Comendo mail- & spamfence

Similar documents
Important Information

Important Information

Getting Started Guide moduscloud

Welcome to ContentCatcher 3.0! If this is your first time using ContentCatcher 3.0, here s a great way to start. We ll walk you through the essential

To create a few test accounts during the evaluation period, use the Manually Add Users steps.

Office 365 Standalone Security

Step 2 - Deploy Advanced Security for Exchange Server

Office 365 Inbound and Outbound SMX configuration. 4 th January 2018

Block Threats Before They Reach Your Network Make Downtime a Thing of the Past. Comprehensive and reliable protection

Mail Assure Quick Start Guide

Mail Assure. Quick Start Guide

Proofpoint Essentials: Part of the Proofpoint Family... 5 Proofpoint Essentials Overview Best Practices... 10

Using Centralized Security Reporting

Using Trustwave SEG Cloud with Exchange Online

Block Threats Before They Reach Your Network Make Downtime a Thing of the Past. Comprehensive and reliable protection

You can find more information about the service at

Admin Guide Defense With Continuity

Account Customer Portal Manual

Setting up Microsoft Office 365

Preface Introduction to Proofpoint Essentials... 6

Appliance Installation Guide

Protection Service with Continuity

WeCloud Security. Administrator's Guide

Delivered from the cloud, Fus s Hosted Exchange is the best choice for business .

Mail Assure. User Guide - Admin, Domain and Level

Configuring Gmail (G Suite) with Cisco Cloud Security

CAMELOT Configuration Overview Step-by-Step

Using Trustwave SEG Cloud with Cloud-Based Solutions

Connecting to Mimecast

On the Surface. Security Datasheet. Security Datasheet

How to Configure Office 365 for Inbound and Outbound Mail

Service Description Safecom Simple Mail Relay Version 3.5

Vendor: Cisco. Exam Code: Exam Name: ESFE Cisco Security Field Engineer Specialist. Version: Demo

Test-king q

Symantec ST0-250 Exam

Sophos Central Partner. help

Symantec ST Symantec Messaging Gateway Download Full Version :

USER GUIDE. Accessing the User Interface. Login Page Resetting your Password. Logging In

NHSmail LOA webinar. Tuesday 23 August. Hayley Miller Engagement Lead, NHS Digital Chris Gibbons Communications Lead, Accenture

ClientNet Admin Guide. Boundary Defense for

========================================================================= Symantec Messaging Gateway (formerly Symantec Brightmail Gateway) version

Microsoft Office 365 TM & Zix Encryption

Office 365: Secure configuration

SolarWinds Mail Assure

Firewall XG / SFOS v16 Beta

Managing Spam. To access the spam settings in admin panel: 1. Login to the admin panel by entering valid login credentials.

SpamCheetah manual. By implementing protection against botnets we can ignore mails originating from known Bogons and other sources of spam.

Protection Blocking. Inspection. Web-Based

Document: Configuration Technical Manual. Version: 2.3. Author: Mark Andrew Smith

Extract of Summary and Key details of Symantec.cloud Health check Report

Configuring Failover

Sophos Appliance Configuration Guide. Product Version 4.3 Sophos Limited 2017

Failover Dynamics and Options with BeyondTrust 3. Methods to Configure Failover Between BeyondTrust Appliances 4

iq.suite Azure Edition

How to Configure Esva for Office365

Service Description Safecom Customer Connection Version 3.5

This Exchange 2003 Guidelines document is a work in progress, and is current as of May 5, 2004.

Secure Messaging Setup Guide

MESSAGING SECURITY GATEWAY. Solution overview

Mimecast Datasheet. Mimecast. Achieving best practice enterprise management with next generation Mimecast technology

SafeConsole On-Prem Install Guide. version DataLocker Inc. July, SafeConsole. Reference for SafeConsole OnPrem

Centralized Policy, Virus, and Outbreak Quarantines

Technical Note. FortiMail Best Practices Version 3.0 MR4.

You should not have any other MX records for your domain name (subdomain MX records are OK).

Synology MailPlus Server Administrator's Guide. Based on MailPlus Server 1.4.0

WHITEPAPER Rewrite Services. Power365 Integration Pro

Failover Configuration Bomgar Privileged Access

An atmail cloud licence is a single licence type that includes the following features: webmail; contacts; and calendars.

