EVRY Security. Administrator's Guide

Similar documents
WeCloud Security. Administrator's Guide

USER GUIDE. Accessing the User Interface. Login Page Resetting your Password. Logging In

Comodo Comodo Dome Antispam MSP Software Version 2.12

Comodo Antispam Gateway Software Version 2.12

Managing Spam. To access the spam settings in admin panel: 1. Login to the admin panel by entering valid login credentials.

Mail Assure Quick Start Guide

Table of Contents Control Panel Access... 1 Incoming... 6 Outgoing Archive Protection Report Whitelist / Blacklist...

Comodo Antispam Gateway Software Version 2.11

Mail Assure. Quick Start Guide

Step 2 - Deploy Advanced Security for Exchange Server

Office 365 Standalone Security

SpamPanel Level Manual 1 Last update: 2015/02/03 SpamPanel

ClientNet Admin Guide. Boundary Defense for

Sophos Central Partner. help

To create a few test accounts during the evaluation period, use the Manually Add Users steps.

Appliance Installation Guide

Getting Started 2 Logging into the system 2 Your Home Page 2. Manage your Account 3 Account Settings 3 Change your password 3

Using Centralized Security Reporting

UP & DOMAIN ADMINISTRATION GUIDE

MX Control Console. Administrative User Manual

Comodo Antispam Gateway Software Version 2.1

MailCleaner Extended FAQ

Important Information

Tracking Messages. Message Tracking Overview. Enabling Message Tracking. This chapter contains the following sections:

On the Surface. Security Datasheet. Security Datasheet

Mail Assure. User Guide - Admin, Domain and Level

AccessEnforcer Version 4.0 Features List

Comodo Dome Antispam Software Version 6.0

Comodo Dome Antispam Software Version 6.0

MailCleaner Extended FAQ

Centralized Policy, Virus, and Outbreak Quarantines

Anti-Spoofing. Inbound SPF Settings

Introduction. Logging in. WebMail User Guide

Tracking Messages

Barracuda Spam Firewall User's Guide 5.x

Synology MailPlus Server Administrator's Guide. Based on MailPlus Server 1.4.0

User Guide Online Backup

Admin Quick Start Guide Protection Service Anti-Virus & Anti-Spam

Mail Services SPAM Filtering

ESET Mobile Security for Windows Mobile. Installation Manual and User Guide - Public Beta

The Multi Domain Administrator account can operate with Domain Administrator privileges on all associated Domain Administrator users.

Version SurfControl RiskFilter - Administrator's Guide

An Overview of Webmail

Symantec Hosted Mail Security Console and Spam Quarantine User s Guide

AccessMail Users Manual for NJMLS members Rev 6

MDaemon Vs. Microsoft Exchange Server 2016 Standard

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Franzes Francisco Manila IBM Domino Server Crash and Messaging

Account Customer Portal Manual

How does the Excalibur Technology SPAM & Virus Protection System work?

MDaemon Vs. Microsoft Exchange Server 2016 Standard

Administering isupport

Administrator Manual. Last Updated: 15 March 2012 Manual Version:

Untitled Page. Help Documentation

Comendo mail- & spamfence

MDaemon Vs. Kerio Connect

MDaemon Vs. Zimbra Network Edition Professional

Installation Manual. and User Guide

MDaemon Vs. SmarterMail Enterprise Edition

MDaemon Vs. Kerio Connect

MDaemon Vs. IceWarp Unified Communications Server

BBVA Compass Spend Net Payables

PineApp Mail Secure SOLUTION OVERVIEW. David Feldman, CEO

SonicWALL Security 6.0 Software

KYOCERA Net Admin User Guide

Administrator Manual. Last Updated: 15 March 2012 Manual Version:

PROTECTION. ENCRYPTION. LARGE FILES.

Exchange Security Small Business Edition. User Manual

Appliance Installation Guide

Trustwave SEG Cloud Customer Guide

Symantec ST0-250 Exam

Proofpoint Essentials: Part of the Proofpoint Family... 5 Proofpoint Essentials Overview Best Practices... 10

TrendMicro Hosted Security. Best Practice Guide

This manual is for administrative users of NetIntelligence MailFilter. The following two sections of this guide describe:

Barracuda Security Service User Guide

SECTION 5 USING STUDENT

Admin Guide Defense With Continuity

Content Filters. Overview of Content Filters. How Content Filters Work. This chapter contains the following sections:

MDaemon Vs. SmarterMail Enterprise Edition

Preface Introduction to Proofpoint Essentials... 6

Using Your New Webmail

Getting Started Guide moduscloud

Welcome to ContentCatcher 3.0! If this is your first time using ContentCatcher 3.0, here s a great way to start. We ll walk you through the essential

You can find more information about the service at

Protection Blocking. Inspection. Web-Based

Sophos Central Admin. help

Comodo Antivirus for Linux Software Version 1.0

Important Information

BIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0

Panda Security. Protection. User s Manual. Protection. Version PM & Business Development Team

GFI product comparison: GFI MailEssentials vs. McAfee Security for Servers

IBM Express Managed Security Services for Security. Anti-Virus Administrator s Guide. Version 5.31

Extract of Summary and Key details of Symantec.cloud Health check Report

Managing Graymail. Overview of Graymail. Graymail Management Solution in Security Appliance

Sophos Central Admin. help

MESSAGING SECURITY GATEWAY. Solution overview

MDaemon Vs. MailEnable Enterprise Premium

Zemana Endpoint Security Administration Guide. Version

McAfee Gateway Appliance Patch 7.5.3

MDaemon Vs. MailEnable Enterprise Premium

Transcription:

EVRY Email Security Administrator's Guide

EVRY Email Security Administrator's Guide EVRY Email Security provides a variety of useful features within a user-friendly web console to manage the functions including whitelisting of sender domains, releasing an email from quarantine and forensic search capability of email logs. This document provides an detailed description of all features and settings enabling you to quickly and easily take advantage of WeCloud Email Security. EVRY Operating Status: Operating status: Administration: https://admin.mailvask.no Parter Administration: https://partner.mailvask.no Contact Information: Support: driftsenter@evry.com Date: 2016-11-02 Version: 16.10.08

The Overview 1. Domain selector - All logs and settings are domain specific so make sure that you have the correct domain selected 2. 3. Administration tabs 2.1. Overview - Quarantine and logs 2.2. Archive - Archived emails (separate service) 2.3. Settings - Configuration options 2.4. Statistics Historical statistics 2.5. Logout Pre-defined filters 3.1. Quarantined email - All emails quarantined as spam for the domain 3.2. Admin Quarantine This quarantine contains emails that are quarantined for other reasons than spam (note: Release of emails from this quarantine requires domain or company admin rights) 4. 3.3. Delivered - All emails (inbound and outbound) that has been delivered to the recipient server 3.4. Blocked - All emails that has been blocked by the connection filters (see settings - Antispam for more info) 3.5. Failed - All emails that has failed to be delivered to the recipient server Advanced filters and tools 4.1. Advanced Filter - This allows for advanced log searches across all types of emails 4.2. Hold Queue - This contains all emails that are queued for retry 4.3. Pending - This contains emails that has been processed by the filter but hasn't been written to the log database yet

4.4. Release Selected - This tool allows you to select multiple emails in the Quarantine and release them all at once (this is only available when the Quarantine is selected) 4.5. Export to csv - This allows you to export your current log search to a csv file (this will open a new tab in your browser)

Log Searches 1. Search options - This field allows you to define your search, the options available depends on what tool is selected in the left-hand menu. All options can be combined for granular searches. Please see the separate document on database searches for some guidelines on getting fast searches. 2. 1.1. Wildcard search by checking this box Sender/Recipient/Subject are can be searched using partial addresses/subjects (this is only available in Advanced Filter, pre-filtered searches are automatically wildcard searches) 1.2. Sender The sending address 1.3. Recipient The recipient address 1.4. Subject The subject 1.5. Time ranges - Quick functions for defining a time frame for the search 1.6. Date from - Define the start date of the search 1.7. Date to - Define the end date of the search 1.8. Type - Define what type of email you're searching for (this is only available in Advanced Filter) Search controls 2.1. Reset all search terms 2.2. Perform a search with the selected criterias 3. Search result Click any email to get more detailed information (see details further on). Search results are shown using infinity scroll, so whenever the bottom of the result list is reached the service will collect more logs (20 at a time). 3.1. The search result will be split up into days 3.2. Shows the status of the email and also the country of origin of the sending server 3.3. Shows the time of the email reaching WeCloud's servers 3.4. Shows the recipient address of the email 3.5. Shows the sending address of the email (note: This is the envelope-sender) 3.6. Shows the subject of the email

Quarantined email details 1. Content selector 1.1. Shows the details and body of the email 1.2. Shows the headers of the email 1.3. Shows the audit logs for the email 2. Status bar -This will either show that the email is in quarantine or that the email has been released (note: the released status is only visible until your email server has accepted the released email, then the email is moved from the quarantine to the delivered logs) 3. Message details 3.1. Subject of the email 3.2. Recipient of the email 3.3. Sender of the email (Note: this is the envelope-sender), click the drop-down to get a quickaccess to whitelist or blacklist the sender 3.4. The time the email arrived in the filter 3.5. Size of the email 3.6. IP of the server sending the email, click the drop-down to get a quick-access to whitelist or blacklist the sender 3.7. Country of origin of the server sending the email, click the drop-down to get a quick-access to set actions based on the country of origin 3.8. WeCloud ID of the email 3.9. TLS info for the email (Note: this is only visible if the email was delivered using TLS) 3.10. Reason for quarantining the email (the access to this depends on if your settings allow for content of the email to be shown)

4. Content of the email This will show the content of the email in a safe text-only format (the access to this depends on if your settings allow for content of the email to be shown) 5. Release functions 5.1. Enter the email address to release the email to (this will default to the original recipient) 5.2. Release the email to the address specified in 5.1, this will automatically report the email to WeCloud as a false positive

Delivered email details 1. Content selector 1.1. Shows the details of the email 1.2. Shows the delivery logs for the email 1.3. Shows the audit logs for the email 2. Status bar - This will show that the email has been delivered 3. Message details 3.1. Subject of the email 3.2. Recipient of the email 3.3. Sender of the email (Note: This is the envelope-sender), click the drop-down to get a quickaccess to whitelist or blacklist the sender 3.4. The time the email arrived in the filter 3.5. Size of the email 3.6. IP of the server sending the email, click the drop-down to get a quick-access to whitelist or blacklist the sender 3.7. Country of origin of the server sending the email, click the drop-down to get a quick-access to set actions based on the country of origin 3.8. WeCloud ID of the email 3.9. TLS info for the email (Note: This is only visible if the email was delivered using TLS) 3.10. This shows the IP of the server that the email has been delivered to 3.11. This shows the response from the server the email was delivered to

Blocked email details 1. Content selector 1.1. Shows the details of the email 1.2. Shows the audit logs for the email 2. Status bar - This will show why the email was blocked 3. Message details 3.1. Subject of the email (Note: This will be empty if the email was blocked before the data of the email was recieved) 3.2. Recipient of the email 3.3. Sender of the email (Note: this is the envelope-sender), click the drop-down to get a quickaccess to whitelist or blacklist the sender 3.4. The time the email arrived in the filter 3.5. Size of the email (Note: This will be shown as 0.0 kb if the email was blocked before the data of the email was recieved) 3.6. IP of the server sending the email, click the drop-down to get a quick-access to whitelist or blacklist the sender 3.7. Country of origin of the server sending the email, click the drop-down to get a quick-access to set actions based on the country of origin 3.8. WeCloud ID of the email 3.9. TLS info for the email (Note: This is only visible if the email was delivered using TLS)

Failed email details 1. Content selector 1.1. Shows the details of the email 1.2. Shows the delivery logs for the email 1.3. Shows the audit logs for the email 2. Status bar - This will show that the email delivery failed 3. Message details 3.1. Subject of the email 3.2. Recipient of the email 3.3. Sender of the email (Note: this is the envelope-sender), click the drop-down to get a quickaccess to whitelist or blacklist the sender 3.4. The time the email arrived in the filter 3.5. Size of the email 3.6. IP of the server sending the email, click the drop-down to get a quick-access to whitelist or blacklist the sender 3.7. Country of origin of the server sending the email, click the drop-down to get a quick-access to set actions based on the country of origin 3.8. WeCloud ID of the email 3.9. TLS info for the email (Note: This is only visible if the email was delivered using TLS) 3.10. This shows the IP of the server that the email has been delivered to 3.11. This shows the response from the server the email was delivered to

Archive 1. Domain selector - All archived emails are indexed on the domain so make sure that you have the correct domain selected 2. 3. 4. Archive tools 2.1. Restore Selected - This allows you to restore the selected emails to the original recipients 2.2. Export to csv - This allows you to export your current log search to a csv file (this will open a new tab in your browser) Search options 3.1. Sender - Define parts of or a full sender address (any term entered will automatically start and end with wildcards) 3.2. Recipient - Define parts of or a full recipient address (any term entered will automatically start and end with wildcards) 3.3. Time ranges - Quick functions for defining a time frame for the search 3.4. Date from - Define the start date of the search 3.5. Date to - Define the end date of the search Search controls 4.1. Reset all search terms 4.2. Perform a search with the selected criterias 5. Search result - Any email can be clicked to get more detailed information (see details further on). Search results are shown using infinity scroll, so whenever the bottom of the result list is reached the service will collect more logs (20 at a time). 5.1. The search result will be split up into days 5.2. Shows the status of the email and also the country of origin of the sending server 5.3. Shows the time of the email reaching WeCloud's servers 5.4. Shows the recipient address of the email 5.5. Shows the sending address of the email (note: This is the envelope-sender) 5.6. Shows the subject of the email 5.7. Shows the size of the email

Archived email details 1 Content selector 1.1 Shows the details of the email 1.2 Shows the headers of the email (the access to this depends on if your settings allow for content of the email to be shown) 1.3 Shows the audit logs for the email 1.4 Advanced tools 1.4.1 Report the email as a missed spam 1.4.2 Open the original email (the acces to this depends on if your archive settings allows for content of the email to be shown) 1.4.3 Download the original.eml file (the acces to this depends on if your archive settings allows for content of the email to be shown) 2 Message details 2.1 Subject of the email 2.2 Recipient of the email 2.3 Sender of the email (Note: this is the envelope-sender) 2.4 The time the email arrived in the filter 2.5 Size of the email 2.6 IP of the server sending the email 2.7 Country of origin of the server sending the email 2.8 WeCloud Archive ID of the email 2.9 A list of the attached files in the email (Note: This is only visible if there are attached files in the email)

3 Content - This shows the content of the email in a safe text-only format (the acces to this depends on if your archive settings allows for content of the email to be shown) 4 Restore functions 4.1 Address part of the email address to restore the email to (this will default to the original recipient) 4.2 Domain part of the email address to restore the email to (this will be locked to the original domain) 4.3 Restore options

Settings menu 1. Overview of the functions activated 2. Antispam settings 3. QMS settings (Spam digest) 4. Antivirus settings 5. Inbound settings 6. Outbound settings 7. Archive options (these are read-only) 8. Custom lists for blocking and allowing emails 9. Diagnostic tool for troubleshooting mailflow 10. Creating and editing Administrators 11. True Users is to define what email addresses exists for the domain 12. Admin access to users quarantine zones and personal black-/whitelists 13. Interface settings 14. Define what domains should be controlled by a company profile 15. Change password for the current admin account

Overview Settings 1. Settings overview 1.1. AntiSpam status 1.2. QMS status 1.3. AntiVirus status 1.4. Archive status 1.5. True Users status 2. Entries overview 2.1. Number of administrators registered for the domain 2.2. Number of True Users addresses registered for the domain 2.3. Number of addresses/domains whitelisted for the domain 2.4. Number of addresses/domains blacklisted for the domain 2.5. Number of originating countries with a default action defined for the domain 2.6. Number of file extensions blocked for the domain 2.7. Number of IP addresses whitelisted for the domain 2.8. Number of IP addresses blacklisted for the domain 2.9. Number of addresses/domains bypassing the antivirus for the domain

Antispam Settings 1. 1. Save your changes - The changes takes effect immediately 2. Audit logs 3. First layer defense 3.1. HeloCheck - This will block emails where the sending server does not give a proper FQDN in the initial server greeting 3.2. SPF engine - This will block any email where the sending domain has a hardfail in their SPF and the sending server/ip is not included in the SPF record (Note: This needs to be enabled for the other SPF options to be functional, it is also required for the Protected Domains function) 3.3. Quarantine SPF softfail - This will quarantine any email where the sending domain has a softfail in their SPF and the sending server/ip is not included in the SPF record 3.4. SPF Block Temperror This will block any emails where the lookup of the sedners SPF Record causes temporary error 3.5. SPF Block permerror This will block any emails where the resolve of the senders SPF Record causes a permanent error 3.6. Enable IP Reputation (RBL) - This checks if the sending IP is blacklisted and blocks emails from blacklisted IPs 3.7. Block Mailer-demons - This will block mailer-daemon delivery reports 3.8. Quarantine Newsletters This will quarantine newsletters based on the presense of unsubscribe links the headers 3.9. Sender domain check - This checks if the sending domain is valid and otherwise blocks the email

4. Content scanner options 4.1. Content scanner On/Off 4.2. Threshold for detecting spam based on content, the higher the threshold the "softer" the filter is, Wecloud do not recommend setting a higher score than 5 or lower than 3 4.3. Action for emails detected by the content engine. The options are: Quarantine - Quarantine the email Tag Subject - Allow the email but tag the subject with [SPAM] Tag Header - Allow the email but tag it with an X-Header

QMS Settings 1. Save your changes - The changes takes effect immediately 2. Audit logs 3. QMS On/Off If On a spam digest will be sent out regularly according to the QMS settings 4. QMS Type This defines the format of the QMS report, the options are: Email notification This is a notification containing the number of new emails in quarantine and a link to the online quarantine Email overview This is a notification containing a full list of the new emails in quarantine (please see the separate QMS guide for an example) 5. QMS Interval This defines the interval of the QMS report, the options are: 1 day This schedules a daily QMS report 1 week This schedules a weekly QMS report 6. QMS Recipient If this field contains an emailaddress on your domain the QMS report for the domain will be sent to this address instead of personal QMS reports being sent to the end-users 7. QMS black/whitelist This defines if the end-users should be allowed to create personal black/whitelists within their quarantine portal (please see the separate QMS guide for more information)

Antivirus Settings 1. Save your changes - The changes takes effect immediately 2. Audit logs 3. Antivirus On/Off 4. Block nested zips On/Off If this is set to on the filter will block any emails containing nested zips (a zipfile within a zipfile) 5. BMA On/Off Please see the section on BMA Enchanced Malware Analyzer for more information 6. Ignored BMA rules Tick the box for any rule in the current BMA set that you want to ignore for your email flow

Inbound Delivery settings This is where you configure the server and port to use for the delivery of clean inbound emails to your server. 1. Save your changes - It can take up to 20 minutes for the changes to take full effect (Note: changes here will affect emails in the hold que as well) 2. Audit logs 3. Delivery settings 3.1. Delivery server - The hostname or IP address that we should deliver your emails to (Note: we recommend always using a hostname if possible) 3.2. Delivery port - The port which we should deliver emails over, 25 is the default for SMTP, but we can do delivery over any port you specify 3.3. This will allow you to test the connectivity with your server

Inbound Routing settings This allows for third party integration with other services (for example, but not limited to, encryption services). The details of this is covered in a separate chapter of this guide. 1. Save your changes - It can take up to 20 minutes for the changes to take full effect (Note: changes here will affect emails in the hold que as well) 2. Delete settings - This will clear all routing configuration, this can take up to 20 minutes to take full effect (Note: changes here will affect emails in the hold que as well) 3. Audit logs 4. Routing settings 4.1. Routing server - The hostname or IP address that we should reroute the emails to (Note: we recommend always using a hostname if possible) 4.2. Delivery port - The port which we should route the emails over 4.3. Enable relay On/Off - This defines if the routing rule is enabled or not 4.4. route Relay smime only - If set to On only emails encrypted with smime will be sent over the relay 4.5. Enable archive - If set to On an additional copy of the email will be stored after it is sent back to us from the external party (Note: this requires the domain to have archiving enabled)

Inbound Force TLS settings This allows you to set the default TLS behaviour for your inbound traffic, and also to add exceptions to that behaviour 1. Add exceptions - This allows you to add sender and/or recipient exceptions (more info below) 2. Save your changes - The changes takes effect immediately 3. Delete settings - This will remove all exceptions that are marked in section 6 (Note: Delete is only visible if you have one or more excetion selected) 4. Audit logs 5. Default setting - This is the defasult setting for the domain, if set to Off (Note: this is the recommended setting) all inbound emails will use Opportunistic TLS except for the exceptions defined which will use Force TLS. If set the On all inbound emails will have Force TLS except for the exceptions which will use Opportunistic TLS.

6. Exceptions 6.1. Senders - This will list exceptions based on the sending address/domain 6.2. Recipients - This will list exc eptions based on the recipient address/domain 6.3. Multi-selection tool for a quick selection of multiple items, the options are: All - selects all items None - deselects all selected entries Invert - inverts the selection Senders - select Senders exceptions only Recipients - select Recipients exceptions only 6.4. Each exception will have a selection box to allow for deletion 6.5. This will list the exceptions

Inbound Force TLS settings Add exceptions 1. Sender exceptions - Enter any sending domains and/or addresses that should be an exception to the default TLS setting (Note: separate multiple entries with comma, tab, newline or semi-colon) 2. Recipient exceptions - Enter any recipient addresses that should be an exception to the default TLS setting (Note: separate multiple entries with comma, tab, newline or semi-colon) 3. Close without saving 4. Add the exceptions to your TLS configuration

Inbound Rewrite settings This will allow you to rewrite the recipient for specific inbound emails 1. Add a new rule - More info below 2. Delete - This will delete the rules that are marked in section 4 (Note: Delete is only visible if you have one or more rule selected) 3. Audit logs 4. Rules - This will list the rules that you have configured 4.1. Multi-selection tool for a quick selection of multiple items, the options are: All - selects all items None - deselects all selected entries Invert - inverts the selection 4.2. Each rule will have a selection box to allow for deletion 4.3. 4.4. 4.5. 4.6. This will list the sender value for the rule This will list the recipient value of the rule This will list the rewritten recipient value This will state if the original is discarded (i.e. If the email is rerouted to the new recipient or if a copy is made) This will loist the priority of the rule (rules with lower priority has precedence over rules with higher priority) This allows you to edit a rule 4.7. 4.8.

Inbound Rewrite settings Add rule This will allow you to have the scanning service to insert custom headers on inbound emails 1. Sender(s) Add one or more senders (addresses and/or domains) that the rule should be active for 2. Recipient(s) - Add one or more recipient addresses that the rule should be active for (Note: Leave this empty if you want the rule to be valid for the whole domain) 3. New recipient(s) - Add one or more recipient addresses and/or domains that the email should be rerouted to (Note: The recipients need to be on one of the domains on your account). If domains are entered here the address part of the recipient will stay the same and only the domain part will be rewritten 4. Discard original email Checking this box will create a reroute rule (the original recipient will not recieve the email) and leaving this box unchecked will create copies of the email to the new recipient(s) but still deliver the email to the original recipient 5. Close the window without saving changes 6. Add the rule to your rewrite configuration

Inbound Header settings This will allow you to have the scanning service to insert custom headers on inbound emails 1. Add a new header More info below 2. Delete This will delete the header inserts that are marked in section 4 (Note: Delete is only visible if you have one or more header insert selected) 3. Audit logs 4. Header inserts This will list the Headers inserts that you have configured 4.1. 4.2. 4.3. 4.4. Multi-selection tool for a quick selection of multiple items, the options are: All - selects all items None - deselects all selected entries Invert - inverts the selection This will list the Header key to be inserted This will list the value to be insterted for the Header key Each Header insert will have a selection box to allow for deletion 1. Key Enter the key to be added to the header 2. Value Enter the value to be added for the specified key 3. Close without saving 4. Save the setting

Inbound Notification settings Here you can configure in wich cases the user on your end should be notified when the filter blocks an email addressed to the user. 1. Save your changes - The changes takes effect immediately 2. Audit logs 3. Quarantined by BMA This will generate a notification evry time an email is put into quarantine by BMA 4. Blocked by BMA This will generate a notification evry time an email is blocked by BMA 5. Blocked by RBL - This will generate a notification every time an email is blocked because the sending IP is blacklisted 6. Blocked by Country - This will generate a notification every time an email is blocked because the sending country has been blacklisted under Lists Countries 7. Blocked by IP - This will send a notification every time an email is blocked because the sending IP has been blocked under Lists IP 8. Blocked by Antivirus - This will generate a notification every time an email is blocked by the antivirus scanning 9. Blocked by File extension - This will generate a notification every time an email is blocked due to containing files listed under Lists Fileextensions 10. Blocked by Nested Zip - This will generate a notification every time an email is blocked due to nested zips being blocked under Antivirus settings

Outbound User settings SMTP authentication is one of the options to authenticate your outbound traffic trough the WeCloud scanning (this is suitable if you want the end-users to send emails thorugh WeCloud directly from their email clients or if you for example have a dynamic IP and still want to be able to send your emails out via the service. Please note that this feature requires the communication to be protected by TLS and to use port 587. 1. Add user More info below 2. Delete This will delete the users that are marked in section 4 (Note: Delete is only visible if you have one or more users selected) 3. Audit logs 4. Users 4.1. Multi-selection tool for a quick selection of multiple items, the options are: All - selects all items None - deselects all selected entries Invert - inverts the selection 4.2. This will list the users, domain users will be marked with a * (Note: A domain user is a user/password combination that can authenticate email traffic for the whole domain) 4.3. This will allow you to send a new password to a user 4.4. Each user will have a selection box to allow for deletion

Outbound User settings Add user 1. User entries Enter the user(s) that should be created, separate multiple entries by using comma, tab, newline or semi-colon (Note: all users must be in the form of an email address and the domain part needs to match the currently selected domain) 2. Notify user If this is checked an email will be sent to the created user(s) with their password, if this is unchecked the password will instead be showed on screen when the user is created 3. Domain user If this is checked the user(s) will be allowed to authorize emails for the whole domain (this is used when the authentication is setup on server level, if this is unchecked the user(s) created will only be allowed to authorize emails sent from their own address (this is used when the authentication is setup on the end-user level 4. Close without saving 5. Save the settings

Outbound IP settings IP authentication is the preferred option to authenticate your outbound traffic trough the WeCloud scanning (this is the recommended setting as long as you have a static IP) 1. Add IP More info below 2. Delete This will delete the IPs that are marked in section 4 (Note: Delete is only visible if you have one or more IPs selected) 3. Audit logs 4. IPs 4.1. Multi-selection tool for a quick selection of multiple items, the options are: All - selects all items None - deselects all selected entries Invert - inverts the selection 4.2. This will list the IPs 4.3. Each IP will have a selection box to allow for deletion

Outbound IP settings Add IP 1. Entries Enter the IPs to be added, miltiple entries should be separated by comma, tab, newline or semi-colon 2. Close without saving 3. Add my IP Add the IP that you are currently accessing the interface from to the Entries 4. Save the settings

Outbound Routing settings This allows for third party integration with other services (for example, but not limited to, encryption services). The details of this is covered in a separate chapter of this guide. 1. Save your changes - It can take up to 20 minutes for the changes to take full effect (Note: changes here will affect emails in the hold que as well) 2. Delete settings - This will clear all routing configuration, this can take up to 20 minutes to take full effect (Note: changes here will affect emails in the hold que as well) 3. Audit logs 4. Routing settings 4.1. Routing server - The hostname or IP address that we should reroute the emails to (Note: we recommend always using a hostname if possible) 4.2. Delivery port - The port which we should route the emails over 4.3. Enable relay On/Off - This defines if the routing rule is enabled or not 4.4. Enable archive - If set to On an additional copy of the email will be stored after it is sent back to us from the external party (Note: this requires the domain to have archiving enabled)

Archiving Settings This will show the settings configured by Wecloud for your archive. These settings require an additional license and can not be changed by the customers administrator.

Lists Settings - Whitelist 1. Add Use this to add entries to the whitelist 2. Delete This will delete the entries that are marked in section 6 (Note: Delete is only visible if you have one or more entries selected) 3. Search box Use this to search for entries, the search result will show while you type (Note: You do not have to write complete addresses or domains when searching) 4. Audit logs 5. Total amount of entries 6. Entries 6.1. Multi-selection tool for a quick selection of multiple items, the options are: All - selects all items None - deselects all selected entries Invert - inverts the selection Domains - selects all domains Emails - selects all email addresses 6.2. This lists the addresses and/or domains in your whitelist 6.3. This shows the date and time that the entry was created 6.4. Each entry will have a selection box to allow for deletion

Lists Settings Blacklist 1. Add Use this to add entries to the blacklist 2. Delete This will delete the entries that are marked in section 6 (Note: Delete is only visible if you have one or more entries selected) 3. Search box Use this to search for entries, the search result will show while you type (Note: You do not have to write complete addresses or domains when searching) 4. Audit logs 5. Total amount of entries 6. Entries 6.1. Multi-selection tool for a quick selection of multiple items, the options are: All - selects all items None - deselects all selected entries Invert - inverts the selection Domains - selects all domains Emails - selects all email addresses 6.2. This lists the addresses and/or domains in your blacklist 6.3. This shows the date and time that the entry was created 6.4. Each entry will have a selection box to allow for deletion

Lists Settings - Countries This will allow you to set default actions based on the Geo-IP mapping we do on all sending IPs for inbound emails. 1. Add More info below 2. Delete This will delete the entries that are marked in section 6 (Note: Delete is only visible if you have one or more entries selected) 3. Audit logs 4. Total amount of entries 5. Entries 5.1. Multi-selection tool for a quick selection of multiple items, the options are: All - selects all items None - deselects all selected entries Invert - inverts the selection Whitelisted - selects all whitelist entries Quarantined - selects all quarantine entries Blacklisted selects all blacklis entries 5.2. This lists the countries you have set default actions for 5.3. This shows the action for the listed countries 5.4. This allows you to edit the default action for the listed countries 5.5. Each entry will have a selection box to allow for deletion

Lists Settings Countries Add entry 1. Country Use the dropdown to select the country that you want to create a default action for 2. Action Use the dropdown to select the action for emails from servers in the selected country, the options are: Whitelist Don't spam scan emails from the selected country Blacklist Block all emails from the selected country Quarantine Quarantine all emails from the selected country 3. Close without saving 4. Save the entry

Lists Settings - Fileextensions This will allow you to block emails containing specific files 1. Add More info below 2. Delete This will delete the entries that are marked in section 5 (Note: Delete is only visible if you have one or more entries selected) 3. Audit logs 4. Total amount of entries 5. Entries 5.1. Multi-selection tool for a quick selection of multiple items, the options are: All - selects all items None - deselects all selected entries Invert - inverts the selection 5.2. This lists the file extensions that will cause a block 5.3. Each entry will have a selection box to allow for deletion

Lists Settings Fileextensions - Add 1. Add fileblock This dropdown will give you access to different default groupings of file extensions, the options are: Programs This is a collection of executable files Scripts This is a collection of script files Shortcuts This is a collection of shortcut files Others This is a collection of other files you might wish to block Office This is a collection of office files All This will include all the predefined file sets above 2. Entries This is where you can add entries to block, multiple entries should be separated by comma, tab, newline or semi-colon 3. Close without saving 4. Save the entries

Lists Settings - IP This will allow you to blacklist or whitelist IPs or IP ranges 1. Add More info below 2. Delete This will delete the entries that are marked in section 5 (Note: Delete is only visible if you have one or more entries selected) 3. Audit logs 4. Total amount of entries 5. Entries 5.1. Multi-selection tool for a quick selection of multiple items, the options are: All - selects all items None - deselects all selected entries Invert - inverts the selection Whitelisted selects all whitelist entries Blacklisted selects all blacklist entries 5.2. This lists the IPs 5.3. This will show if the IP is whitelisted or blacklisted 5.4. Each entry will have a selection box to allow for deletion

Lists Settings IP - Add This will allow you to blacklist or whitelist IPs or IP ranges 1. Action Use the dropdown to select if the IPs should be blacklisted or whitelisted 2. Entries Enter the IPs and/or IP ranges to add to the list, multiple entries should be separated by comma, tab, newline or semi-colon 3. Close without saving 4. Save the entries

Lists Settings Bypass AV This will allow you to whitelist senders in the antivirus scanner 1. Add Use this to add entries to the antivirus bypass list 2. Delete This will delete the entries that are marked in section 5 (Note: Delete is only visible if you have one or more entries selected) 3. Audit logs 4. Total amount of entries 5. Entries 5.1. Multi-selection tool for a quick selection of multiple items, the options are: All - selects all items None - deselects all selected entries Invert - inverts the selection Domains selects all listed domains Emails selects all listed email addresses 5.2. This lists the addresses and/or domains 5.3. Each entry will have a selection box to allow for deletion

Lists Settings Domain Protection This will allow you add domain protection to specific domains (see separate chapter on Domain Protection for more details) 1. Add Use this to add entries to the domain protection list 2. Delete This will delete the entries that are marked in section 5 (Note: Delete is only visible if you have one or more entries selected) 3. Audit logs 4. Total amount of entries 5. Entries 5.1. Multi-selection tool for a quick selection of multiple items, the options are: All - selects all items None - deselects all selected entries Invert - inverts the selection 5.2. This lists the domains 5.3. Each entry will have a selection box to allow for deletion

Diagnostics This will allow you to run a simple diagnostics of your email configuration 1. Run This will initiate the test 2. MX Record Check This will check the MX Records you have configured for the domain 2.1. Result of the test 2.2. This will show your configured MX Records 3. Delivery check This will test the connectivity to your server 3.1. Result of the test 3.2. This will list the server and port you have configured under your inbound settings 3.3. This will show a transcript of the communication test with your server

User Settings This will allow you to manage the administrators and user profiles for your account 1. User control 1.1. Add new user More info below 1.2. This will delete the entries that are marked in section 5 (Note: Delete is only visible if you have one or more entries selected) 1.3. This will enable the entries that are marked in section 5 (Note: Enable is only visible if you have one or more entries selected) 1.4. This will disable the entries that are marked in section 5 (Note: Disable is only visible if you have one or more entries selected) 2. Search box Use this to search for entries, the search result will show while you type 3. Audit logs 4. Total amount of entries 5. Entries 5.1. Multi-selection tool for a quick selection of multiple items, the options are: All - selects all items None - deselects all selected entries Invert - inverts the selection 5.2. This will list the name of the users 5.3. This will list the type of the user (Note: If the type is marked with a * the user also has a User Profile enabled) 5.4. This will list the email address of the user (Note: The email address is also the user name) 5.5. This will list the time and date of creation for the user 5.6. This will allow you to edit the settings for the user 5.7. Each entry will have a selection box to allow for deletion and enable/disable

User Settings Add User 1. Firstname 2. Lastname 3. Email address This will also be the username 4. Readonly Setting this to On will render the user unable to change anything in the interface (Note: This needs to be combined with one or more of the user rights in sections 5-7) 5. User profile Setting this to On will allow the user to have their settings separated from the domains settings (Note: This also means that the user will not get any changes to the settings made on a domain level) 6. Domain admin Setting this to On will allow you to select one or more of your domain that this user will get access to (Note: This type of user will not automatically get access to new domains that you add to the account) 7. Company admin Setting this to On will give the user access to all domains on your account (Note: This will automatically give the user access to new domains that are added to your account as well) 8. Notify user Setting this to On will send an email with the login credentials to the user when created, setting this to Off will instead show the credentials on screen when the user is created (Note: We highly recommend setting this to Off and then ask the user to use the Forgot Password function on the login page so that no credentials are sent via email) 9. Close without saving 10. Save the entries

True Users settings This will allow you to specify what email addresses are vaild for your domain (Note: If you specify addresses here WeCloud will only accept emails for those addresses, emails to any other recipients will be rejected) 1. Add Add one or more addresses to your list of true users 2. Delete This will delete the entries that are marked in section 5 (Note: Delete is only visible if you have one or more entries selected) 3. Search box Use this to search for entries, the search result will show while you type 4. Audit logs 5. Entries 5.1. Multi-selection tool for a quick selection of multiple items, the options are: All - selects all items None - deselects all selected entries Invert - inverts the selection 5.2. This will list the email addresses registered as true users 5.3. Each entry will have a selection box to allow for deletion and enable/disable

Token Manager Any user that recieves a QMS report will automatically be created as a token user. The Token Manager allows an admin to login to the personal quarantine as the selected user in order to manage their quarantine and (if activated in the QMS settings) their black/whitelists 1. This will list all users created by the QMS system 2. This allows the administrator to login as the selected user This is not available to read only administrators (Note: The login will open a separate tab so the administrator will not be logged out from the administrator interface)

Interface Settings This will allow you to specify what timezone you want for your selected domain, and also what domain should be the default domain when logging into your account 1. Save your changes - The changes takes effect immediately 2. Audit logs 3. Timezone Use the dropdown to select the timezone for your domain (Note: This will control the timestamps in you logs and also the time of day that your QMS reports are sent out) 4. Default domain Use the dropdown to select what domain should be the default selected domain when you log into your account 5. Notify/QMS Language Use the dropdown to select the language for emails generated by the system to your users

Company Profile settings By activating the Company Profile you can easily manage the settings for multiple of your domains by changing a single profile. If company Profile is activated a new option "Company Profile" becomes available in the domain selector and all changes of settings on the specified slave domains will be deactivated. Any settings on the slave domains will be overriden when the Company Profile is activated. The Company Profile controls the following settings for its slave domains: Antispam > All settings QMS > All settings Antivirus > all settings Inbound > Delivery, Routing, Inbound headers, Notification Outbound > IP, Routing, Outbound headers Archive > All settings Lists > All settings Interface > All settings 1. Enable This will enable the company profile according to your settings (Note: When you have a company profile active this will instead read Edit and allow you to change your settings to the profile) 2. Source domain Use the dropdown to select the source domain that the settings for the profile will be copied from (Note: even though only some settings are controlled by the profile, all settings will be copied from it and used as a foundation on any domain that you include in the profile) 3. Slave domain(s) This will allow you to select which domains your company profile should take control of (Note: All settings on these domains will be overwritten by the company profile settings) 4. Master domain The master domain selected in section 2 will automatically be selected

WeCloud 3rd party routing With WeClouds 3rd party routing function it is easy to combine WeClouds email scanning with a wide range of 3rd party products (for example for encrypting/decrypting emails). The WeCloud service can easily be configured to route inbound and/or outbound emails via a 3 rd party product before they are sent to the recipient (see next page for a traffic overview). The routing settings are located in Settings Inbound Routing, for inbound routing, and Settings Outbound Routing, for outbound routing. 1. Save the current routing configuration (Please note that it can take up to 20 minutes for the changes to become active) 2. Delete the current routing configuration (Please note that it can take up to 20 minutes for the changes to become active) 3. Audit logs to track the changes to the routing configuration 4. The hostname or the IP of the server that emails should be routed to 5. The target port that the emails should be routed to 6. Enable or disable the routing configuration 7. Enable or disable Smime only routing. When set to off all emails are sent via the route, when set to on only emails encrypted with smime are sent via the route (Note: This is for inbound routing only) 8. Enable or disable archiving. When set to off emails are only archived before the routing takes place, when set to off emails are archived both before and after routing. (Please note that this requires a subscription to WeCloud Archiving feature)

WeCloud 3rd party routing - Traffic overview

Searching the database This is a guide on how the searches in WeCloud's system works. If your account with WeCloud has high email volumes this document will help you understanding the logic behind the searches and also how to effectively search for emails in our system. Definitions Indexed dataset This is the indexed selection that the string search will be applied to. The smaller this dataset is the faster the search will be. Final dataset This is the final selection after the string search has been applied. The larger this dataset is the faster the search will be. Please see next page for a definition on what filters alters what dataset

Filters A. Filters altering the Indexed dataset (these should be set as narrow as possible for a fast search) A1. Domain Selector This is where the domain for the search is selected (both inbound and outbound emails will be searched) A2/A3. Mail Filters & Tools These are the pre-indexed actions for the emails: Quarantined These emails were marked up as spam by the content scanner Delivered These emails were delivered to the recipient server Blocked These emails were rejected by the filter Failed These emails were rejected by the recipient server Advanced Filter This allows for searches without using the pre-indexed action Hold Queue These emails are on retry in our system (we are having problems delivering them to the recipient server) Pending These are emails that have been handled by the system but the logs are pending to be entered into the database A4. Time Frame This allows you to select the time frame for your search B. Filters altering the Final dataset (these should be set as wide as possible for a fast search) B1. Recipient The whole recipient address of the email or parts of it B1. Sender The whole sending address of the email or parts of it B1. Type The Action for the email (this is not the same as a pre-indexed filter) B2. Subject The whole subject of the email or parts of it

Log search The Basics The Indexed dataset defines the amont of logs that the search will go through to find the Final dataset. So if you for example have 10.000 emails being handled in the filter everyday and you do a 7 day search wihtout any other filter set for the Indexed dataset the search will go through 70.000 email logs to find the Final dataset. If, however, only 500 of those 10.000 daily emails are clean emails that are being delivered you could minimize the Indexed dataset to 3.500 emails for the search to go through by setting the pre-indexed filter to delivered before searching. The search will go through the whole Indexed dataset to find the Final dataset (set by your search parameters), and the larger the Indexed dataset is and the smaller the Final dataset is the longer the search will take. Log search Infinity Scroll WeCloud's Infinity Scroll feature means that the system will return a search result as soon as 20 matching emails have been found. For more results all you need to do is to scroll down to the bottom and a new set of logs will be collected. This means that the search only needs to run until 20 matches has been found. In other words a wider filter for the Final dataset will produce faster results than a narrow filter for the same. If we take our example above a search without pre-indexed filters had a Indexed dataset of 70.000 emails. If we set very specific search filters that will only generate one match that would mean that the search has to go through all 70.000 emails before it returns a result (as it needs to make sure that no more matches are found). If, however, we instead widen the filters so that the search would result in 20+ matches we would get the initial result faster since that would be returned as soon as the first 20 matches are found. Log search The Logic So in other words, the smaller the Indexed dataset is the smaller the amount of emails the search goes through is (this will result in a fast complete search time). And the wider the filters (the non pre-indexed filters) are set, the faster we will start getting results from the searches. Log search Conclusion Try to minimize the Indexed dataset as much as possible (if you know that the email you're looking for is 2 days old, there's really no meaning to search 7 days back for example). If a search is taking a long time for you try widening the filters (for an inbound email you could for example search on the recipient address instead of the sending address). On a domain with little traffic you probably won't need to take any precautions, but if you have several thousands of emails you might want to consider your tactics when searching the filter in order to get your results faster (looking through millions of emails for one single match is a bit like finding a needle in a haystack).

Heuristic Phishing Protection You might have seen one or more emails blocked by WeCloud's Anti Virus engine with the following explanation: Contains virus: Heuristics.Phishing.Email.SpoofedDomain Since the description might be a bit cryptic this document will breakdown what this means and how this part of the protection works. In our systems we have a number of domains listed as protected. These are domains that are frequently abused on a global scale when it comes to Phishing attempts. In this specific case I'll use americanexpress.com as an example. So, let's say that an email circulates where the content looks as follows. Of course American Express wouldn't send an email like this out, but the scammers know that many unaware end-users might actually follow the link believing that the communication is from American Express. A mouse-over shows that the link doesn't go to the correct website at all.

In this case a spamfilter might have problems with this type of email if the following applies: 1. The sending address isn't spoofed (the spoof is only in the From: Header) 2. The sending IP isn't blacklisted 3. The true target link isn't classified as bad (the website isn't known as hacked or perhaps a Google form is used) 4. The content is too generic to be classified as spam or too new to have been seen before by the filter Whenever a protected domain is visible in the link WeCloud will check the visible domain with the actual domain that the link leads to, in order to check if this is a scam or not. To illustrate this a simplified version of a hyperlink is shown below. 1. This is the link that is visible to the end-user 2. This is the actual target of the link If part 1 above contains a domain protected by WeCloud's Phishing engine, the filter will check and make sure that the same domain is the target in part 2. If these two do not match then the filter will block the email with the reason Contains virus: Heuristics.Phishing.Email.SpoofedDomain Please note that this is only in effect for the domains identified as protected and not for all hyperlinks.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback