FTGateUsersGuide

Transcription

FTGateUsersGuide
FTGateUsersGuide
Table Of Contents
Introduction.............................................................................................................................................. 1
Introduction .......................................................................................................................................... 1
Welcome to FTGate ......................................................................................................................... 1
Licence Agreement.............................................................................................................................. 1
Copyright ............................................................................................................................................. 4
Copyright © 1996-2009 FTGate Technology Ltd. All rights reserved. ............................................. 5
Trademarks ...................................................................................................................................... 5
Disclaimer ............................................................................................................................................ 5
Main Feature List ................................................................................................................................. 5
Services ........................................................................................................................................... 5
Security ............................................................................................................................................ 6
Domains and Mailboxes................................................................................................................... 6
User Mailboxes ................................................................................................................................ 6
Group Mailboxes .............................................................................................................................. 6
List Mailboxes .................................................................................................................................. 7
Monitoring ........................................................................................................................................ 7
Client Services ................................................................................................................................. 7
Anti-Virus support ............................................................................................................................ 7
Anti-Spam and Message Filtering .................................................................................................... 8
Other Features ................................................................................................................................. 8
WebAdmin ....................................................................................................................................... 8
Groupware Features ............................................................................................................................ 8
Shared Folders ................................................................................................................................ 8
Address Books ................................................................................................................................. 9
Calendars ......................................................................................................................................... 9
Task Lists ......................................................................................................................................... 9
FAQ (Frequently Asked Questions) .................................................................................................... 9
Product support ................................................................................................................................. 10
Product Support ............................................................................................................................. 10
Support FAQ .................................................................................................................................. 10
Upgrade Protection and Support Plan ........................................................................................... 11
Contacting FTGate Technology ..................................................................................................... 12
Installation ............................................................................................................................................. 13
System Requirements ....................................................................................................................... 13
Recommended requirements: ....................................................................................................... 13
Minimum Requirements: ................................................................................................................ 13
Supported Systems........................................................................................................................ 13
Virtual Machines ............................................................................................................................ 13
Web Browsers ................................................................................................................................ 13
Outlook Connector ......................................................................................................................... 14
Browser Compatibility ........................................................................................................................ 14
Browsers offering full support for all features ................................................................................ 14
Browsers offering limited support .................................................................................................. 14
Allowing users to relay through your server ...................................................................................... 14
Forwarding to remote users in the same domain .............................................................................. 14
Problem .......................................................................................................................................... 15
Solution .......................................................................................................................................... 15
Connecting multiple offices with FTGate ........................................................................................... 15
The network ................................................................................................................................... 16
Central Office configuration (ServerA): .......................................................................................... 16
Regional Office configuration (ServerB): ....................................................................................... 16
Completion ..................................................................................................................................... 17
Registration Overview ....................................................................................................................... 17
Licence Types ................................................................................................................................ 17
Mailbox Count ................................................................................................................................ 17
General .............................................................................................................................................. 17
Registering and Activating Licences .............................................................................................. 17
iii
FTGateUsersGuide
Domains, Mailboxes and delivering mail ....................................................................................... 19
AutoCluster Overview .................................................................................................................... 20
Access from the Internet ................................................................................................................ 22
Firewall ports .................................................................................................................................. 22
Host-name configuration ................................................................................................................ 23
Network Storage and shared drives .............................................................................................. 23
Accessing SolSight Web ................................................................................................................ 24
FTGate behind a NAT router/firewall ............................................................................................. 24
Migration ............................................................................................................................................ 25
Migration ........................................................................................................................................ 25
Migrating Mail from an Existing POP3 server ................................................................................ 25
Moving to a new server .................................................................................................................. 26
Relay.................................................................................................................................................. 27
FTGate as an MX relay .................................................................................................................. 27
FTGate as a DMZ server ............................................................................................................... 27
Upgrade ............................................................................................................................................. 28
Upgrading from a previous version ................................................................................................ 28
Upgrading from FTGateOffice or FTGatePro ................................................................................ 29
Upgrading From FTGate4 .............................................................................................................. 30
Using FTGate ........................................................................................................................................ 31
Common Tasks ................................................................................................................................. 31
General .......................................................................................................................................... 31
Sending/Receiving via the Internet ................................................................................................ 31
Managing Mailboxes and Domains................................................................................................ 31
Managing Filters ............................................................................................................................ 31
Backup and Restore ...................................................................................................................... 31
Trouble shooting ................................................................................................................................ 31
UbeBlock is not blocking the spam emails .................................................................................... 32
I have just upgraded from FTGateOffice/Pro an my users cannot login ....................................... 32
A service will not start and reports "The specified address is already in use." .............................. 32
SSL certificates .............................................................................................................................. 32
I am unable to send to some domains, the mail sits in the outbox. ............................................... 33
My messages to Hotmail are disappearing ................................................................................... 33
My server is having its EHLO command rejected with a syntax error message ........................... 33
How do I move FTGate to another machine .................................................................................. 33
How do I backup FTGate ............................................................................................................... 33
My users are getting a relaying denied error ................................................................................. 33
I cant remember my WebAdmin user name or password ............................................................. 33
What firewall ports do I need to open? .......................................................................................... 33
How do I share folders and keep the mail on the server. .............................................................. 34
SmartPop delivery issues .............................................................................................................. 34
When I try to send mail to an Outlook list I get a Bulk sends not allowed error ............................ 34
My users are getting the message 'Message size exceeds administrative limit' ........................... 34
General .............................................................................................................................................. 34
Logging Into FTGate ...................................................................................................................... 34
Mail Flow ........................................................................................................................................ 35
Undeliverable Mail ......................................................................................................................... 36
Connection Types .......................................................................................................................... 37
IMAP Considerations ..................................................................................................................... 37
Forwarding Messages.................................................................................................................... 38
Macro Expansion ........................................................................................................................... 39
Anti-Spoofing ................................................................................................................................. 39
Send and Receive ............................................................................................................................. 40
Receiving Mail ................................................................................................................................ 40
Outbound SMTP Auth .................................................................................................................... 40
Sending Mail .................................................................................................................................. 41
SmartPop ....................................................................................................................................... 41
Signatures/Disclaimers .................................................................................................................. 41
Remote Domains ........................................................................................................................... 41
Greylisting Delays .......................................................................................................................... 42
iv
Table Of Contents
Accessing FTGate from the Internet .............................................................................................. 43
Management ...................................................................................................................................... 44
Web Administration ........................................................................................................................ 44
Activating a Licence Key ................................................................................................................ 45
Lost administrator passwords ........................................................................................................ 45
Emergency Recovery..................................................................................................................... 46
Safe Mode ...................................................................................................................................... 46
Database support........................................................................................................................... 47
SQL Based Mailing Lists ................................................................................................................ 47
Permissions/Access rights ............................................................................................................. 47
Customising SolSight Web ............................................................................................................ 48
Security Policies ................................................................................................................................ 48
Security Policies............................................................................................................................. 48
Relay Control and Authentication .................................................................................................. 50
Access Control Lists ...................................................................................................................... 52
Configuring LAN access ................................................................................................................ 52
SSL ................................................................................................................................................ 52
SSL self signed certificates ............................................................................................................ 53
Filtering, Anti-Spam, Anti-Virus ......................................................................................................... 54
Overview ........................................................................................................................................ 54
Setting up junk filtering................................................................................................................... 55
Minimising Junk/UBE mail ............................................................................................................. 60
Greylisting ...................................................................................................................................... 61
Whitelisting ..................................................................................................................................... 63
Whitehosting .................................................................................................................................. 63
Blacklisting ..................................................................................................................................... 63
Filter Rules ..................................................................................................................................... 64
Safe Words .................................................................................................................................... 65
SPF Validation ............................................................................................................................... 65
Anti-Virus Overview ....................................................................................................................... 65
UBEBlock ....................................................................................................................................... 66
Backup and restore ........................................................................................................................... 68
Disaster Planning ........................................................................................................................... 68
Backup and Restore ...................................................................................................................... 70
Utility Applications ............................................................................................................................. 71
FTGateArchive ............................................................................................................................... 71
FTGateIcon .................................................................................................................................... 72
FTGateUpdate ............................................................................................................................... 73
FTGateMonitor ............................................................................................................................... 73
FTGateLog ..................................................................................................................................... 73
AutoCluster ........................................................................................................................................ 74
Configuring AutoCluster ................................................................................................................. 74
Web Admin Interface............................................................................................................................. 75
Web Admin Login .............................................................................................................................. 75
User Interface Guide ......................................................................................................................... 75
Saving changes ............................................................................................................................. 75
Adding an item ............................................................................................................................... 75
Deleting an item ............................................................................................................................. 75
Filtering a list .................................................................................................................................. 75
Selection lists ................................................................................................................................. 76
Start/Stop Enable/Disable .............................................................................................................. 76
Paging control ................................................................................................................................ 76
Menu Bar ........................................................................................................................................... 76
Navigation Panel ............................................................................................................................ 77
Access Control .................................................................................................................................. 77
General .............................................................................................................................................. 77
Information ..................................................................................................................................... 77
Log ................................................................................................................................................. 77
Activity ............................................................................................................................................ 77
Queues .......................................................................................................................................... 78
v
FTGateUsersGuide
Statistics ......................................................................................................................................... 78
Archive ........................................................................................................................................... 78
Domains............................................................................................................................................. 79
Managing Domains ........................................................................................................................ 79
Local Domains ............................................................................................................................... 80
Remote Domains ........................................................................................................................... 91
Outbox ............................................................................................................................................... 94
Outbox ........................................................................................................................................... 94
Managing the Outbox..................................................................................................................... 95
Services ............................................................................................................................................. 95
Managing Services and Security Policies ...................................................................................... 95
Security Policy ............................................................................................................................... 95
Services ......................................................................................................................................... 98
Clients .............................................................................................................................................. 108
Managing Clients ......................................................................................................................... 108
SmartPop ..................................................................................................................................... 108
AutoCluster .................................................................................................................................. 113
Events .............................................................................................................................................. 114
Events .......................................................................................................................................... 114
Filters ............................................................................................................................................... 115
Greylist ......................................................................................................................................... 115
Routing ......................................................................................................................................... 115
Anti-Virus ..................................................................................................................................... 116
Quarantine ................................................................................................................................... 116
Filter Policies ................................................................................................................................ 116
Filter Policies ................................................................................................................................ 117
Configuration ................................................................................................................................... 119
Registration .................................................................................................................................. 119
System ......................................................................................................................................... 120
Administrators .............................................................................................................................. 120
Messages ..................................................................................................................................... 120
Spooler ......................................................................................................................................... 121
Logging ........................................................................................................................................ 121
Archiving ...................................................................................................................................... 122
DNS Servers ................................................................................................................................ 122
RBL Sites ..................................................................................................................................... 123
Network Profiles ........................................................................................................................... 123
Priority .......................................................................................................................................... 124
Auto Update ................................................................................................................................. 124
Proxy ............................................................................................................................................ 124
Utility ................................................................................................................................................ 124
Utilities ......................................................................................................................................... 124
Mailbox Import ............................................................................................................................. 124
List All Mailboxes ......................................................................................................................... 125
Mailbox Export ............................................................................................................................. 125
Mailbox Import1 ........................................................................................................................... 125
Groupware........................................................................................................................................... 127
Shared Folders ................................................................................................................................ 127
Why Use Shared Folders? ........................................................................................................... 127
Shared Folder Access.................................................................................................................. 127
Uses for Shared Folders .............................................................................................................. 127
Address Books ................................................................................................................................ 128
Mailing an address book: ............................................................................................................. 128
LDAP address book searches: .................................................................................................... 128
Calendar Overview .......................................................................................................................... 129
Shared Folder Overview .................................................................................................................. 129
White Papers ....................................................................................................................................... 131
White Papers ................................................................................................................................... 131
SPAM: Change is coming................................................................................................................ 131
Why is change needed? .............................................................................................................. 131
vi
Table Of Contents
A shift in approach ....................................................................................................................... 131
Cleaning up the junk .................................................................................................................... 132
White lists ..................................................................................................................................... 133
UbeBlock spam analysis .............................................................................................................. 133
Moving Forward ........................................................................................................................... 133
SmartPop ..................................................................................................................................... 134
The future ..................................................................................................................................... 134
Error Messages ................................................................................................................................... 135
Service Error Messages .................................................................................................................. 135
WebAdmin Login Messages ............................................................................................................ 137
Update History .................................................................................................................................... 139
FTGate History ................................................................................................................................ 139
Historical time line for FTGate: .................................................................................................... 139
FTGate2009 SR1 ............................................................................................................................ 140
Update 6.0.002 ............................................................................................................................ 140
Credits ................................................................................................................................................. 141
Glossary .............................................................................................................................................. 143
Index .................................................................................................................................................... 145
vii
Introduction
Introduction
Welcome to FTGate
FTGate is the result of over ten years experience in the mail server market and represents the
pinnacle of mail server performance and features. With extensive security, filtering, user management
features, customer resource management and a comprehensive set of groupware features we feel
that FTGate offers the best value possible.
This manual is written to answer your questions regarding how to complete specific tasks and achieve
different goals with FTGate. The main topics are listed below.
Installation
•
•
•
•
•
•
•
•
•
System Requirements
Setting up domains and
mailboxes
Registering and Activating
Licences
Accessing SolSight Web
Access from the Internet
Migration
FTGate as an MX relay
FTGate as a DMZ server
Upgrading from a previous
version
Web Administration
•
•
•
•
•
•
•
•
•
Web Admin Login
User Interface Guide
Menu Bar
Access Control
Managing Domains
Outbox
Managing Services and
Security Policies
Managing Clients
(SmartPop/Auto-Cluster)
Events
Using FTGate
•
•
•
•
•
•
•
•
•
•
Logging Into FTGate
Forwarding Messages
Receiving Mail
Sending Mail
Greylisting Delays
Web Administration
Lost administrator
passwords
Security Policies
Backup and Restore
Service failed to start
Utilities
•
•
•
•
•
FTGateArchive
FTGateIcon
FTGateUpdate
FTGateMonitor
FTGateLog
Filtering and Anti-spam
•
•
•
•
•
•
•
•
•
•
•
Overview
Filter Policies
Setting up junk filtering
Minimising Spam
Greylisting
Whitelisting
Whitehosting
Filter Rules
Blacklisting
UbeBlock Training
Quarantine
Further Information
•
•
•
Common Management
Tasks
FTGate Website
FTGate Training Videos
Licence Agreement
1
FTGateUsersGuide
THIS IS YOUR LICENCE AGREEMENT PLEASE READ IT AS YOU WILL BE BOUND BY ITS
TERMS.
ACKNOWLEDGMENT:
By using FTGate Technology products you acknowledge that you have read this licence agreement,
understand it, and agree to be bound by its terms and conditions. You also agree that the licence
agreement is the complete and exclusive statement of agreement between the parties and
supersedes all proposals or prior agreements, oral or written, and any other communications between
the parties relating to the subject matter of the limited warranty.
SOFTWARE LICENCE AGREEMENT
SUBJECT OF AGREEMENT
FTGate Technology hereby grants to the CUSTOMER in consideration of licence fees paid by the
CUSTOMER, (and during any trial period in consideration of the CUSTOMER agreeing to try the
product) a non-assignable, non-transferable, non-exclusive licence to use FTGate and other FTGate
Technology products ("the Product") on a single network server accessed by multiple computers
subject to the Terms and Conditions below. FTGate Technology reserve the right to enforce these
licence conditions through specific software features. Copyright and other intellectual property rights
in the Product shall at all times remain vested in FTGate Technology and the CUSTOMER's rights in
the Product shall be limited to those of a user licensed under the terms of this Agreement, such use to
be limited to the CUSTOMER's internal business purposes only.
The CUSTOMER agrees not to use the Product beyond the trial licence period without paying the
relevant fees thereupon arising. The Product contains a timing device which ensures that no such use
can be made after such trial/demonstration period without payment. Where the CUSTOMER is
supplied the Product via a distributor of FTGate Technology these terms and conditions of licence of
the Product shall still apply as between FTGate Technology and the customer and are in addition to
any contract terms between the distributor and the CUSTOMER. These terms may be modified by us
from time to time and are in addition to any general terms about use of the Product on our web site,
including without limitation information about email support and other matters.
TERMS AND CONDITIONS
(1) LIMITED WARRANTY
The Product and accompanying written materials (including instructions for use and manuals and CD
Roms, if any) are provided "as is" without warranty of any kind, to the fullest extent permitted by law.
All terms implied by law, including without limitation as to satisfactory quality and fitness for purpose,
which may by law be excluded or limited and liability in tort including without limitation for negligence
and misrepresentation, are hereby excluded. Further, FTGate Technology does not warrant,
guarantee, or make any representations regarding the use, or the results of use, of the Product in
terms of correctness, accuracy, reliability, currentness, or otherwise. No oral or written information or
advice given by FTGate Technology or its employees shall create a warranty or be otherwise
actionable and the CUSTOMER may not rely on any such information or advice. If the Product is
defective, FTGate Technology will not be responsible for any or all costs of necessary servicing,
repair or correction.
Neither FTGate Technology nor anyone else who has been involved in the creation, production or
delivery of the Product shall be liable for any direct, indirect, consequential or incidental damages
(including damages for loss of business profits, business interruption, loss of business information,
and the like) arising out of the use or inability to use the Product even if FTGate Technology has been
advised of the possibility of such damages. FTGate Technology shall in no circumstances be liable in
any way for the content of any message or transmission sent using or made in connection with the
Product. In any event FTGate Technology's liability to the CUSTOMER shall be limited to the value of
the cost of the Product in relation to which a claim has arisen, or £250 if higher.
The parties acknowledge that the Product is a low value product which will be used for crucial
business functions and that the limitations and exclusions on liability in this Agreement reflect the
2
Introduction
price. The parties accept such limits are reasonable. The CUSTOMER shall indemnify and hold
FTGate Technology harmless against all loss and liability, costs and damages, including legal fees on
an indemnity basis, arising from any breach by the CUSTOMER of the terms of this Agreement or the
licence of the Products or from any act or default of the CUSTOMER in relation to the Products
which leads to loss or liability on the part of FTGate Technology.
(2) COPYRIGHT AND TRADE MARKS
The CUSTOMER shall not:
a) use, copy, modify, merge, or transfer copies of the Product except as provided in this Agreement,
b) reverse-assemble or reverse-compile the Product, save to the extent permitted by law,
c) sub-license, loan, rent, lease, or assign the Product or any copy thereof,
d) use the Product except as provided in this Agreement.
The Product is the copyright of FTGate Technology. All intellectual property rights in the Product
remain with FTGate Technology. FTGate Technology warrants that it has full rights to grant the
licences contained in this Agreement and full authority to license the Product. Nothing in this
Agreement shall give the CUSTOMER any intellectual property right in the Product. If any
infringement of such copyright or other intellectual property rights in the Product or the Marks defined
below, comes to the attention of the CUSTOMER it shall forthwith notify FTGate Technology by email.
Should any portion of the Product be de-compiled, reverse-engineered, copied or duplicated, in
breach of this clause, the CUSTOMER shall immediately notify FTGate Technology of the
circumstances surrounding such event and shall assist FTGate Technology in enforcing its rights
against any parties who are in violation of this Agreement. Permitted exceptions to the above are for
normal back up or archival purposes.
FTGate® is a registered trade mark of FTGate Technology FTGate Technology has also built up
substantial goodwill in FTGate®, FTGate Technology™, Floosietek™, FTGateLite™,
FTGateOffice™, FTGatePro™, FTGateRelay™, UbeBlock™, SolSight™ and their logos ("the
Marks"). The CUSTOMER shall not use the Marks in any other colour or in combination with any
material which (a) is not a Product or a description of a Product of FTGate Technology or (b) in any
manner which may bring FTGate Technology into disrepute or damage its reputation or cause it to be
legally liable in any way.
(3) TERMINATION
FTGate Technology may terminate this Agreement upon thirty days written notice if the CUSTOMER
fails to comply with any of the terms and conditions of this Agreement. In the event of termination, the
CUSTOMER shall immediately cease use of the Product and at its own expense, remove from its
computers all copies (including on-line, back-up and archival) of the Product and destroy them.
(4) NON-TRANSFERABLE LICENCE
The CUSTOMER acknowledges that the Products are the sole property of FTGate Technology and
agrees not to assign, sub-license or otherwise transfer the Products in any manner without prior
written consent of FTGate Technology
(5) BINDING AGREEMENT
Upon acceptance of this Agreement by both parties, this Agreement shall constitute the entire
Agreement between the parties and shall supersede all other oral or written agreements or
communications between the parties. FTGate Technology shall not be bound by additional provisions
or provisions at variance herewith that may appear in the CUSTOMER's acknowledgement, purchase
order, or in any other communication between the CUSTOMER and FTGate Technology.
(6) MODIFICATION/WAIVER
3
FTGateUsersGuide
FTGate Technology may modify the terms of this Agreement by email to the CUSTOMER or by
posting a notice on its web site www.ftgate.com. No term or provision shall be deemed waived and
no breach consented to unless such waiver or consent shall be in writing and signed by the party
claimed to have waived or consented.
(7) ASSIGNMENT
The CUSTOMER shall not assign, sublicense, or otherwise transfer to any other party all or any part
of this Agreement, any interest herein or any rights hereunder.
(8) NOTICES
All notices and other communications provided for or permitted under this Agreement shall be
sufficient if contained in writing delivered by hand or registered certified mail or by facsimile
addressed to the parties as set forth in this Agreement. Notification of critical errors concerning the
Product should be communicated in writing to FTGate Technology by the other party. All such notices
or communications shall be deemed received 2 working days after being sent. FTGate Technology
reserves the right to communicate amendments to this agreement or all notices and other
communications provided for or permitted under this Agreement by email to the other party.
(9) SURVIVAL
The CUSTOMER's obligations under paragraph (2) shall survive the termination of this Agreement.
(10) SEVERABILITY
If any provision of this Agreement shall be held void or unenforceable or contrary to English Law,
such provision shall be deemed to have been excluded from this Agreement ab initio and shall not
affect any other provision of this Agreement, the remainder of which shall be construed as if the
excluded provision had never formed part of it.
(11) DATA PROTECTION
The CUSTOMER consents to its personal data being exported for processing abroad under the
control of FTGate Technology and so that marketing emails on subjects of interest to the CUSTOMER
being solely software products offered by FTGate Technology can be sent to the CUSTOMER. The
CUSTOMER can notify FTGate Technology at any time to ensure such mailings are ceased.
(12) THIRD PARTY RIGHTS
No enforceable right is given or intended to be given by the parties to any third party, under this
Agreement and the Contracts (Rights of Third Parties) Act 1999 shall not apply.
(13) GOVERNING LAW
This agreement will be governed by and construed in accordance with the laws of England and the
parties hereby submit to the exclusive jurisdiction of the English courts. The place of performance is
England.
ACKNOWLEDGMENT
By using the Product you acknowledge that you have read this licence agreement, understand it, and
agree to be bound by its' terms and conditions. You also agree that the licence agreement is the
complete and exclusive statement of agreement between the parties and supersedes all proposals or
prior agreements, oral or written, and any other communications between the parties relating to the
subject matter of the limited warranty
Copyright
4
Introduction
Copyright © 1996-2009 FTGate Technology Ltd. All rights reserved.
Information in this document is subject to change without notice. No part of this publication may be
reproduced, stored in a retrieval system or transmitted in any form or by any means electronic or
mechanical, including photocopying and recording for any purpose other than the purchaser's
personal use, without the written permission of FTGate Technology Ltd.
FTGate Technology Ltd
Abbey Lodge
Station Road
West Dereham
Kings Lynn
Norfolk PE33 9RR
United Kingdom
http://www.ftgate.com
Trademarks
FTGate®, FTGateOffice™, FTGatePro™ , FTGateLite™, FTGateRelay™ , UbeBlock™, SolSight™,
Floosietek™ and FTGate Technology™ and their logos are trademarks or registered trademarks of
FTGate Technology Ltd. in the UK, USA, the EC and other countries. Microsoft and Windows are
registered trademarks of Microsoft corporation. Other brands and their products are trademarks of
their respective holders and should be noted as such.
Disclaimer
The information in this document is subject to change without notice and is correct to the best of our
knowledge at the time of publication. No part of this document may be reproduced or transmitted in
any form or by any means, electronic or mechanical, for any purpose other than as part of the FTGate
product, without express written consent of FTGate Technology Ltd.
You are granted permission to print one copy of this document as part of the FTGate Product licence
agreement.
Main Feature List
See Also
• Groupware Features
Services
Feature
SMTP / ESMTP
POP3 / APOP
IMAP4
LDAP
Proxy
Groupware Connector
PE
ISP
Relay
*
WebMail
WebAdmin
Monitor Port
* Replication only
5
FTGateUsersGuide
Security
Security
Multiple IP based security policies
Share security policies among services
SSL / TLS
SMTP Authentication
PE
ISP
*
Comprehensive user based access controls
* Global setting only
Domains and Mailboxes
Feature
Local user domains
Remote Relay Domains
User Mailboxes
Group Mailboxes
List Mailboxes
Domain Aliases
PE
ISP
Relay
*
Mailbox Aliases
Mailbox Rules
Active Directory Support
User privilege options
User Mailboxes
Feature
Multiple Folders
WebMail access
3 types of logon authentication
Loop protection
Hidden BCC control
Out of office automated message
User privilege control
Multiple shared folders (via IMAP/Web Mail)
Trashcan (via IMAP/WebMail)
Maximum message age controls
Mailbox quota controls
Message Tracking
Extensive mailbox rule/action controls
PE
ISP
Relay
PE
ISP
Relay
Group Mailboxes
Feature
Round robin delivery option
Automatic message tracking options
Extensive mailbox rule controls
Privilege controls
6
Relay
Introduction
List Mailboxes
Feature
Automated member management
Archiving
Moderation
Distribution list or BCC list
Reply address control
Distribution to external SQL database lists
Configuration notification messages
Configuration message signatures
Extensive mailbox rules
PE
ISP
Relay
PE
ISP
Relay
PE
ISP
Relay
PE
ISP
Relay
PE
ISP
Relay
Monitoring
Feature
3 Logging levels
Searchable Log
Compressed Archive
Searchable Archive
Remote Monitor (activity + history)
Status Monitor
Queue Status
Server Statistics
Client Services
Feature
SmartPop
AutoCluster
Outbox / Remote Domain
Feature
LAN/Broadband and Dialup Support
4 types of delivery scheduling
Outbound connection limit controls
Custom Host name option
ISP or MX delivery options
Access to outbox queue for viewing/deletion
Flagged message delivery hold
Anti-Virus support
Feature
Support for most 3rd party scanners
Scans inside Zip files
Scan and Quarantine or Scan and Delete
7
FTGateUsersGuide
Custom notification messages (or no notifications)
Purge Scripts from HTML messages
Anti-Spam and Message Filtering
Feature
Multiple shared domain filter policies
One policy per domain or multiple domains per policy
Whitelist (Specific list and Contact Database)
Whitehost
Blacklist
Safe Word List
Filter content by word
Filter content by phrase
Filter attachments (Purge/Quarantine/Delete)
UBEBlock2 Filter
UBEBlock+ Filter*
Comprehensive Filter Rules and actions
Grey Listing
RBL Scanning
* Requires valid UPSP subscription
PE
ISP
Relay
PE
ISP
Relay
PE
ISP
Relay
Other Features
Feature
User configurable system messages
Extensive scripting support
Call external applications from within FTGate
Multiple DNS servers
Auto Update
Dynamic address routing
Delivery piping support
WebAdmin
Feature
Comprehensive server administration
Multiple administrators
SSL support
IP based access controls
Groupware Features
FTGate Groupware edition has comprehensive groupware and customer resource management
features. Access to its groupware features is available through WebMail, the Outlook Connector and
other utilities.
Shared Folders
8
Introduction
Feature
Multiple shared folders per user or group
User and group based permissions
(read/write/create/delete/manage)
Accessed through WebMail and IMAP
PE
ISP
Relay
PE
ISP
Relay
PE
ISP
Relay
PE
ISP
Relay
Address Books
Feature
Multiple Address Books per user or Group
Share options for each address book
User and group based permissions
(read/write/create/delete/manage)
Customer Tracking Options (Manual and Automatic)
Contact Notes
Calendars
Feature
Multiple Calendars per user or group
Share options for each Calendar
User and group based permissions
(read/write/create/delete/manage)
Events and Appointments
Recurrent Events and Appointments
Mailed Reminders (self or specific address)
Instant Notifications (via SolSight Chat)
Task Lists
Feature
Multiple Task Lists per user or group
Share options for each Task List
User and group based permissions
(read/write/create/delete/manage)
Recurrent Events and Appointments
Mailed Reminders (self or specific address)
Instant Notifications (via SolSight Chat)
FAQ (Frequently Asked Questions)
The FTGate FAQ is located in the support forums section of the FTGate website. Users are
encouraged to view the forum topics and post any questions for which they are unable to find an
answer.
FTGate Forums and FAQ
9
FTGateUsersGuide
Product support
Product Support
As a valued customer of FTGate Technology we will endeavour to give you the best possible product
support service. FTGate Technology as an outstanding reputation for product support and pride
ourselves in the speed and accuracy of our support responses.
Included with the purchase of FTGate is 12 months Upgrade Protection and Support Plan (UPSP)to
ensure that your system will always have the latest updates available. Members of the UPSP are
eligible for unlimited email support.
Supported Versions
Customers who have a valid UPSP and therefore are entitled to high quality support are also able to
obtain the latest versions of the software without charge. Therefore FTGate Technology only support
the latest version of FTGate available at the time of requesting support.
UPSP support options
FTGate users with a current UPSP can obtain support in the following manner:
Email: support@ftgate.com
Online: http://www.ftgate.com/support/main.htm
Please read the Support FAQ before contacting support
Support FAQ
The following guidelines will help us to give you the best possible service when you request support
from the FTGate Technology team, and will result in your problem being resolved in the shortest time.
If the problem is reproducible then please describe the method you use to reproduce it and please
include a debug log file showing the problem. By following these guidelines you will make it easier for
us to give you a fast solution to your issues.
UPSP Status
Before contacting support please check that your Upgrade Protection and Support Plan is up to date
and that you have installed any current version updates and patches. Users who require support but
do not have a valid UPSP will be required to renew their UPSP before support will be made available.
Support Forums
General issues will be dealt with most quickly by posting to the appropriate section of the support
forum. The support forum is tied into our email support system and your postings will receive the
same speed of response through the forums as they will through email. Please don't post to the
forums and also send the same request by email. You can visit the forums here
http://members.ftgate.com/forum/index.php.
Email support
10
Introduction
When contacting support you will receive an automated response that includes useful information and
a tracking code [e.g. [FST0412001]]. Please use the tracking code when replying to messages from
support as it will help us to track your issue. Failure to do so will result in a fresh code and will most
likely end up with a different support specialist who will ask you for information you may already have
supplied. Support requests should be emailed to support@ftgate.com
Debug Logging
Before sending messages to support please make sure you have set your logging level to debug
(In Configuration click Logging, then in Details to log select Debug).
If we ask for a log file then please locate the folder containing the logs (In Configuration click
Logging, then find the path in Log path), then locate the file for the day of the incident [e.g.
20040101.ftlog] and then send the file to us. It is preferable to zip the file as it may contain content
that will be rejected by our content filters and may be very large.
Sample Emails
If we ask for examples of an email then ideally we would like the message source file [e.g.
f04030115595401C3.txt (zipped)] The reason for this is that forwarding a message with your mail
client will often remove items from the header, or even reformat the message completely. This makes
it difficult to give advice.
When sending log files and messages please make sure that the log file actually contains the time
period for which the messages or incident occurred. If the log and messages are mismatched there is
no way that we will be able to help.
Screen shots
If you are asked for a screen shot, please follow this procedure.
Go to the page that is requested.
Press the Print Screen/SysRq key on the keyboard (this is the third from the right on the top row of
most keyboards)
Open Windows Paint.
Click Edit/Paste
Save the image to a file.
Attach that file to the message that you send us. (You can zip the file if you wish).
Upgrade Protection and Support Plan
At FTGate Technology, we aim to provide the most secure, most advanced and feature-packed mail
server available today. We constantly update FTGate and release new versions with the latest
security features every few months. The internet is constantly evolving and consequently the Internet
Standards are updated and changing all the time. New email security issues arise all the time, and
FTGate evolves to deal with these developments, in order to give you the best protection for your
network.
The FTGate Upgrade Protection and Support Plan (UPSP) has been developed in response to
customer requests for an inexpensive annual payment Plan which will keep their organisation always
up to date with the latest version and enable them to continue to receive the highest possible quality
of support..
Advantages of the UPSP:
11
FTGateUsersGuide
•
•
•
•
•
•
Continuous product support
Ability to keep pace with changes in internet standards
No unexpected costs when new versions are released
Access to new features without price restrictions
Maintaining the latest anti-virus, anti-spam and other security updates
Access to UBEBlock+ anti-spam Enhancements
If you maintain your FTGate UPSP, you will ensure that your organisation will always have the latest
version of FTGate without any additional cost during the term. You will never again have to worry
about unexpected costs of keeping your mail server up to date.
With the initial purchase of your FTGate starter license, you will receive a full year of upgrade
protection and support free of charge.
Lapsed UPSP
The Upgrade Protection Plan runs from 1 year from the date of the initial purchase of FTGate or
renewal. If at the end of the UPSP period you decide not to renew the plan then you will no longer be
eligible for technical support or any updates or patches. You will also be unable to use the UBEBlock+
anti-spam enhancements.
After the renewal period has expired, a normal upgrade charge will apply. UPSP renewals will run
from the expiry date of the original UPSP.
Contacting FTGate Technology
You can contact FTGate Technology in the following ways:
•
•
•
Online Support pages. http://www.ftgate.com/main/support/
email: sales@ftgate.com
Address:
FTGate Technology Limited.
Abbey Lodge,
Station Road,
West Dereham,
Kings Lynn,
Norfolk.
PE33 9RR.
United Kingdom
• FAX: +44 01366 500560
• UK Company number: 02919324
12
Installation
System Requirements
The exact system requirements for FTGate will depend on your application. A simple server handling
low volumes of traffic and only being used as a POP3 server will need a much less demanding PC
that one for 10,000 users with IMAP, WebMail and large volumes of mail. Thus, you should test
FTGate on any particular system to see if will be capable of handling your specific requirements.
Recommended requirements:
Suitable for running very large number of users with IMAP and WebMail
Windows 2000 SP4 Server or Windows 2003 SP2 Server
Internet Explorer 6 or better
Dual Intel Xeon 2.4 Ghz processors
1GB Ram
32 GB HD (depends on the volume of mail you have )
Minimum Requirements:
Suitable for POP3 access, IMAP, no WebMail, limited numbers of users.
Windows 2000 SP4
Internet Explorer 6 or better
Single PIII CPU 500Mhz
256MB Ram
Supported Systems
Windows 2000 Workstation
Windows 2000 Server (all editions)
Windows XP Pro/ (Home not recommended)
Windows 2003 Server (All editions)
Virtual Machines
While FTGate has undergone some testing on virtual machine installations we cannot possibly test all
versions of Windows with all possible virtual machines. For this reason we do not list any virtual
machines as supported for any operating system. However, if you wish to test on a virtual machine we
would recommend using the 30day trial version to verify that your particular instance works correctly.
If your chosen combination of operating system and virtual machine does not work correctly then we
recommend that you run FTGate on real hardware.
Web Browsers
FTGate requires use of a Web Browser that supports JavaScript and CSS2. We recommend:
Internet Explorer 7 or later
Firefox
13
FTGateUsersGuide
Safari
Outlook Connector
The FTGate Outlook connector will install in all versions of Outlook. However, only Outlook 2007 is
recommended by FTGate Technology for use with the Outlook connector.
On rare occasions users with Outlook 2003 and older may experience problems with the Outlook
connector and we would recommend under those circumstances that you upgrade to Outlook 2007.
Browser Compatibility
FTGate uses Web2.0 technology to give its Web Mail and Web Administration users the best
environment possible in which to work. This means that some older browsers are not supported and
some a features will not be available on some browsers. Below is a list of browsers that have been
tested and what features are available.
Browsers offering full support for all features
Internet Explorer V7.0+
Firefox V2.0+
Netscape V8.1.3 (IE rendering mode)
Opera V9.2
Avant V10.0
Browsers offering limited support
Safari V2.0.4 - no Day/Week/Month view in calendaring
Allowing users to relay through your server
In order to relay through FTGate the users must be Authenticated , either using SMTP authentication
or by being from an address that has been granted Automatic Authentication (AA flag) in the
appropriate Security Policies.
Thus you have two options:
1. Enable the users mail client to use SMTP authentication. With this set the default
configuration of the Global Security Policy will allow relay.
2. Enter the users IP address or range into the Global Security Policy and set the PA (Permit
Access), AA (Automatic Authentication) , AS (Authenticate by SMTP) and AR (Authenticated
Relaying) flags.
Forwarding to remote users in the same domain
This topic discusses the solution to the following problem.
14
Installation
Company A has 3 POP3 mailboxes at their ISP. Two of the POP3 mailboxes are for specific users
while the third is for all the other addresses in the domain. Thus the 3 mailboxes are called
1. user1@a.com
2. user2@a.com
3. anyone@a.com
Company A wants to have all mail for user1 and user2 delivered from their FTGate to the Internet so
that their ISP can place the mail is the user1 or user2 mailbox. So they go to the options for domain
a.com and set the undeliverable mail option to forward the mail to the internet (Domain
List/a.com/undeliverable). They then configure SmartPop to collect mail from the anyone@a.com
mailbox and deliver to the appropriate mailboxes.
Problem
An outside user sends a message to noone@a.com and there is no mailbox for that address.
SmartPop collect the message and delivers it to the domain, the domain sees it as being to an
unknown address and sends it back to the internet which puts it back in the anyone@a.com mailbox
thus causing a loop. This has two consequences, the message will go round in a loop until the ISP
stops it, and if the mail were important but mis-addresses it would be lost.
Solution
The cause of the problem is that the domain is passing responsibility for the validity of the addresses
to the ISP which does not have any way to know the validity of the addresses. The solution is for the
administrator of FTGate to take responsibility and set the domain handling to either reject badly
addressed mail or deliver it to a nominated local mailbox (Domain List/a.com/undeliverable)..
However, that leaves the problem of local users being able to email user1@a.com and
user2@domain.com, there is no local mailbox in the domain and their mail must be somehow given to
the ISP for delivery. This is solved in the following manner.
The administrator creates a new remote domain in FTGate called remote.users
He sets the delivery options to be the same as for the Outbox settings.
In Filter/Routes he creates the following routes
from: *
to: user1@a.com
route to: user1@a.com|remote.users
from: *
to: user2@a.com
route to: user2@a.com|remote.users
This tells FTGate to handle mail for those users differently and any mail for them will go into the
remote.users remote domain and will be sent to the ISP. Mail for unknown users will go into the local
domain and be handled by the domain settings.
This method prevents loops and allows the administrator to explicitly define which addresses are to
be controlled locally and which remotely. Remote users can be added and removed by modifying the
Filter/Route list.
Connecting multiple offices with FTGate
15
FTGateUsersGuide
This article will explain how to connect two (or more) offices together using FTGate products. This
example assumes that both sites have broadband access.
Joe Dobbit runs an Estate agency (dobbit.com) with offices in two towns. The central office is in
London (ServerA) and a regional office is in Norfolk (ServerB). Joe wants to be able to have all his
staff members email each other without having to set up sub-domains or remember where each staff
member is located. He wants his email scanned for viruses and be able to archive all mail sent in and
out of the offices.
The network
Joe has selected FTGate for both sites.
The central office has 50 staff members and the regional office has 5, Helen, Steve, Sam, Michael
and Graeme.
Central Office configuration (ServerA):
After configuring ServerA with the basic settings needed to send and receive email the following
changes were made.
•
•
•
•
•
•
•
•
•
A new mailbox called Serverb was created with a password of ServerB_pwd
The users at the regional office were added as aliases for Serverb. i.e. Helan, Steve, Sam,
Michael and Graeme
A new POP3 service was created on port 111 called pop_server_b.
The pop_server_b security policy was altered to the Default Global Security Policy
The pop_server_b access control was set to limit access to serverb@dobbit.com
Domain List/Dobbit.com/Undeliverable was set to Reject
A suitable virus scanner was installed and anti-virus options were enabled.
Firewall access was granted on port 111 with a restriction that only the IP address of ServerB
can connect
Firewall access was granted on port 25 with a restiction that only the IP address of ServerB
can connect
(if you already allow port 25 (SMTP) access from the Internet then this step can be omitted).
Regional Office configuration (ServerB):
After configuring the regional server to connect to the internet using a suitable schedule, the following
changes were made:
Sending Mail
Outbox/Connection/Network Profile set to LAN
Outbox/Connection/Delivery Mode set to Immediate
Outbox/Delivery/Host1 set to ServerA;serverb@dobbit.com;ServerB_pwd (where ServerA is the IP
address of ServerA)
Outbox/Delivery/Delivery Route set to SMTP Hosts
Domain List/Dobbit.com/Undeliverable was set to Forward to Internet
Receiving mail
In Server/Clients/Clients a new SmartPop account was created in the name of ServerA
In the SmartPop options pages:
Connection/Network Profile was set to LAN
Connection/Host Name was set to the IP address of ServerA
16
Installation
Connection/Port was set to 111
Connection/Login was set to serverb@dobbit.com
Connection/Password was set to ServerB_pwd
Settings/When online check every was set to 5m
Delivery/Delivery Control was set to Automatic
Completion
With the above changes made the two offices were able to send email back and forth between them
with the only delay being between the 5 minute collection period at the Regional Office.
Further offices could be added in the same way as the first Regional Office.
Now all the mail sent to and from the company are archived and scanned and Joe is very happy with
his efficient mail system.
Registration Overview
In order to use FTGate beyond the 30 day trial period you are required to purchase and register a
registration licence key. The licence key defines the number of mailboxes that can be used on the
server.
Licence Types
The licence keys come in two types:
• Starter Packs
These licence keys enable all the server functionality and set the number of mailboxes initially
available on the system
• Additional Mailbox packs
These licence keys add additional mailboxes to a server. However, a starter pack must
already be installed on the server
Mailbox Count
When deciding on the number of mailboxes you will need you should add up the number of User and
List mailboxes and also the number of remote domains. The total will be the licence size you require.
e.g.
•
1 domain with 45 user mailboxes and 5 lists ( =50)
Total = 50 mailboxes
•
1 domain with 10 mailboxes and 1 list (=11)
1 domain with 35 mailboxes and 3 lists (=38)
3 remote domains (=3)
Total = 52 mailboxes
Tip:
To see how many mailboxes you are currently using
1. In Configuration, click Registration
2. In Allocated, read the current number of mailboxes used
See Also
• Registering and Activating Licences
General
Registering and Activating Licences
17
FTGateUsersGuide
Auto-activation
In order to activate your new licence for the first time you should do the following:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Login to WebAdmin
Click Configuration
Click Registration
If you have not already done so, enter your registration key into the box provided and click
add
Now click the Auto-Activate button
You are now presented with the activation page.
If this is the first time you have activated an FTGate product then you should enter your email
address and desired password for registration. If you have previously registered or activated
an FTGate product you should use the existing details.
You should enter a server name and location, for example "mail server" and "main office".
These are simply to act as a reference should you ever have more than one licence.
Finally click the Activate now over the internet button
The process should now be complete.
If you are unable to activate automatically this may be due to a firewall blocking access to our servers.
In which case it is necessary to activate FTGate manually.
Manual-Activation
If you have previously registered an FTGate product then in order to activate Manually you must do
the following.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
Log into WebAdmin
Click Configuration
Click Registration
If you have not already done so, enter your registration key into the box provided and click
add
Note down the "Server serial number " SSN
Log into the members website ( https://members.ftgate.com )
Click the Activate button and enter the SSN into the appropriate field
Press the OK button.
Copy the activation code from the members website
Go back to the WebAdmin/Configuration/Registration page
Put the activation code into the box to the right of the registration key
Click Add
Manual Registration and activation
If you have never previously registered an FTGate product and your FTGate server is unable to
access our website for activation then you should do the following:
1. Log into WebAdmin and go to the Configuration/Registration page
2. If you have not already done so, enter your registration key into the box provided and click
add
3. Note down the "Server serial number" SSN
4. Go to https://members.ftgate.com/newaccount.asp and create a new account
5. After signing into the members website click on Add Licence
6. Enter the registration licence code (2 above) and add a description and location for your ease
of reference
7. Click Register server
8. Click Licences
9. Click Activate button and enter the SSN into the appropriate field and then press the ok button
18
Installation
10. Note down or copy the activation code from the members website
11. Return to the WebAdmin/Configuration/Registration Page and put the activation code into
Activation Key box next to your licence key and click Add
12. Your licence should now be activated correctly.
Further Problems
These steps should allow full activation of our products. However, if you have any problems with
activation, please contact FTGate support for further help.
Domains, Mailboxes and delivering mail
FTGate is primarily a mail server. Its task is to deliver mail between mailboxes and to send and
receive email over the Internet. See the Mail Flow diagram for a graphical view of mail flow.
Local Mailboxes
eMail is sent between mailboxes using an address which consists of two parts, the local part which
describes the users mailbox, and the domain part which describes the collection of mailboxes. Thus
an email address of bob@mydomain.com has a local part (mailbox name) of bob and a domain part
of mydomain.com.
FTGate organises its mailboxes in the same way. To store mail for Bob you would create a new Local
Domain called mydomain.com (See Creating Domains). This will store all the mailboxes for the
domain. Then you would create a User Mailbox called bob into which all Bob's mail would be
delivered (See Mailbox Overview, Creating a new User).
Sending Mail
Mail is sent to the internet through the Outbox , just as in a mail client. Normally you configure your
mail client (Outlook, Eudora, Firebird etc) to send mail to FTGate. When you compose a message it
goes into your mail clients outbox, which sends it to FTGate. FTGate then either delivers it to a local
address or places it in its own outbox. Mail from the FTGate outbox is then sent to the internet so that
the recipients mail server can deliver it to their own mailbox.
The settings for the outbox will vary between ISP's and you should check with your ISP for the
appropriate settings.
See Sending Mail
Receiving Mail
FTGate can either receive mail using a protocol called SMTP or using a SmartPop client. SMTP is
used when sending mail from your mail client to FTGate, and by FTGate when sending to the
Internet. It can also be used by other servers to send mail directly to your server. However, this
feature is dependent on your ISP and you should check with them to see if this feature is available.
If your ISP does not support sending mail to you using SMTP, then you must use SmartPop to collect
mail from the ISP's pop3 mailbox. FTGate can then deliver the mail to the local mailboxes.
See Receiving Mail
19
FTGateUsersGuide
AutoCluster Overview
AutoCluster is a new feature in FTGate that expands the previously named Replication client. This
advanced feature allows for the automatic configuration of a network of servers while allowing a
pooled front end server array to manage the marshalling of connections between the servers.
FTGate AutoCluster offers a powerful way in which an ISP can optimize their network and protect
against the potential disaster of having a single point of failure disable their whole network. In an
AutoClustered distributed cluster system no single failure will disable the whole network and you can
be confident that you customers will see the best possible service that can be offered.
This feature will be primary interest to ISPs or multi-domain corporate networks.
How AutoCluster works
Let us assume that an ISP has 3 servers that they are using to host the accounts for domain1.com,
domain2.com and domain3.com. In a non AutoCluster network each member of each domain must
configure their mail clients to connect to the specific IP address, as shown below.
Diagram 1 - Non-AutoCluster network.
In this scenario all the filtering and processing of mail for a domain is performed by the specific server
for that domain. If for some reason the IP of the server needs to change, or the mailboxes need to be
moved to a different server with more capacity, then each client connecting to the server must update
their mail client settings. If the server suffers a hardware failure then it will not be possible to replace it
without network reconfiguration and customer disruption. Also if there is a requirement for backup MX
servers then these must be configured for each server and if spam is to be reduced the filtering for
each MX server configured individually.
20
Installation
If we replace the network above with an AutoCluster front end, things change considerably as shown
in diagram 2.
Diagram 2 - AutoCluster network
In an AutoCluster network each of the Relay Edition servers takes a duel role. Its primary role is to act
as an MX relay for all the domains on the network and the secondary role is to act as a POP Proxy.
This means that all the clients are configured to connect to a fixed IP list regardless of the server on
which their mail is hosted.
For example:
A DNS entry could be made for mx.someisp.com with the IP addresses 195.224.16.148 and
195.224.16.149
Each mail client would then be configured to send and receive via mx.someisp.com, while the actual
connections to the back end servers are controlled by the Relay Edition front end servers through the
AutoCluster system.
AutoCluster is further enhanced by a unique feature by which it can automatically configure itself for
all the users in the network pool. Thus adding a new domain or user to any back end server causes
all the relays to be updated with the user lists for each machine. This allows the Relay Edition servers
to dynamically reject email for addresses that are not valid on the back end servers and thus protect
against network overload caused by dictionary attacks and reduce the amount of spam that is
accepted by the whole network. An additional advantage of the AutoCluster system is that the main
process load of virus scanning can be performed on the front end servers thus adding another layer of
protection to the back end servers.
Advantages of AutoCluster
•
Distributed Clustering
21
FTGateUsersGuide
•
•
•
•
•
•
•
Trivial installation
Dynamic auto configuration
Load sharing
Transparent to customer
Distributed spam reduction
No single point of failure
Low cost - 2 Relay Edition servers free with each ISP edition server
Access from the Internet
SMTP
By default SMTP is configured for non relay access from the Internet. External users can connect to
FTGate and send to local users but will be unable to send back to the Internet. Thus by default
FTGate cannot be used as an open relay by Spammers.
POP3/IMAP/LDAP
In order to allow Internet access to these services, change the service security policy for the service
form the Default LAN Security Policy to the Global Security Policy.
WebMail
In order to allow access to WebMail for Internet users there are 3 choices.
1. You can create a new security policy for WebMail with the WAN address range set with only
the PA flag. This will allows Internet access to WebMail while restricting access to POP3 and
IMAP. This is the recommended option.
2. Change the WebMail security policy to "Global Security Policy". This will allow all machines
on the Internet to access WebMail. However, if you have the global policy set to verify
addresses using RBL then each page access will have an RBL test performed on it. This can
slow down access.
3. You can change the LAN security policy and check the PA checkbox for the WAN range. This
will make ALL your services using this policy (POP3 and IMAP) available to all Internet users.
This is not recommended if you wish to protect your POP3 and IMAP services.
WebAmin.
Change the WebAdmin security policy so that the PA flag is set in the WAN range.
Note:
For each of the above remember that for access to the Web Services to be available you will need the
PA flag set, the BL flag clear and the HTTP service to be enabled in the security policy.
In order to access any features of FTGate from the Internet you will require open ports in any firewall
protecting your network.
See Firewall ports
Firewall ports
To determine the ports you need open in your fire wall, review the service list in FTGate. This list
shows the ports of all the service currently configured in FTGate.
By default the main services are:
22
Installation
Service
SMTP
POP3
SolSight
WebMail
WebAdmin
LDAP
IMAP
Port
25
110
80
8089
389
143
See Also: Service failed to start
Host-name configuration
The Outbox or Remote domain host-name is set in either the
Outbox/Connection or the
Remote Domain/Connection page.
Your host-name should be the name that will be resolved by a reverse lookup for your ip address, or
at the very least a valid name used in a DNS which resolves to your IP.
For example :
EHLO mx0.ftgate.com
lookup mx0.ftgate.com = 195.224.16.225
lookup 195.224.16.225 = 225.128-255.16.224.195.in-addr.arpa = mx0.ftgate.com
So it resolves to the same address both ways.
This is the correct way to have a host defined when sending out using MX records.
If both paths are not there then some servers will reject.
To configure this in your DNS server you will have to contact your ISP/DNS hosting company.
Some servers will not allow the host-name to be set to the IP address. In this case, if you have no
valid reverse lookup host-name, you should use your domain name.
Network Storage and shared drives
In order to access network storage you will need to edit the FTGate service to run under a user
account as follows:
1. Create a new network user account in the name of FTGATE_SERVER
2. On the network machine providing the storage create a network share for the files called
FTGATE_SPOOL
3. Go to the Service control panel on the FTGate machine and open the services control
4. Open the FTGate mail server service and change the startup details to specify the account
FTGATE_SERVER as specified in 1
5. The service control panel will then modify the account settings to allow appropriate access
6. Start the FTGate Service and open WebAdmin
7. In Configuration, click System
8. In Safe Mode, click Safe Mode
9. In Configuration, click Spooler
10. In Spool Path, enter \\computername\ftgate_spool
11. To move a domain onto the network drive go to the domains info page and
click the change button. Then specify the new storage path. Be sure to
maintain the domain name. e.g.
23
FTGateUsersGuide
change c:\spool\mydomain.com to
\\computername\ftgate_spool\mydomain.com
12. restart FTGate
Stopping and starting FTGate through the FTGate icon will not disrupt the use of the network
drive. In the event of the network drive going off line FTGate will suspend itself to prevent
incorrect operation and will require an administrator to restart it.
It is STRONGLY recommended that the spool\folder remain on the same machine as
FTGate. The spool\inbox, spool\ outbox and subfolders are heavily used during mail
processing as there will be a significant drop in performance associated if these folders are
stored remotely. Domain storage can be safely moved to a different drive.
Accessing SolSight Web
In order to access SolSight Web you should first make sure that the SolSight Web Mail service is
started in the Services page of FTGate.
You should then start your Web browser and enter the IP address of your server into the address box.
This will take you to SolSight Web.
Accessing SolSight Web from the Internet.
If your server does not have a real internet address but is actually behind a NAT router then must
configure the router to connect incoming connection to the FTGate machine on port 80 and open any
Firewall ports that are needed. Please see your router users guide for details on how to do this.
You must also alter the security policies to allow access to FTGate from the Internet.
You should then enter the IP address of either you FTGate machine, or Router/Firewall into the
browser in order to connect to SolSight Web.
FTGate behind a NAT router/firewall
When running FTGate behind a NAT router or firewall and has an IP address that is either
192.168.x.x or 10.x.x.x, then NAT device will appear to FTGate to be part of the local network address
space. This will cause it to be granted automatic authentication rights, and hence it will be able to
relay through the server.
The solution to this problem is to simply go to the Global Security Policy and add the address of the
router with only the PA flag set.
e.g. If the NAT router has a local address of 192.168.1.15 we would enter:
Address
Mask
Flags
192.168.1.15
255.255.255.255
PA
This will prevent relaying though your server.
See Also:
24
Installation
•
•
Security Policies
Relay Control and Authentication
Migration
Migration
In order to make it easier for an administrator to integrate FTGate into their network, FTGate offers
two options for creating users without administrator interaction.
Active Directory Migration
The first option allows FTGate to create mailboxes automatically if the users login details match an
entry in an Active Directory (AD) or NT SAM database. If the users login matches the AD entry then
FTGate will create a mailbox and let the user have access to it.
POP3 Migration
This option allows FTGate to create and migrate user mailboxes from an existing POP3 server on
your network, while permitting users to continue using mail in their normal way.
See also
• Migrating Mail from an Existing POP3 server
Migrating Mail from an Existing POP3 server
FTGate offers a seamless way to transfer mail from your old mail server to your new FTGate mail
server.
How it works
When a user connects to either the POP3 or IMAP port of FTGate, FTGate will connect to the old
POP3 server and try to log into the server using the supplied username and password. If the login is
successful then FTGate will create a new mailbox with that username and set the password and other
options appropriately. The mailbox will have a Migration message added to it so that the user will see
a friendly message telling them that their mail is being transferred. FTGate will then start a separate
process which will download the mail from the users mailbox on their old system to the new mailbox in
FTGate.
Mail for non migrated users
Mail arriving at FTGate for mailboxes that have been migrated will be delivered to the local mailbox as
normal. However, mail for mailboxes that have not yet been migrated must be sent to the old server.
To allow this the administrator must create a remote domain that will send the undeliverable mail to
the old server. This domain should be called something like "migrate.domain". The local domain
should then be configured such that mail for unknown users is piped to this domain.
During Migration
If the old mail server receives mail for a migrated user the user will not receive their mail. Thus it is
recommended that periodically, during the migration period, the "Check Mailboxes" button is clicked.
This will pull over any mail that is in the old system.
Finishing Migration
25
FTGateUsersGuide
When all the mailboxes have been migrated from the old system, the remote domain that delivers to
the old system can be removed, the undeliverable options in the local domain can be set to reject mail
and the Migration option can be disabled.
Migration Example:
A company (big-company.com) has an old POP3 mail server on an old PC that they wish to replace.
They have purchased a new server PC and a copy of FTGate and wish to migrate their old mail to the
new mail system.
The following steps should be followed:
Server Configuration
1. Install FTGate on the new machine
2. Create a local domain big-company.com (Creating Domains)
3. Create a remote domain big-company.old set its delivery mode to deliver immediately and
set the delivery host to be the IP address of the old server.
4. In the big-company.com domain set the mail for unknown users to deliver to the following
email address
*@big-company.com|big-company.old
5. In the big-company.com set the migration options to POP3 migration and enter the IP
address of the old server and a Migration message.
Client Configuration
1. Change the users inbound and outbound mail settings to be the new server address.
Completing Migration
When all the users mailboxes have been transferred the final stages of Migration can be completed.
1. In the big-company.com domain, undeliverable mail options set the mail for unknown
users to reject mail.
2. In the big-company.com domain, click the "Check mailboxes" button. This will pull over any
mail that arrived in the old system between the start of migration and completion of migration
3. In the big-company.com domain turn off migration
4. Delete the big-company.old domain
Migration is now complete and the mailbox and mail have been moved to the new FTGate system
Moving to a new server
To migrate, or move, FTGate to another machine without losing any mail or needing to re-configure,
follow these steps:
Old Machine
1. Go to Configuration/System, note where FTGate stores the backup files. This is where you
will find your latest backup file (.fdb)
2. Go to Configuration/Spooler, note where the Spool Path is located. This is where mail
messages are stored.
3. Stop FTGate
4. Backup the Spool folder
This information is the Configuration (database) of FTGate as well as the mail, log and archive
folders.
26
Installation
New Machine
1.
2.
3.
4.
5.
Copy the latest backup database file from the old machine to the new
Run the latest installer and select to restore a backup
Select the backup from step 1 and finish the wizard
After FTGate starts, stop it again
Copy the spool folder from the old machine to the new machine
Note that if the drives differ then the spool location will be different.
6. Start FTGate
Log in to Web Admin and check that the settings are OK.
Relay
FTGate as an MX relay
The Internet DNS system allows mail servers to designate which servers will accept mail for a
particular domain. Often it is desirable for an administrator to configure additional machines that will
accept mail and hold the mail for later delivery to the main server. This permits the administrator to
shut down the main server without the loss of incoming mail or in the event of a network problem,
store mail until the problem can be resolved.
FTGate permits two methods for configuring backup MX relays.
Administrator managed MX relay
In this type of relay the administrator manually configures FTGate with the domain names that will be
stored and relayed, and the location to which messages will be delivered.
Configuring a manual MX relay
1. Install FTGate onto the relay server
2. Create a Remote Domain in the name of the Domain to be relayed (Creating Domains)
3. Configure the new domain to deliver mail to the primary server (Remote Domains)
Auto-Cluster Managed MX Relay
This relay configuration allows the relay server to download its settings directly from the primary
FTGate server. Thus any changes to the primary server are reflected onto the relay server. This is
especially useful for hosting companies or ISP's who have many domains to manage and many relay
servers to configure.
See Also:
• AutoCluster Overview
FTGate as a DMZ server
Many organizations use a firewall configured with a DMZ to act as a connection point between the
LAN and the Internet. The DMZ allows services that must be available for connection to the Internet to
be seperated from the LAN portion of the network and thus prevent direct access from the Internet to
LAN machines.
27
FTGateUsersGuide
The use of the DMZ does raise the issue of how traffic will pass from the Internet to the LAN.
Using FTGate as a DMZ relay
FTGate can be placed in the DMZ and used to relay incoming mail from the Internet to a mail server
(FTGate or otherwise) in the LAN. In this configuration the SMTP filters ( PTR , SPF , RBL ,
HELO/ELHO ) and Anti-Virus can be used to verify the source of the messages before they are
passed to the LAN server. When used in this way there is no requirement for a direct connection
between the Internet and the LAN mail server.
To configure FTGate as a DMZ relay
1. Install FTGate on a machine in the DMZ
2. Configure external mail systems to send to the FTGate machine (either from your ISP or via
your MX DNS records)
3. Create a new Remote Domain in the name of your domain (Creating
Domains)
4. Configure the new Domain to send to the LAN based server (Remote Domains)
5. Configure the LAN based server to send its outbound mail to FTGate
6. Configure the IP Security for the SMTP server to automatically authenticate the LAN server
(Relay Control and Authentication)
Diagram
Upgrade
Upgrading from a previous version
Please select the version you wish to upgrade from
•
•
28
Upgrading from FTGateOffice or FTGatePro
Upgrading From FTGate4
Installation
Upgrading from older versions
The differences between the current version of FTGate and versions older than those listed above is
not supported. Your options should be set manually.
Upgrading from FTGateOffice or FTGatePro
This guide will take you through the steps required to upgrade your FTGateOffice/FTGatePro system
to FTGate2009.
We recommend that in order to make your upgrade experience as easy as possible you read this
guide carefully and watch the tutorial videos.
Watch the upgrade video
Pre-Installation Notes
FTGate has a completely new UBEBlock system. Your old training settings and filters WILL NOT be
imported. You should refer to the Filter Policies section for details on setting up and training your new
system.
FTGate will install a default filter policy. After installation you should check that the policy is suitable
and make any required changes.
FTGate has a completely new service security system based on security policies. See Security
Policies
FTGate requires that there be at least one local domain with one mailbox. This is used to control login
to the server. You may have multiple administrators over different accounts but you MUST have at
least one administrator. The system administrator login is the full email address of a user on the
FTGate server. You need to make sure you have a valid username and password AND be a member
of the System Administrators group in order to access WebAdmin (see Web Administration).
If you delete all local accounts, or all administrator mailboxes, FTGate will enter safe mode and report
the error "Any Admin override active". This allows any user to log in to the admin interface and
configure a new administrator for the system.
Robot mailboxes and Autoresponders have been removed and replaced by user mailboxes with
mailbox rules (see Mailbox Rules)
User Mailbox features for AutoResponse, Forwarding, Scripts and External Programs have been
moved to Mailbox Rules.
If you are installing on a Windows2000 server or Windows2003 servers you should stop the FTGate
LDAP service as it will conflict with the Windows LDAP service. See LDAP
If you are installing in Windows 2000 or Windows 2003 server then you will need to stop the Windows
"Simple Mail Transport Protocol" in the Windows Service Manager.
Review the client sign in change information: Logging Into FTGate
Upgrade Procedure
To perform the upgrade you should run the FTGate installer and when prompted select and
FTGateOffice or FTGatePro backup database and allow the wizard to complete.
Watch the upgrade video
29
FTGateUsersGuide
Post-Installation
The following items should be checked post installation
1. FTGate will reboot after the install and will begin to function. Should you wish to review all the
new settings with FTGate disabled you should go to Configuration/System and click the
Safe Mode button. FTGate can be restarted by click the Restart button which will return
FTGate to a functioning mode.
2. Security Policies: Check that the 3 security policies contain the correct IP address ranges for
your network and that the options enabled are correct for your needs.
3. Filter Policies: Check that the settings are acceptable and define UBEBlock training users.
Seed the training database with good messages. See UbeBlock Training UbeBlock Training
Notes
4. The root.login domain is only used to configure an administrator for log in purposes, it uses
one mailbox and can either be deleted or renamed. If it is to be deleted then a new
administrator should be added to the Configuration/Administrators section.
5. User Mail clients: In FTGate all Sign In names are the full email address. Thus your users will
have to alter their account settings in their mail clients and add the domain name to the end of
their login name. This is required to enforce security privileges.
6. All User Accounts except the administrator will all be using the Default User Privileges. You
may wish to alter the privilege settings to control various access rights.
7. Check the Outbox configuration. Specifically check:
Outbox/Connection/Hostname is set to either your host name or domain name (Hostname
configuration)
Outbox/Delivery/HOST 1 includes your ISP login if required (Outbound SMTP Authentication)
At this stage you should have a functioning server with all the new features of FTGate.
Upgrading From FTGate4
The upgrade from FTGate4 is very simple:
Watch the setup video
After installation you should:
1. Add a new filter rule to your filter policy to trigger on UBEBlock+ spam detection
2. Add a new filter rule to your filter policy to trigger on Stock Spam detection
30
Using FTGate
Common Tasks
Also see: Troubleshooting
General
•
•
•
Understanding Domains, Mailboxes and delivering mail
Mail Flow diagram
Problems logging into FTGate: See Logging Into FTGate (password errors)
Sending/Receiving via the Internet
•
•
•
•
Configuring FTGate to allow access from the Internet See Access from the Internet
Configuring FTGate to collect mail from an ISP POP3 mailbox. See SmartPop
Configuring FTGate to send mail to the Internet. See Sending Mail
Configuring FTGate to Authenticate with your ISP. See Outbound SMTP Authentication
Managing Mailboxes and Domains
•
•
•
Creating new mailboxes. See Mailbox Overview
Adding an alias for a mailbox. See Creating a Mailbox Alias
Creating a new Domain. See Domain Overview
Managing Filters
•
•
•
•
•
•
•
•
Configuring the FTGate spam filters: See UbeBlock Training
Bypassing the filter for good addresses: See White List
Bypassing the filters for known good words: See Safe Words
Banning addresses: See Black List
Banning words/Phrases from messages: See Word Filter, Phrase Filter
Banning attachment types: See Attachment Filter
Handling spam: See Filter Rules, UbeBlock Rating, UbeBlock Training,
UbeBlock Training Notes
Blocking Viruses: See Anti-Virus Overview
Backup and Restore
•
•
Backup and Restore
Moving to a new server
Trouble shooting
This page lists some of the common user problems and their resolution. If the problem is not listed on
this page then please check the index for any relevant material. This document also has a search
function.
31
FTGateUsersGuide
If you have still been unable to find the answer then please visit the support forums or send an email
to FTGate Support.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
UbeBlock is not blocking spam emails
I have upgraded from FTGateOffice/Pro and my users cannot login
A service will not start and reports "The specified address is already in use"
SSL Certificates
Unable to send to some domains
Messages to Hotmail and other domains are disappearing
Server EHLO message rejected with syntax error
How do I move FTGate to another machine
How do I backup FTGate
My users are getting a relaying denied error
I cant remember my WebAdmin user name or password, or I have deleted the admin account
What firewall ports do I need to open
How do I share folders
SmartPop delivery issues
"Bulk sends not allowed" error
"Message size exceeds administrative limit" error
UbeBlock is not blocking the spam emails
At installation the UBEBlock processor is disabled. This is because the basic training of UBEBlock
must be performed before it will work correctly and many users were not training it at all. To enable
UBEBlock rating of the messages perform the initial UbeBlock Training and then enable the filtering in
the filter policy options page.
I have just upgraded from FTGateOffice/Pro an my users cannot login
See: Logging Into FTGate (password errors)
A service will not start and reports "The specified address is already in use."
This is usually seen in the SMTP , LDAP or WebMail service but can be seen occasionally in the
other services. It is caused by another program running and using those ports. To resolve the issue
the running program must be located and stopped or the service moved to another port.
• SMTP:
The usual cause is the Microsoft Simple Mail Transport Service. To resolve this error open
the windows service control panel, stop the service and set its startup mode to disabled.
• WebMail:
This is usually cause by IIS. If you are not using the PC as a web server then you should
open the windows service control panel and then stop and disable the Web Publishing
Service. Additional information is available here.
• LDAP:
This is usually a problem on Windows 2003 servers because the Active Directory service
uses LDAP. In this case you must change the port used by the FTGate LDAP service and
alter the mail clients to use the new port.
SSL certificates
See: SSL self signed certificates
32
Using FTGate
I am unable to send to some domains, the mail sits in the outbox.
Many service providers will not accept mail from servers that have an invalid or incorrect hostname
configured for the HELO/EHLO SMTP command (Outbox/Connection). Your hostname should be the
name that will be resolved by a reverse lookup for your ip address, or at the very least a valid name
used in a DNS which resolves to your IP.
For example :
EHLO mx0.ftgate.com
lookup mx0.ftgate.com = 195.224.16.225
lookup 195.224.16.225 = 225.128-255.16.224.195.in-addr.arpa =
mx0.ftgate.com
So it resolves to the same address both ways. This is the correct way to have a host defined when
sending out using MX records. If both paths are not there then some servers will reject.
To configure this you will have to contact your ISP/DNS hosting company.
My messages to Hotmail are disappearing
This is the same cause as 3 above, however, Hotmail simply delete the messages without notification
to the server or recipient.
My server is having its EHLO command rejected with a syntax error message
Users of AVG anti-virus and Cisco PIX firewalls may have problems as these two products can be
configured to modify the EHLO/HELO message. They replace the EHLO command with XXXX which
causes the error. You must reconfigure these devices to allow the command through correctly.
How do I move FTGate to another machine
See: Moving to a new server
How do I backup FTGate
See: Backup and Restore
My users are getting a relaying denied error
See: Allowing users to relay through your server
I cant remember my WebAdmin user name or password
See: Lost administrator passwords
What firewall ports do I need to open?
See: Firewall ports
33
FTGateUsersGuide
How do I share folders and keep the mail on the server.
In order to share mail folders you must reconfigure your client application to connect to FTGate using
the IMAP protocol. The IMAP protocol stores the messages on the server with the client being used to
read/create messages but not to remove them from the server. The protocol allows for multiple folders
and access to shared folders. This also allows Outlook users to stop using PST files on the local PC
and allows an administrator to centralise the backup of mail.
SmartPop delivery issues
If you are having problems with SmartPop deliveries please check the following before requesting
support:
1. SmartPop overview: SmartPop
2. Reasons why problems may exist: SmartPop limitations
3. Duplicate delivery of messages: SmartPop Duplicate Delivery
4. General delivery problems: SmartPop delivery problems
When I try to send mail to an Outlook list I get a Bulk sends not allowed error
This is caused by the number of addresses in the messages header exceeding the limit set by the
administrator. You can change this in the SMTP tab of the global security policy together with the
settings for the maximum number of recipients for a message.
The bulk sends rejection relates specifically to the number of addresses appearing the in To, and CC
lines of the message header.
If you get this message it is because the email address of everyone you are sending to is in the
message header. Thus if you send to 35 people, every person who receives the message gets the
email address of the other 34. If you are in the UK or Europe we would strongly recommend that you
do not change this setting. Unless you have permission from each of them to distribute their details
you will be breaking the UK/EU data protection act and could face a heavy fine. We would
recommend moving the addresses into an FTGate mailing list, or contact list. These will send the
message as a BCC so none of the recipients get the details of any of the others.
My users are getting the message 'Message size exceeds administrative limit'
This limit is set in the security policy being used by the SMTP service in the SMTP tab
(Services/SMTP Service/Security, click on the Edit Service Policy Settings link).
General
Logging Into FTGate
In order to protect your valuable data from brute force sign in attacks FTGate requires that all sign in
attempts use the full email address of the user. Failure to do this will result in mail clients reporting
password errors.
Tip:
If you previously signed in using the name "fred" and your domain is "mydomain.com" you
will now be required to sign in using "fred@mydomain.com"
Tip:
If your email client cannot use the @ character for SMTP and POP3 login then you should
34
Using FTGate
use the # character instead.
POP3 Low security option
You can maintain user login with just the username by enabling the "Low Security" option in the POP3
service settings. This option is available if there is only one local domain configured. Thus users with
a "root.login" domain must delete that domain before "low security" login can be performed. With the
"low security" option selected users can still use the high security login described in the above
paragraph. This allows users to be transferred to the new high security login before the option is
disabled.
Tip:
If you delete the root.login domain that was created by the installer then you will need to
define a new administrator. See Web Administration
Mail Flow
Mail is received by FTGate via either SMTP or SmartPop. It is then processed through the spooler,
virus and spam filters before being passed to either a local domain and mailbox (awaiting user
collection), the Outbox (to be sent to the internet), or a Remote Domain (to be sent to a different
private server).
This diagram shows how mail flows through FTGate.
35
FTGateUsersGuide
Undeliverable Mail
It is common for mail to be sent to a domain that is either incorrectly addressed or deliberately sent to
a random user name. Local Domains allow the administrator to determine what action should be
taken with incorrectly addressed mail.
Available options
1.
2.
3.
4.
5.
Reject the message and send a customised response
Send the message to the postmaster
Send the message to the postmaster as an attachment
Forward the message to the internet
Forward the message to another address
Note:
Forward the message to the internet (Option 4) will return the message to the internet as if
it were being sent from your server. This has the potential to cause a loop as your ISP may
deliver the message back to FTGate. This option should be used with caution.
Note:
If the Undeliverable Mail action is set to Reject, and mail is delivered to the server using
36
Using FTGate
SMTP , then the message will be rejected by the SMTP server and the rejection message
will not be sent. The message sent to the originator will depend on the settings of the
server sending to FTGate over which you have no control.
Connection Types
There are three ways that FTGate can be connected to the Internet:
1. [LAN]
Via a permanent LAN based connection (Broadband, Leased Line, Fibre etc)
2. [Proxy/Router]
Via an external Router Modem or Proxy device
3. Profile
Via a dial up modem installed in the PC
Each of these options is supported through the selection of the appropriate profile in the
Configuration/Network page.
See also:
• Dialling the Internet
• Sending Mail
• Receiving Mail
IMAP Considerations
FTGate has been tested with the following IMAP clients:
Client
IDLE
Outlook Express
X
Outlook
2002/XP
KMail
Ximian Evolution
The Bat!
Eudora
Thunderbird
Mulberry
X
Handles NIL
messages (i)
Deleted
notification
Deleted
Notification
X
Error dialog
X
X
X
X
NOOP
Updates
N/A
XTRASH (ii)
N/A
X
X
X
X
X
X
X
X
Error Dialog
N/A
X
X
Nil messages
(i) Handling of Nil Messages
The IMAP protocol requires that a server does not delete any message from the server until all
connected clients have been notified of its removal. This is to permit clients to request the message
contents of deleted messages. There is no facility in IMAP to tell a client that a message has been
deleted and thus the request cannot be honoured.
Thus the following is correct using the IMAP protocol:
1. Client A connects to a folder, there are 200 messages
2. Client B and C connect to the same folder
All clients see 200 messages
3. All clients use FETCH and STORE but never do an operation that allows notification of
expunged messages, or at least not often enough to count.
4. Client A deletes the first 100 messages
5. Client B deletes the second 100 messages
6. Now client B, after expunging, gets told that the first 100 AND the second 100 are deleted
37
FTGateUsersGuide
7. So the three clients now see the following:
Client C sees 200 messages and can access them all
Client A Sees 100 messages and can access those 100
Client B sees no messages and cannot access any
8. This can persist for an indefinite period of time
FTGate Technology believe that this is contrary to the whole concept of shared folders, and that there
is little point in sharing a folder if all the clients can potentially have different views of it. Thus FTGate
will remove messages from the server at the time that the FIRST client EXPUNGEs the message.
This may result in clients that do not synchronize frequently showing either blank content or an error
message (see table for handling).
Clients that support the IDLE command will not suffer from any of these problems and all views of the
folder should remain concurrently correct.
(ii) Handling of XTRASH
FTGate supports an XTRASH IMAP extension that is an experimental FTGate only extension.
Configuration of this option is only available through WebAdmin , WebMail and SolSight. There is no
third party support for this extension expected.
This extension modified the standard IMAP handling such that rather than "flag as delete and then
expunge", FTGate will move messages that are marked as deleted in to a specified trash folder. It will
then Expunge the folder, removing the messages. All connected clients will be notified of the changes
when possible, see (i) above.
Limitations: Mail in shared folder will not be subjected to trash can operation, these messages will
default to the IMAP delete/expunge model as there is no shared trash can.
(iia) The XTRASH command
The XTRASH command will be announced by the text XTRASH on the CAPABILITY line of the IMAP
server response.
C: CAPABILITY
S: OK CAPABILITY .... XTRASH ...
Obtaining the current trash folder
C: XTRASH
S: * XTRASH "current trash folder"
S: OK XTRASH COMPLETED
Setting/disabling the current trash folder
C: XSETTRASH "new trash folder"
S: * XTRASH "current trash folder"
S: OK XSETTRASH COMPLETED
Setting the new trash folder to a blank string will disable trashcan operation.
Forwarding Messages
When messages arrive in a users mailbox it is often required that the message is sent or copied to
another address. This is performed with mailbox Inbox Rules.
The following steps are used to create a forwarding rule.
38
Using FTGate
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
Open the users mailbox in WebAdmin or WebMail
Go to the Inbox Rules page
Type the name of the new rule e.g. forwarding to joe
Click add
Click on the new rule
Check the apply to all messages box
Change to the Actions tab
Check Forward to the following address
Enter the required address e.g. joe@soap.com
If you want to have the message deleted after forwarding, check the delete message option
Check the Rule Enabled option
Click Save
This rule will forward all mail arriving in the mailbox to joes email address.
Macro Expansion
FTGate includes some expandable macros that can be used to make the message body specific to a
particular message condition or mailbox as follows:
Details from the original message:
$SUBJECT$
$FROMADDRESS$
$TOADDRESS$"
$FROMNAME$"
$TONAME$"
$RCPTADDR$"
$SUBJECT$"
$HEADER$"
Virus message:
$FILE$
$VIRUS$
Mailbox
$MAILBOX$
$NAME$
$ADDRESS$
$COMMONNAME$
Group mailbox tracking message:
$TRACKING$
List mailbox messages when in distribution list mode
$NAME$
$ADDRESS$
Anti-Spoofing
FTGate implements strong anti-spoofing features. This means that it will not accept mail from any
address that it hosts unless the connection is authenticated by SMTP or the Security Policy AA flag.
450 4.7.1 Please authenticate and try again (#3.21)
If a user gets this error then they must enable SMTP authentication in their mail client.
39
FTGateUsersGuide
If an automated machine causes this error then add the address of the sending machine to the Global
Security Policy with the following options:
Address: whatever
Mask: 255.255.255.255
Flags: PA and AA
If neither of the above are appropriate then you must enable spoofing in the security policy options.
See Also:
• Security Policy Options
Send and Receive
Receiving Mail
Mail is received by FTGate in one of two ways; SMTP or SmartPop .
SMTP
SMTP is used to send mail from your mail client to the mail server and then from the mail server to the
ISP or the rest of the internet. It is a protocol designed for sending messages between two servers
and as such, if you can have your mail delivered to your server using SMTP, this will offer the best
performance and reliability.
The SMTP service can also be used to filter mail to prevent UBE mail entering your server.
See Also:
• Managing Services and Security Policies
• Outbox
• Remote Domains
• RBL Sites
• SPF
SmartPop
SmartPop is a POP3 client that can connect to a remote ISP POP3 mailbox and then download and
deliver mail.
See Also:
• SmartPop
Outbound SMTP Auth
Outbound SMTP authentication is achieved by extending the ISP SMTP host entry in either the
Outbox /Delivery page or a Remote Domain /Delivery page. Outbound authentication is not
available when using MX delivery options.
The format is:
host address[:host port][; login id;password]
e.g. mail.isp.com:25;fred;mypassword
bracketed items are optional.
40
Using FTGate
Sending Mail
FTGate sends outbound mail using SMTP /ESMTP.
Mail that is intended to be delivered to general recipients on the internet is sent through the Outbox .
Mail for specific domains that are not hosted can be sent through a Remote Domain .
See Also:
• Outbox
• Remote Domains
• Outbound SMTP Authentication
SmartPop
FTGate includes SmartPop which is a technology which allows FTGate to collect mail from an ISP's
POP3 mailbox and be able to correctly deliver almost any message without the user needing to make
any configuration choices beyond turning SmartPop on.
When delivering messages in its automatic mode SmartPop can do the following:
1. Deliver messages for users who have mailboxes directly to them and prevent duplicates from
being delivered.
2. Deliver mail for unknown users of a local domain in accordance with the configured domain
settings which includes bouncing the email with an undeliverable report.
3. Return incorrectly addressed email as undeliverable or send it to a special recipient.
FTGate also includes the option to bounce mail that is too large, thus preventing FTGate from using
up too much bandwidth and telling the original sender why their message was not delivered.
These changes now give SmartPop the same flexibility of delivery as SMTP .
See Also
• Configuring SmartPop
• Delivering SmartPop mail to a single user
• Delivering SmartPop mail to domain users
• SmartPop limitations
Signatures/Disclaimers
A domain wide signature can be added to all outgoing mail.
To configure the signature you should go to the Domain/Signature property page, enter a signature
and enable the signature.
Signatures will be attached to the first text and first HTML section in a message.
Signatures will only be applied to messages that go through the outbox . Messages to other local
domains or remote domains will not have the signatures applied.
See:Domains/General
Remote Domains
A Remote Domain functions as an Outbox but contains mail only for a specific domain.
To create a remote domain see Creating Domains.
41
FTGateUsersGuide
To configure a Remote Domain for direct delivery to an IP Address
If a dial up profile is to be used see Dialling the Internet
1. In Domain List, click Domains
2. In Hosted Domains, click on the appropriate Domain Name
3. In Connection Options / Network Profile, select the required profile, [LAN] or
[Proxy/Router]
4. In Delivery Mode, select Immediately
5. In Host name, enter your Domain Name
6. Click Apply
7. Click Delivery
8. In Delivery Route, select SMTP Hosts
9. In SMTP Hosts / Host1, enter the IP address of the remote host
10. Click Apply
Tip:
The host name can consist of several parts, some of which are optional:
host address[:port][; login id;password]
This shows that you must specify the host address and that you can optionally supply a
port and login information.
e.g.
If you wished to connect to a server called mail.me.com on port 345 you would specify a
host name of
mail.me.com:345
To connect to the same server and login as 'bob@mail.me.com' with a password of 'eggs'
you would specify
mail.me.com:345;bob@mail.me.com;eggs
To configure Remote Domain for direct delivery via MX Records
MX delivery is not recommended over dial up connections (*). A suitable DNS server will be required
for correct delivery of mail (DNS).
1.
2.
3.
4.
5.
6.
7.
8.
9.
Select a domain
In Connection Options / Network Profile, select [LAN] or [Proxy/Router]
In Delivery Mode, select Immediately
In Host name, enter your Domain Name (**)
Click Apply
Click Delivery
In Delivery Route, select MX Hosts
In If delivery fails, select Hold mail in queue for later delivery
Click Apply
NOTES
* MANY ISPS WILL NOT PERMIT MX DELIVERY THROUGH THEIR NETWORK DUE TO MISUSE AS A SOURCE OF
SPAM.
** MANY SERVERS WILL NOT ACCEPT MAIL FROM SERVERS WITH AN INCORRECT HOST NAME.
Greylisting Delays
If you have reached this page due to an error return on a message that you have sent then you
should contact your hosting server, or network advisor and request that they fix their mail system.
42
Using FTGate
Your message has been bounced in error by your outbound mail server which should have, in
accordance with RFC2821, queued your message for retry.
The response code
450-4.7.1 Server busy please try again later
is an instruction to your outbound mail system that there is no error in transmission but the receiving
server is currently unable to process the request and it should try again after a short delay, typically
around 30 minutes (as recommended by RFC2821).
This response in not an error code (which would start with a 5) but a temporary delay caused by
Greylisting.
THIS IS NOT AN ERROR OF THE RECEIVING SERVER.
Additional references:
Greylisting in FTGate
For the original Greylisting whitepaper please see this whitepaper by Evan Harris:
http://projects.puremagic.com/greylisting/whitepaper.html
Additional information is available here: http://www.greylisting.org/
Wiki: http://en.wikipedia.org/wiki/Greylisting
Accessing FTGate from the Internet
FTGate is by default configured to allow SMTP access from the internet.
There are two ways that FTGate can be connected to the Internet:
FTGate has a fixed valid internet address
In this case you should be able to access FTGate from the internet using either the IP address of
FTGate or its name.
e.g. 195.124.124.189 or myserver.mydomain.com
If external servers are unable to access FTGate on port 25 then you should check the following:
1. Your network firewall is open on port 25 for external connections
2. Your Windows firewall is open on port 25 (it is better to add an exclusion for FTGate on all
ports).
Note: Each security policy has a dedicated address range for the internet that is listed as WAN. This
contains the settings used when FTGate is accessed by any machine whose IP address is not listed
in any other range.
FTGate is behind a NAT router
If your FTGate machine is behind a NAT router, and has an IP address that is either 192.168.x.x or
10.x.x.x, then you then you should check the following:
43
FTGateUsersGuide
1. Your NAT router has port forwarding enabled on port 25 from the Internet to the LAN address
of FTGate.
2. Your Network Router/firewall is open on port 25 for external connections
3. Your Windows firewall is open on port 25 (it is better to add an exclusion for FTGate on all
ports).
If you are behind a NAT firewall then there are additional steps you should take with FTGate to
prevent your server becoming an open relay. You should determine the NAT IP address of your NAT
router (which has the port forwarding) and add it to the "Global Security Policy" with only the PA flag
set.
e.g. 192.168.1.124/255.255.255.255 with PA flag set
See Also:
• FTGate behind a NAT router/firewall
Accessing other services from the Internet
If you wish to access POP3/IMAP/WebMail from the internet then you must change the security policy
used by the appropriate service to be the "Global security Policy"
Getting the mail to FTGate
After you have configured FTGate and your network to allow connections to FTGate you must then
arrange for mail to be delivered to FTGate directly from other servers:
1. You must verify with your ISP that they allow delivery of mail from the Internet to your
address, some ISP's do not permit mail to be delivered directly to your server.
2. Your ISP will deliver all the mail that is for your domain to your address
or
3. You must update your DNS server to include MX records specifying the IP address of FTGate
is to handle mail for your domain. You should contact you DNS hosting company or ISP
regarding this.
Note: If your ISP is delivering mail from their machines directly to your machine then you cannot use
the options for Greylisting, SPF Validation, or PTR validation.
Management
Web Administration
In order to use Web Administration a user must have an account in FTGate and that account must be
a member of the system administrators. The system administrators are defined on the
Configuration/Administrators page
Tip:
If you enter a group User ID , then all members of that group will also have access to the
WebAdmin Interface.
Tip:
If you delete an administrators mailbox they lose all access rights and will no longer be an
44
Using FTGate
administrator. Creating a new mailbox in the name of the old administrator will not restore
their rights as the mailbox will have a different security id.
See Also:
Access Control Lists (ACL)
•
Activating a Licence Key
NOTE: ACTIVATING A LICENCE KEY ON TWO SERVERS IS A VIOLATION OF THE EULA AND FTGATE
TECHNOLOGY RESERVE THE RIGHT TO DISABLE A SERVER SHOULD ITS LICENCE BE ACTIVATED ON A DIFFERENT
SERVER.
Activation of FTGate is a requirement of using this software. The procedure is simple using a Wizard.
If there are any problems during activation, then please contact support@ftgate.com describing your
problem and including a copy of your log file and your registration licence key.
See Also:
• Registering and Activating Licences
Activation FAQ
•
•
•
•
•
•
When do I need to activate?
You need to activate an FTGate server when you install it for the first time, move FTGate to a
different machine or re-install the operating system.
How do I reactivate after moving the server?
To reactivate your server on the new hardware you should follow the original activation
procedure.
Can I reactivate under a different account/email address?
No once a licence has been activated it cannot be moved to a different registered user.
However, you can alter your registration settings including the email address and password
from the members wesbite.
Do I need to contact FTGate Technology in order to reactivate?
There is no limit to the number of auto activations you can make. However, You can only
reactivate manually 3 times without having to contact FTGate Technology. This allows a
system admin to create a new server in the event of a severe failure. However, after the third
activation you will have to contact us to reset the system for you.
What can I do if I have lost my members account password?
If you visit the members website there is a link for lost passwords. Following this link will
cause the password to be emailed to your account.
My server has stopped what can I do?
If you stop and restart FTGate it will run for one hour before stopping, this will allow you to
continue while you activate the server.
Lost administrator passwords
When the software was installed one of the email accounts created on the server was set to be the
administrator. In order to log into the WebAdmin service you need to use the email address and
password of the account that was set as the administrator.
In the event that the none of the administrators can remember their passwords it is necessary to
override the login protection of WebAdmin. In order to prevent this being a trivial action, and thus
rendering the use of the user account and password meaningless it is necessary to have the user
45
FTGateUsersGuide
take an action that only a system administrator can perform, thus ensuring that the person making the
changes is actually authorised to do so.
Login Security Override
To override the security in FTGate you should:
1.
2.
3.
4.
5.
6.
Click Start
Click Run
Type RegEdit
Click Enter
Open the tree HKEY_LOCAL_MACHINE/SOFTWARE/FTGate Technology/FTGate
Right click in the right hand pane and create a new DWORD entry called "AnyLogin" with the
value of 1
7. Exit RegEdit
8. Restart FTGate
FTGate will then start up in suspended mode with the Admin login security disabled, you can click
sign in and you will be allowed in. We recommend that the first priority is to go to the
Configuration/Administration page and enter the email address of a new administrator into the list.
The new administrator will then be able to log into WebAdmin using their normal email address and
password.
The new key will be removed at login, so the next time FTGate is restarted the administration override
will be removed.
See Also: Web Administration
Emergency Recovery
Suspended mode.
You can force FTGate into a suspended mode with the following script placed in the startup.fts file in
the scriptlib folder
<%
var s= new server.system
s.suspend()
%>
Safe Mode
When in Safe-Mode FTGate will stop all processing all services except for WebAdmin . This can be
useful when trying to resolve issues that are preventing FTGate from running correctly.
You can also force FTGate into suspended mode using a startup script or the registry (see
Emergency Recovery)
46
Using FTGate
Database support
FTGate supports data storage in either its own database or in an ODBC database.
[currently tested with MySql and MSSql]
To configure FTGate for ODBC database operation you need to do the following:
1.
2.
3.
4.
5.
6.
7.
8.
Install the database software on the machine that is to host the database
Create a database called FTGate
Open the ODBC database configuration tool in the windows control panel
Create a new SYSTEM DSN called FTGate and attach it to the database provider and set it
to select the FTGate Database (from step 2 above)..
Remove the contents of the FTGate Config folder.
Create a text file called ftgatedb.dat
Edit the file to contain the following
<dbconfig>
<provider>
DBTYPE
</provider>
<dsn>
ftgate
</dsn>
<password>
database_password
</password>
<username>
database_access_username
</username>
</dbconfig>
Set DBTYPE to be either MySql or MsSql depending on the database type you are using.
SQL Based Mailing Lists
FTGate allows administrators to create a database from an external database of addresses held in an
SQL database.
To use an external SQL list you need to configure a DSN connection and an SQL statement that will
retrieve the addresses for the message. The DSN MUST be a system DSN.
The SQL query results must contain the columns 'Name' and 'Address'. Thus if the database does not
contain these columns the SQL statement should create them in the returned data set.
See: Members
Permissions/Access rights
Various objects in FTGate can be shared among users. These are:
• User Folders
• Address Books
• Calendars
• Tasks
These level of access to these objects can be restricted by giving the users permissions. There are
five levels of access:
Access Level
Description
47
FTGateUsersGuide
Read/Write
All: Users can see the
contents of the object
In addition to the above:
Read/Write/Create
Folder: Users can set
message flags.
Other: modify the details.
In addition to the above:
Read/Write/Create/Delete
Folder: Users can move
messages into the folder
Other: Users can create
contacts/events/tasks in the
object
In addition to the above:
Read/Write/Create/Delete/Manage
All: Users can delete the
contents of the object
In addition to the above:
Read
All: Users can share the
object with others.
There are also some administration level access rights for:
• Quarantine folder
• Local domain UbeBlock training folders
• Access to Web Admin (System Administrators)
Customising SolSight Web
FTGate2009 allows for a very simple method of customising the initial welcome screens and logos
used in the user interface.
Process
1. Locate the folder Webs5/assets
2. Copy the contents to a new folder (this is to prevent your logos being overwritten if we update
our logos)
3. Replace the logo files with your own matching files. Keep the names and dimensions the
same.
4. In the Services/WebMail Interface/virtuals add a new entry
url: /assets
path: the path to your files (e.g. c:\program files\ftgate2009\myassets)
5. test your changes
Security Policies
Security Policies
Each service in FTGate is controlled by a security policy. The policy specifies the top level control of
the service. In the Policy you can specify, by IP address and range, the authentication and relay
options available to users of your server.
48
Using FTGate
By default there are three policies, users can create further policies as required:
•
LAN security Policy
By default this policy is used by all services that are normally accessed by the LAN users (
POP3 IMAP4 LDAP WebMail Connector ) which can be considered to be trusted
connections.
•
WebAdmin Policy
By default this is used by the WebAdmin . A separate policy is used for WebAdmin to reduce
the possibility that a configuration mistake will lock the administrator out of the WebAdmin
interface. Extreme caution should be used when changing this policy.
•
Global Security Policy
By default this policy is used by all SMTP services, it contains settings that are suitable for
machines connecting from the internet and are not from trusted sources.
Each service that uses a policy has the same security settings. Thus an address banned in a specific
policy is banned in all services that use that policy. Each service may only use one policy but a policy
can be shared among more than one service.
A policy consists of two parts; An address list, that specifies how different IP addresses should be
handled, and a group of settings for each service type.
The addresses are selected in order of priority, the priority is simply the number of bits set in the mask
field. Thus if an address matches two entries, the one with the most bits set in the mask will be used.
The following describes the flags used in the Address fields:
Flag
PA
Name
Permit Access
AA
Automatic Authentication
AS
Permit SMTP Autentication
AM
Permit Authentication by
mailbox access
AR
Allow Relaying
RBL
Reject connections with RBL
entries.
BAN
Allow Addresses to be
blacklisted.
Limit login attempts/ SMTP
Errors
LL
Function
If this flag is set an IP address has access, otherwise it
is rejected.
If this flag is set the connection is assumed to be
authenticated. For SMTP it is the equivalent of a
successful AUTH command sequence having been
completed. It will not effect service that require a login .
ote that setting this flag on the WAN address range of
the Global security policy will make your server an
Open Relay
This flag permits machines in this address range to
issue SMTP AUTH commands and authenticate
against the server. If the flag is clear NO machines in
this range can authenticate.
This flag checks to see if any valid logins to either
POP3/IMAP have occurred in the last 5 minutes, if so
the connection is assumed to be authenticated.
This flag enables authenticated users to relay mail
through the server. If this flag is clear then machines in
this address range will NEVER relay.
This flag causes all connections from within the
specified address range to be validated against the
RBL server list specified elsewhere. If the address is
found the connection will be rejected.
If this flag is set, any connections that attempt a
detectable DOS attack will be auto banned
If this flag is set IP addresses will be prevented from
trying multiple login attempts (default 5). This protects
against attempts at brute force password breaking.
Each bad login is counted from each specific address
regardless of the service type. So if I do bad login's for
49
FTGateUsersGuide
BL
Blacklisted Address
PTR
Reject connection with invalid
DNS PTR records
Validate HELO command is
valid
Use greylist
Validate senders address
against domains SPF data
HE
GL
SPF
2xPOP3, 2xIMAP and 1xSMTP I get banned.
This option also triggers protection against SMTP bad
addresses. If this option is enabled the sending
client/server will be banned after the specified number
of bad recipients. The ban period is defined elsewhere
in the policy.
If this flag is set the address is considered aggressively
blacklisted. This flag is usually only set by the autoban
option (above). Connections from blacklisted
addresses are automatically denied.
This option will check that the IP address of the
connected computer has a valid PTR record.
This option validates the HELO domain and ensures
that it is correctly formatted and it is not an IP address.
See: Greylisting
This option will validate the senders email address
against the SPF records for the domain of the sender.
If the address is not in the valid range then the
message will be rejected. If a domain does not publish
SPF data then the message will be accepted.
Relay Control and Authentication
In order to prevent unauthorized use of your mail server, FTGate has a series of controls that can be
used to limit both the amount of access and the relay abilities of those that access your SMTP Server.
Relaying is the condition in which the recipient of the message is not hosted on your server and
usually only occurs if either one of your users sends an outbound message (authorised use) or a
spammer is trying to use your server to hide the original source of their unwanted messages
(unauthorized use).
Security Policy IP Options
To control access to the SMTP server you need to configure the following flags for the address range
you wish to control.
PA
(Permit
Access)
AA
(Auto
Authenticate)
AS
(Authenticate
by SMTP)
AM
(Authenticate
by Mailbox)
AR
(Authenticated
Relaying)
Setting this flag will allow an address within the address range to connect to the
server
This setting will consider all connections from within the address range to be
authenticated, however access to facilities that require specific mailbox
privileges will NOT be granted without further authentication.
This flag will cause the SMTP server to permit access to the SMTP
authentication protocol functions. If this flag is cleared then no mailbox
authentication will be possible.
This flag will cause the connection to be considered authenticated if a recent
mailbox access was made from the connected IP address. This does not give
access to facilities that require specific mailbox privileges.
This flag will enable authenticated users to relay though the server.
If the AR flag is cleared , then no relaying is possible. If the AR flag is set but the AA, AS and AM
flags are cleared then again no relaying is possible.
50
Using FTGate
NOTE: SETTING THE AR AND AA FLAGS ON AN ADDRESS RANGE WILL GRANT THAT ADDRESS RANGE
UNRESTRICTED RELAYING AND SHOULD BE AVOIDED UNLESS THE IP RANGE IS TRUSTED NOT TO ABUSE THE
PRIVILEGE.
Authentication Controls
The security policy has a section specifically for the SMTP server. In the SMTP Authentication section
the administrator can specify whether the authentication mechanism should check the attempted
authentication against a hosted mailbox or against the explicitly specified entries.
If the explicit entries method is used then users will have to match the details entered in the policy.
However, while the users will be able to relay they will not be able to access any facilities that require
specific mailbox authentication.
Service access control
Each service has an access control list available. If this list is enabled then the service can only be
used by users who authenticate with a specific mailbox and password, other users will be rejected.
Thus if the access control list is enabled, and the AS flag is not set, no users will be able to access
the system.
Senders MAIL FROM Address control
In most circumstances administrators will desire that the senders from address of a message matches
the authenticated address for the connection. This ensures that an account is not hijacked because of
poor password choice. The domain privileges offer control over the permitted from address of a
message and can be set such that:
1. The from address must match the authenticated address
2. The from address must be from the same domain as the authenticated address (note that it
does not have to be a valid mailbox name).
3. The from address can be any address and does not have to match any part of the
authenticated address.
If the connection is authenticated with either the AM, AS or the explicit authentication options then
there are no checks made on the from address.
Note that the from address in the message is not checked as there are many legitimate reasons why
the message header might have a different from address. However, it is desirable for the SMTP
session "MAIL FROM" address to match the authenticated address.
Summary
FTGate offers a wide range of flexible options for authentication and relay control. In its default
configuration it is not possible for unauthorized users to relay though the server. It is recommended
that administrators carefully consider the possible consequences before changing the authentication
and relay options.
See:
•
•
•
•
Security Policies
Security Policy Management
Policy Access Rights
Configuring LAN access
51
FTGateUsersGuide
Access Control Lists
Access to all the resources in FTGate are controlled by Access Control Lists (ACL). An ACL consists
of a set of one or more local account Id's (email addresses) and some access rights associated with
them.
If an email address is a member of an ACL then it may access the resource which is controlled by the
ACL. For example the WebAdmin interface can only be accessed by members of the System Admin
ACL, or a shared folder can only be accessed by users who are in the shared folders ACL.
Some ACL lists do not have any options to limit their access. For example all members of the System
Admin ACL can access WebAdmin with no restrictions, while a folder user may only have read
access to a folder, in which case they will be unable to delete or otherwise change the folders
contents.
If a group address is added to an ACL then all members of that group have access with the rights
associated to that group. Thus if the sales group has read access to the sales contact list then all
members of the sales group also have read access to the contact list.
ACL conflicts
ACL conflicts occur if a user who is a member has access to a resource via more than one ACL entry,
for example if they are in two groups that are both listed in the ACL. In this case the user is assigned
the highest access rights for the resource.
Configuring LAN access
By default FTGate creates a LAN security policy which it assigns to all the services that are usually
used by LAN users rather than WAN users. Thus this policy is by default selected for POP3 , IMAP4 ,
LDAP , WebMail , and the Connector .
Should a service require WAN access, it is recommended that the policy for that service be changed
to the Global policy rather than modifying the LAN policy. This will prevent confusion over which
addresses can access which service.
SSL
SSL Description
SSL is a protocol that permits secure communication between two computers. The servers use
certificates to identify themselves and verify that they are who they say they are. This protocol is
widely used in web pages to allow secure banking and shopping over the Internet.
TLS is essentially the same as SSL, the only difference is that it is a mechanism by which a
connection can be transferred from being insecure to secure at the request of the connected
computer. For example: a mail client can be connected in a none secure mode to port 25 of a server
and then start a TLS session which will then encrypt the rest of the data using SSL.
SSL Support in FTGate
FTGate supports SSL and TLS on the following.
52
Using FTGate
Feature
SMTP Server
SMTP Send
HTML Server
POP3 Server
SmartPop
Connector Server
Replication Client
SSL
X
X
X
X
X
X
X
TLS
X
X
X
X
Services that support TLS have the option of requiring that TLS be selected. If the client does not
switch to TLS then the connection is rejected.
Installing a self signed certificate
See: SSL self signed certificates
Configuring SSL
After installing a certificate, configuration of the service or client is simple.
1. Go to the Service or client page
2. Select the encryption type and select the certificate
3. Stop and start the service or client.
Internet Explorer and SSL attachment problems
Some users experience problems when attempting to download attachments from FTGate when
using SSL. These problems are due to the security options set in Internet Explorer.
To resolve the problem open Internet Explorer and in Tools/internet options/advanced, under the
security section, clear the check the box Do not save encrypted pages to disk.
SSL self signed certificates
In order to use SSL or TLS for any service you must install a server certificate. This can be done by
purchasing a certificate from a trusted certificate vendor or by installing a self signed certificate.
53
FTGateUsersGuide
A self signed certificate allows secure communication without the cost of purchasing a certificate.
However, the certificate cannot be verified by a users client or browser and will display a warning. The
user must then select to continue with the certificate despite the trust warning.
Creating a self signed certificate
We have often been asked why we do not supply a certificate that can be installed on your PC to run
WebMail etc.
There are various reasons but the main one is that you should use a real certificate that is unique to
your installation.
It is simple to do this and to make life easier we have put the required files into a self extracting zip file
and included a batch file to run in order to create and install a self signed certificate. You can then use
this certificate in FTGate.
Please note that using SSL does slow down all services that use it due to the overhead of encryption.
So if you only use a service over the LAN there is no point in using SSL.
You can download the zip from here:
Download the file and run it, store the files in a known location.
Then use the DOS command box to run the batch file with a single argument with the server domain
name you wish to use. e.g.
cert www.myserver.com
This will create and install a certificate called www.myserver.com
You should make this name the hostname of your computer as typed in your browser.
Filtering, Anti-Spam, Anti-Virus
Overview
FTGate has comprehensive filtering tools to help you combat spam, viruses and other malicious
messages.
These policies allow each domain to have either its own or a shared policy that will control how mail
for the domain is handled.
This allows filtering on a variety of options including:
• email address
• message content
• attachments
Filters may be applied to one or more domains. Each domain that shares a filter will share the
settings, filtering options and the result of any UBEBlock training that may occur.
A Filter can also be applied to SMTP, in which case the filter options will be used to accept or reject
the message:
• Black list
• White list
• Prohibited Words
• Prohibited Phrases
See Also:
• Setting up spam filtering
• Minimising Spam
54
Using FTGate
•
•
•
•
•
•
•
•
•
•
•
•
Whitelisting
Greylisting
Whitehosting
Blacklisting
Filter Rules
Safe Words
SPF Validation
SPF
UBEBlock Rating
UbeBlock Training
UbeBlock Training Notes
Anti-Virus Overview
Setting up junk filtering
[This document is based on V5.1]
[Note examples use mycompany.com as the domain, please replace with your own domain name and
not just copy the examples!]
In order to achieve the best possible filtering of junk, viruses and spam, from mail, FTGate has a
layered approach to the problem of identifying junk messages.
Layer 1 - SMTP
SMTP is the way that mail should be moved around the internet (its how you mail client sends mail to
FTGate and how FTGate sends mail to the internet).
When mail arrives using SMTP there are various pieces of information available to FTGate for it to
determine whether the message is from a real sender or is likely to be from a source of junk:
•
•
•
•
IP address:
Are they a known spammer (RBL list)
Do they have a correct retry policy or are they a trojan infected machine (greylisting)
Do they have a valid reverse pointer (PTR) all real servers should have this.
Hostname (HELO):
Did they sign on using a valid host name which is correct for their IP address
Senders address:
Is the IP address listed as a valid address for the domain (SPF Lists)
Header data:
Is the header valid
These tests usually give a very definite indicator of junk. While it is simple for a real sender to set
these items to be correct, senders of junk mail and trojans find it very hard to get these things correct,
and in the case of SPF, if the records are configured correctly it is not possible for a fake the
authenticity of messages being sent.
Layer 2 - Text based filtering
The layer one filtering can eliminate 99% of all junk mail. The remaining mail can be filtered fairly
simply using the remaining filter options. At this stage the message has been received and it looks
like its a valid message in that there is nothing suspect about the sender, so we now have to perform
analysis of the text.
FTGate performs several levels of text analysis on the messages:
55
FTGateUsersGuide
•
•
•
UBEBlock+
Message URL's - does the message link to any known junk sites
Is the header suspect
Does the message have any known pattern that looks like junk
Stock Filter
Does the message match a standard stock option advert
Content Analysis
Does the message violate any rules that may indicate it is junk
Layer 2 based filtering is never as effective as layer one because it is not difficult to create a junk mail
message that looks like a real message to a computer program. Valid mailing lists that users often
want to read look very like junk. If it were sent to a user other than the intended recipient it would be
classed as junk. Thus filtering at this level will always be less effective than filtering at level 1.
Note: Layer 2 filtering can remove all the junk. However, the more effective it becomes at removing
junk, the higher the chance that a valid message will get blocked.
Mail delivery
Many users when they start using the filtering are surprised when we ask whether they collect their
mail using SmartPop or have it delivered using SMTP. You can see from the above two layers that it
is an important question. If you have your mail sent directly to your server from the internet, then the
chances of correctly identifying and blocking junk are very high. However, if you collect you mail using
SmartPop from a POP3 mailbox at your ISP you have effectively given the Layer 1 filtering to your
ISP, if they do not perform any filtering then you just have to do the best you can at layer 2.
Setting it up
So you have just set up your server and want to eliminate the junk. What do you have to do?
Level 1
If you get your mail delivered using SMTP directly from the Internet then you need to go to the Global
Security Policy so you can set the SMTP filtering. Go to Services/Global Security Policy/Addresses
and in the WAN range set the HDR, SPF, HE, PTR, GL and RBL flags. Then go to the
Configuration/DNS page and make sure you have a valid DNS server (see DNS Servers). Then on
the Configuration/RBL page make sure you enter at least one RBL site (see RBL Sites).
Your now set for level one filtering. That's 99% of the junk blocked.
Level 2
This is where it gets a little more complicated as the content analysis part of the filter needs to know
what good and bad messages look like for your domain. To do this we go through a process of
training and then we monitor the results making changes as we go.
Accessing the training folders
To get the best results and make life easier for yourself as an administrator you should at this stage
connect your mail client ot FTGate using the IMAP protocol. This is configured in your email client in
the same way as POP3 only you select IMAP rather than POP3 as the client.
When connected to FTGate using IMAP you will find that the mail client shows you a list of the folders
available in your mailbox and possibly some shared mailboxes from other mailboxes. The shared
mailboxes are shown under a folder shared.
To gain access to the FTGate folders used for setting up the junk filters and performing filtering you
should go to the local domain setting for your domain in WebAdmin (Domains/MyCompany.com) and
click the Filters tab. You will then see options for selecting a filter policy (more on that later) and the
mailboxes that can perform training.
56
Using FTGate
By default the filter policy should be "Default Domain" and the training should list
"system@mycompany.com" and "administrators@mycomany.com". This means that the system
mailbox can access the training folders and anyone in the administrators group can access them. If
these options are not set, then set them.
Now if you go into your mail client IMAP folder or SolSight Web you will see that the new folders are
available.
57
FTGateUsersGuide
It is now possible to access the training folders.
First time training
To give FTGate an idea of what messages are treated as good in your network it helps to perform an
initial training set by taking a selection of 30 typical messages that are not junk and using your mail
client to drag and drop them onto the "UbeTrainingNotSpam" folder. The messages will sit in the
folder for a while and then will be deleted as FTGate processes them.
Setting the filter options
In WebAdmin, click on Filters/Default domain. You can now see the options that provide the level 2
filtering.
Now we want to filter the mail, but we probably don't want to filter mail from users in our address
books. We also want to use UBEBlock+ as it is very good at filtering advertising junk. Click Options
and set the Filter Control to Do not filter messages from authenticated and whitelisted addresses, and
check the UBEBlock+ option. Then click the UbeBlock tab and set the UbeBlock option to "Generate
UbeBlock rating and apply UbeBlock rating adjustments".
Now we want to include our address books in the Whitelist. Click Whitelist and check the "Include
addressbooks".
Now click the
button.
Setting the rules
In order to actually filter the messages and allow control over what happens to a message the filtering
is actually performed by a set of configurable filter rules. Click Filter Rules to see the default.
The default rules are set to allow messages through that should be let through, delete those that are
from blacklisted senders (senders who we can identify as being bad), and tag the rest.
We can ignore those that let the mail though by default as you most likely will never need to change
them. What you are most likely to want to change are those being tagged.
The process of tagging causes the subject of the mail to be altered with a text tag, so that when the
message arrives in the users mailbox they can see that it has been tagged and thus identified as
being suspect. As an administrator you may want to change this behaviour so that users don't see
suspect messages unless they have been approved.
Setting a special recipient
58
Using FTGate
In order to make life easier for the administrator FTGate has the option of delivering all suspect mail
to a specified mailbox where it can be reviewed. This mailbox may be the administrators own mailbox,
or preferably it can be a different mailbox. Lets set this up.
First we need to create the junk handling mailbox. Go to Domains/MyCompany.com/Mailboxes and
create a new user mailbox "junk". Now open, in WebAdmin, the junk mailbox and go to the folders
page. Click the share button next to Inbox, and set the Read/Write/Create and Delete options for the
"Administrators" mailbox. Then click Update, then close the window.
Now if you go back to your mail client and check the folders you will see that the new junk mailbox
has its inbox shared with your mailbox.
So you can now read anything in the junk mailbox and, if training is required, you can copy the
messages from the junk inbox to the training folders.
Note: If its in the junk folder and it is junk, dont copy it to the UbeTraining Spam folder.
Sending the junk to the junk user
So now we want to send the suspect mail to the junk mailbox. Go back to the
WebAdmin/Filters/Default domain/Filter rules page.
Select the rule that you want to redirect to the junk user and click the rule name to open up the rule
properties. Click the action tab and from the action drop down box select SR, then enter the email
address of the junk mailbox junk@mydomain.com into the Special recipient box.
Save the changes and repeat for any other rules you want to send to the special recipient.
We are now all set up for handling the junk. If you wish to add more administrators for junk handling
you can simply add them to the administrators group and they will have access to training and the
junk folder.
False positives
The number of false positives you get will be dependent on how harsh and how well trained your
system is. See UBEBlock Training and UBEBlock Training Notes. Generally it is better to train false
positives than false negatives.
When you have a false positive you need to be able to get it to the original recipient as quickly as
possible. Unfortunately most mail clients don't have a facility for redirecting mail without altering it as a
59
FTGateUsersGuide
forward. Some allow forwarding as an attachment, which the correct recipient can then open and
reply. SolSight Web has the ability to redirect messages without altering the message. This is the best
way to redirect incorrectly trapped mail. SolSight Web can also be used to train the system in the
same way as IMAP and offers the same views as IMAP.
Reducing the number of false positives can be achieved through the correct training of the system
(don't let you general users train junk unless they know what they are doing (see UbeBlock Training
Notes).
Minimising Junk/UBE mail
FTGate has a powerful set of features that can be used to eliminate most of the UBE mail before it
reaches the users mailbox. The most effective way to eliminate UBE is to not let it onto your system. If
it does reach your system then you need to use the Filtering facilities to filter out the UBE.
Stopping the UBE before it gets into the system
The best solution to filtering UBE is to reject it before it is received by your server. This is best
achieved by filtering the messages as they are sent to FTGate.
Recommendations:
1. Have your ISP send your mail to you using an SMTP feed. It is much harder to filter spam
once your ISP has accepted it for you. If possible bypass your ISP and have your mail
delivered directly to your PC.
2. Turn on PTR record checking
This will verify that the PC sending you mail has published its details on the Internet. Most
legitimate machines do this, most UBE sources do not.
3. Turn on HELO checking
Only mail clients should use a dotted IP address as their HELO, mail server should use their
domain name.
4. Turn on SPF
This will require that the server sending you mail is authorised to handle mail for the specified
domain. UBE rarely comes from the domain it pretends to use, and thus it will usually fail an
SPF check. (See SPF)
5. Turn on RBL
This will stop all servers that are known to be sources of UBE (See RBL)
6. Turn on GL
This will prevent practically all Spam and Virus messages from being accepted and the cost
of a small delay in mail delivery to your system for unknown senders. See Greylisting
Using Filtering
Once the mail reaches your system, the only way to block UBE is to filter it. FTGate includes a
powerful set of filters that can eliminate practically all of the UBE received. To obtain the best filtering
the following should be considered:
60
Using FTGate
Filter Policy/UbeBlock
• Adjustment if recipient's mailbox is in the Subject
Many UBE sources place the mailbox name in the subject line.
For example if "Great news fred@somedomain" is received the rating could be increased by
25
•
Adjustment if there are three or more consecutive spaces in the Subject
Adjust the rating for messages that have a sequence of spaces in the subject.
For example if "New offer
HKQOF" is received the rating could be increased by 25
•
Acceptable proportion of unknown words against known words (Unknown ratio).
This detects how many garbage words there are. Often SPAM is padded with garbage to try
to confuse bayesian filtering and hit any safe word detectors. Detecting that a message is
padded in this way can simplify filtering.
The ratio is calculated as the number of unknown words/known words. Thus if there are 25
unknown words and 5 known words the ratio is 25/5 = 5
•
Adjustment when message exceeds Unknown ratio threshold
This adjustment is applied when the above ratio is exceeded. Thus if the ratio were 5 and
there were 25 junk words and 5 known words the specified adjustment would be made.
•
Weighting for images
This weighting is applied for each image in a message.
e.g. if the weighting were 5 and 5 images were in the message, the rating would be increased
by 25
•
Weighting for external images
This weighting is applied for each image in a message that is a link to an external image on
the Web. This is often used by Spammers to track emails. Your address is verified by them
when you view the message and the image is downloaded from their server.
e.g. if the weighting were 5 and 5 images were in the message, the rating would be increased
by 25
•
Weighting for web links
This weighting is applied for links to the internet. UBE often has links, while normal mail
usually does not.
e.g. if the weighting were 5 and 5 links were in the message, the rating would be increased by
25
•
Weighting for unknown words
This is a simple weighting applied for the number of words in the message that are
unrecognised
e.g. if the weighting were 2 and 50 unrecognised were in the message, the rating would be
increased by 100.
In addition the main UbeBlock filter will obtain a rating which will be modified by the above values. All
of these settings result in an overall UBE rating which can then be used with the Filter rules to filter
messages.
It is recommended that all filtered mail be directed to a mailbox which can be examined by an
administrator, this will allow the administrator to verify that the filtering is operating as expected and
that any false positive messages can be retrieved and delivered to the correct user.
Greylisting
One of the new features in FTGate is the option of SMTP Greylisting. Greylisting is a way of filtering
out the large majority of spam and virus sources on the net. In order to understand how it works we
61
FTGateUsersGuide
need to look at how mail is normally passed around the internet and how we can use this mechanism
to help us filter the mail.
Mail is passed between machines on the net using SMTP, and the SMTP protocol is designed to be
resilient to failures of both the net and of individual servers. A mail server that complies to the SMTP
RFC’s will try to send a message to a destination a number of times before giving up and returning a
failure. The exception to this is if the destination rejects the message, in which case the sender will
bounce it immediately. Part of the protocol allows a destination to tell a sender that it is currently busy
and the sender should try again later, when this occurs the sender should hold the message in its
queue and try again after a time delay. This allows the destination to delay mail when its load it too
high or there is a server problem.
How does this help us to filter out the spam and viruses?
The main source of spam and viruses are zombie relays that are not true SMTP mail servers, they are
designed to try an address and then move onto the next address. If an address fails then they don’t
retry. Thus if we reject the connection with a busy signal, they will never retry and we will never get
the spam or virus message.
So how does it work?
When a server tries to send a message to FTGate it makes a note of the senders IP, senders address
and the recipient address. If it has never seen these three before, it rejects the connection with a busy
message telling the sender to try again later. When the sender retries it will accept the message.
There are a few modifications to this simple approach to make sure that the sender is really a true
mail relay and not just a slightly smarter zombie. A slightly smarter zombie might retry the same
connection immediately after a failure, in which case it would get through, so we add a little dead time
to the Greylist entry so that any retry within the dead period is also rejected. This means that if a
spam or virus zombie author wants to send the mail to us they have to make their software quite a bit
more sophisticated.
The other problem that we face is what to do with the thousands of bad connections that we reject. In
one 4 day period the FTGate main server rejected 3500 connections with Greylisting. These were
connections that never retried. Obviously if we never clean out these connections from the Greylist it
will get very large indeed. So FTGate has two timeout periods for Greylist entries. The first is for those
connections that never try again, this is a short timeout period that drops the zombies from the list.
The second is a longer timeout for connections that did try again and have been passed. This ensures
that the list doesn't grow too large and that good connections are saved to prevent delays.
Any greylist system will require the ability to add whitelist entries. FTGate allows you to add both
whitelist and blacklist entries by IP, sender, recipient and HELO address of the sending server. In
addition each filter policy has the option of bypassing the greylist if the sender has been SPF
Validated.
What are the disadvantages of Greylisting?
As with any system that is so good at wiping out spam there is going to be some problems.
1. The sender doesn’t retry!
There are some mail servers that are simply badly written. They don’t care about internet
RFC’s and assume that any send error is a complete failure and simply bounce the message.
These servers are broken must be explicitly whitelisted.
2. The sender retry is longer than the zombie timeout!
While not broken, these servers don’t put much value on trying to send the message through.
The default for the zombie period is 24hrs and any real server that doesn’t retry a message
within 24hrs is very poorly configured. Again, these servers must be explicitly whitelisted.
3. The sender is part of a server farm!
Some servers try to send a message and then, when it fails, punt it to another server, which
will then retry later. Obviously, if the time taken to go round all the punt servers is longer than
the zombie timeout, the message will never be accepted. Thus the timeout must be chosen
appropriately or the sender must be whitelisted.
4. I have MX relays!
If you have MX relays then they should all implement greylisting. While most zombies will not
62
Using FTGate
retry after a given time a large number are designed to automatically try the MX backup for a
domain in the event of a failure. Thus if you do not greylist on the relays the spam will simply
flow in through them instead. In addition, you don’t want mail that comes in through a relay to
be delayed so you must also whitelist your own relays.
5. My mail will be delayed!
The first time someone sends to you there will be a delay, and the period is under control of
their mail system administrator. Thus if their administrator sets their mail system to retry every
8 hours there will be an 8 hour delay. Subsequent ends will be instant. This is the price of
cutting the spam and viruses, the rate at which you get the first email depends on how
important the senders administrator thinks their mail is. However, in real terms it is irrelevant
for most of the time. If you have a contact that you know will send you messages, such a
supplier, you can whitelist them. If it is another source then immediate response is probably
not an issue as many things can occur to delay a message, even with no whitelisting, and
most users are aware of this. If you really must accept all mail immediately, then you would
just turn off greylisting and except that you will get more spam.
Greylisting is a powerful tool new tool in fighting spam and viruses but it also has some potential
issues that should be considered before using it on your system. You should review the above points
and decide if their impact is acceptable to your needs before implementing greylisting on your server.
For the original Greylisting whitepaper please see this whitepaper by Evan Harris:
http://projects.puremagic.com/greylisting/whitepaper.html
Additional information is available here: http://www.greylisting.org/
Whitelisting
A whitelist is a list of addresses that are from known contacts. The whitelist is usually used to bypass
all content filtering. The addresses to be whitelisted can be entered into the filter policy using Pattern
matching characters .
To enable more flexible processing of messages it is possible to either include or exclude whitelisted
addresses from filtering.
See: Filter Whitelist, Filter options
Whitehosting
Whitehosting is a method of whitelisting that uses the sending servers hostname to define the
messages as being whitelisted. Any message from a whitehosted server will be treated as if its
sender is whitelisted.
The hostname applies only to messages received via SMTP and uses the text string sent in the
EHLO/HELO command. The string is entered into the filter whitelist using Pattern matching characters
.
See: Whitelisting, Filter Whitelist
Blacklisting
Blacklisting is the name given to a list of email addresses from which you specifically do not want to
receive messages.
Each blacklist entry can be either a complete email address or a partial email address with Pattern
matching characters .
63
FTGateUsersGuide
The action taken when detecting a blacklisted address depends on whether the filter is being applied
at the SMTP or domain level.
•
•
SMTP
The senders address and entire message will be rejected. Any bounce operations are
handled by the sending server.
Domain
The filter policy specifies the action taken using the filter rules. See: Filter Rules
See: Filter Blacklist,
Filter Rules
Filter rules provide a mechanism for the administrator to define the handling of messages that meet
certain criteria.
A filter rule can be configured to trigger on a variety of information including:
•
•
•
•
•
•
•
•
•
•
•
•
Message sender
Message recipient
The message UBE rating
The message contains a safe word
The message is from a white listed address
The message is from a black listed address
The message is from an SPF validated source
Note, this option requires that either FTGate or your ISP added an SPF V1 header to the
message
The message contains a prohibited word
The message contains a prohibited phrase
The message passed through an RBL listed server
The message is from an authenticated sender
The message contains a specific word or words
By default all non-alpha characters are removed from strings that are entered into this list, in
order to enter a string with non-alpha characters you must enclose the string in quotes. i.e.
"the-string".
The filter can take one of the following actions depending on the above options:
•
•
•
•
•
•
•
•
64
Deliver normally
The message will be delivered normally.
Deliver normally and send a tagged copy to the Special Recipient
The message will be delivered normally but a copy will be sent to the Special Recipient with
the subject line appropriately tagged.
Deliver normally and send the Special Recipient an attached copy.
The message will be delivered normally but a copy will also be sent to the Special Recipient
as an attachment.
Deliver normally but tag the subject line .
The message will be delivered but the subject line will have the appropriate tag added
Deliver as an attachment in a tagged message
The message will be delivered but as an attachment to a message with a suitably tagged
subject line.
Deliver to the Special Recipient
The message will be redirected to the Special Recipient
Deliver as an attachment to a tagged message to the Special Recipient
The message will be sent to the Special Recipient but as an attachment in the message with
a suitably tagged subject line.
Delete the message and send the rejection message
The message will be deleted and the rejection message will be send to the original sender
Using FTGate
•
Delete message
The message will be deleted and no further action taken
Safe Words
Safe words are used to detect messages that have content that should be accepted regardless of
other considerations. For example you may add your product names to the safe word list, so that any
messages that refer to your products by name can be intercepted and handles separately.
The safe word list is part of a filter policy and it should be noted that its behaviour is dependent of the
filtering level being applied.
•
•
SMTP
At the SMTP level the detection of a safe word will prevent other content dependent filters
from rejecting the message. For example a message that contains a safe word and also
contains a bad phrase or bad word will be accepted.
Domain
At the domain level the detection of a safe word will set the safe word flag for subsequent
filter rule processing.
See: Overview, Filter Safe Words
SPF Validation
The SPF (Sender Policy Framework) a DNS based system that allows mail server to check that the IP
address of a source of mail is authorised to send mail for a given domain. When a mail message is
received, FTGate retrieves the SPF records for the senders email address and verifies that it incudes
the IP address of the sending server.
SPF checking is enabled in the Security Policy of an SMTP. The result of the SPF check can also be
used in the Filter Policy Rules and used to bypass Greylisting
SPF checks will not be performed for authenticated users (See Relay Control and Authentication)
External References:
http://spf.pobox.com/
Anti-Virus Overview
FTGate offers various levels of support for different anti-virus products.
•
Full support
This level of support is offered where the Anti-Virus vendors have given FTGate Technology
access to their anti-virus API. At the time of writing these are AVG, Sophos and Panda.
•
Partial support
This level of support applies to products whose vendors have not supplied an API with which
to access their product. In this mode the level of scanning and error reporting will depend on
the basic features of the scanner. Scanners supported in this mode include Norton, McAfee et
al
How it works
65
FTGateUsersGuide
When a message is received it is parsed to determine if their are any attachments in the message. If
there are any attachments then FTGate extracts each attachment into a folder on the hard disk. It
then attempts to either scan the file (if there is full support) or open the file to read back its contents.
If the file was infected the virus scanner will either report an error or prevent access to the file, delete
or quarantine the file, in which case the attempt to read the file would fail and FTGate would know the
attachment was infected. It would then move the whole message to a quarantine folder and notify the
postmaster.
Will it work with my Anti-Virus product
There is a simple way to determine if FTGate scanner interface will work with your anti-virus product.
The following steps will determine compatibility:
NOTE: THIS TEST USES THE STANDARD EICAR ANTI-VIRUS TEST SIGNATURE. IT IS NOT A
VIRUS. IT IS USED TO TEST THAT ANTI-VIRUS PACKAGES ARE CORRECTLY INSTALLED AND
WORKING.
Create a new text file on your desktop called eicar.txt (right click the desktop and select "New | Text
Document"
Cut the following line from this document and past it into eicar.txt
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Save the file
Rename the file eicar.com
Make sure that your anti-virus product is enabled
double click on eicar.com to execute the program
If your anti-virus package prevented access to the file by either denying access, deleting or
quarantining the file, then your scanning package is compatible with FTGate. If it allowed the program
to run then your anti-virus package is not compatible and virus scanning is not an option on your
system.
NOTE: YOU SHOULD NOT SET YOUR ANTI-VIRUS SCANNER TO REPAIR INFECTED FILES. IF YOU DO THIS
FTGATE, WILL BE ALLOWED TO ACCESS THE FILE AND IT WILL APPEAR THAT THE FILE IS NOT INFECTED.
FTGATE WILL THEN PERMIT THE ORIGINAL MESSAGE CONTAINING THE INFECTED ATTACHMENT TO BE
DELIVERED, IT WILL NOT REPLACE THE OLD ATTACHMENT WITH THE DISINFECTED VERSION.
NOTE: YOU ARE RESPONSIBLE FOR ENSURING THAT YOUR USE OF AN ANTI-VIRUS PACKAGE WITH THIS MAIL
SERVER, AND IN THIS MANNER, DOES NOT VIOLATE ANY LICENCES YOU MAY HAVE WITH YOUR ANTI-VIRUS
VENDOR. IF YOU ARE IN ANY WAY UNSURE ABOUT THE LICENSING OF YOUR ANTI-VIRUS PRODUCT AND
WHETHER IT MAY BE USED IN THIS MANNER YOU SHOULD CLARIFY THE SITUATION WITH YOUR ANTI-VIRUS
VENDOR BEFORE ENABLING ANTI-VIRUS SUPPORT. FTGATE TECHNOLOGY AND ITS AGENTS WILL NOT BE HELD
RESPONSIBLE FOR ANY LICENCE VIOLATIONS THAT OCCUR.
ALTERNATIVE SCANNER SUPPORT
FROM TIME TO TIME FTGATE TECHNOLOGY WILL RELEASE ADDITIONAL MODULES THAT WILL ALLOW FTGATE
TO ACCESS DIFFERENT ANTI-VIRUS PACKAGES. CHECK OUR WEB SITE FOR ADDITIONAL MODULES THAT MIGHT
BE AVAILABLE.
UBEBlock
UbeBlock Rating
UbeBlock normally calculates a spam rating based upon the content of a message. The rating
adjustments page provides a set of modifiers that will adjust the UbeBlock rating for certain message
features. This can greatly aid the identification of Spam.
66
Using FTGate
See Also
• Minimising Junk/UBE mail
Suggested Settings
The following rating adjustments are used on the FTGate Technology servers. We have found them
to be effective.
Adjustment if recipient's mailbox is in the Subject:
Adjustment if there are three or more consecutive spaces in the
Subject:
Acceptable proportion of unknown words against known words
(Unknown ratio)
Adjustment when message exceeds Unknown ratio threshold
Weighting for images
Weighting for external images
Weighting for web links
Weighting for unknown words
50
50
20
40
30
75
20
10
UbeBlock Training
How to configure for first use
By default FTGate creates a Default Domain filter policy. This filter policy has a set of rules preconfigured but its is untrained. We recommend that the following method be used for the initial
configuration of the UbeBlock ratings.
1. Connect your mail client to the IMAP port
2. Open the shared folders and find the UbeTrainingNotSpam folder
3. Go into your sent items folder and find 30 messages that cover a broad spectrum of the type
of emails that you send and receive.
4. Copy them into the UbeTrainingNotSpam folder
Now UbeBlock is primed with a base set of the language used in your messages. Messages that do
not fall into this category will be marked as spam. Messages that get through can be dropped into the
UbeTrainingSpam folder to improve detection rates.
How to train
Two training methods:
b) By dropping the message into the appropriate IMAP shared folder .
Access to the shared folders can be configured in the Local domain options.
This is the recommended training option.
b) By sending a message to the system mailbox
e.g. system@mydomain.com
1. The message sender must be
i) authenticated by IP or AUTH
ii) have access rights to the spam training system
2. The message must have a subject of "spam" to train as spam
3. The message must have a subject of "notspam" to train as not spam
67
FTGateUsersGuide
UbeBlock Training Notes
Whitelist Bypass
If you use the option to bypass whitelisted addresses from the filtering option then you bypass all of
the analysis and reduce the processing required considerably. Normally whitelisted mail is delivered
without filtering so the default is correct. Clearing the option may result in mail from whitelisted
addresses being bounced or deleted depending on the rules you define. Thus care should be taken
when adjusting the whitelist settings.
Automated Self Training
It is inadvisable to use the spam or RBL messages detected by UBEBlock to train UBEBlock.
Automated training in general is not advised for the following reason:
1. RBL lists are not proof of spam. Messages can come though an RBL server that are not
spam. If you train just one of these it will ruin your training.
2. Many spam messages are seeded with hundreds of innocent words that would appear as
legitimate (they are used to try to fool statistical filtering. Thus you seriously reduce the
margin between the good and the bad. In the worst case this make it practically impossible to
get good training because the RBL spam is swamping any attempts to train good messages.
Eventually all mail looks the same and you will have to delete the training and start again.
3. Training a good message as spam by accident will undermine the whole training process and
may result in your having to start again. So please be careful.
Bounce or Delete
In general it is better to bounce mail rather than delete. Nearly all spam comes from invalid
addresses, and in such cases a bounce will just get deleted. If any real mail is bounced it will reach a
real user and will tell them to try again. Bouncing mail, even for legitimate addresses, does not
confirm to spammers that the address is real.
Who should train
All training should be done by a person who understands the nature of spam and has been told the
issues below.
1. Always make sure that you train in the right way. Mixing the spam and not spam training will
result in very poor performance.
2. Don't train all the messages. Take a look at the message first if it has many real words
included in the message, do not train it as spam, you will only make it easier for the next one
to come in.
3. Use the unknown word weightings (UBEBlock Rating) to improve spam detection. It is easier
to train UBEBlock with real messages and have it reject anything it does not recognise.
Backup and restore
Disaster Planning
68
Using FTGate
No matter how good your server software, sooner or later the worst will happen and a hardware
failure will occur. When this happens it is usually considered a major catastrophe as all
communication in your organisation will stop. The problem becomes even more pronounced with
groupware and IMAP because all of the essential information and company mail is stored on the
server, preventing anyone from looking at any mail they have received. This can completely cripple an
organisation. Because of this it is worth considering what steps are appropriate to return mail handling
to normal in the shortest time possible.
There are a number of measures that can be taken to provide various levels of protection and
differing costs. This paper will look at some possible configurations that offer different recovery times
at different costs.
All of these considerations will focus only on the single point of failure problem. This is the scenario in
which only one failure occurs, such as the motherboard of the Mail Server fails, rather than the
multiple failure scenario, such as a lightning strike that blows up every computer on the network.
Single Point of Failure
The mail server can be considered as three main parts:
1. The mail server software
FTGate in our case
2. The Mail server Configuration
The options in use and mailboxes configured etc
3. The mail store
The computers hard drive
The disaster recovery plan should consider how each part should be recovered or protected.
Basic Protection
In the simplest scenario the administrator will take a backup each day using a tape drive or other
system. This protects both the server software, the configuration and the mail store. In the event of a
server failure the backup will be restored to either another server or the repaired server.
While this approach is low cost it can also result in extensive system down time, which may prove
expensive in other ways. It also relies on the backup system not being damaged by the failure and
that another PC is available or the original can be repaired quickly. In addition, any mail received
since the last backup will be lost.
While this is the most common approach it is not considered to be a suitable solution.
Minimal Downtime
Any viable solution for disaster recovery should allow the administrator to recover normal operation in
the shortest possible time. Thus it is important that the system in use is protected against the failure of
a single server or component of the server. This implies that we should separate those parts onto
different machines.
Dual Machines
At this stage it becomes obvious that the minimal downtime can be created by running two servers
which are connected. At various times of the day the entire mail store and configuration are copied
from the main server to the backup server. This results in a machine being available which can, at
short notice, be used to replace the original.
69
FTGateUsersGuide
In the event of a failure, the IP address of the backup PC will be changed to match the original and
the mail server software will be started. This is required otherwise the mail client software of the users
will not be able to connect to the new server. The physical changes needed will be quite small and
can be made in as little as 15 minutes.
However, the issues with this type of system are that any mail received or configuration changes
made between the copy interval will be lost and the IP addresses of the PC will need to be altered.
Also, while the time taken to switch between machines can be low, if the failure occurs during
unmanned hours, the actual outage could be very long. Thus in addition to the backup machine an
MX relay should also be incorporated to hold inbound mail in the event of a failure.
Segmented Cluster
This solution is the most complex and expensive but offers a system that can result in any single
failure affecting only a small number of users. In this system the user accounts are separated over
different machines and the failure of any one machine only effects the accounts of those on that
machine. This also has the advantage that high bandwidth users can be handled by the faster
machines.
Full discussion of this will be made in a separate White Paper.
Backup and Restore
All system administrators should take care to perform regular backups of their mail system. The mail
system rapidly becomes the heart of any organisation and loss of the system, even for a few hours,
can be very costly.
See also
• Disaster Planning
Internal Backup
FTGate makes regular backup files of all its system settings and mailbox configurations (including
groupware features). This allows an administrator to recover from human errors such as accidental
deletion of accounts or domains. These files are stored in the ConfigBackup folder and can be used to
restore FTGate to its configuration for the date of the backup.
Internal Restore
This method is used when an administrator has made an undesirable change to FTGate or the
database needs to be restored to an earlier snapshot. This will restore the domains mailboxes,
groupware items and all other options held in the main database.
To perform an Internal restore the administrator should:
1. Stop FTGate using the FTGateIcon utility
2. Rename the FTGate/config folder
3. Restart FTGate
4. When the wizard starts, choose to restore an FTGate backup
5. Browse to the FTGate/ConfigBackup folder and select the appropriate file
70
Using FTGate
6. Complete the restore wizard and allow FTGate to restart
Full Backup
It is recommended that the administrator uses an external backup device to ensure that in the event
of a disaster the system can be recovered in the shortest possible time.
The following items should be committed to an external backup device:
• The FTGate/ConfigBackup Folder
• The FTGate/Config Folder (and subfolders)
• The Spool and all subfolders
• All domain folders and mailbox folders (that are not part of the spool folder)
Full Restore
To restore FTGate after the loss of a hard drive or other disaster:
1. Install FTGate
2. Stop FTGate
3. Restore the following from the external backup
The FTGate/ConfigBackup Folder
The FTGate/Config Folder (and subfolders)
The Spool and all subfolders
All domain folders and mailbox folders (that are not part of the spool folder)
Tip:
All folder paths should remain the same. Changing the folder paths can result in loss of
functionality or data.
Utility Applications
FTGateArchive
The FTGateArchive utility is a Windows application that gives searchable access to all the messages
in the archive.
In addition the archive tool can be used to search messages that have been moved to offline storage,
e.g. a DVD drive.
Starting FTGateArchive
FTGateArchive can either be started by using the Start Menu option in Windows or by locating the
FTGateArchive.exe file in the FTGate program folder on the server.
The application can also be run on a desktop machine by copying the executable program to the
required machine.
Configuring FTGateArchive
The archive utility is configured by selecting Tools/Options from the FTGateArchive menu and
selecting the appropriate paths:
•
Location of Archive Files
This is either the archive folder for FTGate or the backup medium location.
71
FTGateUsersGuide
e.g. c:\spool\archive or d:\
•
Location of Spool/Inbox
This is the location of the Spool/Inbox folder on the FTGate server. In order to forward
messages from the archive you will need to specify this directory and make sure that you
have write/create privileges on the server. If using a share to access this folder then ensure
that the share has the correct privileges.
Accessing an Archive
After starting an configuring FTGateArchive it is possible to search the archive for specific data or
view all the data.
Searching:
To search for a specific message or group of messages enter the data or part of the data you wish to
search for.
For example:
•
To find all messages to/from fred@domain.com you would enter fred@domain.com in both
the From and To fields, select Apply Filter, select Match Any, then click Refresh.
•
To find all the messages to/from all users at domain.com you would enter domain.com in both
the From and To fields, select Apply Filter, select Match Any, then click Refresh.
•
To find messages from fred@domain.com to any user at domain.com you would enter
fred@domain.com in the From field, domain.com in the To field, select Apply Filter, Select
Match All, then click Refresh.
Archive Actions
FTGateArchive permits the selection of one or more messages. It is then possible to take the
following actions with a right mouse click on the selected items:
•
•
•
•
Copy to clipboard
View the source text of message
Forward the message to a specific address bypassing all FTGate filters
Save the message to a .eml file that can be opened by Outlook Express or other applications.
FTGateIcon
The FTGateIcon runs in the tray area of the server PC and supplies the administrator with a rapid
method to do the following:
1. See the running state of FTGate
- FTGate is running normally
- FTGate is suspended and requires attention
- FTGate is not running
2. Start and Stop FTGate
Right click on the Icon (shown above) and select Start FTGate or Stop FTGate
72
Using FTGate
3. Open the Status Windows
The status window shows and warning or critical events that have occurred since FTGateIcon
was started.
To show the status windows right click on the Icon and select Show Status
4. Run the Monitor
Right click on the Icon and select FTGateMonitor to start the monitor
5. Start WebAdmin
Right click on the Icon and select WebAdmin to launch a browser window and access
WebAdmin
FTGateUpdate
The FTGateUpdate tool is used by FTGate when in auto and manual update mode.
Applying Manual Updates
If an update (.fau) file is supplied by FTGate Technology, the update can be applied by double
clicking the update file, in which case FTGateUpdate will automatically run and apply the update.
To perform a manual update please download this the .fau to your server desktop:
Make sure that it has not been renamed and still has the .fau extension, then double click on it.
FTGate will then apply the update and restart.
FTGateMonitor
The FTGateMonitor allows the administrator to monitor the activity of FTGate from any machine on
the network.
Starting FTGateMonitor
To start FTGateMonitor from the server console, right click on the
FTGateIcon in the tray area and select FTGateMonitor.
To start FTGateMonitor from a remote machine, copy the FTGateMonitor.exe file from the server to
the required machine, then double click on the file.
Connecting to the server
To connect the monitor to the server, click Server/Connect, type in the server IP-address or name, an
administrator email address and password, then click connect.
FTGateLog
The FTGateLog file is a utility for reading the log (.ftlog) files created by FTGate. It allows searching
and flagging of entries in the log, together with the ability to copy selected lines to the clipboard for
pasting elsewhere.
73
FTGateUsersGuide
AutoCluster
Configuring AutoCluster
AutoCluster is a very simple system to configure and manage. The basic components are:
•
•
AutoCluster Client
AutoCluster POP3 Proxy
AutoCluster Client
The AutoCluster client is responsible for connecting to the Groupware connector of an ISP Edition or
Professional Edition FTGate master server. It will then dynamically configure the server with domain
and account information from the master server. See AutoCluster Client
A Relay Edition server can support multiple AutoCluster clients for the dynamic configuration of
multiple servers. Additional Clients can be configure from the Clients page of the Web Administration
interface.
AutoCluster POP3 Proxy
The AutoCluster POP3 Proxy Service is automatically created when the Relay Edition is installed.
There is nothing to manually configure as its settings are all set by the AutoCluster Client(s).
74
Web Admin Interface
Web Admin Login
Type topic text here.
User Interface Guide
The FTGate user interface has been designed to provide the simplest possible way to achieve a given
task.
In addition to changing values and selecting options, users will also have to perform the following
common operations. Where possible the user interface has been designed to use the same sequence
of operations to achieve common tasks.
Saving changes
Any changes to page content should be saved by clicking the save button before switching to another
page. Failure to do so will result in those changes being lost.
Adding an item
Adding a new item to a list of items is simply a matter of selecting any options for a new item, typing
its name and/or any other required details and clicking the Add button.
Deleting an item
Deleting an item from a list is simply a matter of selecting the check box next to the item(s) to be
deleted and clicking the delete button
Filtering a list
In order to more efficiently display some lists, the filter bar will be displayed. Clicking on a letter in the
filter will cause the list to be refreshed showing only the items that match the selected letter. The filter
box may be used to filter for precisely when dealing with large lists, for example filtering on bo* would
display only items that started with bo and filtering on *bo would only show those items ending in bo.
75
FTGateUsersGuide
Selection lists
If the purpose of a list is to select some elements rather than others, then the desired items should be
selected by setting the checkbox to the selected or unselected state and clicking the save button.
Start/Stop Enable/Disable
The start/stop and enable/disable system uses standard stop go buttons. The dark raised button can
be pressed to change the items state. Thus, in the above example, the first item is currently started
and may be stopped, while the second is stopped and may be started.
Paging control
Some lists may be of sufficient length that they cannot be displayed on a single page without an
unacceptable delay. In these circumstances a paging control will be visible. This allows navigation to
the first page , last page and any specific page by direct selection in the page list
previous and next buttons allow for stepping through the pages in sequence.
. The
Menu Bar
The menu bar is located at the top of the page and allows rapid access to the different sections of the
FTGate interface. This interface is available from all pages of the interface.
The main sections are:
• General
Contains functions to access the log files, statistics and archiving information
• Domains
Allows access to the domain and mailbox management functions
• Outbox
Controls how mail is sent from FTGate to the Internet and allows access to the outbound mail
queue
76
Web Admin Interface
•
•
•
•
•
•
Services
Lists and allows configuration of the available services (e.g. SMTP, POP3) and the security
policies which control them
Clients
Allows management of the collection of POP3 email from a different server using SmartPop
or the configuration of the replication client in FTGate Relay Edition servers
Events
Manages the triggering of timed server events. for example dial up connections and autoupdate checking
Filters
Contains the options for Anti-virus, Greylisting, Spam filtering, Routing and access to
quarantined messages
Configuration
Allows access to system wide configuration options
Utility
Contains general utilities that do not logically belong anywhere else
Navigation Panel
In addition to the menu bar the individual sections are also presented on the main navigation panel of
the home page. In addition to the titles this offers a handy reminder as to the function of each section.
Access Control
In many places it is required to share items between users in a domain or across the system. In these
cases, accessed by clicking the Share button, the Access control list will be displayed.
Altering the access rights of users in the domain is a matter of changing the selected options and
clicking update.
To add a non-domain address to the list, it should be typed in the address box and the add button
clicked. See User Interface Guide
To remove access rights for an address clear all the options and click update.
General
Information
This page identifies which version of FTGate you are running and any services that are not currently
enabled.
Log
This page allows you to view and search a given dates log contents.
Activity
This page shows you the current activities being processed by the server.
77
FTGateUsersGuide
In addition to the status of any active connections there are three entries that are always listed:
•
•
•
Connections
This displays the current number of connections for each service type
DNS resolver
This shows the number of queries currently being serviced
Spooler
This shows the number of message currently awaiting filtering and delivery
Queues
This page displays the number of message waiting for delivery in the outbox and any remote
domains.
There are three headings:
1. New
These are messages awaiting delivery
2. Active
These are messages that are currently being delivered
3. Queued
These are messages that have failed delivery and have been queued for late retires
The "Connect Now" button causes all the messages in the queued column to be moved to the New
column for immediate retry. If the connection is over dial up link, it will also cause the connection to be
dialled.
Statistics
This page shows statistical information regarding the performance of FTGate.
Archive
This page gives access to the message archive in FTGate and allows messages from the archive to
be forwarded to other addresses. This can be used to locate messages between given time periods
for specific address or with specific entries in the subject.
The page also contains a preview page which will display the first 2KB of the message.
There are more features available in the stand alone archive tool FTGate Archive.
Messages in the list may be selected and then redirected to a mailbox. This will cause the message to
be delivered without any filtering being applied.
Finding archived messages
To locate a message select the start and end dates for the search and then enter text for the from, to
and subject, then click find.
When searching for a message a partial match system is used.
e.g. to find messages from bob@ftgate.com you could search with the from line set to:
bob
bob@ftgate.com
ftgate.com
but NOT *@ftgate.com
78
Web Admin Interface
Selecting Messages
There are a number of options to select messages for forwarding or resending.
Clicking on a message will select the specific message and deselect any other selected messages.
Clicking on a message, then holding down SHIFT and clicking on another will select both messages
and the messages between them.
Clicking on a message, then holding down CTRL and clicking another message will add the message
to the selection
Pressing CTRL-A will select all the messages.
Domains
Managing Domains
All mailboxes in FTGate are arranged into domains. There are two types of domain which provide
different domain level functions.
Local Domains
A local domain contains mailboxes and all their associated settings. Each mailbox can be individually
accessed by a user. The mailbox count for this type of domain is the total count of user and list
mailboxes hosted by that domain.
See: Local Domians/Overview
Remote Domains
A remote domain is a mailbox that stores all mail for that domain to delivered to a different server in a
single mailbox. This is usually used in a store and forward environment for either a hosting company
or in the DMZ section of a firewall. The mail can be collected using POP3 or forwarded via SMTP to
another server.
The mailbox count for this type of domain is 1 regardless of the number of actual addresses used by
this domain.
A remote domain may also include a virtual address list to prevents the server from accepting badly
addressed messages. When in virtual address mode FTGate will consume 1 mailbox count per
address.
See:RemoteDomains/General
Alias Domains
Alias domains allow all mail for the named domain to be processed by another domain.
e.g. Many companies have multiple domain names in order to protect their corporate identity. If you
company had the domains mydomain.com and mydomain.org you would create a Local Domain or
Remote Domain called mydomain.com and then create an alias called mydomain.org. All mail for
user@mydomain.org will then be delivered to user@mydomain.com. Alias domains do not use any
mailboxes.
79
FTGateUsersGuide
Local Domains
Overview
A local domain contains all of the mailboxes for a domain and the options that are global to the
domain.
See Also:
• Mailboxes
• General
• Filters
• Active Directory
• Migration
• Privilege Sets
Mailboxes
The local domain Mailbox tab displays a list of the mailboxes hosted by a domain. Clicking on a
mailbox name will open a new window allowing access to the mailbox options.
Clicking the Alias button allows the creation of a mailbox alias.
Mailbox Types
There are 7 types of mailbox in FTGate and each has a specific function:
•
•
•
•
•
•
•
User Mailboxes
These mailboxes are accessed using the POP3 , IMAP or SolSight Web . They can also be
used, through the use of the mailbox rules to provide file Library functions and Robot
functions.
List Mailboxes
These mailboxes are used to manage mailing lists and to distribute messages between a
large groups of users on the Internet. They offer various control options and the ability, if
required, to take their address list from an external SQL database.
Group Mailboxes
These mailboxes hold a collection of local addresses into a group. Messages to the group will
be received by each member of the group. In addition any access rights granted to the group
mailbox A list of mailboxes that are part of a domain. Messages to a group mailbox will be
delivered to all members of the group. A group can also be used when assigning permissions
causing all of the members of a group to inherit those permissions. are inherited by all
members of the group.
Null Mailbox
This is a system mailbox that deletes all messages sent to it
System Mailbox
This mailbox handles internal system messages and UBEBlock training requests
DSN Mailbox
This mailbox handles error returns from the internet for all List Mailboxes that are set to auto
manage their members
Alias Mailbox
This represent another name for one of the other mailboxes. Mail addressed to an alias
mailbox will be delivered to the mailbox that the alias represents.
Only User and List Mailboxes count to the total number of mailboxes used in FTGate.
Default Mailboxes
80
Web Admin Interface
When a domain is created a default set of mailboxes are created as follows:
•
Admin (or the name specified when defining the root.login name in the configuration wizard)
This is the default administrator for the domain
•
Administrators
This is a group mailbox containing all the administrators of the domain. Members of this group
are only granted access to WebAdmin if the mailbox itself is granted administrator access.
See Web Administration
•
dsn
A special mailbox for handling list mailbox delivery status notifications
•
everyone
A group mailbox into which FTGate adds all new user mailboxes created. Mailboxes can be
removed from the group to hide them from other users.
•
null
A mailbox that deletes all mail sent to it.
•
postmaster
An alias for administrators. Internet RFC's require that a postmaster be defined.
•
system
A mailbox that processes system commands. See Mailbox Overview
General
To local domain General tab allows for the configuration of the general settings:
Path to outbox
This specifies the location on the hard disk where the mailbox messages are stored. Each
mailbox has a folder in this location named after the mailbox.
Limit number of mailboxes in this domain
This allows the administrator to limit the number of mailboxes that can be created in this
domain. This is used to limit the number of mailboxes that can be created when a domain has
a local administrator.
Mail for Unknown Users
This section states the action that FTGate takes when this domain receives messages that do not
have a local mailbox.
•
•
•
•
•
Reject message and send a notification
Send to the Postmaster
Send to the Postmaster as an attachment
Forward to the Internet
Forward to an email address
Signature
This signature is added to all outbound messages.
• None
Do not add the signature to messages
• Start
Add the signature to the beginning of the message
81
FTGateUsersGuide
•
End
Add the signature to the end of the message
Signature Message
If you leave the Plain text box empty a text version of the html entry will be added. If you leave the
HTML text box empty an HTML version of the Plain text entry will be added
Filters
This page specifies which filter policy is used by this domain and which domain members may train
the UBEBlock spam filtering system.
Filter Policy
This is the filter policy that FTGate uses to filter messages arriving into this domain
UBEBlock Training
Only those addresses listed here (or contained within a group listed here) are allowed to train
UBEBlock.
Active Directory
This page lists the active directory accounts that are available on the server. To add mailboxes from
active directory simply select the accounts to be added and click the Add button.
Automatic active directory account creation is available from the Migration tab.
Migration
The Migration tab provides configuration options that control the automatic creation of mailboxes in
the domain. When Migration is enabled and an unknown user attempts to log into POP3, IMAP or
SolSight Web, FTGate will use the migration options to verify the users details, and if the verification
passes a mailbox will be created for the user.
Migration options
No migration
All mailbox management is controlled directly by the administrator
Active Directory
Create account using Active Directory details.
FTGate will verify the users mailbox name and password against the listed active directory domain. If
the account exists then a mailbox will be created and the password authentication options set to verify
with the active directory account.
POP3
Create account and get mail from a POP3 server, if a successful login occurs.
FTGate will attempt a POP3 login on the specified server. If the login is successful then the account
will be created and the password stored. Any mail on the other server will then be downloaded to
FTGate and placed in the new mailbox.
Migration message
Insert this temporary migration notification into mailbox during migration process.
82
Web Admin Interface
This places the specified message into the users mailbox during a POP3 migration operation so that
the user knows that the mail is currently being collected.
Privileges
Privilege sets are associated to mailboxes. They restrict the amount of allocated storage, the
availability times, and feature access.
Each privilege set support configuration of the following options:
Quota tab
These settings restrict the amount of data in each mailbox.
Enable quota
Control how much mail is permitted in a mailbox
Message limit
This is the maximum number of messages permitted in the mailbox
Allocated storage
This is the amount of storage available to this mailbox. (MB)
Quota Notification
Controls if a notification is sent when the quote is exceeded
Max message age
Specifies the maximum age of messages permitted in this folder (in days)
Time Tab
These settings restrict the availability times for mailboxes
Enable availability restriction
Controls the times and dates for which the mailbox is available
Restrict times
Only allow access between the following times
Restrict days
Only allow access on the following days of the week
General Tab
Passwords must be at least 8 characters long
Passwords must be a mixture of letters and digits
Allow access to Web Mail
Allow access to the connector
Allow access to POP3
83
FTGateUsersGuide
Allow access to group shared resources
Authentication Tab
After SMTP authentication
These are the relaying options that the SMTP accepts after success authentication of this mailbox's
address and password.
•
•
•
The sender's address must be the authenticated address
The sender's address must from the same domain as the authenticated address
The sender's address can be any valid email address
Access Tab
Options that relate to both WebMail and SolSight
Allow modification of personal details
Allow modification of password
Allow user to create and delete address books
Allow access to contact history tracking information
Allow modification of Out of Office method
Allow access to Calendaring
Allow access to message rules
•
Allow creation of forwarding rules
•
Allow creation of auto response rules
Allow uploading of attachments for auto responses and calendar messages
Allow access to Local Admin to manage the local domain
Allow local admin to modify the local domain filters
Mailboxes
General
Name
Name of the mailbox
Folder
Location on the hard disk where messages folder attachment and drafts are stored for this mailbox
Status
Enable/disable the mailbox. Disabled mailboxes cannot send or receive messages.
Privilege set :
This option select the privilege set that will be used by this mailbox
84
Web Admin Interface
Configure this account as a spam trap
This option configures this mailbox as a spam trap. All messages which includes the spam trap
mailbox as a recipient are rejected by the SMTP server(s).
User can only send to local addresses
This option prevents the user from sending a message to an external (internet) address.
Send Copy
This option creates a hidden BCC on all mail sent from bill@test0.ftgate.com and causes it to be sent
to the specified address. This can be used for monitoring of outgoing mail form this mailbox.
Trashcan
This extends the functionality of IMAP and defines the behaviour of message deletion in SolSight
Web. When enabled, deleted files are actually copied to the trashcan folder and then deleted and
expunged from the original folder.
Information
This page provides information regarding the mailbox.
•
•
•
•
•
Last Accessed
The time of the last POP3/IMAP/SolSight Web login
Messages received
Number and total size of messages received
Messages sent
Number and total size of messages sent
Peak count
The maximum number of message in the mailbox
Peak size
The maximum size the mailbox has reached.
Personal Details
This page allows configuration of a mailboxes contact details. These details will be visible to other
users in the domain as part of the domain address book.
Password
Controls the method used to validate login requests
Local
The password is held (encrypted) in the FTGate database.
Active Directory
Enter the domain and user ID used to validate the password, or leave this field blank to use the
domain setting and mailbox name. WinNT://domain/mailbox.
If the domain is to be managed via active directory, and the domain name matches the active
directory domain name, then the ID field can be left blank.
SQL Database
Enter the DSN and SQL command used to validate the password
If this option is selected then FTGate will authenticate users against an external SQL database
85
FTGateUsersGuide
When using an external ODBC database the SQL statement will be checked to see if any records are
returned. If one or more records are returned then the user will be treated as authenticated.
There are tokens that can be used in the SQL statement to permit it to be customised to the individual
account being tested.
$NAME$ = the name of the account (e.g. fred)
$ADDRESS$ = the email address of the account e.g. fred@mydomain.com
$PASSWORD$ = the password being tested by the login
Thus an example would be
SELECT * FROM users WHERE name='$NAME$' AND Address='$ADDRESS$' AND
password='$PASSWORD$'
Signature
Add this signature to all outgoing Web Mail messages
Out of Office
Out of Office Status
These are your Out of Office options.
•
•
•
Show as Here
Show as Out
Show as Out and send the following message
Groups
This page controls the groups to which this mailbox is a member. To join or leave a group change the
checkbox states and click the save button.
Folders
This page lists the folders that are available in the mailbox. New folders can be added and the folders
can be shared by clicking the Share button.
In order to see the folder in SolSight Web and IMAP the folder must be subscribed otherwise the
folder will be hidden.
Inbox Rules
This page shows a list of mailbox rules that are available.
Each rule can be configured to use a combination of fields from the message header to control
whether the rule runs, and each rule has a comprehensive set of actions which range from moving a
message to a folder through to sending a reply with an attachment or even running a script or external
program.
Thus with the FTGate rule system it is possible to create versatile customised message handling
systems with practically no effort.
The introduction of the rules has rendered the Autoresponder and Robot mailboxes of the previous
versions obsolete as it is now trivial to implement a far more powerful set of responses and
behaviours directly through the rules than the predefined handling that existed in these old mailbox
types.
86
Web Admin Interface
Each rule can have several actions and more than one rule can trigger on a message. However, if a
rule is configured to move or delete the current message, or stop processing, no further rules will be
run.
Actions that can be taken by a mailbox rules are
• Send an Auto-reply
• Forward the message to another address
• Set a flag for the message (used by IMAP)
• Mark the message as seen (used by IMAP)
• Run an FTScript
• Run an external application (use %FILE% to refer to the email message source)
• Copy the message to a folder
• Move the message to a folder (prevents message matching any further rules)
• Delete the message (prevents message matching any further rules)
• Stop processing rules
Forwarding type rules
Mailbox rules allow various message forwarding systems to be implemented that can be dependent
on the sender, recipients, subject and other options.
See Also:
• Forwarding Messages
Autoresponder type rules
Creating an Autoresponder mailbox is simply a matter of creating a user mailbox A mailbox which
holds mail that will normally be retrieved by a person using WebMail, POP3 or IMAP and then
creating a rule for each of the files or messages you wish to return.
After creating a rule you set the rule to match a subject line that you wish to respond to and complete
the auto-reply action details. This also allows you to configure or upload an attachment that will be
sent with the reply.
You can by further modifying the rules customize the response by setting different actions for different
senders of the message.
See Also: Macro Expansion
Robot Mailboxes type rules
To recreate the robot mailbox functionality you simply create a rule that is set to run for all messages
and specify an appropriate action to be taken. This can be further customised by creating different
rules and specifying different trigger conditions for the rule.
Forwarding Messages
When messages arrive in a users mailbox it is often required that the message is sent or copied to
another address. This is performed with mailbox Inbox Rules.
The following steps are used to create a forwarding rule.
1. Open the users mailbox in WebAdmin or WebMail
2. Go to the Inbox Rules page
3. Type the name of the new rule e.g. forwarding to joe
87
FTGateUsersGuide
4.
5.
6.
7.
8.
9.
10.
11.
12.
Click add
Click on the new rule
Check the apply to all messages box
Change to the Actions tab
Check Forward to the following address
Enter the required address e.g. joe@soap.com
If you want to have the message deleted after forwarding, check the delete message option
Check the Rule Enabled option
Click Save
This rule will forward all mail arriving in the mailbox to joes email address.
Attachments
These files can be used as attachments to mailbox rules and calendar messages.
Contents
This shows the contents of the users inbox.
Address Books
This page displays the address books available to the mailbox. New address books can be added and
the existing address books shared with other domain members.
If the mailbox is a group mailbox then the address books will be visible to all members of the group.
Calendars
This page displays the calendars available to the mailbox. New address books can be added and the
existing calendars shared with other domain members.
If the mailbox is a group mailbox then the calendars will be visible to all members of the group.
Notes
This page displays the note books available to the mailbox. New address books can be added and
the existing note books shared with other domain members.
If the mailbox is a group mailbox then the note books will be visible to all members of the group.
Tasks
This page displays the task lists available to the mailbox. New address books can be added and the
existing task lists shared with other domain members.
If the mailbox is a group mailbox then the task lists will be visible to all members of the group.
ui_mbx_tracking1
Type topic text here.
Group Mailboxes
88
Web Admin Interface
Group Members
This page allows for simple selection of the members of the group.
Tracking
When tracking is enabled, messages arriving in this mailbox have a tracking id inserted into the
subject line and a message is returned to the sender informing them that their message has arrived
and telling them what tracking number has been assigned to them.
This option is useful for tracking a message. It is most relevant when it is important to keep track of a
sequence of replies, e.g. for a technical support enquiry, or sales enquiry. When the group mailbox
receives a message the Tracking ID is inserted into the subject along with the date and a three digit
number (which increments each time a message arrives in the group mailbox that does not have a
Tracking ID in its subject).
It is possible to include special macros into the message. See Macro Expansion
List Mailboxes
List Control
These options control how the list mailbox will handle messages.
General Tab
List owner
Address of person responsible for list maintenance.
Limit postings size
Causes messages over this size to be rejected
Subject identifier
Text to be added to the start of the subject line for each messages distributed out by this list. For
example using a Subject identifier of [mylist] would cause all message from the list to have [mylist]
prepended to the subject line.
Options
Allow SUBSCRIBE
Enabling this will allow new members to join the list by emailing to the list with "subscribe" (no quotes)
in the subject line.
Not used in ODBC list sources
Log SUBSCRIBE
Records in the log who has subscribed/un-subscribed
Not used in ODBC list sources
Confirm SUBSCRIBE
Sends a message to the user who is subscribing for them to confirm they wish to be on the list. This
helps prevent other people subscribing addresses "for a laugh". If the user does not reply to the
confirmation request, the user is not subscribed
Not used in ODBC list sources
Send notification to owner for subscribes and unsubscribes
89
FTGateUsersGuide
The mailbox sends a notification to the list owner after a successful subscribe or un-subscribe.
Maintain archive of postings
Keeps the messages in the mailbox folder for that mailbox
Moderated
The list owner can post to the list when this option is enabled. This forces all messages to the list to
be sent to the list owner who can then decide which messages are suitable for publishing. This is
useful when the list is a "Customer list" and you only wish the sales manager to be able to send
messages to the customers via the list.
Only allow list members to post
Users must subscribe before posting to the list, if not the messages will be rejected.
Not used in ODBC list sources
Include Sender in postings
Sends a copy of the message to the sender.
Function as a distribution list
When this option in not checked, one message is generated addressed to all the list members (via
BCC), and the To address in the header is shown as the list mailbox name. With the option checked a
unique message is created for every list member and the To address is set to the address of the list
member
Auto-manage members
Removes any address from which messages have bounced, after sending a second message and a
confirmation request "do you still wish to be on this list?" This keeps the list current, with only valid
email addresses on the list. This will have no effect on an SQL based list.
Not used in ODBC list sources
Reply
Reply Address
Specifies which return address should be used for messages distributed by this list.
•
•
•
Set the reply address to be this list
Set the reply address to be the sender
Set the reply address to be this address:
List Members
This page configures the data source used to supply the list addresses.
Member Source
You can configure this mailbox to use an SQL query to obtain the members list, or to use the explicitly
defined members list.
•
•
This mailbox uses the following members list
The members are held in the FTGate database and managed through a list display. Members
can be imported and exported using the Import export Options on the list page.
Use the following ODBC search to obtain the list members
The members are held in an SQL database
ODBC List
FTGate allows administrators to create a database from an external database of addresses held in an
SQL database.
90
Web Admin Interface
DSN
A system DSN that can be used to open the connection to the database
SQL
The SQL statement used to return the address list from the database. The returned data must include
fields named 'name' and 'address'.
To use an external SQL list you need to configure a DSN connection and an SQL statement that will
retrieve the addresses for the message. The DSN must be a System DSN.
The SQL query results must contain the columns 'Name' and 'Address'. Thus if the database does not
contain these columns the SQL statement should create them in the returned data set.
example:
In the DSN box
dsn=customers;uid=admin;pwd=kx154
in the Sql box
SELECT email as address, customername as name FROM customerlist WHERE wantmailing=1
Notifications
These are the messages used by the list mailbox. They include the joining and leaving messages as
well as the moderated message and error messages.
Messages can be sent for the following reasons:
• Subscribe Successful
• Subscribe Unsuccessful -- Closed list
• Subscribe Unsuccessful -- Already a member
• Confirm Subscribe
• Unsubscribe Successful
• Reject posting -- Not a member
• Reject posting -- Message too big
• Moderator message
Signature
List messages can have signature added to all sent messages. The signature is either added to the
beginning or end of the message.
Available options:
• Do not add the signature to messages
• Add the signature to the beginning of the message
• Add the signature to the end of the message
Remote Domains
General
Path to outbox
Location on the hard drive where messages are stored prior to delivery or collection.
Authentication
91
FTGateUsersGuide
Allow SMTP authentication and POP3 access using the following name and password
Password Hold flagged messages
This option causes messages that have been flagged by the filter system to be held. Flagged
messages will not be delivered by either SMTP or POP3.
Virtual address mode
Only accept mail for address in the domain address book. Each address entry will use one mailbox
licence.
Filter Policy
This is the filter policy that FTGate uses to filter messages arriving into this domain.
Host name :
Name used to identify this machine on the Internet (EHLO/HELO name)
Fast Expire
This option prevents outbound messages that are a result of a bounce or a filter from queueing in the
outbox. When enabled, delivery of such messages will be tried once, and any failure results in the
message being deleted. Thus the domain or outbox will not fill up with undeliverable spam rejections.
However, it is possible that a legitimate bounce could be deleted if the target server is down, although
this is very unlikely.
Promote 4XX Failures
This option causes a 4XX level SMTP send error to be treated as a 5XX error and rejected the
message rather than cause it to queue. This option is disabled if MX delivery is enabled and is not
compatible when sending to servers that have gray-listing enabled. Its primary use is for ISP's who
use remote domains which don't reject bad addresses but issue a 4XX try again later message,
causing the domains to fill up with undelivered junk.
Debug Logging
Create debug log. Additional information will be written to the log file showing the SMTP session used
to send the messages. Note, this option has no effect if the system logging level is not set to debug.
See Logging
Disable access to this domain before
Access will be prevented before this time
Disable access to this domain after
Access will be prevented after this time
Throughput Restrictions
This sets the maximum size of the mailbox. When this size is reached mail will be temporarily
rejected.
Connection
Network profile :
Select the network profile to connect for message delivery. Users of Broadband or other permanent
connection should use the LAN network profile
Delivery mode :
The delivery mode controls when to open a connection for message delivery.
•
92
Never Connect
Web Admin Interface
•
•
•
Immediately
ETRN
Conditional
Conditional
When in conditional mode these settings will cause delivery to start
•
•
•
Message count
Message age
Priority message
Encryption
This setting specifies whether FTGate should send encrypted data
•
•
•
•
No encryption
Encrypt all data using SSL
Allow encryption using TLS
Require encryption using TLS
Maximum concurrent sends
Specifies the maximum number of concurrent sends permitted
SMTP inactivity timeout
The period after the last data transfer when it is assumed the link has been lost and the connection
should be closed
Delivery
Specifies how FTGate will send mail to its intended recipients.
SMTP Hosts :
Deliver mail to SMTP hosts listed in the order shown
MX Hosts :
Deliver messages using DNS/MX records
If delivery fails:
•
Deliver mail to SMTP hosts
•
Hold mail in queue for later delivery
Queue Options :
Specifies how long FTGate will hold undelivered mail in the delivery queue.
Delivery Optimisation :
Disable delivery optimisation and send each message in a separate SMTP session
Addresses
This page allows the configuration of the virtual addresses that will be used to prevent badly
addressed mail being delivered to the domain.
When in virtual address mode (See General) each entry will use 1 mailbox licence.
Contents
93
FTGateUsersGuide
This page allows access to the remote domains mail queue.
Overview
Type topic text here.
Outbox
Outbox
The Outbox is the location where outbound mail is stored before it is sent to the Internet. If you send
your outbound mail to your ISP for delivery then you will need to configure the Outbox with your ISP's
details. If you deliver the mail directly using MX records, then you must also configure a DNS server.
See Also:
• DNS
To configure the Outbox for direct delivery to an ISP
In order to configure delivery to the ISP you will need to know your ISP's SMTP server name or IP
address and if using a dialup connection, the Profile used to connect to the Internet. If a dial up profile
is to be used see Dialling the Internet
1. In Outbox, click Connection
2. In Connection Options / Network Profile, select the required profile, [LAN] or
[Proxy/Router]
3. In Delivery Mode, select Immediately
4. In Host name, enter your Domain Name
5. Click Apply
6. In Outbox, click Delivery
7. In Delivery Route, select SMTP Hosts
8. In SMTP Hosts / Host1, enter the IP address or name of the ISP's SMTP server (see
Remote Domains)
9. (Optional) In SMTP Hosts / Host2, enter the IP address or name of the ISP's backup SMTP
server
10. (Optional) In SMTP Hosts / Host3, enter the IP address or name of the ISP's backup SMTP
server
11. Click Apply
To configure the Outbox for direct delivery via MX Records
MX delivery is not recommended over dial up connections (*). A suitable DNS server will be required
for correct delivery of mail (DNS).
1.
2.
3.
4.
5.
6.
7.
8.
9.
NOTES
94
In Outbox, click Connection
In Connection Options / Network Profile, select [LAN] or [Proxy/Router]
In Delivery Mode, select Immediately
In Host name, enter your Domain Name (**)
Click Apply
In Outbox, click Delivery
In Delivery Route, select MX Hosts
In If delivery fails, select Hold mail in queue for later delivery
Click Apply
Web Admin Interface
* MANY ISPS WILL NOT PERMIT MX DELIVERY THROUGH THEIR NETWORK DUE TO MISUSE AS A SOURCE OF
SPAM.
** MANY SERVERS WILL NOT ACCEPT MAIL FROM SERVERS WITH AN INCORRECT HOST NAME.
Managing the Outbox
The Outbox controls outbound mail to the Internet. For the various setting options please see the
remote domain options.
General
Connection
Delivery
Contents
Services
Managing Services and Security Policies
Service and Security Policies are managed through the Services section with a separate tab for
Services and Security Policies.
Services Tab
This tab displays the service list. New services can be added and removed. In the event that a service
was not able to start it will be highlighted in red. The cause of the problem can be determined by
placing the cursor over the ! character, or opening the service.
See:
•
Service Types
Policies Tab
This tab displays the available security policies. The default policies cannot be deleted. However, any
new policies added may be deleted.
See:
•
•
•
Security Policy Management
Policy Access Rights
Configuring LAN access
Security Policy
Overview
In order to control how a service responds to connections from different IP addresses FTGate
implements a system of security policies. A security policy specifies what access rights are granted to
connections from various IP addresses. A server will typically have multiple security policies that
specify different types of access. Each service allows the selection of one security policy, and the
options selected in that policy will control the access to that service.
See Also:
95
FTGateUsersGuide
•
•
•
•
•
•
Options
Addresses
SMTP
POP3
HTTP
LDAP
Options
The security policy tab allows for the configuration of the specific security policy features that will be
used all services using the policy.
Enabled
If the policy is enabled, all services that use the policy may run depending on their specific options.
When the policy is disabled ALL services using the policy will be stopped.
Policy Service Control
Services that use this policy will only be available if their service type is enabled
Any service that uses this policy must have its service type enabled in the policy. If the service type is
disabled in the policy then that service will not run.
See also:
• Security Policies
• Relay Control and Authentication
• Access Control Lists (ACL)
• Configuring LAN access
• Addresses
• SMTP
• POP3
• HTTP
• LDAP
Login attempts
This option defines how many POP3/IMAP login and SMTP authentication attempts that can be made
before an IP address gets a temporary or permanent ban. This option is controlled by the LL flags.
Ban Period
This option specifies how FTGate should handle automatic bans. The period of a ban maybe 5
minutes or permanent.
Greylist SPF Bypass
This option causes an IP address that has been validated by SPF to bypass the greylisting process.
SPF Softfail Promote
This option causes any SPF check that results in a softfail, indicating that the domain administrators
dont care if its valid or not, should be treated as fails and rejected.
Permit Spoofing
This option disables the anti-spoofing measures in FTGate. When this option enabled FTGate will
allow any un-authorised connection to send mail using a locally hosted email address.
See Also:
96
Web Admin Interface
•
Anti-Spoofing
Addresses
This tab defines the security features that will be applied to each address in the policy.
See:
•
Security Policies
SMTP
The SMTP tab controls options that apply to SMTP servers using this policy.
SMTP Welcome Text
The first line that is sent in response to a connection
SMTP host name :
The name used by the SMTP service to identify itself to incoming connections in response to
HELO/EHLO
Message Limits
These options restrict the maximum size of a message, number of recipients for a message and the
number of servers a message can pass though. messages that exceed these limits are rejected.
Maximum message size (authenticated)
This limits the message size for users which are authenticated by IP address or SMTP authentication
KB
Maximum message size (other)
This limits the message size for non-authenticated users KB
Maximum recipients (Authenticated)
This sets the maximum number of recipients that a message can be sent to by authenticated senders
Maximum recipients (Other)
This sets the maximum number of recipients that a message can be sent to by non-authenicated
senders
Max Recipients (header)
Specifies the maximum number of recipients in header.
Maximum hops
Specifies the total number of servers that a message can pass through before it is assumed a loop
has occurred and the message is rejected
SMTP authentication
This option specifies what FTGate validates against when authenticating.
• Mailboxes
• Specific settings
97
FTGateUsersGuide
Inactivity timeout
The period of time from the last communication until the connection will be closed.
Sender validation
Validate that the sender's domain exists
Hosted senders only
Only allow delivery from hosted email addresses
Allow EXPN and VRFY SMTP commands
Permit the server to respond to EXPN and VRFY commands. This may result in a drop in server
security.
Local header addresses
Include local IP address in message headers received lines
POP3
The POP3 tab defines POP3 options that apply to all POP3 services using this policy.
Inactivity timeout
The period of time from the last communication until the connection will be closed.
HTTP
The HTTP tab defines HTTP options that apply to all HTTP services using this policy.
Inactivity timeout
The period of time from the last communication until the connection will be closed.
Script timeout
The period of time after which a running script will be terminated
Session timeout
The period since the last web access before the session is discarded
LDAP
The LDAP tab defines options that apply to all LDAP services using this policy.
Inactivity timeout
The period of time from the last communication until the connection will be closed.
Services
Service Types
FTGate support the following service types
SMTP
98
Web Admin Interface
The SMTP protocol is the method used when a mail client (such as Thunderbird or Outlook ™ ) or a
mail server sends a message to a server. It is the primary method used to transfer mail around the
Internet.
POP3
This is the most common method used by mail clients to retrieve mail from a server. It is a very basic
protocol and it is not intended for use as a mail store for more than one email address. However,
ISP's often see this a cheaper alternative than an SMTP feed and thus often use it in this way. See
SmartPop
HTTP
This protocol is used to supply web (HTML) pages to Web browsers. This protocol is used to power
both the SolSight Web interface and Web Admin.
LDAP
This protocol is used to provide LDAP directory access to mail clients. It is search based and a
common confusion is that, when first connecting to an LDAP service, no results are shown until a
search is performed.
Proxy
This protocol allows Web browsers to access pages on the Internet through FTGate without their
having a direct connection to the Internet.
IMAP
This protocol is a more advanced protocool that POP3 and allows a mail client to access mail stored
in a mail store. The mail remains on the server where it can be backed up. This protocol allows
sharing of folders with some restrictions on behaviour depending on the mail client used. See IMAP
considerations
Monitor
This protocol is used by the FTGateMonitor utility
Groupware Connector
This protocol is used by the FTGate Outlook Connector and the Replicator client.
Service failed to start
When FTGate is first installed it is possible for their to be port conflicts between FTGate and other
software. This can prevent FTGate being able to start all of its services.
In the event of this problem it is necessary to determine which application is using which port so that
the problem application can be disabled or reconfigured.
You can determine which application is using which port by opening a command prompt and typing
netstat -o
You will then see a series of lines similar to this:
99
FTGateUsersGuide
netstat -o
Active Connections
Proto Local Address
TCP
THOR:1110
Foreign Address
THOR.ftgate.lan:3407
State
ESTABLISHED
PID
1688
You can then look for the line for the problem port and look at the PID.
So we can see that on the local machine (THOR) port 1110 is being used by the application with PID
1688
You can then open the task manager (right click on the task bar and select task manager) and locate
the task with the indicated PID. If the PID column is not being displayed in the task manager, Click
View/Select Columns and check the PID box.
This will tell you what application is using the port so you can shut it off.
See Also: Firewall ports
POP3
General Tab
Name
The name of this item
Status
Controls if the service will respond to connections
Address
The address on which the server will listen for incoming connections.
Port
The port on which the service will listen for incoming connections. Only one service can listen on any
given address:port combination.
Options Tab
Low security
Allow low security login (username without domain) for single domain systems
Log access
Create an entry in the log when a user signs in
Create debug log
This option causes additional log information for this particular service to be included in the log file
Encryption Tab
Require encrypted authentication
Encryption
Specifies the level of encryption required when communicating with this service (requires a valid
encryption certificate)
100
Web Admin Interface
•
•
•
•
No encryption
Encrypt all data using SSL
Allow encryption using TLS
Require encryption using TLS
Encryption certificate
This encryption certificate will be used when encoding data using SSL and TLS
Security Policy Tab
Security Policy
Selects the security policy that is to be used by this service. All other options in this section are
shared between POP3 services See Security Policy, POP3
Access Tab
Access restriction
Controls who can access the service
• Allow access to everyone
• Restrict access to the following addresses
Service Access List
Lists the users who are permitted access to this service. These addresses must be for mailboxes
hosted on this server.
SMTP
General Tab
Name
The name of this item
Status
Controls if the service will respond to connections
Address
The address on which the server will listen for incoming connections.
Port
The port on which the service will listen for incoming connections. Only one service can listen on any
given address:port combination.
Options Tab
Filter Policy
This is the filter policy that FTGate uses to filter messages arriving into this server.
Create debug log
This option causes additional log information for this particular service to be included in the log file
Encryption Tab
101
FTGateUsersGuide
Require encrypted authentication
Encryption
Specifies the level of encryption required when communicating with this service (requires a valid
encryption certificate)
•
•
•
•
No encryption
Encrypt all data using SSL
Allow encryption using TLS
Require encryption using TLS
Encryption certificate
This encryption certificate will be used when encoding data using SSL and TLS
Security Policy Tab
Security Policy
Selects the security policy that is to be used by this service. All other options in this section are
shared between POP3 services See Security Policy, SMTP
Access Tab
Access restriction
Controls who can access the service
• Allow access to everyone
• Restrict access to the following addresses
Service Access List
Lists the users who are permitted access to this service. These addresses must be for mailboxes
hosted on this server.
HTTP (SolSight Web and WebAdmin)
General Tab
Name
The name of this item
Status
Controls if the service will respond to connections
Address
The address on which the server will listen for incoming connections.
Port
The port on which the service will listen for incoming connections. Only one service can listen on any
given address:port combination.
Options Tab
Location of Files
This is the root path for the files to be served by this server.
102
Web Admin Interface
Default Language
This defines the initial language that will be used when displaying the web pages (Web Admin and
SolSight Web only)
Encryption Tab
Require encrypted authentication
Encryption
Specifies the level of encryption required when communicating with this service (requires a valid
encryption certificate)
•
•
•
•
No encryption
Encrypt all data using SSL
Allow encryption using TLS
Require encryption using TLS
Encryption certificate
This encryption certificate will be used when encoding data using SSL and TLS
Security Policy Tab
Security Policy
Selects the security policy that is to be used by this service. All other options in this section are
shared between POP3 services See Security Policy, HTTP
Access Tab
Access restriction
Controls who can access the service. This is only appropriate to SolSight Web and WebAdmin
• Allow access to everyone
• Restrict access to the following addresses
Service Access List
Lists the users who are permitted access to this service. These addresses must be for mailboxes
hosted on this server.
Scripts Tab
Script Folders
The server runs these scripts when the associated folder is requested in a URL.
Virtuals Tab
Virtual Folders
The server accesses the files in the folders corresponding to the requested URLs.
LDAP
General Tab
Name
103
FTGateUsersGuide
The name of this item
Status
Controls if the service will respond to connections
Address
The address on which the server will listen for incoming connections.
Note: On Windows 2003 servers you MUST select an address for the LDAP service or it will not start.
Port
The port on which the service will listen for incoming connections. Only one service can listen on any
given address:port combination.
Options Tab
None.
Encryption Tab
Not applicable
Security Policy Tab
Security Policy
Selects the security policy that is to be used by this service. All other options in this section are
shared between POP3 services See Security Policy, LDAP
Access Tab
Access restriction
Controls who can access the service
• Allow access to everyone
• Restrict access to the following addresses
Service Access List
Lists the users who are permitted access to this service. These addresses must be for mailboxes
hosted on this server.
Proxy
General Tab
Name
The name of this item
Status
Controls if the service will respond to connections
Address
The address on which the server will listen for incoming connections.
104
Web Admin Interface
Port
The port on which the service will listen for incoming connections. Only one service can listen on any
given address:port combination.
Options Tab
Proxy Type :
The proxy can either function as a web browser (i.e. access web pages using the HTTP and HTTPS
protocols), or communicate directly to a specific address/port.
• This is a Web proxy
• This is a Point to Point proxy.
Encryption Tab
Not applicable
Security Policy Tab
Security Policy
Selects the security policy that is to be used by this service. All other options in this section are
shared between POP3 services See Security Policy
Access Tab
Access restriction
Controls who can access the service
• Allow access to everyone
• Restrict access to the following addresses
Service Access List
Lists the users who are permitted access to this service. These addresses must be for mailboxes
hosted on this server.
IMAP
General Tab
Name
The name of this item
Status
Controls if the service will respond to connections
Address
The address on which the server will listen for incoming connections.
Port
The port on which the service will listen for incoming connections. Only one service can listen on any
given address:port combination.
Options Tab
Log access
105
FTGateUsersGuide
Create an entry in the log when a user signs in
Create debug log
This option causes additional log information for this particular service to be included in the log file
Encryption Tab
Require encrypted authentication
Encryption
Specifies the level of encryption required when communicating with this service (requires a valid
encryption certificate)
•
•
•
•
No encryption
Encrypt all data using SSL
Allow encryption using TLS
Require encryption using TLS
Encryption certificate
This encryption certificate will be used when encoding data using SSL and TLS
Security Policy Tab
Security Policy
Selects the security policy that is to be used by this service. All other options in this section are
shared between POP3 services See Security Policy
Access Tab
Access restriction
Controls who can access the service
• Allow access to everyone
• Restrict access to the following addresses
Service Access List
Lists the users who are permitted access to this service. These addresses must be for mailboxes
hosted on this server.
Monitor
General Tab
Name
The name of this item
Status
Controls if the service will respond to connections
Address
The address on which the server will listen for incoming connections.
Port
106
Web Admin Interface
The port on which the service will listen for incoming connections. Only one service can listen on any
given address:port combination.
Options Tab
None
Encryption Tab
Not applicable
Security Policy Tab
Security Policy
Selects the security policy that is to be used by this service. All other options in this section are
shared between POP3 services See Security Policy
Access Tab
Access restriction
Controls who can access the service
• Allow access to everyone
• Restrict access to the following addresses
Service Access List
Lists the users who are permitted access to this service. These addresses must be for mailboxes
hosted on this server.
Groupware Connector
General Tab
Name
The name of this item
Status
Controls if the service will respond to connections
Address
The address on which the server will listen for incoming connections.
Port
The port on which the service will listen for incoming connections. Only one service can listen on any
given address:port combination.
Options Tab
None
Encryption Tab
Require encrypted authentication
107
FTGateUsersGuide
Encryption
Specifies the level of encryption required when communicating with this service (requires a valid
encryption certificate)
•
•
No encryption
Encrypt all data using SSL
Encryption certificate
This encryption certificate will be used when encoding data using SSL and TLS
Security Policy Tab
Security Policy
Selects the security policy that is to be used by this service. All other options in this section are
shared between POP3 services See Security Policy
Access Tab
Access restriction
Controls who can access the service
• Allow access to everyone
• Restrict access to the following addresses
Service Access List
Lists the users who are permitted access to this service. These addresses must be for mailboxes
hosted on this server.
Clients
Managing Clients
The clients section allows the configuration of either SmartPop accounts (Professional and ISP
Editions) or Replicator accounts (Relay Edition).
See
•
•
SmartPop
AutoCluster
SmartPop
SmartPop
FTGate includes SmartPop which is a technology which allows FTGate to collect mail from an ISP's
POP3 mailbox and be able to correctly deliver almost any message without the user needing to make
any configuration choices beyond turning SmartPop on.
When delivering messages in its automatic mode SmartPop can do the following:
1. Deliver messages for users who have mailboxes directly to them and prevent duplicates from
being delivered.
2. Deliver mail for unknown users of a local domain in accordance with the configured domain
settings which includes bouncing the email with an undeliverable report.
3. Return incorrectly addressed email as undeliverable or send it to a special recipient.
108
Web Admin Interface
FTGate also includes the option to bounce mail that is too large, thus preventing FTGate from using
up too much bandwidth and telling the original sender why their message was not delivered.
These changes now give SmartPop the same flexibility of delivery as SMTP .
See Also
• Configuring SmartPop
• Delivering SmartPop mail to a single user
• Delivering SmartPop mail to domain users
• SmartPop limitations
SmartPop limitations
SmartPop mail delivery problems
We are often asked "Why do I get the message ' SmartPop Mail Delivery Failure?". This article will
explain why it happens and what can be done about it.
History of SmartPop.
Many ISP's offer multiple mail addresses with their mail accounts, but place all the messages in a
single mailbox. So for example you might have the email addresses user1@domain.com,
user2@domain.com and user3@domain.com, and all the mail might be placed in a mailbox
domain@mail.isp.com. This type of mailbox is commonly known as a domain or multi-drop mailbox .
The problem with a multi-drop mailbox is that the first person to connect to it gets all the mail
regardless of who it was sent to. SmartPop solves this problem by retrieving the mail messages and
then delivering to the appropriate local mailbox.
To deliver the mail from the example above, the administrator would install FTGate, create three
mailboxes (user1, user2 and user3) in the domain "domain.com", then create a SmartPop account for
domain@mail.isp.com. SmartPop would then collect the mail and deliver it to the appropriate user.
What is a message
An Internet mail message consists of two parts, the header and the body. The header contains
information such as who the message is from, who it is to, the subject, when it was sent etc. The body
is the text of the message.
How is mail transferred around the Internet.
Most mail is transferred from point to point using a protocol called SMTP (Simple Mail Transfer
Protocol). This protocol transfers a message by making a connection to a destination computer,
sending the Envelope of the message and then sending the message. The Envelope of the message
contains the senders email address and one or more recipients addresses.
By the time the message reaches your ISP's machine the envelope will usually consist of the sender
and one recipient. It is this recipient address that the ISP uses to determine which mailbox should be
used for storing the message. In the above example a message to user1, user2 or user3 would be
written to a single mailbox (domain@mail.isp.com).
After the mail is placed in a mailbox it can be retrieved using a protocol called POP3 (Post Office
Protocol version 3). This protocol transfers the body of the message. The problem with this protocol is
that it was only designed to access mailboxes that had mail for a single user.
What can go wrong to cause delivery failures ?
109
FTGateUsersGuide
A message is in the ISP mailbox for an address that doesn't have a local mailbox.
If using the above example a message was in the ISP mailbox addressed to fred@domain.com,
SmartPop would not be able to deliver it as there is no mailbox or alias for that name. This can be
fixed by creating the mailbox or alias.
The message was sent to the ISP mailbox by a mailing list that doesn't include the recipients
address (BCC).
Many mailing lists do what is known as blind mailing. This is where the message header has a TO:
line to say testlist@listserver.com. Obviously there is no mailbox on the local mail system called that,
so this causes an error. The second problem is harder to fix and will require your ISP's help. I will
describe the problem using an analogy with the postal mail system.
A letter is sent inside an envelope (SMTP is the envelope) addressed to Fred Bloggs. The letter inside
starts Dear Sir (the message header). The postman (your ISP server) brings the letter to your office
but before delivering it takes the letter out of the envelope and puts only the letter through the postbox
at the front door (ISP pop3 mailbox). Now when your secretary (FTGate) collects the mail, there is no
indication as to who the "Dear Sir" is, so it cannot be delivered.
The Solution
Many ISP's copy the envelope (SMTP) address into the message header, that way the messages
recipient address can always be found. There is no standard for the way that they do this and FTGate
has been coded with most of the methods in use. This allows SmartPop to read the message header
and deliver to the correct mailbox.
If your messages are being delivered as "SmartPop mail delivery failure", you should check the
header of the attached message to see if the correct address exists. If it does not, you need to contact
your ISP and arrange for them to either add the additional field for the envelope to the message
headers or give you an SMTP feed. If they are not prepared to do this then consider changing to
another ISP as a multi-drop mailbox will not work correctly without the addition of the extra header
information.
Example Headers
An example of a message (sent to user1@domain.com) that has not had the ISP include the
additional envelope data might be:
Date: Fri, 26 Jun 1998 08:40:45 -0400
To: ftgug@ftgate.com
From: Fred Bloggs <fred@bloggs.com>
Subject: Version 2.1.0.5 and "Received... for"
Reply-To: ftgug@ftgate.com
x-listserver: ftgug@ftgate.com
and an example that has had the additional information included might be:
X-Recipient: user1@domain.com
Date: Fri, 26 Jun 1998 08:40:45 -0400
To: ftgug@ftgate.com
From: Fred Bloggs <fred@bloggs.com>
Subject: Version 2.1.0.5 and "Received... for"
Reply-To: ftgug@ftgate.com
x-listserver: ftgug@ftgate.com
Note the additional highlighted line. Without this line the ISP has made it impossible to deliver the
message correctly. They have discarded the delivery information. If your ISP does not include this
110
Web Admin Interface
information you should contact them and ask that they add the information or explain to you how you
are supposed to know who the message is for.
We hope that this goes some way towards explaining the problem.
SmartPop delivery problems
Users of SmartPop may find that they have delivery issues after first installing the system. This is
often to inappropriate handling of the message headers by the ISP.
Please read the following article to put the rest of this discussion in context: SmartPop limitations
The problems fall into two types.
1. Modified addresses in the header
ISP's that add a delivery line but modify the real address of the message.
For example:
The message is addressed to bob@mydomain.com but the ISP adds a tag line of xxxbob@mydomain.com
In this case the real address is present and a filter can be used to restore the address.
In this example a new filter would be added to filter/routes with the entry
from: *
to: xxx-*@mydomian.com
route to: *@mydomain.com
This removes the modification and allows the message to be delivered correctly.
2. ISP using the x-recipient for their own purpose
Some ISP's use the x-recipient (or equivilent) to provide their internal routing and this can result in
SmartPop being unable, in automatic mode, to deliver the mail correctly. Typically, the message
header will contain something like
x-delivered-to: xxx-maildrop@mydomain.com
where maildrop is the account name you have at your ISP.
In this case the ISP has decided to use the special received tag for their own purpose, that means
that it does not include the name of the original addressee, just the name of the catch all mailbox. The
solution to this is to disable the feature in SmartPop and live with the potential loss of BCC mail.
You need to switch SmartPop into Manual mode (SmartPop/Delivery).
Disable all options except:
Filter Ids
Scan Message Header (+options 3 and 4, not 1 or 2)
Your mail will now be delivered normally with maybe the exception of BCC mail which may or may not
get
bounced depending on your domain settings and what the email actually has in its header.
Please note that any subsequent failure is not the result of FTGate but the result of ISPs using POP3
for a purpose for which it was not designed.
SmartPop Duplicate Delivery
Under some circumstances it is possible to receive duplicate delivery of messages.
111
FTGateUsersGuide
Multiple ISP accounts
This usually occurs when a message is sent to two people and arrives at two accounts at the ISP. If
you have two SmartPop accounts and they are both set to have FTGate find the recipient from the
header, then each message will be delivered twice.
If you have more than one mailbox at your ISP and those mailboxes will receive mail for users at your
domain, then you must configure each SmartPop account to deliver all of its mail to the specific user
to whom the ISP account is intended.
For example, if the ISP account is for bob@mydomain.com then you must go into the SmartPop
account for bob and make the following changes on the Delivery tab:
1. Set Mode to Manual
2. In Manual Delivery Settings clear the Scan Message Header and the Enable SDPS
checkbox
3. In Delivery Failure set Default Recipient to bob@mydomain.com and for Unknown
Recipient select Default
4. Click Apply
This changes should be made for all SmartPop accounts that are assigned to specific employees and
should prevent duplicate delivery.
Delivering SmartPop mail to a single user
To configure a SmartPop account to deliver all mail to a single mailbox
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Select the client tab
Click on the SmartPop name
Click on the Delivery tab
In Delivery Control, set Mode to manual
Click Apply
In Associated domain, All Hosted Domains
Clear Enable SDPS
Clear Enable CAPA
Clear Filter ID's
Clear Scan Message Header
11. In Delivery Failure, set Default Recipient to the recipients mailbox address
and select the option
12. Click Apply
Delivering SmartPop mail to domain users
SmartPop can collect mail from a single ISP Multi-drop Mailbox and distribute the mail to all
addressees of the message. It is recommended that SmartPop is placed in its automatic mode when
used with a multi-drop mailbox. In the majority of cases automatic mode will be able to correctly
deliver all messages. However, some ISP's do not configure their servers in the most appropriate way
for handling multi-drop mail. In this case manual configuration of the options may be required, in
which case we would recommend contacting support@ftgate.com for further guidance.
To configure SmartPop for automatic mode
1.
2.
3.
4.
112
Select Clients
Click on the SmartPop name
Click on the Delivery tab
In Delivery Control, set Mode to Automatic
Web Admin Interface
5. Click Apply
6. In Associated domain, select the required domain
7. In Unknown recipient, select Reject
8. Click Apply
AutoCluster
The unique FTGate replication service is the ultimate ISP or networked multi server administration
tool. It allows a network of FTGate servers to be automatically configured from one or more master
servers (either Professional Edition or ISP Edition). Not only will this greatly reduce the time spent
configuring servers but it will also lead to greater peace of mind knowing that the management tasks
are automated, you only need worry about getting the main server right.
This system was developed in close collaboration with a large ISP so that this tool would be perfect
for the task. We think that you'll be amazed at how easy you can manage an entire network.
AutoClusterSetup
The following are the steps needed to configure a network of FTGate servers
Choose one server to be the master server
1. Add a groupware connector service to the master server.
2. Enable the service
The master server is now ready.
For each of the slave servers
Create an AutoCluster Client
1. Set the required address of the master server
2. Set the required username and password.
This must be the username and password of an administrator on the master server.
3. Set the frequency of checking for updates
4. Enable the client
From now on the AutoClusterwill regularly connect to the master, look for any updates and make any
configuration changes to itself required to maintain its operating state with respect to the master
server.
Job Done ! From now on the administrator only needs to manage one server.
AutoClusterModes
The AutoCluster Client have several modes to allow the administrator maximum configuration
flexibility
•
•
Remote Mirror Mode
This mode is designed to manage inbound relay servers. The master server has multiple
remote domains that are configured to deliver mail to a third party server. The slave servers
will all replicate the domains and use the same delivery options. Each domain can have
different options and does not need to follow DNS Domain Name Server: A server that
answers queries regarding the names and addresses on the internet. MX host routes.
MX Relay Mode
The master server is configured to host one or more local domains (a domain with
mailboxes). Each slave will configure itself to transfer mail for those domains straight to the
master server.
113
FTGateUsersGuide
Please note that the AutoCluster will NOT copy mailboxes from one system to another.
AutoCluster Settings
Name
Host name :
Address of the master server
Port :
The port on which the client will connect to the master server
Login name :
Enter the login name for the master server
Password :
Enter a password, and repeat it as a check, to use for the mailbox.
Inactivity timeout :
The period of time from the last communication until the connection will be closed.
Update interval :
The period between connections to the master server.
Encryption :
This setting specifies whether the master server is set to encrypted mode
AutoClusterMode :
This mode controls how the AutoCluster will create domains based on the master server.
• Remote mirror mode
• MX mode
Events
Events
The Events section controls periodic events that the server will execute.
Event parameters
Trigger Tab
Only trigger this timer once :
Controls whether the timer will trigger once or multiple times.
Trigger Times :
• Trigger at this time
• Trigger between these times at the specified interval
• This timer triggers on the following days of the week :
• This timer triggers on the following days of the month :
Action Tab
114
Web Admin Interface
Shutdown FTGate and restart after given interval
Execute enabled tasks (in sequence) :
• Network profile
• Run the following script
• Backup configuration
• Start AutoUpdate
Filters
Greylist
For full details on Greylisting please see Greylisting
General Tab
Greylist quarantine :
The period of time after the first connection during which subsequent connection will be rejected
minutes
Greylist timeout :
The period after which unused but validated connections will be purged from the greylist database
days
Greylist Zombie timeout :
The period after which connections that have never been validated will be purged from the database
Greylist Entries Tab
Greylist entries
This list shows the connections that are currently in the greylist database
Adding entries
It is possible to use the greylist to always allow or permanently block an IP/Sender/Recipient set by
adding them to the list manually.
Routing
Administrators may wish to alter the normal delivery pattern of an email message. The message
routing table allows them to do this.
Each message will be compared to the route entries and if a message matches a route, the route will
be applied and no further tests will be made.
Examples
The following are some examples of routes that can be applied.
From
To
Route
*
joe@domain.com
fred@domain.com
joe@domain.com
*
fred@domain.com
Effect
This filter delivers ALL messages
addressed TO joe@domain.com
to fred@domain.com
This filter delivers ALL messages
115
FTGateUsersGuide
FROM joe@domain.com to
fred@domain.com
joe@domain.com
*
blank
This filter deletes all messages
FROM joe@domain.com
joe@domain.com
fred@domain.com
blank
This filter deletes all messages
FROM joe@domain.com TO
fred@domain.com
*
*-domainxxyyzz.com@isp*@domain.com
This filter is used to unravel the
mailbox.com
mailbox mangling used by some
ISP's
e.g. the ISP may use the address
fred-domainxxyyzz.com@ispmailbox.com. This identifies the
mail as being for
fred@domain.com . The route
extracts the "fred" part of the string
and creates a new route of
fred@domain.com.
The exact form of this route will
depend on how an ISP mangles
their addresses.
*
*@domain.com
*@domain2.com
This filter causes all messages for
the domain domain.com be
delivered to the same named user
at domain2.com. e.e. messages
for fred@domain.com will be
delivered to fred@domain2.com
*
*@domain.com
*@domain.com|domain2.com This filter causes all messages for
the domain domain.com be
delivered via the remote domain
domain2.com. This can be used to
route mail for several domains
through to another server that is
more suited to handling the mail,
or settings up specific routers for
specific users. After routing the
receipient name is unchanged and
will still be for the user in
domain.com.
Anti-Virus
Scanner Loaded
Specifies which anti-virus scanner module is loaded.
Scanning Mode :
• Operating mode of the virus scanner Disable Virus Scanning
• Scan files and Quarantine infected messages*
• Scan files and Delete infected messages*
* Requires external Anti-Virus application
See also Anti-Virus Overview
Quarantine
Access Tab
These options control who has access to this object
Contents Tab
This tab contains the messages that have been quarantined. They may be redirected or deleted.
Filter Policies
116
Web Admin Interface
Type topic text here.
Filter Policies
Filter options
These flags govern which filter elements are enabled. The indented options will not run if the parent
option is disabled.
Filter Control
Which messages are to be filtered
•
•
•
•
•
No filtering
Do not filter messages from Whitelisted addresses
Do not filter messages from Authenticated addresses
Do not filter messages from Authenticated or Whitelisted addresses
Filter all messages
When filtering
Options that are applied to messages that to be filtered
Filter message content :
The action to be when messages have text or HTML components
•
•
Do not filter message content
Apply policy rules
Filter attachments :
The action to be taken when attachments are included in a message Do not filter attachments
•
•
Apply attachment filter to messages
Apply attachment filter and purge HTML scripts from messages
Check messages against UBEBlock+ database :
This option causes the messages to be checked with UBEBlock+ database. This causes a deeper
message scan to occur looking for content that is known to be from spam sources.
Filter Attachments
The attachment filter defines the actions that should be taken when encountering a message with a
specific attachment type.
The available actions are:
• Allow
The message and attachment are unaltered
• Purge
The attachment is removed and a plain text notification inserted in its place
• Quarantine
The message is moved into the quarantine folder
• Delete
The message is deleted.
Filter Blacklist
117
FTGateUsersGuide
The blacklist contains a list of addresses that are not permitted to send to this domain. Any message
from a blacklisted sender will be either rejected by the SMTP server or have the blacklist (BL) flag set
for later Filter Rule processing.
Filter Whitelist
The whitelist is used to identify known sources of messages that you do not want to filter. If a
message has a whitelisted sender then all SMTP filtering will be bypassed for that message and the
WL flag will be set for the filter rule processing.
Note:
If the SMTP service uses a different filter policy to the domain, then the whitelisted address must
appear in both lists.
Include address books
When this option is selected then all the address books and mailing lists stored in the FTGate
database (not ODBC databases) are included in the whitelist.
Filter Words
A list of words that if found in a message are used to identify that message as being bad.
The presence of one or more of these words in a message will cause it to be rejected at the SMTP
filter level or have the illegal word (IW) flag set for later filter rule processing.
Note:
An illegal word must occur in the message with no separator characters.
Filter Phrases
A list of phrases that if found in a message are used to identify that message as being bad.
The presence of one or more of these phrases in a message will cause it to be rejected at the SMTP
filter level or have the illegal word (IP) flag set for later filter rule processing.
Note
The phrase filter performs a string match. If a single word is entered into the phrase list then it will
match and string which contains those letters. For Example using the phrase bad will match against
badly
Filter Safe Words
The safe word list is a list of words which, when occurring in a message, identify the message as
being unsuitable for filtering.
By default all non-alpha characters are removed from strings that are entered into this list, in order to
enter a string with non-alpha characters you must enclose the string in quotes. i.e. "the-string".
UbeBlock Rating
118
Web Admin Interface
UbeBlock normally calculates a spam rating based upon the content of a message. The rating
adjustments page provides a set of modifiers that will adjust the UbeBlock rating for certain message
features. This can greatly aid the identification of Spam.
See Also
• Minimising Junk/UBE mail
Suggested Settings
The following rating adjustments are used on the FTGate Technology servers. We have found them
to be effective.
Adjustment if recipient's mailbox is in the Subject:
Adjustment if there are three or more consecutive spaces in the
Subject:
Acceptable proportion of unknown words against known words
(Unknown ratio)
Adjustment when message exceeds Unknown ratio threshold
Weighting for images
Weighting for external images
Weighting for web links
Weighting for unknown words
50
50
20
40
30
75
20
10
Filter Rules
Filter Rule Management
Type topic text here.
Editing Filter Rules
Type topic text here.
Configuration
Registration
Server serial number
The serial number of the PC generated from the PC's system information
Mailbox Limit
The maximum number of mailboxes supported by the current licence
Mailboxes Used
The number of mailboxes used in this installation
Mailboxes Remaining
The number of mailboxes that can be created
Upgrade Protection and Support Plan (UPSP) expiry date
The date at which the UPSP will expire
119
FTGateUsersGuide
The UPSP expiry date is automatically updated when FTGate checks for new versions. However, in
the event that after UPSP renewal, FTGate is unable to contact our servers you may have to update
the expiry date manually. In this case you should temporarily remove the registration key from FTGate
and then add it back in. Then perform a manual activation. Please note that you must create a new
activation key in order for the UPSP expiry date to be updated.
Registration Keys
These are the registration keys installed on this server. All of the keys need to be activated in order to
be functional.
See also
• Registering and Activating Licences
System
System Folders :
Specifies the location of the system folders.
•
•
•
•
Configuration folder
Cache folder
Script library folder
Backup folder
Safe Mode :
If the system is in safe mode then only Web Admin is available. No servers (SMTP, POP, IMAP, etc.)
are running.
System Restart :
Clicking this button will restart FTGate. There will be a pause whilst FTGate restarts and you will be
required to go through the Web Admin login to continue administering the system.
Administrators
This page contains a list of users who may log into the Web Admin interface.
See Also: Lost administrator passwords
Messages
FTGate offers considerable improvement in the facilities offered when sending any pre-configured
message such as a system notification, message bounce, mailbox rule message or list server
response.
The administrator can now specify if a message will be sent, the character set used by the message
and the message body. This is further enhanced as the message body can be written in HTML and
FTGate will detect the <HTML> tag at the start of the message body and format the email
appropriately.
Thus a message of
This is a test message
would be sent as plain text
120
Web Admin Interface
while
<HTML><HEAD></HEAD>
<BODY><B>This is a test message</B></BODY>
</HTML>
would be sent as an HTML message.
Macro Expansion
FTGate includes some expandable macros that can be used to make the message body specific to a
particular message condition or mailbox as follows:
Message that System Message is in response to:
$SUBJECT$
$FROMADDRESS$
$TOADDRESS$"
$FROMNAME$"
$TONAME$"
$RCPTADDR$"
$SUBJECT$"
$HEADER$"
Virus message:
$FILE$
$VIRUS$
Mailbox that System Message is about:
$MAILBOX$
$NAME$
$ADDRESS$
$COMMONNAME$
Group mailbox tracking message:
$TRACKING$
List mailbox messages when in distribution list mode
$NAME$
$ADDRESS$
See also
• Customising Messages
Spooler
Spool path
The spool path defines the location under which all mailbox folders are stored.
Move Domains
Clicking this button will cause all of the domains in this server to be moved to the new spool path
(above). Note that this action will cause FTGate to be suspended during the move and then restarted.
Script
The spooler runs this script for every message passing through the spooler
Logging
121
FTGateUsersGuide
Details to log
Specifies the level of details to include in the event log. Debug includes the most detail while Critical
will have the least
NOTE:
IT IS UNADVISABLE TO RUN A BUSY SYSTEM WITH DEBUG LOGGING ENABLED UNLESS YOU ARE TRYING TO
DIAGNOSE A PROBLEM. DEBUG LOGGING PRODUCES A LARGE AMOUNT OF LOGGING INFORMATION AND THIS
MUST BE WRITTEN TO THE LOG FILE. THIS HAS THE EFFECT OF REDUCING MOST TASKS TO THE EQUIVALENT OF
A SINGLE THREAD AS ONLY ONE TASK CAN WRITE TO THE LOG AT ANY GIVEN TIME. THUS BUSY SYSTEMS
SHOULD NOT BE RUN IN DEBUG MODE WITHOUT GOOD REASON.
Log path
Specifies the path to be used when creating log files
Billing
Billing logs create a record in a fixed format of all emails sent and received
• Do not create a billing log
• Create new billing log each month
• Create new billing log each day
Notification
Send the administrator a message for events of the following level.
Billing Log Contents
The billing log is a comma separated value file with the following fields:
•
•
•
•
•
•
•
Date
Time
In/Out
MessageId
Sender
Recipient
Size
Archiving
Archive Enable
Storage of all messages that have be processed by FTGate. The message are placed in a pair of files
and can be access through either the Archive Web Admin page or the FTGateArchive utility
Archive folder :
Create archive files in the following folder.
Archive Duration :
Period to hold archive for retrieval by Web Admin (days)
Enable compression :
This option causes the data in the archive to be compressed reducing the archive file sizes by
approximately 95%
DNS Servers
122
Web Admin Interface
A DNS server is used to convert a text server name into its numeric IP address and to return other
information required for mail handling. At least one DNS server is required if you intend to use any of
the following features:
•
•
•
•
RBL lists ( SMTP and Filter policy)
SMTP PTR record checks
SMTP SPF checks
MX delivery of outbound mail
DNS Servers
This contains the list of servers that will be checked.
Direct DNS Queries
When this option is selected FTGate will not attempt to contact domain name servers directly but will
send all traffic to the DNS servers listed
DNS Timeout
The DNS Timout will determine how log FTGate will wait fro a reply before deciding that the DNS is
not going to respond.
RBL Sites
An RBL list is a list of addresses that an RBL list supplier believes are a source of Spam. They can be
used with FTGate to prevent machines that are listed in the RBL from sending mail to your server.
They can also be used by the Filter section to allow filtering of messages received by SmartPop which
passed through an RBL listed site.
Care should be given when selecting which RBL lists should be included because by using a list you
are allowing a third party to determine which servers you will allow to send you mail. Many RBL lists
contain machines that are called open relays. These relays may or may not be a source of spam but
by their inclusion you would block all mail, both legitimate and spam, from that open relay server.
FTGate Technology recommend only the use of Spamhaus lists as they, sbl.spamhaus.org and sblxpl.spamhaus.org, do not include open relays.
Network Profiles
This list shows the available network profiles that can be used when connecting to the Internet. The
list will always contain LAN and Proxy/Router entries.
Network Profile Options
Connection Tab
User name
Password
Connect timeout
Login timeout
Retry connection after
123
FTGateUsersGuide
Attempt limit
Start delay
Actions Tab
ETRN
When enabled FTGate sends an ETRN command to the designated address.
POP
When enabled FTGate connects to the POP3 mailbox at the designated address. This option should
be used if your ISP requires you to connect to a mailbox prior to allowing you to relay.
Priority
Priority Strings :
FTGate treats messages with headers lines starting with any of these strings as priority messages.
Auto Update
FTGate contains an auto update facility that will automatically download any updates that are
released. The updates can either be applied automatically or under administrator supervision.
•
Automatic Update
FTGate will download the update, shutdown, apply the update and restart
•
Manual Update
FTGate will download the update and display a message in WebAdmin informing the
Administrator that a patch is available. The Administrator may then apply the update.
Proxy
These settings specify whether, and how, FTGate uses a proxy to connect to the Internet when
Activating and running AutoUpdate.
Utility
Utilities
•
Mailbox Import
Import mailboxes from an XML file into FTGate.
Mailbox Import
The mailbox import page allows the administrator to create one or more mailboxes by importing their
definition from an XML file.
The XML file has the following format:
<?xml version="1.0" encoding="ISO-8859-1" ?>
<mailboxes>
<mailbox>
<name>mailbox_name</name>
<type>7</type>
124
Web Admin Interface
<password>password</password>
<givenname> firstname</givenname>
<sn>lastname</sn>
<initials>initials</initials>
<cn>nick name</cn>
<o>organisation</o>
<ou>department</ou>
<title>title</title>
<postaladdress />
<l>town</l>
<st>street</st>
<c>country</c>
<postalcode>post code</postalcode>
<telephonenumber> tel number </telephonenumber>
<facsimiletelephonenumber> fax number </facsimiletelephonenumber>
<otherpager>mobile number</otherpager>
<url> web url</url>
<homepostaladdress> home address</homepostaladdress>
<homephone>home phone</homephone>
<otherfacsimiletelephonenumber>
homefax</otherfacsimiletelephonenumber>
<mobile> mobile number</mobile>
<info> notes</info>
</mailbox>
</mailboxes>
The <mailbox>...</mailbox> can be repeated multiple times with different mailbox data. Any fields that
are not required can be omitted.
The minimum file for creating a single minimal mailbox would be:
<?xml version="1.0" encoding="ISO-8859-1" ?>
<mailboxes>
<mailbox>
<name>mailbox_name</name>
<type>7</type>
<password>password</password>
</mailbox>
</mailboxes>
If in doubt about the format it is possible to export the existing mailboxes and examine the file created.
List All Mailboxes
Type topic text here.
Mailbox Export
Type topic text here.
Mailbox Import1
Type topic text here.
125
Groupware
Shared Folders
FTGate now offers groupware as standard. An important aspect of groupware is the ability to share
folders. Shared folders allow users collective access to mail and an effective way to keep informed
and share information. FTGate uses Access Control Lists to restrict access to shared folders, for
example you can just allow one or two users to be able to put messages into a folder, but allow a
broader range of people the ability to read the what is there.
Why Use Shared Folders?
Put simply, collaboration makes things simpler and more effective. They allow information to be
shared in a controlled way. For example, they allow a group of users access to a common mailbox
folder so that they can all read and respond to messages within the folder and be able to see what
other people have done with messages in that folder, so everyone sees when a message is read,
responded to, flagged, etc. Shared folders just make life easier, and the more you use them the more
potential you will see.
Shared Folder Access
The mechanism for sharing folders is IMAP (Internet Messaging Access Protocol). To use it you
configure mail client accounts to collect mail via IMAP, rather than POP. Alternatively, you can simply
use FTGate's Web Mail. In fact, due to the nature of folder sharing, you can use a mail client and Web
Mail and see the same message and folder structure. So if you send a message using Web Mail and
have it configured to save sent messages into a sent items folder, you will see the sent message in
the appropriate folder in the mail client, i.e. the folders are synchronised.
Uses for Shared Folders
Shared folders have many uses beyond simply letting others see what's in your inbox:
•
•
•
•
•
•
•
Collaboration
File Distribution
Announcements
Knowledgebase
Address Books
Spam Training
Quarantine Management
Collaboration
Groups of people, e.g. sales or support staff, can share a mailbox to keep all relevant material in one
place, rather than each individual having their own sent items folder, for example.
File Distribution
Network Administrators can use them to distribute files to users on the LAN. The administrator posts a
message with the relevant files attached, or link to the files, and all of those with access to the folder
can make sure that they have the latest drivers, updates, etc. on their machines.
127
FTGateUsersGuide
Announcements
Administrators, managers, etc. can use them to post announcements to one location, rather than
sending messages to every relevant individual.
Knowledgebase
A folder can accumulate a wealth of information available to all those with access. Here at FTGate
Technology we maintain a copy of every support email that we send in a folder that is available for all
of the support team to refer to.
Address Books
FTGate address books can be made available to a mail client so that you can get at contact
information easily.
Spam Training
You can use shared folders to effectively train FTGate to identify Unsolicited Bulk Email (UBE) by the
message's content.
Quarantine Management
The quarantine folder can be accessed as a shared folder so that those who have access to it can
look at and recover messages that have been quarantined.
Address Books
Address books can be shared and accessed either through Web Mail, LDAP and SolSight.
You can also send an email to an address book to have it distributed to each of the members of the
address book.
Each group mailbox also maintains a shared address book that contains and can be accessed by all
members of that group. The primary example of this is the everyone group mailbox, that contains all
the mailboxes in a domain and has a shared address book called members.
Mailing an address book:
To send an email for distribution through an address book list you will need to configure your mail
client to authenticate against the SMTP server. IP based authentication is not sufficient.
Send the message to ABName/mailbox@domain.name If you have access rights for this address
book the message will be distributed.
LDAP address book searches:
You can search all or some of your address books including those shared by other users. You will be
required to use LDAP logon in order to use LDAP.
In order to search all your address books you should ensure that the search BASE string is blank.
In order to search a specific address book you should specify the address book email address as the
BASE.
128
Groupware
Calendar Overview
A calendar event can be for a certain time, between specific times, all day events, or span multiple
days. You can designate the type of event, and its priority. You can specify whether the event
repeats, and how they repeat. And you can configure FTGate to send a custom notification about the
event at a certain time, e.g. as a reminder.
Users can have more than one calendar to help organise their events.
Shared Folder Overview
Shared folders allows users collective access to messages, e.g. when a folder is shared by three
users then all three users can see, and respond to, the messages in that folder.
To utilize shared folders the users must have their mail clients configured to collect mail via IMAP, or
use Web Mail.
129
White Papers
White Papers
The following white papers are available:
•
•
•
•
•
•
•
•
Configuring SSL
Disaster Planning
FTGate as a DMZ relay
FTGate as an MX relay
Minimising Junk/UBE mail
Forwarding to remote users in the same domain
Customising Web Mail
Shared Folders
SPAM: Change is coming
Why is change needed?
When FTGate Technology started supplying mail servers, over ten years ago, there was no such
thing as spam. When you received a message you knew that it was most likely to be a genuine
message that you should take time to read. The world was a nice place where everyone was trusted
to only send you messages if they thought you wanted to get them. eMail was cheap, quick and
efficient. The Internet was designed with this in mind, protocols were open, easy to implement and
had no security at all.
Then things began to change. The low cost of sending an email, essentially nil, made it very cost
effective to send millions of emails with a marketing message. At first no one really took any notice,
one odd email of spam was not a problem. But it didn't stop there, it grew.
Now the problem has escalated to the point where there is more spam on the Internet than real mail,
and the open protocols, that assumed trust, offer no means to protect ourselves from the deluge.
The problem is exacerbated by viruses. Many of these viruses are sent from machines whose owners
do not know they are infected. They use random from addresses and often random to addresses and
can come from anywhere on the Internet. They don't require a mail client or mail server to run.
Organised crime has also joined the game. They use virus infected machines called zombies to
source spam to millions of addresses from machines whose users are unaware that this is happening.
They use the machines to probe for addresses, phish for bank account details and launch denial of
service attacks on companies.
As the problem has grown FTGate Technology have successfully introduced more and more features
with which to fight spam; word filters, phrase filters, UbeBlock, blacklists, RBL lists and so on. These
are all very effective methods of blocking spam which work on trying to identify which messages
contain material that we would rather not receive or identifying sources of messages which are known
to be bad.
However, the spammers are an ingenious bunch and at every stage they have found a means to
obscure their message (html, word soup,etc), hide their IP addresses (zombies, open relays, etc), and
this has produced an arms race in trying to identify the messages as being spam. We improve
detection, they hide the message more skillfully, and it goes on, and on.
A shift in approach
131
FTGateUsersGuide
There is a complete shift in approach going on, and FTGate Technology are part of this being the first
Mail server company to officially sign the SPF Community Position pledge.
The shift is from a world where we try to identify spam to one where we identify legitimate messages,
and assume everything else is junk.
There are several approaches to this, some of which are already used:
•
White lists (current)
Used to identify addresses that we know are good and always want to receive.
•
Safe words (current)
Words that have special meaning, such as product names, that are unlikely to be part of a
junk email
•
SPF (new in FTGate4 and being deployed throughout the Internet in 2004/2005) SPF
This seeks to verify that a machine sending a message is authorised to send mail for that
domain.
•
Encryption/Signing (being deployed throughout the Internet 2005/2006)
This seeks to verify that the sender is who they say they are.
•
Inverse Spam detection.
Determine that a message is good rather than it is bad.
A combination of these features can result in a world where spam, viruses and other junk are
eliminated completely.
Cleaning up the junk
Once we decide to reverse the problem, assume that most of the mail is junk, and try to find the good
stuff we can make some big improvements in the way the mail is handled.
SPF
At the top level we can have our mail servers check that there are valid SPF records for the senders
of email, this allows us to reject mail which the sending domain owner says should not be sent, and
prevent your domain being used to send mail which is not from you. It works like this:
1. A spammer connects to your server from address a.b.c.d and sends a junk email to you
pretending to be from richard@ftgate.com
2. The server calls the ftgate.com DNS server and asks "Is a.b.c.d a valid sender for domain
ftgate.com"
3. The ftgate.com DNS says no
4. The spam message is rejected
or
1. FTGate Technology send a message from 195.224.16.245 to your server and says it is from
richard@ftgate.com
2. The server calls the ftgate.com DNS server and asks "Is 195.224.16.245 a valid sender for
ftgate.com"
3. The FTGate server says yes
4. The message is accepted
5. The message bypasses filtering as it is known to be from a good address
or
1. A customer sends a message to your server from address a.b.c.d saying its from bob@a.com
2. The server calls the a.com DSN server and says "Is a.b.c.d a valid sender for a.com"
132
White Papers
3. The server says "I dont know" (either they do not support SPF or they do not know if the
address is good for them)
4. The message is accepted
5. The message is passed to the remaining filters for analysis
This shows that as SPF is rolled out through the Internet community the level of trust for incoming
messages will rise. Zombie machines, and open relays will be blocked immediately, while spammers
will be forced to use traceable domains and addresses which can then be blocked using the RBL
systems or blacklists currently in place.
White lists
After the message arrives we can decide if we will filter it or not. A white list tells the server that we
trust this address. The server can then deliver the message directly to the users.
The problem for an administrator is that they must maintain a white list which for large numbers of
users can be very time consuming. FTGate4 has addressed this by allowing the administrator to
include the entire server contact address book in the white list, thus allowing users to add their own
white list entries through either WebMail or via SolSight.
UbeBlock spam analysis
The latest version of UbeBlock adds the ability to add a weight to unknown words. This makes
training of the system very simple. Rather than trying to find every possible example of spam and train
the system to identify it, we simply train it with a good sample of valid messages, which we all have in
abundance. From that point on a message that contains words that are not in our normal emails will
have a higher rating applied to it. Couple this with rating for HTML content and its overall rating and
you can practically eliminate junk mail from your system.
Moving Forward
These features are effective, however, there is a down-side. If you will only accept messages from
addresses that are SPF validated or white listed users, you can expect other administrators to do the
same. This means that you will be expected to authenticate your mail clients and vouch that their IP
addresses are valid. This is not hard to do.
1. If you have your own domain name, you should publish an SPF record, or have your hosting
company do it for you.
If you send directly to the Internet you should list your server addresses
If you use an ISP or hosting company you should send through their servers and list their
server addresses
2. Have all your mail clients authenticate with SMTP and force them to send using the
authenticated address.
Do not let them authenticate as bob@a.com and send as fred@b.com unless you are sure
that they have the right to do this, in which case, they should really authenticate as
fred@b.com anyway.
(In the security policy set the SA and AR flag, clear the AA flag)
3. Have all your mail clients send ONLY through your server. This will prevent anyone spoofing
your domain as SPF will then block all spoofed mail.
4. If you forward mail, you must change the envelope sender address to a local address,
otherwise you will fail the SPF checking because your server will not be valid for the original
133
FTGateUsersGuide
domain. FTGate has done this for some time .
5. If you implement MX forwarding (FTGate remote domains) you should ensure that the
receiving server WILL NOT perform SPF checking on the MX relay machines, as this would
definitely fail SPF checking. (In the appropriate security policy, add the MX machines IP range
and clear the SPF flag).
SmartPop
SmartPop is the poor relation when it comes to anti-spam handling. Because all the mail has already
been accepted by your ISP and the IP address information is most likely lost or obscured it becomes
much harder to validate that the message is good. For this reason SmartPop does not have any SPF
facilities. However, if your ISP implements SPF filtering and adds the required SPF header to the
message, the main filters can be bypassed as if the message had been received and validated
directly by FTGate.
The future
Over the course of the next few years a variety of techniques designed to limit junk and authenticate
users will be tested by the Internet community. They vary from Yahoo's DomainKeys, Microsoft's
PRA, IIM and others.
As the technology stabilises we will continue to integrate their requirements into our systems. You can
be sure that, as usual, FTGate mail servers will deliver your mail reliably and limit the junk you see.
134
Error Messages
Service Error Messages
FTGate categorises all its service error messages by using a reference code at the end of the error
line. This code can be used to determine the exact cause of the error message. This section
describes those error messages.
Code
Message
Notes
ID
#1.00
Mailbox Disabled (#1.00)
ERR_MAILBOX_DISABLED
#1.01
#1.02
#2.01
Mailbox Disabled (#1.01)
Allocated mailbox storage
exceeded (#1.02)
Out of disk space (#1.03)
Too many connections from your
address (#1.04)
451 4.5.1 [%s] Max concurrent
sessions (#1.04)
-ERR Too many connections from
your address (#1.04)
(#2.01)
mailbox is disabled in
mailbox or privileges
mailbox is a spamtrap
quota error
#2.02
(#2.02)
#2.03
#3.01
#3.02
(#2.03)
220 %s (#3.01)
250 2.5.0 Sender <%s> Accepted
(#3.02)
235 2.3.5 Auth OK (#3.03)
250 2.5.0 Recipient OK (#3.04)
250 2.5.0 Ok Message queued
(#3.05)
220 2.2.0 ready for TLS (#3.06)
250 2.5.0 Ok (#3.07)
221 2.2.1 Service closing
transmission channel (#3.08)
250 2.5.0 Mail queue started
(#3.09)
354 3.5.4 Start mail input; end with
<CRLF>.<CRLF> (#3.10)
334
451 4.9.9 %s Invalid EHLO (#3.12)
451 4.2.1 %s mailbox disabled
(#3.13)
451 4.2.2 %s mailbox full (#3.14)
451 4.2.2 %s mailbox access error
(#3.15)
451 4.3.1 mail system is full (#3.16)
451 4.3.5 system configuration
error (#3.17)
450 4.7.1 Server busy please try
again later. See
http://tinyurl.com/39pwkl (#3.19)
450 4.7.1 Server busy please try
again later. See
http://tinyurl.com/39pwkl (#3.20)
450 4.7.1 Please authenticate and
try again (#3.21)
#1.03
#1.04
#3.03
#3.04
#3.05
#3.06
#3.07
#3.08
#3.09
#3.10
#3.11
#3.12
#3.13
#3.14
#3.15
#3.16
#3.17
#3.19
#3.20
#3.21
#3.22
450 4.3.5 System error, please try
again (#3.22)
ERR_MAILBOX_SPAMTRAP
ERR_MAILBOX_QUOTA
ERR_MAILBOX_FREESPACE
ERR_MAX_CONCURRENT
ERR_SMTP_REJECT_CONCURRENT
ERR_POP_CONCURRENT
address has been
temp blacklisted
address has either BL
or no PA
RBL hit
ERR_SECPOL_NO_ACCESS
ERR_SECPOL_BLACK
ERR_SECPOL_RBL
ERR_SMTP_SYSTEM_HELLO
ERR_SMTP_SENDEROK
ERR_SMTP_AUTHOK
ERR_SMTP_RCPTOK
ERR_SMTP_MESSAGEOK
ERR_SMTP_TLSOK
ERR_SMTP_OK
ERR_SMTP_CLOSING
ERR_SMTP_QUEUESTARTED
Authentication continue
response
ERR_SMTP_DATASTART
ERR_SMTP_334
ERR_SMTP_TARPIT
ERR_SMTP_MAILBOX_DISABLED
ERR_SMTP_MAILBOX_FULL
ERR_SMTP_MAILBOX_TOAST
ERR_SMTP_SYSTEM_LENGTH
ERR_SMTP_SYSTEM_CONFIGERR
ERR_SMTP_GLFAILDATA
ERR_SMTP_GLFAILRCP
See:Managing
Services and Security
Policies/Options;AntiSpoofing
ERR_SMTP_SPOOF
ERR_SMTP_HARDERROR
135
FTGateUsersGuide
#4.21
#4.22
#4.23
#4.24
#4.25
#4.26
#4.27
#4.28
#4.29
#4.30
#4.31
#4.32
#4.33
#4.34
#4.35
#4.36
#4.37
#4.38
#4.39
#4.40
#4.41
#4.42
#4.43
#4.44
#4.45
#4.46
#4.47
#4.48
#4.49
#4.50
#4.51
#4.52
#4.53
#4.54
#4.55
#4.56
#4.57
#4.58
#4.59
#4.60
136
500 5.5.1 Syntax Error (#4.21)
500 5.5.1 Syntax Error (%s) (#4.22)
500 5.5.1 Bad command (#4.23)
500 5.0.0 Domain Not Found
(#4.24)
550 5.1.1 %s bad destination
mailbox address (#4.25)
550 5.1.1 %s invalid mailbox
address (#4.26)
550 5.1.2 %s invalid domain
(#4.27)
550 5.1.1 %s unknown mailbox
(#4.28)
550 5.1.1 %s unknown mailbox.
You are so booted (#4.29)
550 5.1.3 %s bad address syntax
(#4.30)
550 5.1.4 ambiguous address
(#4.31)
500 5.0.0 sequence error (#4.32)
516 2.1.6 %s moved (#4.33)
550 5.1.7 %s bad sender's address
(#4.34)
550 5.0.0 Sorry too many recipients
(#4.35)
550 5.1.8 %s sender's domain
does not exist (#4.36)
502 5.5.2 Syntax Error (#4.37)
553 5.5.3 too many recipients
(#4.38)
550 5.2.3 message size exceeds
administrative limit (#4.39)
554 5.6.0 Malformed message
header, require FROM:, TO:,
DATE:, SUBJECT: (#4.40)
560 5.6.0 Prohibited Message
Content (#4.41)
560 5.6.0 %s (#4.42)
560 5.6.0 Message body not found
(#4.43)
500 5.0.0 [%s] DNS Blackhole
Rejection (#4.44)
500 5.0.0 [%s] IP rejected (#4.45)
500 5.0.0 [%s] PTR record is blank
- reverse DNS lookup failed (#4.46)
500 5.0.0 Sequence Error - zombie
terminated (#4.47)
530 5.3.0 Must issue STARTTLS
first (#4.48)
550 5.1.8 Sender must be hosted
on this server (#4.49):
535 5.3.5 Auth Failed (#4.50)
503 5.0.3 Already Authorised
(#4.51)
535 5.3.5 Unrecognised response
(#4.52)
504 5.0.4 Unrecognised
Authentication type (#4.53)"
530 5.3.0 Authentication required
(#4.54)
560 5.6.0 Too many addresses in
header (#4.55)
560 5.6.0 Too many hops (#4.56)
500 5.0.0 Channel already secure
(#4.57)
500 5.0.0 Cannot switch to secure
channel (#4.58)
560 5.6.0 %s (#4.59)
550 5.5.0 Sender rejected (#4.60)
ERR_SMTP_SYNTAX
ERR_SMTP_SYNTAX2
ERR_SMTP_SYNTAX3
ERR_SMTP_DOMAINNOTFOUND
ERR_SMTP_ADDRESS_BAD
ERR_SMTP_ADDRESS_INVALID
ERR_SMTP_ADDRESS_DOAMIN
ERR_SMTP_ADDRESS_UNKNOWN
ERR_SMTP_ADDRESS_UNKNOWN2
ERR_SMTP_ADDRESS_SYNTAX
ERR_SMTP_ADDRESS_AMBIGUOUS
ERR_SMTP_ADDRESS_SEQUENCE
ERR_SMTP_ADDRESS_MOVED
ERR_SMTP_ADDRESS_SENDER
ERR_SMTP_ADDRESS_RCPTCOUNT
ERR_SMTP_ADDRESS_SENDERSPOOF
ERR_SMTP_ARGUMANT
ERR_SMTP_RCPTCOUNT
ERR_SMTP_MESSAGE_LENGTH
ERR_SMTP_MESSAGE_HEADER
ERR_SMTP_MESSAGE_CONTENT
ERR_SMTP_MESSAGE_OTHER
ERR_SMTP_MESSAGE_BODY
ERR_SMTP_REJECT_RBL
ERR_SMTP_REJECT_IP
ERR_SMTP_REJECT_PTR
ERR_SMTP_SYSTEM_ZOMBIE
ERR_SMTP_TLSREQUIRED
ERR_SMTP_ONLYHOSTED
ERR_SMTP_AUTHFAILED
ERR_SMTP_AUTHFAILED2
ERR_SMTP_AUTHWTF
ERR_SMTP_BADAUTH
ERR_SMTP_AUTHREQUIRED
ERR_SMTP_BULKFAILED
ERR_SMTP_HOPSFAILED
ERR_SMTP_SECUREFAILED
ERR_SMTP_SECUREFAILED2
ERR_SMTP_SPFFAIL
ERR_SMTP_SENDERBLACKLISTED
Error Messages
#4.61
#4.62
#4.63
#4.64
#4.65
#4.66
#4.67
#4.68
#4.69
#5.00
#5.01
#5.02
#5.03
#5.04
#5.05
#5.06
#5.07
#5.08
#5.09
#5.10
#5.11
#5.12
#5.13
550 5.5.0 The address %s does not
match your authenticated address
(#4.61)
550 5.5.0 Sender domain could not
be confirmed (#4.62)
550 5.5.0 Relaying Denied <%s>
(#4.63)
550 5.5.0 Relaying Denied <%s>
Again - go away (#4.64)
550 5.5.0 Access Denied <%s>
(%s) (#4.65)
550 5.5.0 Access Denied (#4.66)
550 5.5.0 No Route Found (#4.67)
550 5.5.0 String does not match
anything (#4.68)
550 5.5.0 No Members (#4.69)
-ERR Mailbox Access Error (#5.00)
-ERR Access Denied (#5.01)
-ERR Syntax Error (#5.02)
-ERR TLS Required (#5.03)
-ERR Plain text login disabled, use
APOP or TLS (#5.04)
-ERR <%s> Mailbox Disabled
(#5.05)
-ERR Login Error (#5.06)
-ERR <%s> Mailbox Locked
(#5.07)
-ERR Login Error (#5.08)
-ERR Login Error (#5.09)
-ERR invalid message number
(#5.10)
-ERR message deleted (#5.11)
-ERR message unavailable (#5.12)
-ERR no such message , only n
message in mailbox (#5.13)
ERR_SMTP_AUTHMISMATCH
ERR_SMTP_SENDERDOMAIN
ERR_SMTP_RELAYFAIL
ERR_SMTP_RELAYFAIL2
ERR_SMTP_ACCESSDENIED
ERR_SMTP_ACCESSDENIED2
ERR_SMTP_GLACCESSDENIED
ERR_SMTP_NOMATCH
mailbox is broken
mailbox has no pop3
privileges
ERR_SMTP_NOMEMBERS
ERR_POP_ACCESS
ERR_POP_ACCESSDENIED
ERR_POP_SYNTAX
ERR_POP_TLS
ERR_POP_SECUREAUTH
ERR_POP_DISABLED
ERR_POP_LOGIN
ERR_POP_LOCKED
bad password
ERR_POP_LOGIN2
ERR_POP_LOGIN3
ERR_POP_MESSAGENUM
ERR_POP_DELETED
ERR_POP_MESSAGEFAILURE
ERR_POP_MESSAGECOUNT
WebAdmin Login Messages
After logging onto WebAdmin the following error messages may be displayed
Error Code
#6.01
#6.02
#6.03
#6.04
#6.05
#6.06
#6.07
#6.08
#6.09
#6.10
#6.11
Meaning
The FTGate server is currently running in its 30day trial mode. The number of days
of trail remaining are indicated. To remove this licence you should install an
existing licence key or purchase a licence key.
The FTGate server 30day trial has finished and the server requires that a
registration key be installed and activated in order to continue use of the server.
The server has been suspended for the indicated reason
The FTGate server is licensed but not activated. In order to continue using FTGate
it should be restarted and the server activated.
The server has one or more un-activated licence keys and will stop working one
hour after it was last restarted.
The servers UPSP is expiring or has expired. You should renew the UPSP as you
no longer have support and upgrade protection.
UBEBlock+ is disabled due to UPSP expiry.
There is an update available for installation
An error occurred while checking for updates
The FTGate anti-virus start up test failed. Your anti-virus product is either
configured incorrectly or not installed.
Your anti-virus product is scanning the spool/inbox. This can cause problems if the
137
FTGateUsersGuide
#6.12
138
anti-virus product blocks access to the file that FTGate is using. It is recommended
that this folder be excluded from the on demand/access scanning in your anti-virus
product.
The version you have is a beta test version that will cease to operate on the
specified day. Beta version are regularly updated so you should either perform an
auto-update or check regularly for manual updates in the support forums.
Update History
FTGate History
FTGate Technology was established in 1994, you can be confident when purchasing FTGate that the
product is built on the extensive experience of one of the longest and most respected suppliers in the
industry.
Historical time line for FTGate:
•
Jan 2009
FTGate6 released
•
July 2007
FTGate5 released
•
June 2005
Company renamed to FTGate Technology Ltd
•
November 2004
FTGate4 and SolSight released
•
March 2003
FTGateRelay V1.0 Released (FTGate3.22 engine)
•
Feb 2003
FTGateUbeBlock V1.0 released
•
Jan 2003
FTGateOffice/FTGatePro V1.2 Released (FTGate3.2 engine)
•
Sept 2002
FTGateOffice/FTGatePro V1.1 Released (FTGate3.1 engine)
•
Dec 2000
FTGate3 released as FTGateOffice and FTGatePro V1.0
•
Sept 1998
FTGate V2.0 released
•
April 1997
First Internet sales of FTGate V1.0
•
Jan 1997
RBGate renamed FTGate
•
June 1995
First sales of RBGate begin
•
Nov 1994
Work started on First Mail server (RBGate)
139
FTGateUsersGuide
FTGate2009 SR1
Updates in this release
•
•
Archive viewing and handling improved
Archive
SmartPop layout improved
•
Added support for '&' character in the phrase lists
•
Modified SMTP so that SMTP AUTH overrides PTR, RBL, HELO and SPF failures.
•
Customising the sign in has been simplified
Customising SolSight Web
•
New sign in box created
•
Made Anti-Virus self test at startup an optional action
•
Added fast expire option to the Outbox and Remote domains
General
•
Added DNS timeout control so users can now set the DNS timeout
DNS Servers
•
Added a 4XX promotion option
General
•
Bug fixes
Update 6.0.002
•
•
•
140
Improved spam detection
Added spam fingerprinting and auto-update of fingerprint files
Fixed auto-update notification formatting.
Credits
FTGate is the vision and work on one man, practically everything you see was written by Richard
Bang.
The following tools an components were used in some parts of the program.
DHTMLGoodies - A library of DHTML and AJAX scripts
WYZZ - WYSIWYG editor
141
Glossary
P
Pattern matching characters: The characters * and ? when used in an address or string. e.g.
*@domain.com, bob@domian.*, etc
U
UPSP: Upgrade Protection and Support Plan
143
Index
A
Access .... 11, 15, 22, 44, 47, 50, 71, 77, 80, 83
Archive .......................................................71
Calendaring ...............................................83
Interface .....................................................44
Local Admin ...............................................83
POP3 .........................................................83
SMTP .........................................................50
UBEBlock...................................................11
Web Admin ................................................47
Web Mail ....................................................83
Web Services ............................................22
WebMail .....................................................22
Access button ..............................................127
Access Control ..............................................77
Access Control Lists ..............................52, 127
Access Level .................................................47
Access mail ..................................................... 8
browser based interface with which ............ 8
Access Tab.. 83, 100, 101, 102, 103, 104, 105,
106, 107, 116
Account .........................................................34
user against ...............................................34
Account/email ................................................45
ACKNOWLEDGMENT .................................... 1
ACL ............................................................... 52
Action Tab ...........................................114, 123
Activating .........................................17, 45, 124
Licence Key ...............................................45
Licences.....................................................17
Activation FAQ ..............................................45
Active Directory .......................... 25, 31, 82, 85
Active Directory Migration .............................25
Active Directory Support ................................. 5
Activity ...........................................................77
Additional Clients ..........................................74
Additional Mailbox .........................................17
Address Books ................... 8, 47, 88, 127, 128
Address/port ................................................104
Administrators .....................................120, 124
informing ..................................................124
Agreement ....................................................... 1
Alias Domains ...............................................79
Alias Mailbox .................................................80
All Hosted Domains .....................................112
Allocated........................................................17
Allow Addresses ............................................48
Allow EXPN ...................................................97
Allow Relaying ...............................................48
Allow SMTP ...................................................91
Allow SUBSCRIBE ........................................89
Alternative Scanner Support .........................65
Anti-spam Enhancements .............................11
Anti-Virus .............................. 5, 27, 65, 76, 116
Anti-Virus Overview.......................................65
AnyLogin .......................................................45
APOP .............................................................. 5
Appointments .................................................. 8
Archive .................................................... 71, 78
Accessing .................................................. 71
Archive Actions ............................................. 71
Archive Duration ......................................... 122
Archive Enable ............................................ 122
Archive Files ................................................. 71
Attachments .................................................. 88
AUTH ...................................................... 48, 67
Authenticate .................................... 27, 31, 117
LAN............................................................ 27
Authenticated Relaying ................................. 50
Authentication ......................................... 50, 65
Authorised .......27, 48, 50, 60, 64, 65, 122, 131
Auto Authenticate.......................................... 50
Auto Update ............................................ 5, 124
Autoban ......................................................... 48
AutoCluster ................................. 5, 20, 74, 113
AutoCluster Overview................................ 20
AutoCluster POP3 Proxy ........................... 74
AutoCluster POP3 Proxy Service .............. 74
AutoCluster Settings................................ 113
AutoClusterMode..................................... 113
Configuring ................................................ 74
Create ...................................................... 113
Automated Self Training ............................... 68
Automatic Authentication ........................ 14, 48
Automatic Update ....................................... 124
Auto-reply ...................................................... 86
Send .......................................................... 86
Autoresponder .............................................. 86
Creating ..................................................... 86
AutoUpdate ................................................. 124
running .................................................... 124
B
Backup .......................................................... 70
Banning ......................................................... 31
words/Phrases ........................................... 31
Basic Protection ............................................ 68
Billing........................................................... 121
Log Contents ........................................... 121
Blackhole Lists .................... 27, 48, 60, 64, 122
Blacklisted Address....................................... 48
Block ............................................. 31, 115, 131
IP/Sender/Recipient ................................ 115
spam ........................................................ 131
Viruses ...................................................... 31
Browser Compatibility ................................... 14
Bypassing ............................................... 61, 97
greylist ................................................. 61, 97
C
Calendar Overview ..................................... 129
Check Mailboxes ........................................... 25
Cisco PIX firewalls ........................................ 31
Clear Enable CAPA .................................... 112
145
FTGateUsersGuide
Clear Enable SDPS .....................................112
Clear Filter ID's ............................................112
Clear Scan Message Header ......................112
Client Configuration .......................................25
Client Services ................................................ 5
Clients ...................................................74, 108
Managing .................................................108
Closed list ......................................................91
Common Tasks .............................................31
Compressed Archive ....................................... 5
ConfigBackup ................................................70
Configuration .............................. 10, 17, 23, 68
Configuring .. 15, 27, 31, 41, 44, 48, 52, 71, 74,
108
AutoCluster ................................................74
FTGate.................................... 31, 44, 48, 52
FTGate spam .............................................31
FTGateArchive ..........................................71
LAN ............................................................ 52
Replication .................................................27
Replicator...................................................27
ServerA ......................................................15
SmartPop ...........................................41, 108
SSL ............................................................ 52
Confirm SUBSCRIBE ..............................89, 91
Connecting ..... 15, 22, 31, 74, 94, 98, 123, 124
FTGate.................................................22, 31
Groupware .................................................74
internet ................................ 15, 94, 123, 124
LDAP .........................................................98
multiple offices ...........................................15
Connection ..............................................92, 94
Connection Options .................................41, 94
Connection Tab ...........................................123
Connection Types .........................................37
Connection/Host Name .................................15
Connection/Login ..........................................15
Connection/Network Profile...........................15
Connection/Password ...................................15
Connection/Port ............................................15
Contact Database ........................................... 5
Contact Notes ................................................. 8
Contacts/events/tasks ...................................47
Contents ..................................................88, 93
Contents Tab ...............................................116
Copyright ......................................................... 4
Creating Domains .........................................41
Customer Tracking Options ............................ 8
Customising Web Mail ................................131
D
Database support ..........................................47
Debug Logging ........................................10, 91
Default Global Security Policy .......................15
altered ........................................................15
Default LAN Security Policy ..........................22
form............................................................ 22
Default Language ........................................102
Default Mailboxes ..........................................80
Delivery Control ...........................................112
Delivery Failure ...................................111, 112
146
Delivery Mode ......................................... 41, 94
Delivery Optimisation .................................... 93
Delivery Route ........................................ 41, 94
Delivery/Delivery Control .............................. 15
De-Militarised-Zone....................................... 27
Details ........................................................... 10
Dialup Support ................................................ 5
Disaster Planning .......................................... 68
Disclaimer ....................................................... 5
Distributed Clustering.................................... 20
DMZ ........................................................ 27, 79
DNS.............20, 23, 31, 41, 48, 60, 65, 94, 122
Domain Aliases ............................................... 5
Domain List ................................................... 41
Domain Name Server ......... 27, 41, 48, 94, 122
Domain type ............................................ 27, 41
Domains ....................19, 25, 27, 31, 41, 67, 79
Creating ............................................... 25, 27
Managing ................................................... 79
name.......................................................... 27
Domains, Mailboxes...................................... 19
DSN Mailbox ................................................. 80
E
Edit Service Policy Settings .......................... 31
Eicar.com ...................................................... 65
Emergency Recovery.................................... 46
Eml file .......................................................... 71
Enable SDPS .............................................. 111
Encryption Tab ...100, 101, 102, 103, 104, 105,
106, 107
Envelope ..................................................... 109
Error Dialog ................................................... 37
ESMTP ...................................................... 5, 41
ETRN .................................................... 92, 123
Eudora .......................................................... 37
Example Headers ....................................... 109
Expunge ........................................................ 37
F
FAQ ................................................................. 9
FAX ............................................................... 12
Fdb file .......................................................... 26
Filter Attachments ....................................... 117
Filter Blacklist .............................................. 117
Filter Control ............................................... 117
Filter Ids ...................................................... 111
Filter options ............................................... 117
Filter Phrases .............................................. 118
Filter Policy ..................................... 82, 91, 101
Filter Policy Rules ......................................... 65
Filter Policy/UbeBlock ................................... 60
Filter Rule Management.............................. 119
Filter Rules .............................. 63, 64, 117, 119
Filter Safe Words ........................................ 118
Filter Whitelist ............................................. 118
Filter Words ................................................. 118
Filter/Routes .......................................... 14, 111
Filtering ...................5, 31, 54, 60, 82, 122, 123
Firewall ports ................................................. 22
Folders .................................................. 86, 127
Forward ..................................... 14, 15, 81, 131
Index
Frequently Asked Questions ........................... 9
FTGate Technology Limited ..........................12
FTGate UPSP ...............................................11
FTGateArchive ..............................................71
FTGateIcon .......................................70, 72, 73
FTGateLog ....................................................73
FTGateMonitor ..................................72, 73, 98
Full Backup.................................................... 70
Full Restore ...................................................70
Fully Qualfied Mailbox Name ........................44
G
Global Security Policy .......................14, 22, 48
Grey Listing ..................................................... 5
Greylist ............................................61, 97, 115
Greylist Entries Tab .....................................115
Greylist SPF ..................................................97
Greylist Zombie ...........................................115
Greylisting whitepaper ...................................61
Group ......... 8, 19, 25, 41, 47, 67, 86, 108, 127
Group Mailboxes .......................................5, 80
Group Members ............................................89
Groupware.....................................................74
connecting .................................................74
Groupware Connector .......................5, 98, 107
Groupware Features ....................................... 8
H
Hosted Domains ............................................41
I
IMAP.. 8, 13, 19, 22, 25, 31, 37, 67, 68, 80, 82,
84, 86, 98, 105, 120, 127, 129
Install FTGate ............................. 25, 26, 27, 70
Instant Notifications ......................................... 8
Internal Backup .............................................70
Internal Restore .............................................70
ISP's pop3 .....................................................19
L
LDAP ............................ 5, 22, 31, 98, 103, 128
Licence Agreement ......................................... 1
Licence Key .............................................17, 45
Activating ...................................................45
Installing.....................................................17
List Mailboxes ...............................................80
Local Domains ........................................36, 79
Local mailboxes ............. 19, 41, 108, 109, 112
Log Contents ...............................................121
Billing .......................................................121
Login Security Override.................................45
Low Security ..................................................34
M
Macro Expansion ..................................39, 120
Mail . 15, 19, 25, 40, 41, 68, 108, 109, 112, 131
downloads......................... 41, 108, 109, 112
Migrating ....................................................25
Receiving .............................................19, 40
Sending..........................................15, 19, 41
Mail Delivery Failure ....................................109
Mail Flow .......................................................35
Mailbox . 5, 25, 31, 39, 41, 47, 50, 80, 108, 120
Mailbox Alias .............................................5, 31
Mailbox Count ...............................................17
Mailbox Limit ............................................... 119
Mailbox Rules ................................................. 5
Mailbox Types ............................................... 80
Mailboxes Remaining.................................. 119
Mailboxes Used .......................................... 119
Mailed Reminders ........................................... 8
Main Feature List ............................................ 5
Manual Delivery Settings ............................ 111
Max Recipients ............................................. 97
Members ....................................................... 90
Message Limits ............................................. 97
Migration ................................................. 25, 82
Minimising Junk/UBE .................................... 60
Minimum Requirements ................................ 13
Monitor Port .................................................... 5
Move Domains ............................................ 121
Multiple Address Books .................................. 8
Multiple Calendars .......................................... 8
Multiple DNS ................................................... 5
Multiple Folders ............................................... 5
Multiple IP ....................................................... 5
Multiple ISP ................................................. 111
Multiple offices .............................................. 15
Multiple Task Lists .......................................... 8
MX ... 5, 20, 23, 27, 31, 40, 41, 61, 68, 94, 113,
122, 131
MX DNS ........................................................ 27
MX Hosts .......................................... 41, 93, 94
MX Mode ....................................................... 27
MX Records ............................................ 41, 94
MX Relay Mode .......................................... 113
MySql ............................................................ 47
N
Navigation Panel ........................................... 76
Network Administrators ............................... 127
Network Profile ................................ 41, 94, 123
Network Storage ........................................... 23
New Machine ................................................ 26
New server .................................................... 26
Notes ............................................................. 88
Notifications .................................................. 91
Notspam ........................................................ 67
Null Mailbox .................................................. 80
O
ODBC ........................................ 47, 85, 90, 118
Options Tab100, 101, 102, 103, 104, 105, 106,
107
Outbound SMTP Auth ................................... 40
Outbox 5, 14, 19, 23, 35, 76, 78, 81, 91, 94, 95
Outlook .................................................... 31, 98
Outlook 2002/XP ........................................... 37
Outlook Connector .......................................... 8
Outlook Express...................................... 37, 71
P
PA ............................................... 14, 22, 48, 50
Password ................................................ 34, 85
Permissions/Access rights ............................ 47
Permit SMTP Autentication ........................... 48
Personal Details ............................................ 85
Phish ........................................................... 131
147
FTGateUsersGuide
Phrase Filter ..................................................31
Policies Tab ...................................................95
Policy ............................................................. 48
Policy Access Rights .........................50, 95, 97
Policy Service Control ...................................96
POP ............................................ 120, 123, 127
POP Proxy.....................................................20
POP3 . 5, 13, 14, 15, 19, 22, 25, 34, 40, 76, 79,
80, 82, 83, 86, 91, 98, 100, 101, 102, 103,
104, 105, 106, 107, 111, 123
POP3 Migration .............................................25
Post Office Protocol V3 ...... 13, 25, 48, 52, 109
Postmaster ....................................................81
Priority Strings .............................................124
Privileges .......................................................83
Product Support ............................................10
Proxy .............................................37, 104, 124
Proxy Type ..................................................104
Proxy/Router ............................ 37, 41, 94, 123
Purge Scripts ................................................... 5
Purge/Quarantine/Delete ................................ 5
Q
Quarantine...............................................5, 116
Quarantine Management ............................127
Queue Options ..............................................93
Queue Status .................................................. 5
Queues ..........................................................78
Quota Notification ..........................................83
R
RBL ............................ 22, 40, 48, 68, 123, 131
Real time Blackhole Lists ............................123
Recurrent Events ............................................ 8
Registration ...........................................17, 119
Registration Keys ........................................119
Registration Overview ...................................17
Relay Control ................................................50
Relay Edition ...................................20, 74, 108
Remote Domain ............................5, 35, 41, 79
Remote Domain/Connection .........................23
Remote Mirror Mode ...................................113
Remote Monitor ............................................... 5
Remote POP3 mailboxes ..... 41, 108, 109, 112
Remote Relay Domains .................................. 5
Remote users ................................................14
Forwarding .................................................14
Restart FTGate .............................................70
Rights ................................................1, 67, 127
Robot Mailboxes ...........................................86
Root.login ................................................34, 80
defining ......................................................80
Router Modem ..............................................37
Routing ..................................................76, 115
Rules ............................................................. 86
S
Safe Mode .......................................23, 46, 120
Safe Word List ................................................. 5
Safe Words....................................................65
Safe-Mode FTGate .......................................46
Scan Message Header ................................111
Scanning .................................................5, 116
148
Script Folders .............................................. 102
Scripts Tab .................................................. 102
Searchable Archive ......................................... 5
Searchable Log ............................................... 5
Security Policies .48, 65, 95, 96, 100, 101, 102,
103, 104, 105, 106, 107
Security Policy IP Options ............................ 50
Security Policy Tab .... 100, 101, 102, 103, 104,
105, 106, 107
Segmented Cluster ....................................... 68
Send 15, 19, 27, 31, 36, 41, 48, 64, 81, 86, 109
Send Copy .................................................... 84
Send SMTP mail ........................................... 41
Sender Policy Framework .... 27, 48, 60, 64, 65,
122
Sending/Receiving ........................................ 31
Server Statistics .............................................. 5
Service Access List .... 100, 101, 102, 103, 104,
105, 106, 107
Service Overview .......................................... 40
Service Types ............................................... 98
Services ............................................ 23, 52, 95
Services Tab ................................................. 95
Share button ........................................... 77, 86
Shared ........................................................ 127
Shared Folder Access................................. 127
Shared Folder Overview ............................. 129
Shared Folders ....................................... 8, 127
Shared Folders dialog ................................. 127
Show Status .................................................. 72
Shutdown FTGate ....................................... 114
Sign In .....................25, 40, 41, 44, 45, 48, 128
Signature ................................................. 86, 91
Signatures/Disclaimers ................................. 41
Simple Mail Transfer Protocol .... 27, 36, 40, 41,
48, 50, 52, 60, 94, 108, 109, 122, 128
SmartPop .......5, 14, 15, 19, 31, 35, 40, 41, 76,
108, 109, 111, 112, 123, 131
SmartPop delivery problems ....................... 111
SmartPop Duplicate Delivery ...................... 111
SmartPop/Delivery ...................................... 111
SMTP .5, 14, 15, 19, 22, 25, 27, 31, 34, 35, 36,
40, 41, 48, 50, 54, 61, 63, 65, 76, 79, 83, 84,
91, 92, 93, 94, 97, 98, 101, 109, 117, 118,
120, 122, 131
SMTP Authentication ................................ 5, 50
SMTP Errors ................................................. 48
SMTP Greylisting .......................................... 61
SMTP Hosts ................................ 15, 41, 93, 94
SMTP Send ................................................... 52
SMTP Welcome Text .................................... 97
SOFTWARE LICENCE AGREEMENT ........... 1
SolSight Chat .................................................. 8
SolSight Web ................ 80, 82, 84, 86, 98, 102
SolSight™ ................................................... 1, 4
SPAM .....20, 27, 31, 35, 41, 48, 54, 60, 61, 64,
66, 67, 68, 76, 84, 94, 117, 118, 122, 123,
131
Spam Training ............................................. 127
Special Recipient .......................................... 64
Index
SPF .................................... 48, 60, 65, 97, 131
Spool Path ...............................................23, 26
SQL .................................. 5, 47, 80, 85, 89, 90
SQL Based Mailing Lists ...............................47
SQL Database ...............................................85
SQL list ....................................................47, 90
SSL....... 5, 52, 53, 92, 100, 101, 102, 105, 107
SSL self signed certificates ...........................53
SSL Support ..................................................52
Starter Packs .................................................17
Startup.fts file ................................................46
Statistics ........................................................78
Status Monitor ................................................. 5
Support FAQ .................................................10
Support Forums ............................................10
Support Plan .........................................11, 119
Supported Systems .......................................13
Supported Versions .......................................10
System Administrators ..................................47
System Folders ...........................................120
System Mailbox .................................19, 67, 80
System Message .........................................120
System Requirements ...................................13
System Restart ............................................120
T
Task Lists ........................................................ 8
Tasks ............................................................. 88
Time Tab .......................................................83
TLS ....... 5, 52, 53, 92, 100, 101, 102, 105, 107
Tools/Options ................................................71
TRACKING ............................................39, 120
Tracking ID .................................................... 89
Training ................................................... 31, 82
Trashcan ............................................. 5, 37, 84
U
UBE ........................................... 40, 60, 64, 127
UbeBlock ..5, 11, 31, 47, 54, 60, 66, 67, 68, 80,
82, 117, 118, 131
Unsolicited Bulk Email ................................ 127
Upgrade Protection Plan ............................... 11
UPSP .......................................... 5, 10, 11, 119
UPSP Status ................................................. 10
User Folders ................................................. 47
User Interface Guide ..................................... 75
User Mailboxes ......................................... 5, 80
V
Virtual Folders ............................................. 102
Virtuals Tab ................................................. 102
Virus .................................... 31, 39, 60, 65, 120
VRFY............................................................. 97
W
WAN .................................................. 22, 48, 52
Web Administration ........................... 14, 44, 74
Web Browsers ............................................... 13
Web Mail ...................14, 83, 86, 127, 128, 129
White Paper .......................................... 68, 131
Whitelisting .............................................. 61, 63
X
X-listserver .................................................. 109
X-Recipient ................................................. 109
XTRASH IMAP .............................................. 37
149