VMware AirWatch Google Sync Integration Guide Securing Your Infrastructure

Understanding the Pipeline

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Using the Control Panel

provides several new features and enhancements, and resolves several issues reported by WatchGuard customers.

Microsoft Exchange Online

ClientNet. Portal Admin Guide

.-----~ IPSWITCH. IMail Server. Getting Started Guide

Integrating Trend Micro Hosted Security with Google Gmail

Workshare Protect Server 3.9 on Microsoft Azure. Admin Guide

Version SurfControl RiskFilter - Administrator's Guide

Integrate Barracuda Spam Firewall

MX Control Console. Administrative User Manual

Sophos Mobile. startup guide. Product Version: 8.1

Contents. Limitations. Prerequisites. Configuration

Tracking Messages. Message Tracking Overview. Enabling Message Tracking. This chapter contains the following sections:

Comodo Antispam Gateway Software Version 2.12

MIGRATING FROM PORTALS TO COMMUNITIES

LifeSize Control Installation Guide

Comodo Comodo Dome Antispam MSP Software Version 2.12

Table of Contents Chapter 1: Migrating NIMS to OMS... 3 Index... 17

Privileged Remote Access Failover Configuration

1.1. Agreement means this document together with the Ignite General Terms and Conditions.

NHSmail Migration Communications Plan Template

Configuration Section

You can purchase directly through our online store.


Silver Peak EC-V and Microsoft Azure Deployment Guide

SOLUTION MANAGEMENT GROUP

Security with FailSafe

Admin Tasks. Mimecast Training. Student Workbook. V Mimecast. All rights reserved

Barracuda NextGen Report Creator

Transcription:

Upgrade Guide Resellers Comendo mail- & spamfence VERSION 10-05-2016

TABLE OF CONTENTS INTRODUCTION... 3 OVERVIEW... 4 1. Preparation... 4 2. Provisioning... 4 3. Upgrade... 4 4. Finalisation... 4 COMPARISON... 5 Service Details... 6 Key Differences... 6 UPGRADE PROCESS IN DETAIL... 11 1. Preparation... 11 MX records... 11 Firewall... 12 Smart host... 12 SPF record... 12 2. Provisioning... 13 Automated Configuration Sync... 13 Manual configuration by the upgrades team... 13 3. Upgrade... 14 4. Finalisation... 14 FREQUENTLY ASKED QUESTIONS... 15 Will there be any disruption to my customers mail flow during the upgrade?... 15 How will my customers accounts be upgraded?... 15 When will my customers accounts be upgraded?... 15 What will change?... 15 What do I need to do?... 16 How do I get training?... 16 Will other Comendo email security products be upgraded as well?... 16 Helpdesk page... 16 2

INTRODUCTION This document details the process we will follow to upgrade your account on the Comendo Security service from the legacy platform to our new and improved service. This document is aimed at partners resilling Comendo email security services, and made to ensure that you have all of the information required to ensure a smooth and seamless upgrade experience with absolutely no disruption to your customers service. If after reading this guide you would like to discuss any part of the process in detail, please do not hesitate to contact us using the contact details below: Comendo Support Email: support@comendo.com Phone: +45 4333 0393 Alternatively, please contact your Account Manager. Your transition to our upgraded service will be handled by our dedicated upgrade team, who will ensure that your upgrade is processed with no loss of email, and no disruption to your customers. Prior to your upgrades, you will be provided with an upgrade schedule detailing the planned upgrade date for each of your customers, and any pre-requisites which have not been met. 3

OVERVIEW To give you a better overview, the upgrade process can be split into four steps: 1. Preparation This involves opening up your customers firewall/mail server to accept SMTP connections from our new IP ranges and ensuring that all of your domains are using our new MX records and outbound relay/smart host format. If your customers have not yet made these changes, completing these now will help to ensure a seamless transition to the upgraded platform. 2. Provisioning We will provision your customers account onto the new platform, and ensure that your configuration is retained. Much of this process has been automated, however we will manually verify complex configurations prior to upgrade, and would encourage you to review your customers configuration prior to upgrade in case you are aware of any complex configurations on their account. 3. Upgrade Switching routing to the new system will be controlled by our upgrade team. Outbound email is usually switched the day before your upgrade date and inbound email on the given date. We will change the DNS record so that your customers new records will point to the new portal. 4. Finalisation Verification of mail flow (in both directions, if appropriate) and steps performed by us on the legacy platform is made to ensure that there is no conflict between the legacy and the new platform for your domains. Each section is explained in more detail in the Upgrade in detail section of this document. 4

COMPARISON Comendo Comendo mail- and spamfence SecureSMART MANAGEMENT ADD-ON Comendo SecureSMART Suite Administration portal sc.comendo.com portal.comendo.com portal.comendo.com Interface Static Responsive Responsive Spam & Virus Quarantine 14 days 90 days 90 days Message Logs 30 days 90 days 90 days Advanced Reporting CONTINUITY Email Spooling 7 days 7 days 7 days Always-on Email Continuity Add-on* 90 days Email Replay (Admins) Add-on** 14 days 90 days Email Replay (Users) Add-on** 90 days SECURITY Opportunistic/Forced TLS Add-on*** Disclaimers (HTML & Text) Data Loss Prevention Add-on**** Advanced Policies & Actions Large File Handling LDAP Integration Quarantine Report w. login No login * Comendo mailcontinuity ** Comendo backupfence *** Comendo mailtunnel/mta Gold **** Comendo DLP CPR (only social security numbers for SE, DK, NO) 5

Service Details Comendo has been providing a range of hosted security and compliance services to businesses for over 10 years and has built an enviable reputation for the delivery of resilient, effective, mission-critical services. Comendo became part of FuseMail, a division of j2 Global in October 2014, giving us the opportunity to combine our resources and accelerate our programme of upgrades to the service we provide. As of this, we will provide a new version of the Comendo email filtering service, with a range of new features. Some of the key benefits of the upgrade will include: Brand new responsive portal with access to statistics and advanced reports 14 days email backup for all customers Extended to 90 days spam quarantine and email log Smart file handling, that can handle large attachments in emails and replace them with a download link for space savings on your mail server Advanced configurations of policies for handling in- and outbound emails with notifications, redirection options, enhanced Data Loss Prevention and much more LDAP integration for optional synchronisation of users and email addresses Forced TLS with setup directly in the portal Quarantine reports with own customer branding and a direct login link to a limited portal for enhanced end-user experience Extended setup of user permissions and access Key Differences Administrative/User Permissions In the new portal there is a tab called Permissions where you create your roles and assign the level of access to each feature using simple slider controls. Administrative roles created are then assigned to users from the user list page. Permissions are configured on account level (prior to domain level) and therefore Admins has full access to the entire account. Admins will be imported from the legacy platform with full access and Users as regular end-users. 6

User Administration If you on the legacy platform wanted to have users added in the system, you had to manually add them in the interface. Now a default setting called Verify over SMTP is added, and users will be created automatically when receiving an email. Additionally, an LDAP synchronisation can now be setup directly from the portal. This allows you to import users and their alias (secondary) addresses into the portal and keep this information in sync with your corporate directory. Associating secondary addresses with primary addresses ensures that users receive only one spam report for all of their email addresses that settings applied to one address apply to all addresses belonging to that user. LDAP is optional for all clients. Spam Management Spam and logs are now stored for 90 days, during which time either an end-user or an administrator can release the email from their respective portals if they have the appropriate access and permissions. We have introduced a new automatic whitelist feature. When an end-user sends outbound email through the service to an external recipient, the recipient is whitelisted for that user only. When at least two users in your organisation send an email to the same external recipient, the recipient is whitelisted for your entire account. Settings as SPF check and black- and whitelists are configured on account level prior to per domain. End-users will still be able to have individual black- and whitelists. In the event of the need for reporting spam, we have introduced a Report spam button in the message logs. This provides our Security Team an exact example of the email and replaces the need for creating a support ticket and attach the unwanted email. If you want any form of feedback, you are still more than welcome to create a support ticket. Spam Scores The spam scores have been redefined and is now tagged with either low, medium or high threat. This cannot be modified. The legacy feature possible spam score and tag & forward is no longer supported. 7

Quarantine Report The report is now configured at account level, instead of domain, and we have introduced the ability to customise/rebrand the report directly from the interface. These settings are as mentioned account-based and will be configured on all domains. As of this, we have introduced an option for choosing timezone and language directly from the report. Example of the new Quarantine Report The consolidated Quarantine Report, existing custom logos and text will not be automatically synchronised due to the account-based settings, and needs to be setup manually, if still desired. End-users will still receive their own personal report as before. The Outlook Tool for requesting a report on-demand will no longer be supported. As a new feature, we have introduced a link for direct login for a limited portal, where end-users can manage their personal quarantined emails. Attached File Handling Large files can be detached during processing, and replaced with a link to the file on our servers. The minimum trigger for the file size can be set up in the portal. An attachment can be stored for up to 90 days and you can limit the number of downloads of the attachment. This feature can be enabled for both inbound and outbound emails. End-users can access detached files from their end-user portal. You are also able to configure that a given attachment is detached and the email will be delivered without this. 8

Propagation Time In the legacy portal, one hour had to pass before changes were propagated 100%. Now changes made in the portal propagates within only a couple of minutes. Policy Configurations The new portal offers the possibility of creating own advanced policies. This feature can be used to quarantine, edit, forward and other functions that will trigger on certain words/sentences found in the header, body, from field, domain or other variables in a given email. This will also replace the IP and Country blocking that was found in the Comendo portal. Forced TLS A new option in the portal is to setup forced TLS connections. This allows you to create TLS encryption for specified destinations. Emails not transmitted over TLS encrypted connections will be rejected in the presence of the rules that has been setup. Adding new domains Instead of contacting the Support Team or your Account Manager for adding additional domains, you are now able to do this yourself directly from the new portal. Notifications and tags As an improved feature, you are now able to set up notifications that will be sent to a given recipient, when a policy is triggered. This helps you raise attention when a specific policy is met. Virus Notifications has changed and is now called Virus Alert. An Admin can set up an alert for whenever an end-user sends out a virus. Outbound SMTP authentication Legacy user authentication for Outbound SMTP is no longer supported. Outbound IP addresses for relaying can be configured in the new portal and an email address, on one of your domains, can be used as authentication too. 9

Email Continuity (a part of SecureSMART Suite) The legacy portal requires end-users to use two separate portals one to administer the service initially, and then a separate webmail portal to use the service going forward. To enhance the simplicity and user-friendliness, the new portal serves as a single sign-on service in one portal. 10

UPGRADE PROCESS IN DETAIL 1. Preparation In order for the upgrade team to be able to completely manage the upgrade of your account, you need to open up your customers firewall/mail server to accept SMTP connections from our new IP ranges and ensure that all their domains are using our new MX records and outbound relay/smart host format. MX records MX 10 MX 20 primarydomain-tld.mx1.comendosystems.com primarydomain-tld.mx2.comendosystems.net If your customers primary domain is mycompanydomain.com, this would translate to: MX 10 MX 20 mycompanydomain-com.mx1.comendosystems.com mycompanydomain-com.mx1.comendosystems.com This means all dots in your customers domains are replaced by hyphens (-). Please note that if your customers have several domains, you have to use the same prefix for all their domains on their account. 11

Firewall In addition, you need to ensure that your customers servers are able to accept SMTP connections from our new IP ranges, as previously communicated to you earlier this year. IPv4: 185.38.180.0/22 (Subnet mask: 255.255.252.0) 89.104.206.0/23 (Subnet mask: 255.255.254.0) 89.104.216.0/23 (Subnet mask: 255.255.254.0) 192.162.216.0/22 (Subnet mask: 255.255.252.0) 185.37.140.0/24 (Subnet mask: 255.255.255.0) As regards to outbound email you need to change this as well, if they are sending all emails out through Comendo. Smart host primarydomain-tld.smtp1.comendosystems.com primarydomain-tld.smtp2.comendosystems.net As for MX records, if your customers primary domain is mycompanydomain.com, this would translate to: MX 10 MX 20 mycompanydomain-com.mx1.comendosystems.com mycompanydomain-com.mx1.comendosystems.com Again, this means all dots in their domain are replaced by hyphens (-). And please note that if your customers have several domains, you have to use the same prefix for all your domains on their account. SPF record We always advocate to setup an SPF record to protect your customers domain from unwanted abuse. This records must include all outbound source IP addresses and ranges used for relaying from their domain. Our SPF record for inclusion is spf.comendosystems.com 12

If they normally send e-mails from IP 123.123.123.123 your SPF record should look like this: v=spf1 ip4:123.123.123.123 include:spf.comendosystems.com -all The record has to be set up as a TXT version and not as an SPF version. 2. Provisioning The next step is to ensure that your account is provisioned and configured correctly on the new platform. This step is performed by the Upgrades team prior to your upgrade, however we would recommend you to double-check the configuration of key features prior to your upgrade date. There are two elements to the provisioning / configuration of your account: Automated Configuration Sync This process is usually run a few days prior to the upgrade of your account. It automatically synchronises all basic account configuration from the legacy platform to the new version. Any changes you make to your account, after the sync has been completed, will not be ported to the new platform please let us know, if you made any changes in the legacy portal in the few days prior to the upgrade so we can arrange to run another sync for you. However, this additional sync will overwrite any changes which have been manually made to your account on the new portal Manual configuration by the upgrades team Not all elements of your configuration can be copied automatically. In many cases, this is due to changes in how the same configuration can be achieved in the new portal we want to ensure that this is performed manually to ensure that the intention of the configuration is maintained, and that the configuration is setup in the best possible way rather than just performing a likefor-like copy of existing settings. Items which have to be configured manually include: Custom MTA rules (add-on for mail- & spamfence known as MTA gold) 13

3. Upgrade At this point your account has been provisioned and any custom configuration has been replicated to the new service and we are ready to switch email delivery to the new platform. We will usually switch your outbound email before inbound email for two reasons first, any connectivity issues with outbound email can be detected more quickly and secondly, this allows the automated whitelisting feature (described on page 7) to begin adding entries to your users allow lists prior to receiving inbound email through the new platform. The actual redirection of outbound and inbound email will be performed by the upgrade team on the date communicated to you at the start of the upgrades process. Assuming all the steps detailed in the preparation stage have been performed, there will be no need for you to make any further changes during this stage. After switching your email delivery, we will review your logs to ensure that traffic is routed correctly. If we notice any issues, we will contact you straight away and can, for individual upgrades, revert the routing change if required. 4. Finalisation After your account has been upgraded, emails will begin to flow through the new platform and become visible in the logs on the new portal. Access to your legacy Comendo account will be available for at least 14 days after the upgrade, allowing administrators and end-users to access email logs and quarantined messages from the legacy portal. However, if you would like this access suspended sooner, please let the upgrade team know. NOTE: Due to DNS propagation, there may be a period of time, where a small amount of email continues to flow through the old portal, though this should be less than 24 hours. 14

FREQUENTLY ASKED QUESTIONS Will there be any disruption to my customers mail flow during the upgrade? No! and this is very important to us. However, this requires that all changes are made correct: MX records Outbound Smart host Firewall SPF record We have planned our upgrade process carefully to ensure that clients of all size can be upgraded without any loss of email or any delay in mail flow. There will be a clean switchover of email delivery from the legacy to the new platform, performed by our staff, with no intervention or action required by you in the vast majority of cases. How will my customers accounts be upgraded? You will receive an email notification ahead of the migration. We will not upgrade your customers account without your knowing. We will change their outbound mail flow (if used) before the inbound, and monitor their mail flow when moved to the new platform. This ensures us to verify that everything is running according to the plan. When will my customers accounts be upgraded? We will begin the upgrade in May 2016 and you will receive information about your customers specific upgrade date. What will change? Mostly new features! There has been changes as settings moved from domain to account centric and renaming of some of the existing features. Portal logins will be automatically synchronised and if your existing username is an email address you can login using your existing login information. If the existing username is NOT an email address, we have added "@portal.comendo.com" to the username and you have to add this at login. 15

What do I need to do? You do have to ensure that your customers are using the new format for MX records, Outbound Smart host, Firewall and SPF record. Please carefully read the section Upgrade process in detail Preparation. How do I get training? There is a contextual help button to the top right of each page, which will give you more specific details on how each option on that page works. If a more detailed explanation is needed, please contact our support team on support@comendo.com Will other Comendo email security products be upgraded as well? Yes! If your customers have products such as backupfence, mailarchive or SecureMail (SikkerMail), we will upgrade those products as well. For now, continue to use and access these products as usual. We will be in touch in the coming weeks with further details on the upgrade path and timeline for these products, but it is still very important that you complete the preparation page 11-12. Helpdesk page We will continuously update our helpdesk with frequently asked questions. Please visit https://helpdesk.comendo.com to get the newest information or feel free to contact our support team. 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback