may be excluded where replication is used to maintain common content security rules
between multiple gateways, or in other special cases.
The following items can be excluded:
• License Key: Typically the MailMarshal license key will be identical for all servers
within an organization. However, if different members of the array accept email for
different local domains, they will have different license keys.
• Logging Database information: Having all members of an array log to the same
database allows reporting to cover the entire array. If the array covers multiple
geographically separated gateways, a separate logging database should be configured
close to each MailMarshal server. The database name/location and login details
(Logging tab of Server Properties) are affected by this setting.
224
User Guide
• Internet Connection details: If the array covers multiple geographically separated
gateways, Internet access from each may be through a different proxy server. The
server name, port, and login details (Internet Access tab of Server Properties) are
affected by this setting.
• Local Domains: The servers in an array can process messages for different local
domains. This could be true either for a single gateway or separate gateways. The
information on the Local Domains tab of Server Properties is affected by this setting.
Note
Remember that servers configured with different Local Domains require different
license keys.
• User Groups: If the array covers multiple geographically separated gateways, each
will have a different internal email server and different users. User Group
membership can be different.
Note
Remember that all User Groups named in the rules must exist on all servers.
• LDAP connection details: If LDAP is used to retrieve user group information
from separate internal email servers at geographically distinct gateways, different
LDAP connections may be required to populate the user groups. See the LDAP
Connections node of the Configurator.
• POP3 Accounts: When ESMTP authentication by POP3 account is in use, account
information should be replicated. See the POP3 Accounts node of the Configurator.
Note
POP3 accounts should generally not be used for email delivery on an array, since
there would be no single location from which clients could collect email. POP3
accounts could be used for email delivery if each array member processes messages
for different local domains.
• DNS settings: MailMarshal servers in an array could require access to different
DNS servers, particularly when they are geographically separate. See the Delivery tab
of Server Properties.
225
• Forwarding host: If MailMarshal is configured to send all outgoing email to a
specific host, geographically separate gateways will probably send through different
hosts. See the Delivery tab of Server Properties.
• Certificate database location: When MailMarshal Secure is in use, the Certificate
database is used to store information relative to S/MIME certificates. If the array
covers multiple geographically separated gateways, a separate certificate database
should be configured close to each MailMarshal server. Even where only one gateway
is involved, for speed and availability a separate database could be configured using
MSDE on each MailMarshal server. See the Secure Email tab of Server Properties.
Note
If more than one Certificate Database is used, you must have a system to guarantee
that the information in the databases is replicated appropriately. Private keys
associated with certificates cannot be replicated automatically and must be copied to
each server.
Managing an Array
All changes to replicated information should be completed through the array master
server. Changes made directly on other servers will be overwritten by the next replication
(subject to the Replication Exclusion settings).
If you open the MailMarshal Configurator to a server which is not the master of the array
it belongs to, you will be given the chance to connect to the array master instead.
To make configuration changes, use the MailMarshal Configurator as usual. Make sure
that any external items, such as virus scanner software and external commands, are
present on all members of the array.
226
User Guide
If changes require rules to be reloaded or services to be restarted, you will be notified as
usual. Click the Reload icon on the toolbar. A dialog allows you to apply your action to
all servers in the array, or the local server only. The Reload progress dialog details the
actions MailMarshal is performing to update the array.
Note
If you have chosen to reload and/or restart automatically, this process will be applied to
all servers.
Information on using the Console to manage email flowing through an array of servers is
given in Chapter 20, “The Console” and Chapter 22, “MailMarshal and the MMC.”
Making Changes to an Array
To add servers to an array, see the discussion earlier in this chapter.
To promote a server to be the master server of an array, expand the Services and Arrays
node, highlight the desired server, and click the Promote icon in the toolbar.
To delete a server from an array, select it in the right pane then click the Delete icon in
the toolbar.
227
When a server is deleted from an array, it will continue to process email using its current
configuration settings. After deleting a server from an array, you can change its
configuration by connecting to it directly with the Configurator. If this server is no longer
part of the same gateway, you should change the logging database location so that Mail
History and Reports can be viewed separately.
Note
You cannot delete the master server from an array. If the current master server must be
deleted, promote another server to master first.
To adjust array replication properties and exclusions, select the Services and Arrays
node then click the Properties icon in the toolbar. The Array Member Replication
Exclusions page will be shown. For details of this page, please see the section on the
Array Member Replication Exclusions page of the Array Wizard, earlier in this chapter.
Any changes will affect all servers in the array and will take effect when you click OK or
Apply.
Updating MailMarshal Arrays
When MailMarshal is updated to a new version, all servers in the array must be updated at
the same time. Any remotely installed Configurator or Console must be updated before it
can be used.
After updating the software on all servers, reload the array configuration.
228
User Guide
Chapter 20
The Console
The MailMarshal Console is used for day-to-day administration of the MailMarshal
Server. Actions available from the Console include:
• Viewing the status of the MailMarshal services.
• Viewing information on queued outbound email messages.
• Reviewing messages that MailMarshal has moved or copied to folders.
• Releasing or reprocessing messages from folders if appropriate.
• Viewing a list of messages processed and their disposition.
• Searching for messages by header information (address, subject, etc.).
• Viewing service alerts.
• Viewing the status of Mail Batching, if configured.
• Viewing news and support information from the Marshal web site.
The Console is installed on the MailMarshal Server computer and may also be installed
on any Windows 2000, Windows XP, or Windows Server 2003 workstation in the local
network. For prerequisites and detailed instructions, see Chapter 3, “Installation.”
The Console is implemented as a snap-in to the Microsoft Management Console (MMC).
For general information and tips on the MMC, see Chapter 22, “MailMarshal and the
MMC.”. This manual assumes that the MMC is displaying the left (menu tree) pane as
well as the right (details) pane.
Chapter 20 • The Console
229
Connecting to the MailMarshal Server
When the Console is first run, or if one console is used to connect to more than one
Server, it is necessary to make a connection. Select Action > Connect to Server from
the menu.
Note
To include connections to more than one Server in a single Console, see Chapter 22,
“MailMarshal and the MMC.”
Choose the name of the server from the drop-down list, or browse the network using the
button provided. If the Server expects connections on a port other than the default
19001, enter the correct value. (To change this value at the Server, in the Configurator see
Server Properties > Advanced.)
To connect as a user other than the current Windows user, select the appropriate radio
button then enter the user information.
Click OK to attempt to connect.
230
User Guide
Console Security Issues
MailMarshal Console uses the Windows secure RPC mechanism to communicate with
the MailMarshal Server. A console user must have an account and password that can be
validated by the MailMarshal Server. If the MailMarshal machine is in a different domain
you can either set up a trust relationship or create local accounts on the MailMarshal
Server computer. If the Console and the Server are separated by a firewall (e.g. if the
Server is located in a DMZ), port 19001 must be opened in the firewall to allow remote
Console access.
To view the email in the quarantine folders the account in use must have read access to
the folders. If you wish to make changes to items (e.g. forward email, kill messages) the
account will also need write access. Access to the folders should be limited by using
Windows security.
To implement access control for other features, edit the access permissions on the
MailMarshal.key file (in the MailMarshal folder on the server). Read access to this file
allows the user to view the service status, queued domains and mail history. Write access
to this file gives the ability to kill messages, dial now, retry domains and reload services.
The Main Console Screen
In the left pane, expand the element MailMarshal Console to see the console menu
tree. Select MailMarshal Console to view the main Console screen in the right pane.
This screen provides summary information on MailMarshal operation.
The top section displays the status, version number, and number of messages processed
for each MailMarshal Service. Click View Detailed Status to see details in the
MailMarshal Services screen.
The middle section displays recent Service Alerts. Click View Alert History to see a
complete list in the Alert History screen.
231
The bottom section displays information on Remote Access (dial-up connectivity) and
Mail Batching, including the next scheduled send and polling times. Click Send/Receive
Now to initiate an immediate check and dispatch of queued messages.
Note
Messages processed today for each service will not generally be equal. Not all messages
received are delivered (e.g. due to quarantine Rules), and MailMarshal’s notification
messages are delivered but not received.
232
User Guide
The Services Screen
Select the item Services in the menu tree to view the Services screen in the right pane.
The upper pane of this screen gives information about the MailMarshal Receiver; the
lower pane gives information about the MailMarshal Sender.
Receiver State
The following information about the Receiver is available:
Internal Msgs: the number of messages, addressed to recipients in MailMarshal’s local
domains, which have been processed today.
External Msgs: the number of messages, addressed to recipients outside MailMarshal’s
local domains, which have been processed today.
233
Message details: a pane shows details of each message being processed by the Receiver,
and its status.
Active Threads: the number of messages currently being processed by the Receiver
service.
Licensed Users: the number of users recorded in the MailMarshal License Key.
Current Users: the number of local email addresses from which email has been received
in the last 28 days.
Note
The Current Users value will be displayed in red if the value exceeds the licensed number.
Rule processing and sending will continue as normal. If this condition persists,
please contact Marshal or your reseller to obtain additional licenses.
Sender State
The following information about the Sender is available:
Internal Msgs: the number of messages, addressed to recipients in MailMarshal’s local
domains, which have been processed today.
External Msgs: the number of messages, addressed to recipients outside MailMarshal’s
local domains, which have been processed today.
Message details: a pane shows details of each message being processed by the Sender,
and its status.
Active Threads: the number of messages currently being processed by the Sender
service.
Msgs Queued: the number of messages waiting to be sent.
Domains Queued: the number of unique Internet domains to which messages are
waiting to be sent.
234
User Guide
Sender Actions
A message visible in the detailed Sender list can be killed (deleted) by selecting it and
clicking the Kill Message button.
A detailed list of information about domains for which email is queued (waiting to be
sent) can be viewed by clicking the button View Domains (or the menu tree item
Queued Domains). The listing also shows the number of messages queued, number of
sender threads dedicated to this domain, number of times delivery has been attempted,
and the next retry time.
To delete all messages queued for delivery to a domain, select the domain from the list
and click the Delete icon in the toolbar.
Note
Be sure that you really want to delete all messages for this domain. This action may be
useful to quickly stop spam or virus generated email.
Domain Detail
Double-click on a domain record in the Queued Domains screen to view details in the
Domain dialog. The upper pane of this dialog shows a list of MX records found for the
domain. The lower pane shows details of each message awaiting delivery to this domain.
Highlight one or more messages in the lower pane then click Kill Message to delete the
messages. Click the Retry Domain Now icon in the toolbar to force an immediate
attempt to deliver messages to this domain.
Note
These actions will be grayed out if the user does not have sufficient permissions.
Message Folders
To view a list of MailMarshal’s message folders, expand the menu item Mail Folders.
These Folders include the Archive, Parking and regular folders into which messages are
placed through Rule action, as well as the Dead Letter folders used for messages which
cannot be processed, and the Mail Recycle Bin used to hold deleted items for a period.
235
To view the contents of a folder, select it in the left pane. The contents will be displayed
in the right pane. Folders may have subfolders created periodically if this option has been
set up in the Configurator. By default no more than 1000 items will be retrieved for each
folder. This number may be adjusted by choosing Tools > Options from the menu.
Note
Within the folders, the
icon denotes a message that contains a virus, which was not
successfully cleaned. Forwarding or passing through such a message is not recommended.
Message Folder Actions
To search for a message by its MailMarshal message name, use the search icon in the
toolbar. (If Mail History is enabled, a more powerful search is available; see “History
Search” on page 240.)
Messages in folders may be forwarded, deleted, processed, and viewed.
Notes
•
Message folder actions can be logged to the MailMarshal logging database for
auditing purposes. Logging may have an effect on the speed of response, particularly
where a large number of items are affected. You can enable and disable logging of
message folder actions from the Logging tab of Server Properties (in the
MailMarshal Configurator).
•
Users who have read-only access to a folder cannot delete messages.
•
Messages in Archive folders cannot be deleted.
Forwarding a Message
To forward a message, select it then click the Forward icon on the toolbar (or open it then
click the Forward icon on the message window toolbar). To forward to multiple
addresses, enter them separated by semi-colons (e.g. GWB@example.com;
GHWB@example.com).
236
User Guide
Deleting a Message
To delete one or more messages, select them then click the Delete icon. The message(s)
will be sent to the Mail Recycle Bin folder. To delete the message(s) permanently, hold
down <SHIFT> while clicking the Delete icon.
Messages will be purged from the Mail Recycle Bin on the schedule associated with that
folder.
Restoring a Message
To restore one or more messages from the Mail Recycle Bin to their original location,
select them then click the Restore icon.
Processing a Message
One or more messages may be selected for processing. Clicking the Process Message(s)
icon raises the Process Message dialog. The following actions are available:
Continue processing the message: this option continues processing the message after
the Rule which placed it in the current folder. This action may be used to release a
message from quarantine while testing it for any further violations of policy.
Reprocess the message: this option resubmits the message for processing by the
current set of MailMarshal Rules. This option may be useful when rules have been
adjusted.
Pass the message through: this option allows the message to be queued for delivery
with no further evaluation.
If the checkbox Only apply this action to the following users is checked, the selected
option will be effective for one or more recipients of the message as selected using the
detail checkboxes.
Note
The “Continue Processing” and “Pass Through” options can also be requested using a
specially formatted email message. See “Message Release” on page 107.
237
The following additional options are available:
• Delete the message after processing (selected by default): Once the selected
actions have been performed, the message is deleted from the folder.
• Add attachment fingerprints: Attachments (including images embedded in MS
Word documents) will be saved in the folder ValidFingerprints (located in the
MailMarshal install folder). The unique “fingerprint” of each attachment will be
loaded by the MailMarshal Engine. These attachments can be the subject of a Rule
condition if they are found in the future. See the Standard Rule condition “where
attachment fingerprint is/is not known” for more details. All attachments, or only
images, may be “fingerprinted.”
Note
A file can be removed from the list of recognized fingerprints by deleting it from the
ValidFingerprints folder and reloading the configuration.
MailMarshal automatically deletes a fingerprint (and the associated file) if it does not
trigger a condition for six months.
Viewing a Message and Message Log
To view a message and its associated processing log (which indicates the reason for its
placement in the folder), double-click on it in a Message folder or History view.
The message headers may be examined by clicking the View Message Header icon in
the message window toolbar.
Note
Processing logs are only available if copied by the Rule which placed the item in the
folder. The message and log text may be truncated. See “User Options” on page 243 to
adjust the amount shown.
Interpreting Message Logs
A message log includes information on the structure of the message, and records any
Rules which it triggered and the reasons for triggering.
238
User Guide
The below figure shows a message which MailMarshal has identified as
BA0000000c.0000000c.mml. The message contains a message header (MHDR), two
message bodies (Text and HTML) (MBODY), an attached ZIP archive (ZIP), and an
executable file (EXE) included within the archive (inclusion is indicated by the
indentation of the line in the log).
The message log also indicates which Rules were applied to the message, which if any
were triggered, and what action was taken. The log line for a triggered Rule includes the
notation “TRUE” and actions taken follow this line. In the example below, the executable
triggered the rule “Block EXECUTABLE Files” in the ruleset “Inbound Messages”.
...
1452
1452
1452
1452
1452
1452
1452
15:44:57.576
15:44:57.576
15:44:57.576
15:44:57.576
15:44:57.576
15:44:57.576
15:44:57.576
1452 15:44:57.746
1452 15:44:57.746
1452 15:44:57.746
1452 15:44:57.756
...
1 user(s) match rule - Block EXECUTABLE Files
Name=U1\B000000001.00000001.mml (MAIL,55320) False
Name=U2\MsgHeader.txt (MHDR,602) False
Name=U2\Plain (MBODY,14) False
Name=U2\Fgrep.zip (ZIP,39657) False
Name=U3\fgrep.exe (EXEW32,82944) TRUE Terminal
Requesting Action <Inbound Messages:Block
EXECUTABLE Files:MailTemplate> be run
EXECUTABLE Files:LogMessage> be run
EXECUTABLE Files:MoveMessage> be run
Action LogMessage for Component U3\fgrep.exe
Action MoveMessage for Component U3\fgrep.exe
If a TextCensor script is triggered, the details of the script evaluation are included in the
log. In the following excerpt, two expressions in the Generic Chain Letters script were
triggered:
...
1452 16:02:24.551
1452 16:02:24.551
1 user(s) match rule - Block Chain Letters
TextCensor triggered: Script Generic Chain
Letters Triggered
Expression: chain letter* Triggered 1 times weighting 5
Expression: send this FOLLOWEDBY=6 (many OR all OR friends OR anyone
OR others OR people OR every*) Triggered 1 times weighting 5
1452 16:02:24.551
Name=U1\B000000002.00000001.mml (MAIL,2998) TRUE
Terminal ...
239
Mail History
Mail History is a record of recent messages processed by MailMarshal. By default no
more than 1000 items will be retrieved. This number may be adjusted by choosing Tools
> Options from the menu.
Note
If an array of MailMarshal servers is configured to log to the same database, the Mail
History will include items processed by all servers. However, the Mail Folders include
only a single server’s items. To include connections to more than one Server in a single
Console, see Chapter 22, “MailMarshal and the MMC.”
This information is derived from the report logging database, so logging must be enabled
to view the history.
To view the history, select Mail History in the console tree.
Messages which were successfully sent display a yellow envelope icon and Sent To:
information in the Status column.
Messages which passed the Rule processing but could not be sent display an icon with a
red “x” and the failure reason in the Status column.
If a message triggers a rule which generates a logging classification, the icon will be blue
and the Status column will display the text associated with the classification. In addition,
the Class Code column shows the numerical logging classification code.
Double-click any message to view it. Only messages held in the MailMarshal Folders may
be viewed.
History Search
Messages in the MailMarshal Message History may be searched by size, header
information, or delivery time.
To start a search, select Mail History or History Search Results, then choose Action
> Search from the menu.
240
User Guide
The following search criteria may be used in the Search Details dialog. The results are
available by double-clicking the History Search Results node in the menu tree. All fields
are optional.
• Period: Enter “from” and “to” dates and times (or select them using the date
controls and spin boxes). The button provides the pre-configured settings for
“yesterday”, “today”, “last hour”, and “last 24 hours”, as well as “Now” which resets
the “to” time to the current time.
• Size: Enter a minimum message size (and optionally a maximum size). Choose
whether these sizes are expressed in Kilobytes or Megabytes. The default is to search
for all messages regardless of size (minimum size of 0).
• Sender: Enter values for the user and domain. To search for all messages from a
domain, leave the user field blank. To search for messages from or to an address,
check the “or receiver” checkbox.
• Recipient: Enter values for the user and domain as for the sender.
• Subject: Enter a value.
241
• Delivery time: Enter a minimum value in seconds.
• Classification: Enter a numerical classification code (as defined in the Configurator
under Logging Classifications). Enter zero to ignore classification codes.
Note
It is always possible to search for messages by their MailMarshal Message Name,
regardless of the Logging setting. See “Message Folder Actions” on page 236.
Wildcard Functions
The Sender, Recipient and subject fields may be searched using the same wildcard syntax
supported in the Configurator for local domains. For a full description of the syntax, see
“Wildcards” on page 170.
A menu of available wildcards is available through the button at right of each field. The
following functions are available:
Any Character:
Match any single character (inserts “?” into query).
Any String:
Match any number of characters (inserts “*” into query).
Character in Range:
Match any character in the given range (inserts [ ] into query; add a range of
characters e.g. a-z).
Character not in range:
Match any character not in the given range (inserts [^] into query; add a range of
characters e.g. a-z after the ^).
All:
show all items without limits.
Starting With:
show items starting with the characters entered.
Ending With:
show items ending with the characters entered.
242
User Guide
Containing:
show items containing the characters entered.
Alert History
To view a historical list of service alerts, select Alert History in the menu tree.
User Options
You can adjust several options for convenience in using the Console. To open the
Console Options dialog, select Tools > Options from the menu.
243
The following options can be adjusted:
• Maximum history items to retrieve: This setting affects the number of items
shown in the message history and history search screens.
• Maximum folder items to retrieve: This setting affects the number of items shown
when viewing any folder.
Note
For history and folder items, the number of items actually retrieved is shown in the
Console window status bar. You may wish to increase the values if the maximum
number of items is being retrieved. Increasing the values may slow the console
performance.
• Maximum message and log text to retrieve: This setting affects the amount of
message text and log text shown when viewing a message in the message window.
The message text will be truncated after the number of bytes selected. The log text
will be truncated in the middle so that the beginning and end of the log are always
shown. The truncation of the log text is indicated by an ellipsis (...) in the text.
• Services screen refresh interval: This setting controls the frequency with which the
Console polls the MailMarshal services to update the queued domains and messages
sent/received information.
News and Support
Select this item to view the Marshal website in the right pane. This site features the latest
support information, including a Knowledge Base and a User Forum. To access the full
range of resources, customers should log in to the site. Obtain login details, if necessary,
by contacting Marshal.
244
User Guide
Chapter 21
Troubleshooting
A number of problems may arise when using email systems that can interfere with
MailMarshal operation. Therefore, if a problem occurs it may be that MailMarshal is
reflecting an external or internal email or network problem.
When analyzing problems, the following resources may be useful.
MailMarshal Console
Check to see that the MailMarshal services are running. The Alert History shows stop
and start information for each service. If necessary, restart the services using the
Configurator.
Note
If the MailMarshal Controller service is stopped, the other services cannot continue and
the Console and Configurator will indicate “Failed to Connect”. Restart the MailMarshal
Controller using the Windows Control Panel Services applet.
Check the Console Services screen to see whether email is being processed. Check the
Mail History screen to see whether email has being sent, and any errors that the Sender
may have encountered. If there are many “Failed to connect” or “Unable to resolve
domain” messages this usually indicates a downstream network, SMTP, or DNS problem.
Chapter 21 • Troubleshooting
245
Windows Event Viewer
If there are difficulties when starting any of the MailMarshal services, or there are any
pop-up error messages, start the Windows Event Viewer and check the application log.
MailMarshal Working Directories
Check the MailMarshal sub-directories to see where email messages are trapped.
The normal flow of email is as follows: The MailMarshal Receiver accepts SMTP
connections for all email (both inbound and outbound). Receiver Rules control the
rejection of messages at this point. The Receiver places each accepted message in a file in
the Incoming directory. The Engine then retrieves each message file from the Incoming
directory, unpacks it and processes it according to the Standard Rules. A message which is
not blocked or moved by a Rule is placed into the ProcessedOK directory. The Sender
then takes the message file from that directory and places it in the Sending directory for
delivery.
Note
If MailMarshal Secure is installed and Secure Email Rules are in use, files from the
Incoming folder are processed by the MMDecrypt service which places the files in the
Decryption folder for the Engine. Messages to be sent are placed in the Encryption
folder for processing by MMEncrypt.
Email queued in the Incoming directory indicates a problem with the Engine service–
either the engine has stopped or the rules are incorrectly configured. Email queued in the
Sending directory points to a problem with the sender service.
246
User Guide
MailMarshal Message Names
MailMarshal assigns a name to each message it processes or generates. These names are
used as the file names for message files and the associated log files; they are also used to
identify the messages in log files.
Message names beginning with “B” are SMTP messages which MailMarshal receives and
processes. Notifications generated by the MailMarshal Sender have names beginning with
“C”. Notifications generated by the MailMarshal Engine have names beginning with “D”.
Notifications generated by the MailMarshal Controller have names beginning with “E”.
When an array of MailMarshal servers is configured to log to the same database, the
second letter of the message name is the array ID of the server that processed the
message.
In addition to MailMarshal’s message names, the SMTP Message ID of each message is
retained throughout processing and recorded in the processing logs.
MailMarshal Log Files
Each MailMarshal service creates its own daily log file. Routine processing and problems
encountered are all recorded in these log files. The most recent information is at the end
of the log file. The files are found in the MailMarshal Logging Directory. By default the
last 5 days of log files are kept.
Running MailMarshal in Debug Mode
MailMarshal services can also be run in debug mode from a command prompt. Using
this facility, the user can see the results of the system logging in real time–which is
particularly useful for resolving problems, testing new rules, or determining why a service
fails to start.
To use this facility, ensure that the service(s) to be debugged are stopped. Then go to the
MailMarshal directory and enter one or more of the following:
247
mmengine -debug
mmreceiver -debug
mmsender -debug
For example, to test the passage of a particular email message, run the Receiver and
Engine services in debug mode. Use an email client (such as Outlook Express) to send
email and monitor its progress through the Receiver and Engine.
Some Common Issues
Error 2140
This message is a generic Windows error message meaning that one or more of the
services were unable to start. The error may be related to invalid TextCensor scripts or
other setting problems.
To determine the specific cause of the error, first check the Windows event viewer
(application log), or the MailMarshal logs. If necessary start the MailMarshal services in
debug mode.
Host Name or Unable to Determine the Domain
The following message may appear in the Event Log: “Unable to determine the domain
this machine belongs to. Check the TCP/IP protocol properties for a valid domain
name.” Alternatively, a Host Name page may appear in the Configuration Wizard
requesting that a Host Name be set.
MailMarshal requires a domain to be specified. This information is used when sending
and receiving SMTP email. The Primary DNS suffix of the computer should be set to the
email domain name of the MailMarshal Server (e.g. ourcompany.com)
In Windows 2000, this information should be entered as a Primary DNS setting (in the
Control Panel under System > Network Identification > Properties > More).
In Windows XP this information is entered in the Control Panel under System
Properties > Computer Name > Change > More.
248
User Guide
If the Host Name is entered in the Configuration Wizard, it can be edited from the
General tab of the Advanced Properties dialog.
Moving MailMarshal to a New Server
When moving the MailMarshal Server to a new computer, the following steps are
required:
1. Export the MailMarshal configuration from the old server (using the Advanced tab
of Server Properties
2. Import the configuration to the new server.
3. Copy the file UserGroups.txt, the file filetype.cfg (if present), and the contents of the
subdirectory ValidFingerprints from the old MailMarshal install directory to the new
one.
4. To continue logging to the existing MailMarshal database, copy the file SequenceFile
from the old MailMarshal install directory to the new one. Failure to do this will
corrupt the database.
5. Ensure that email routing is adjusted to use the new server (both inbound and
outbound).
For additional information on MailMarshal Server and database migration please see
Marshal Knowledge Base article Q10409.
DNS Blacklists
MailMarshal can use DNS blacklist based validation in Receiver rules and in Category
Scripts (including the user defined portion of the SpamCensor facility).
249
If MailMarshal is attempting to query a blacklist server that is not responding, processing
of the specific message will be delayed until the request times out repeatedly (about 75
seconds). MailMarshal will then place the affected server on a watch list. MailMarshal will
not attempt to contact this server again for at least 60 seconds. MailMarshal will continue
to process messages without checking against the specific blacklist.
Note
A remote server may fail to respond due to transient network conditions, because it is out
of service, or in some cases because you do not have a subscription.
DNS blacklist activity is recorded in two MailMarshal log files: the Receiver log (for
Receiver rules) and the Engine log (for Category Scripts). Examples of messages you may
see in these logs are:
• DNS Blacklist look up failed. blacklist.example.com could not be
contacted
• DNS server is now reachable.
• 192.168.1.2 listed in <Example Blacklist>
Reports Issues
These errors are most likely to occur where the default “sa” SQL authentication is not
being used.
Unable to determine if [Name] is a valid MailMarshal database
This error indicates that the “GetVersion” stored procedure could not be run or returned
an unexpected result. Generally this means that the database is not a MailMarshal
database.
This error may also occur if the user has no execution rights for GetVersion. To resolve
this issue, connect to the database (from MailMarshal Reports) as a user with
administrative rights. Once an administrator has used the reports database, all users are
automatically granted the right to execute GetVersion
250
User Guide
SQL script could not be loaded
This error indicates that the user does not have sufficient rights to initialize the stored
procedures in the database. If this occurs, connect to the database (from MailMarshal
Reports) as a user with administrative rights. Select Tools > Load SQL Scripts. The
result should be “SQL scripts successfully loaded.”
SQL scripts failed to load. View errors?
Click Yes to see the Load Errors dialog (also available by right-clicking on the
MailMarshal Reports root in the left pane of the MMC). This dialog provides the detailed
error message. Most errors will be related to database permissions.
Further Help
For any problems not listed here, please see the Knowledge Base and Forum on the
Marshal website. If these resources do not resolve the issue please contact your Marshal
Distributor or Marshal’s support desk.
Web: http://www.marshal.com/support
Email: support@marshal.com
251
252
User Guide
Chapter 22
MailMarshal and the MMC
The MailMarshal Configurator and Console are implemented as snap-ins to the
Microsoft Management Console (MMC). Users of other MMC applications (such as
WebMarshal Console and Microsoft SQL Server) will be familiar with this interface.
By default, the MMC features a tool bar, a menu, and two main panes. The left pane
contains a menu tree, while detailed information appears in the right pane.
• To expand an element (branch) of the menu tree, click on the associated + symbol.
This will show the elements contained within this branch.
• To select an item in either pane, click on it to highlight it.
• Selecting an item in the left pane will display the associated detail information in the
right pane.
• To collapse an expanded menu element click on the associated -symbol.
• If the left pane is not visible, click the Show/Hide Console Tree icon in the toolbar.
It should appear “pushed in.”
Note
The tool bar and menu bar of MMC are context dependent. The available icons and
choices depend on which item is selected in the main panes. If an icon referred to is not
visible, ensure that the appropriate item is selected. For instance, the arrow icons, which
allow rules to be moved up or down in order of evaluation, are only visible when a rule is
selected in the right pane.
Chapter 22 • MailMarshal and the MMC
253
While this Guide usually refers to choices from the tool bar, in many cases the MMC also
provides equivalent choices from pop-up context menus, which are made available by
right-clicking on the selected item.
Configurator and Console in the Same MMC
Where more than one MMC snap-in (such as the MailMarshal Configurator, MailMarshal
Console, and WebMarshal Console) is to be used from the same machine, a new MMC
Console can be created which contains all the required snap-ins.
To create a custom MMC Console, run mmc.exe from a command prompt. Choose File
> Add/Remove Snap-in from the main menu. In the Add/Remove Snap-in dialog,
click Add to see a list of available snap-ins. Double-click each desired snap-in to add it to
the list. When done, click Close, then OK.
To save the custom Console, choose File > Save from the main menu. Select a location
for the .msc file.
Double-click this file to run the custom console.
Note
Only one instance of the MailMarshal Configurator may be active per MailMarshal
Server. Attempting to start a second Configurator results in the notice “MailMarshal
settings are locked.”
Multiple Console Snap-ins in the Same MMC
If an array of MailMarshal servers is in use, it may be useful to include multiple Console
snap-ins in the same MMC.
A new MMC Console can be created which contains more than one instance of the
MailMarshal Console snap-in. This will allow access to the Mail Folders, queued domains,
and service information for each server.
254
User Guide
Create a custom MMC Console as above. Add as many instances of the MailMarshal
Console as there are MailMarshal servers.
For each MailMarshal Console, a Connect to Server dialog will be presented. Enter the
appropriate details for the various servers.
Note
Enter the server names explicitly (rather than “localhost”) to make this custom file usable
from any server which has the MailMarshal Console installed.
Chapter 22 • MailMarshal and the MMC
255
256
User Guide
Appendix A
Other Email Servers
Typically MailMarshal receives inbound email, processes it, then relays it to the
organization’s internal email server as specified in the Local Domains list. Outbound
email is passed from the internal email server to MailMarshal for processing and external
delivery. See Chapter 2, “Pre-Installation” and Chapter 3, “Installation.”
Once MailMarshal has been installed, the internal email server software must be
configured to send outgoing email to MailMarshal for processing and delivery.
Appendix A • Other Email Servers
257
Where MailMarshal is installed on the same computer as the existing email server
software, the two applications must use different “ports” to receive email In this case, the
following steps are typically necessary:
• As the MailMarshal receiver is now accepting SMTP traffic on port 25, change the
SMTP port that the other email server uses for SMTP (port 97 is usually available,
although any free TCP port will do).
• Configure the other email server software to forward all Internet email to the local
machine (use the “localhost” IP address 127.0.0.1, port 25).
• Check that MailMarshal is configured, via its Local Domains information, to forward
all inbound email to the local machine on the alternative port (again, use the localhost
IP address and port, e.g. 127.0.0.1:97). Specific details for configuring Microsoft
Exchange 5.5, Lotus Notes 4, and Lotus Domino R5 are given below. For more
detailed information, and to configure other email server software, please refer to the
product documentation for the other software. The Marshal Knowledge Base also
contains some additional setup information.
Note
The following integration examples assume SMTP connectivity has been set up and
is running properly–all that is required here is the introduction of MailMarshal to an
already operating environment.
Configuring Microsoft Exchange 5.5
Exchange 5.5 and MailMarshal on Separate Machines
On the Microsoft Exchange Server, run Microsoft Exchange Administrator. Under the
Configuration container, select Connections, then select Internet Mail Service.
258
User Guide
Under the Connections tab, change the Message Delivery option from DNS to Forward all
messages to host, and enter the MailMarshal server IP address, e.g. “10.1.1.1”. This will
ensure that outgoing messages are passed to the MailMarshal machine. Click OK.
Stop and start the Microsoft Exchange Internet Mail Service from the Services Control
Panel applet.
Exchange 5.5 and MailMarshal on the Same Machine
On the Microsoft Exchange Server, run the Microsoft Exchange Administrator. Under
Configuration, select Connections, then select Internet Mail Service.
259
Under the Connections tab, change the Message Delivery option from DNS to Forward all
messages to host, and enter “127.0.0.1” to identify the local machine. This will ensure that
out-going messages are passed to MailMarshal on the same machine as Microsoft
Exchange Server.
Because MailMarshal is installed on the same machine, Microsoft Exchange must be
configured to listen for SMTP traffic on a different port to the SMTP default of 25.
Microsoft Exchange uses the Windows NT services file to determine which port to listen
on for inbound SMTP messages. It is necessary to edit the services file to change the
default SMTP port for Microsoft Exchange to a new value, for example 97.
The Windows NT services file is located in the folder
%systemroot%\system32\drivers\etc
C:\WINNT)
(where %systemroot% is usually
In this folder, edit the file named Services using Notepad. Add an explanation and the new
port details.
Locate the text
smtp
25/tcp
mail
Comment out the line by prefixing it with the “#” character, and add the new material:
# smtp
25/tcp
mail
# Change default smtp port to 97 to allow both Microsoft
# Exchange and MailMarshal to exist on same machine
smtp
97/tcp
mail
Save the Services file and close Notepad. Stop and start the Microsoft Exchange Internet
Mail Service from the Services Control Panel applet.
Note
This example uses port 97, but any available port number may be chosen as long as it
does not conflict with any other service on the same machine.
260
User Guide
Configuring Lotus Notes 4
Lotus Notes 4 and MailMarshal on Separate Machines
On the Lotus Notes Server, shut down SMTPMTA from the Notes console. Open the
Public Address Book. Expand the Server section, and select the Connections view. Open
the Internet Hosts Document.
Change the Relay host field to the IP address of the MailMarshal machine, e.g.
“192.168.2.218”. This will ensure that out-going messages are passed to the MailMarshal
machine.
Restart the SMTPMTA.
Lotus Notes 4 and MailMarshal on the Same Machine
On the Lotus Notes Server, shutdown SMTPMTA from the Notes console. Open the
Public Address Book, expand the Server section, and select the Connections view. Open
the Internet Hosts Document.
Change the Relay Host field to “127.0.0.1” to identify the local machine. This will ensure
that out-going messages are passed to MailMarshal on the same machine as Lotus Notes.
261
Because MailMarshal is installed on the same machine as Lotus Notes, the SMTP
component must be configured to listen to a different port to the SMTP default of 25.
Lotus Notes uses the Notes.INI file to determine which port to listen to for inbound
SMTP messages. The file must be edited to change the default SMTP port for Lotus
Notes, e.g. “97”.
The Notes.INI file is located in the WINNT folder (e.g. C:\Winnt).
Using Notepad, edit the Notes.INI file and add the following item at the end of the file.
262
User Guide
SMTPMTA_IPPORT=
Then specify the port number on which MailMarshal was configured and to which
internal email is to be forwarded, e.g.
; Changed default smtp port to 97 to allow both
; Lotus Notes and MailMarshal to exist on same
; machine
SMTPMTA_IPPORT=97
Restart the SMTPMTA.
Configuring Lotus Domino R5
All changes must be made through Domino Server Administrator, and not by editing files
or using the Notes Client.
Lotus Domino R5 and MailMarshal on Separate Machines
Configure Domino to forward outgoing SMTP traffic to MailMarshal
1. Select the Domino Server for which the mail relay setting must be changed.
2. Click on the Configuration Tab.
3. Select Messaging, Messaging Settings.
4. On the Basics Tab find the entry for Relay hosts leaving the local Internet Domain;
enter the IP address of the MailMarshal server, e.g. 10.2.1.7.
From the server console or a remote session from the Domino Administrator type the
following
>Tell SMTP quit
Once the message that the SMTP service has stopped has appeared on screen type the
following
263
>load SMTP
The new settings should now be active. The SMTP listening ports can be checked by
typing
>sh tasks
Lotus Domino R5 and MailMarshal on the Same Machine
Change the SMTP Inbound port from port 25 to port 97
As MailMarshal will take over the role of listening for SMTP traffic on port 25, the port
that Domino listens on must be changed. You can use any unused port (Port 97 is usually
free).
1. Select the Domino Server for which the SMTP listening port must be changed.
3. Select Server, Current Server Document.
4. Click on the Ports Tab, then Internet Ports Tab, then Mail Tab.
5. Change the Mail SMTP Inbound setting from 25 to 97.
Configure Domino to forward outgoing SMTP traffic to MailMarshal
1. Select the Domino Server for which the mail relay setting must be changed.
3. Select Messaging, Messaging Settings.
4. On the Basics Tab find the entry for Relay hosts leaving the local Internet Domain;
enter 127.0.0.1.
From the server console or a remote session from the Domino Administrator type the
following
>Tell SMTP quit
264
User Guide
Once the message that the SMTP service has stopped has appeared on screen type the
following
>load SMTP
The new settings should now be active. The SMTP listening ports can be checked by
typing
>sh tasks
265
266
User Guide
Index
A
B
Acceptable Use Policy 1
Accounts (POP3) 89, 179
Actions. See Rule Actions
Active Directory 155
Administrator email addresses 25, 165
Advanced Options 192
Alert History 243
Alert history 229
Aliases, email 141
Anti-Relaying 187
Archiving 48, 113, 235, 236
Array of servers 2, 6, 173, 215, 240
Arrays 215
Attachment details, logging 29, 76
Attachment fingerprints 63, 77, 166, 238
Attachment parent 69
Attachments 62–72, 76, 77, 121, 125
Stripping 76
Unpacking Depth 193
Automatic Message Release 107
Backing up
Configuration 166, 192
Batching (Email Delivery) 177
Best practices 48, 95, 188
Block Receipt 84
Blocked Hosts 181
C
Category Scripts 72, 174
Certificates (S/MIME) 156
Classifications. See Logging Classifications
Conditions. See Rule Conditions
Configuration, import and export 19, 128,
166
Configurator 36, 39, 254
Console 34, 229, 245, 254
Contact Information xvii
Controller, MailMarshal 160, 195, 245
Crystal Reports 200
Index
267
D
F
Database
Logging 28, 199
Unavailable 29
Database, Logging 171
Dead Letter 98, 107, 111, 235
Debug Mode 247
Delivery, Email 9, 27, 167, 175, 177
See also Routing
Dial-Up 177
DMZ 15, 231
DNS 10, 11, 12, 16, 22, 25, 37, 184, 185
DNS Blacklist 83, 84, 183, 184
DNS Validation 185
Domains 10, 16, 28
Queued 35
See also Local Domains
Drill-down 209
Filtering 3, 54
Header Matching 145
Fingerprints. See Valid Fingerprints
Firewall 10, 11, 16, 26, 28, 35, 36, 167, 171,
175, 176, 231
Folder actions, Console 172, 236
Folders 111, 192, 235
Archive 235
Dead Letter 98, 107
Mail Recycle Bin 6
Parking 111
Security 231
Standard 112
E
H
Email Headers. See Header Rewriting
Email servers 11, 22, 32, 257
Email Templates. See Templates
Encrypted email 4, 48
Engine, MailMarshal 3, 55, 193, 246, 247
Error 2140 248
ESMTP 74, 80, 91, 193, 195
ETRN 179
Event Log 45, 185, 248
Exchange. See Microsoft Exchange
Exporting configuration 128, 166
Exporting reports 210
External Commands 69, 75, 105
Hardware Requirements 7
Header 141
Header Matching 70, 142, 145
Map Files 153
Header Rewriting 141
Help xv
History. See Alert History, Mail History
Host Validation 183
268
User Guide
G
Goto action 55, 79
I
Importing Configuration 19, 128, 166
Installation 17, 201
Internet Explorer 9
ISP 10, 11, 26, 175, 180
K
Keys, MailMarshal License 21
Knowledge Base 6
L
LDAP 86, 155, 160
License Key. See Keys
Licensing 190, 224, 225
Local Domains 10, 11, 22, 32, 59, 168
Local Part Relay Attempt 188
Localhost 14, 32, 258
Logging 28, 44, 133, 171, 199, 215, 216, 217,
222, 224, 247
Logging Classifications 133
Logs, Message 238
Lotus Notes 261
M
Mail
Batching 177
History 35, 240, 245
Recycle Bin 114, 235, 237
See also Email
MailMarshal Secure 2
MAPS. See DNS Blacklist
Message Folders. See Folders
Message Log 131, 238
Message Names 222, 247
Message Parking 64, 112, 113
Message Release 107
Message Stamp 76, 138, 139, 193
Microsoft Active Directory Server 157
Microsoft Exchange 2, 257
Microsoft ISA Server 33
Microsoft Management Console (MMC) 8,
253
Microsoft Proxy Server 2.0 33
Microsoft SQL Server 8, 201
Microsoft Windows Network Load
Balancing 216
Monitoring 39
Moving MailMarshal 249
MSDE 8, 18, 171, 202
MX Record 11, 22, 37
O
Online Help 6
Order of Evaluation 54, 79, 122, 124, 127,
149, 187
P
Pass Message to Rule 55, 75
Performance Monitor 45
Periodic Site Notifications 233
Permanent Key 191, 192
PGP 48
POP3 10, 22, 23, 43, 74, 82, 89, 168, 169, 179
Ports. See TCP Ports
Prerequisites 8, 217, 229
Process message 237
Proxy Servers 33
Q
Quarantine Folders. See Folders
Quarantined messages 112, 231, 237
Queued Domains 231, 234, 235
Queues, message 231, 232, 234, 246
Index
269
R
RAS 180
Receiver, MailMarshal 3, 33, 55, 77–80, 195,
233, 246, 247
Recycle Bin. See Mail Recycle Bin
Regular Expressions 149–154
Relay Domains 22, 167
Relaying 10, 81, 82, 91
POP3 Authentication 91
See Also Anti-Relaying
Release message 238
Reload Rules 41
Replication 217, 218
Exclusions 224, 225
Reports 8, 28, 171, 199, 200, 213
Exporting 210
Restoring Configuration 18, 128, 166
Routing, email 9, 10, 248
Rule based 76
RTF message stamping 139, 193
Rule Actions
Reciever 80, 83
Standard 74–79
Rule Conditions
Standard 61–74
Rule User Matching 59–60
Rules 54–84
Global Header Rewrite 186
Rulesets 47, 47–54
Enabling 54
Printing 49
S
S/MIME 4, 173
Scanners. See Virus Scanners
270
User Guide
Schedule 217
Folder 75, 113, 238
LDAP reload 86, 159
Mail Batching 177, 232
Ruleset 50–51
Security Issues 115, 160, 192, 231
Sender, MailMarshal 3, 193, 194, 195, 235,
245, 247
Server Properties 163–192
Server Threads 196
Service Alerts 231, 244
Services MailMarshal 32, 41, 233, 245
SMTP 3, 5
Software Requirements 9, 200, 229
Spam 59, 70, 183, 188, 234
Spoofing 72, 74
SQL Scripts 201, 251
SQL Server, see Microsoft SQL Server
Subject Line 48, 77, 95, 124, 125
Support 251
T
TCP Ports 195
1433 15, 171
19001 35
25 11, 13, 32, 258
389 157
97 11, 32, 258
Templates 117
Templates (email notification) 76, 117–119,
194
Testing
Header Matching and Rewrite 148
LDAP Connections 159, 160
TextCensor Scripts 127–129
Virus Scanners 99
TextCensor Scripts 121–130
Troubleshooting 245
Reports 250
U
UDP 175
Uninstalling MailMarshal 37
Updates 174
User Groups 51, 85–88, 155, 158, 159, 166
User Matching, see Rule User Matching
User Options (Console) 243
User Preferences (Configurator) 41
V
Valid Fingerprints 61, 63, 74, 77, 164, 218,
238
Variables 84, 108, 119, 134, 139
Virus Cleaning 67–69, 226
Virus Scanners 31, 66, 93–102, 107
W
Website, Marshal 4
Whats New? 5
Wildcards 64, 168, 170, 242
Working Directories 246
Index
271
272
User Guide

MailMarshal SMTP 5.5 User Guide

Transcription

Similar documents

Piano Spec Sheet Template

RESULTS COMMERCIAL INSIGHTS CHALLENGES

StairMaster Gauntlet - Tower Fitness Equipment Services Inc.

PowerDesk Pro 6

19 FT Center Console Boat Comparison | Yamaha Boats

How to Setup E-mail on an Android Smartphone

How to configure your email client

-EPSON 9800 PRINTER INFORMATION The 9800 printer is a high

STORCZYK 2010 Digital Communication System