Admin Guide Email Defense With Continuity DOCUMENT REVISION DATE: April, 2010
Email Defense with Continuity--Admin Guide / Table of Contents Page 2 of 41 Table of Contents QUICK STAR T CHECKLIST... 3 USE ONLINE HELP... 7 SET UP YOUR SER VICE... 7 ENSURE YOU CAN RECEIVE EMAIL FROM YOUR SER VICE PROVIDER... 7 SET YOUR PASSWORD FROM THE SIGN IN PAGE... 7 SIGN INTO THE CONTROL CONSOLE... 10 RESET YOUR PASSWORD FROM THE SIGN IN PAGE... 12 CONFIRM YOUR PRIMAR Y DOMAINS... 12 CREATE A DOMAIN ALIAS, IF NECESSAR Y... 13 CONFIRM YOUR INBOUND SMTP SER VER... 14 ADD IP ADDRESS OF OUTBOUND SER VER... 15 SET UP A SMART HOST... 15 REDIRECT YOUR MX RECORDS... 16 CONFIRM THE POLICIES FOR YOUR DOMAINS... 17 ACTIVATE CONTENT FILTERS... 18 CHECK MESSAGE QUARANTINE... 19 REVIEW REPORTS TO CHECK POLICIES... 21 LOCK DOWN YOUR ENVIRONMENT... 22 ADMINISTER USERS... 23 DEFINE HOW USERS LOG IN... 23 REVIEW THE CURRENT USER LIST... 24 DISABLE USER ACCESS TO THE CONTROL CONSOLE (OPTIONAL)... 25 TURN ON EXPLICIT USER CREATION (OPTIONAL)... 26 CREATE THE REMAINING USERS... 27 Add Users Manually... 27 Add Users with a Batch File... 28 CREATE USER ALIASES, IF NECESSAR Y... 30 Add Aliases User-by-User... 30 FOR MESSAGE CONTINUITY, CREATE A BATCH FILE TO ADD USERS AND PASSWORDS... 30 CUSTOMIZE INBOUND MAIL FILTERS (OPTIONAL)... 31 CREATE A CUSTOM POLICY (OPTIONAL)... 32 CREATE A NEW CONTENT FILTER (OPTIONAL)... 33 REVIEW QUARANTINED MAIL... 35 CREATE A GROUP, IF NECESSARY... 36 DETERMINE WHO NEEDS SEPARATE FILTERING... 36 CREATE A GROUP... 37 ADD USERS TO THE GROUP... 38 CREATE A CUSTOM POLICY FOR THE GROUP... 39 ASSIGN THE GROUP TO THE CUSTOM POLICY... 39 ADMINISTER DISASTER RECOVER Y SERVICES... 40 SET UP SPOOLING FOR DISASTER RECOVER Y... 40 SET UP NOTIFICATIONS OF DISASTER RECOVER Y... 41
Email Defense with Continuity--Admin Guide / Quick Start Checklist Page 3 of 41 Quick Start Checklist The following checklist lists the tasks you would typically perform after your Email Defense with Continuity is activated. Each task is described in more detail later in the Quick Start Guide. Task SET UP YOUR SERVICE Ensure You Can Receive Email from Your Service Provider Sign into the Control Console Description If you had or still have a different email security or filtering service and your network is administered so that you can receive email only from IP addresses associated with that security service, you must administer your network to allow incoming email from the Control Console servers. You need the URL, sign-in, and password, which you will create yourself. To set your password, see Reset Your Password from the Sign in Page. Confirm Your Primary Domains On the Control Console, click Account Management > Domains. Create a Domain Alias, If Necessary On the Control Console, click Account Management > Domains. Select a domain, then click Edit Aliases. Setup Your Inbound SMTP Server Add IP Address of Outbound Server, If Necessary Set up a Smart Host (If Outbound Email Protection is Turned on) Redirect Your MX Records Click Email Protection > Setup. Select a domain from the Domain drop-down menu. Click Email Protection > Setup > Outbound Servers. You must enter an IP address (for example 100.2.45.107) or a CIDR address (for example 100.2.45.107/27). To ensure that your outbound email is filtered, you must designate, for each of your outbound mail servers, an Email Protection server as your Smart Host. The Mail Exchange (MX) record for each of your mail servers is a specification within a Domain Name Server (DNS Server) operated by your Internet Service Provider (ISP). These records must be changed by you or your ISP to fully-qualified domain names (for example, denver.acme.com) within the Email Defense with Continuity network. The exact changes necessary are provided in this guide. Confirm the Policies for Your Domains Click Email Protection > Policies. Select the default inbound policy, then browse each tab for the policy.
Email Defense with Continuity--Admin Guide / Quick Start Checklist Page 4 of 41 Task Description Activate Content Filters Click Email Protection > Policies > Content. Select a default content group, and click Update, Click the Active checkbox, and click Save. Check Message Quarantine Click Email Protection > Quarantine. Select All Threats and All days. Review Reports to Check Policies Click Email Protection > Reports. Lock Down Your Environment Five to seven days after you have redirected your MX record, and after you have verified that email is being filtered and delivered appropriately, restrict all IP access to your mail server with the exception of the Email Protection subnets provided in this guide. Add IP Address of Outbound Server ADMINISTER USERS Click Email Protection > Setup. From the Domain drop-down menu on the Setup page, select the domain whose SMTP server you want to check. The Inbound Servers Setup page is displayed. The Server IP Address Range field displays the domain name(s) or IP address(es) for the domain s outbound server. Make sure the SMTP server(s) listed are valid and correct. Ensure that all other information on the page is correct, and select Save. Define How Users Log in 1 Click Account Management > Users > Authentication. 2 From the Authentication Type drop-down menu, select Passwords. 3 Click More Options if you want to use a batch file to set or change passwords for multiple users all at once. 4 Click Save. Review the Current User List 1 Click Account Management > Users. 2 Review the users on the list for any invalid users. 3 Click Delete. if you see any invalid users. 4 In the Users List, look for users who are not administered on your mail server. 5 Highlight each invalid user and click Add to add the user to the Delete List. 6 Click Save. Disable User Access to the Control Console (Optional) Turn on Explicit User Creation (Optional) Click Email Protection > Policies > Anti-Spam > Reporting. Select the field Allow non-admin users to login directly to the Control Console. Click Email Protection > Setup > User Creation Settings. Select Explicit.
Email Defense with Continuity--Admin Guide / Quick Start Checklist Page 5 of 41 Task Description Create the Remaining Users You can add users with any of three methods: Manually Click Account Management.> Users.> Create. With a Batch File Click Account Management.> Users.> Create. Select Batch. Use Directory Integration Create User Aliases, If Necessary You can add user aliases with any of three methods: Add Aliases User-by-User Click Account Management > Users.> Create. Click a user name from the list. Click Aliases. Add Aliases with a Batch File Use Directory Integration For Message Continuity, Create a Batch File to Add Users and Passwords To use the Message Continuity service, you must add users to Email Protection with a method other than SMTP Discovery. The default SMTP Discovery method does not add users until they have received several emails. As a result, some users might not be added for quite some time, and therefore, those users email would not be immediately available in case of disaster recovery. See Create the Remaining Users. CREATE INBOUND MAIL FILTERS (OPTIONAL) Create a Custom Policy (Optional) Click Email Protection > Policies > New. Create a New Content Filter (Optional) Click Email Protection > Policies. Click the policy you want to change. Click Content. Click New. Review Quarantined Mail Click Email Protection > Quarantine. Select All Threats and All days.
Email Defense with Continuity--Admin Guide / Quick Start Checklist Page 6 of 41 Task Description CREATE A GROUP, IF NECCESSARY Determine Who Needs Separate Filtering Groups are used when there are users in the organization whose email should be filtered according to a policy other than the default policy. To filter email differently for a specific group of users, you must first determine who should be in a group. Create a Group Click Account Management > Groups. Click New. Add Users to the Group On the Groups screen, select the group to which you want to add users, then click Users. Create a Custom Policy for the Group See Create a Custom Policy (Enterprise Customer Only). Assign the Group to the Custom Policy ADMINISTER DISASTER RECOVERY SERVICES Set up Spooling for Disaster Recovery Click Email Protection > Policies. Select the custom policy to which you want to assign a group. Click Group Subscriptions. You will use Message Continuity for disaster recovery. So you must set up spooling. Click Email Protection > Setup > Disaster Recovery. From the Domain drop-down menu, select the domain you want to set up for Disaster Recovery. Set up Notifications of Disaster Recovery You can specify that notifications are emailed automatically to designated recipients, typically yourself or other administrators, when the following Disaster Recovery events occur: Under the Notifications section of the Disaster Recovery Setup screen, type, in the Recipient Email Address field, the email address of a person who should receive notification of a disaster recovery event.
Email Defense with Continuity--Admin Guide / Setup Your Service Page 7 of 41 Use Online Help Use the online help in the Control Console to find details on the administration pages for the Email Defense with Continuity. The online help describes the purpose of administration pages, the fields on the administration pages, and procedures that use the administration pages. This Admin Guide provides only key information on administration pages to help get you started. The Admin Guide does not provide the details on all administration fields. Instead, you must use the online help for detailed information on administration pages and fields. Set up Your Service Ensure You Can Receive Email from Your Service Provider If you had or still have a different email security or filtering service and your network is administered so that you can receive email only from IP addresses associated with that security service, you must administer your network to allow incoming email from the Control Console servers. For example, a port in your company s firewall may need to be enabled to receive email from the IP addresses of the Control Console servers. This enablement is necessary in order for you and your users to set the initial password for access to the Control Console. Set Your Password from the Sign in Page Note: The Console is accessed via your Control Panel (cp.collaborationhost.com), and selecting the Console button within the Email Defense section. If you are signing into the Control Console for the first time, you might need to obtain a password. If so, perform the following steps:
Email Defense with Continuity--Admin Guide / Setup Your Service Page 8 of 41 1 On the Sign in page, click the Forgot your password or need to create a password? link. The following screen is displayed. 2 In the Email Address field, type your email address. 3 Choose Email password information to my Domain Contact,and Click Next. You will receive an email momentarily with further instructions. Continue with Step 4. 4 Open the email message. The email subject line says Control Console Login Information. The email is similar to the following: 6 Click the link in the email. The link is active for only a limited time after the email is sent (typically 60 minutes). 7 If you previously had selected a security question, the security question is displayed. If you had not previously selected a security question, select a question from the Security Question drop-down menu. 8 Type the answer to the question in the Security Answer field. 9 In the Password field, type a password. The password must comply with the following rules: Length must be a minimum of 8 characters. Alpha, numeric, and special character types are allowed.
Email Defense with Continuity--Admin Guide / Setup Your Service Page 9 of 41 There must be at least one character that differs in character type (alpha, numeric, or special) from the majority of characters. Thus, if the password contains mostly alpha characters, then at least one character must be either a special character or numeric. For example, majordude is invalid, but majordude9 is valid. Allowed special characters are: left parenthesis ( ( ) ampersand ( & ) right bracket ( ] ) right parenthesis ( ) ) asterisk ( * ) colon ( : ) apostrophe ( `) hyphen ( - ) semicolon ( ; ) tilde ( ~ ) plus sign ( + ) double quotes ( " ) exclamation (! ) equals sign ( = ) single quotes ( ' ) @ bar ( ) less than sign ( < ) hash ( # ) backslash ( \ ) greater than sign ( > ) dollar sign ( $ ) left curly bracket ( { ) period (. ) percentage sign ( % ) right curly bracket ( }) question mark (? ) caret ( ^ ) left bracket ( [ ) Spaces are not allowed. Passwords are case-sensitive (for example, Password, password, and PASSword would be different passwords). Make sure you can remember your password, but do not use obvious passwords (for example, password, your name, or a family member s name). Keep your password safe and private. 10 Retype your password in the Confirm Password field. 11 Click Save.
Email Defense with Continuity--Admin Guide / SETUP Sign into the Control Console Page 10 of 41 Sign into the Control Console To administer Email Defense with Continuity, you must sign into the Control Console with the following steps: Note: The first time you sign in, you might need to create your password. If so, see Set Your Password from the Sign in Page. 1 Open a browser on your computer and enter the URL for the Control Console (https://cp.collaborationhost.com). 2 Click on the Console Page link to open the Email Defense Console.. 2 At the Control Console Sign in page, enter your email address and password. 3 Click Sign in. If you have not previously entered an answer to a security question, the Security Question screen will pop up.
Email Defense with Continuity--Admin Guide / SETUP Sign into the Control Console Page 11 of 41 The answer to the security question is used is used to validate you, the user, if you forget your password. You can later change your security question and/or security answer on the Preferences page of your user account. 4 Select a security question and type the answer. Your answer is not case-sensitive. Note: With the Email Defense with Continuity service, you can also sign into the Control Console from a Spam Quarantine Report.
Email Defense with Continuity--Admin Guide / SETUP Confirm Your Primary Domains Page 12 of 41 Reset Your Password from the Sign in Page Note: This capability may not be available if the user authentication method is set to LDAP, POP3, or IMAP or if the ability to change passwords has been disabled at the system level. If you forget your password, perform the same steps as in Set Your Password from the Sign in Page. Confirm Your Primary Domains A primary domain is typically, though not always, associated with a single mail server. Let s say your company, Acme Company, uses six mail servers, each with its own primary domain name. Your domain(s) should have already been assigned within the Control Console. You must confirm that these domains, as provisioned, match the actual domain names within your network. 1 Click Account Management.> Domains. The Domain Management page is displayed. The page lists the primary domains assigned in the Control Console. 2 Make sure that the list of domains matches those established in your network. Check with your network or mail server administrator to verify the domains. If a domain that Email Defense with Continuity should protect is missing, you must add it from the Domain section of the Control Panel.
Email Defense with Continuity--Admin Guide / SETUP Create a Domain Alias Page 13 of 41 Create a Domain Alias, If Necessary You company also may use domain aliases. For example, acme.org and acme.net might be domain aliases for your company s acme.com domain so that email mistakenly sent to addresses using acme.org or acme.net actually are sent to acme.com. You must add these domain aliases in the Control Console to ensure email to these domains are filtered and delivered. 1 Click Account Management > Domains. 2 On the Domain Management page, click the domain for which you want to add aliases. In our example, you would click acme.com. The Domain Details page is displayed. 3 Click Edit Aliases. The Domain Aliases page is displayed. 4 Complete the Add field, and click Add. For more information, click Help.
Email Defense with Continuity--Admin Guide / SETUP Confirm Your Inbound SMTP Page 14 of 41 Confirm Your Inbound SMTP Server Email Defense with Continuity checks email destined for your inbound Simple Mail Transfer Protocol (SMTP) email server or servers. To configure these servers, perform the following steps: 1 Click Email Protection > Setup. 2 From the Domain drop-down menu on the Setup page, select the domain whose SMTP server you want to check. 3 Enter an SMTP Host address to deliver inbound SMTP traffic. 4 Enter a Server Port Normally SMTP is port 25. If different, specify here. 5 Enter a Preference MX Preference for this server. When delivering mail, the service will attempt to deliver to the lowest numbered server(s) first. If that fails, the service will attempt to deliver to the SMTP Host Address with the next highest number, and so on. 6 Active Indicates if this SMTP Host Address is currently accepting traffic. Uncheck this check box to temporarily stop this Host from accepting traffic. 7 Delete To remove an SMTP Host Address from the list, click the check box, then click Save. Add New Host Allows you to add a new IP address or URL to the list. 8 Click Save to finish 9 Repeat steps 2 through 4 for any other domains in your network. For more information on this page, click Help. NOTE: You must set a Server Port (default is 25) and a Preference value (default is none) for each new Host. If one of these fields is blank (no number), when you click Save a warning message will appear and the service sets a default of Port = 25, Preference = 0, and sets the Host to Inactive. You need to change these default settings if they are incorrect for your server(s).
Email Defense with Continuity--Admin Guide / SETUP--Add IP Address of Outbound Server Page 15 of 41 Add IP Address of Outbound Server Your service includes Outbound Message filtering, you must identify one or more outbound mail servers through which your users send outgoing mail. While your outbound server might use a Domain Name Server (DNS) name within your network (for example, lewisoutbound.acme.com), you identify the outbound sever within Email Defense with Continuity with an IP address (for example, 111.222.111.0). Alternatively, you can specify a Classless Interdomain Routing (CIDR) address for a range of outbound servers (for example, 111.222.111.0/27) only. The address must be a public address. 1 Click Email Protection > Setup> Outbound Servers. The Outbound Server Setup page is displayed: 2 Click Add New Address, and add the address of the outbound server. Important: You or your network administrator should also do the following before or immediately after adding your outbound server(s): Update Sender Policy Framework (SPF) records on your mail server(s) to ensure only authorized sources are sending outbound email. Scan your network for open relays, viruses and malware. Set up a Smart Host To ensure that your outbound email is filtered, you must designate, for each of your outbound mail servers, an Email Defense with Continuity server as your Smart Host. Your outbound email is then relayed through Email Defense with Continuity before continuing to its final destinations. Note: This task is performed on your outbound email server or servers, on your network router, or on some other server, depending on your network s configuration.
Email Defense with Continuity--Admin Guide / SETUP--Redirect Your MX Records Page 16 of 41 Redirect Your MX Records The Mail Exchange (MX) record for each of your mail servers is a specification within a Domain Name Server (DNS Server) operated by your Internet Service Provider (ISP). Each MX record specifies a host name and preference that determines where and how your ISP routes your company s email. Your MX record or records at your ISP must be changed to fully-qualified domain names (for example, denver.acme.com) within the Email Defense with Continuity network. These changes allow Email Defense with Continuity to filter your email before it arrives at your company s mail servers. Your Network Administrator or Domain Registrar will be responsible for making these changes to your DNS Record: MX Record: server1.inboundmx.com (preference 10) server2.inboundmx.com (preference 20) TXT Record: v=spf1 ptr:mxlogic.net ptr:collaborationhost.net ip4:216.166.12.0/24 include:mxlogic.net ~all Additional domains should be redirected in the same manner. Do not re-direct your mail exchange (MX) record to anything other than what you see listed above. Use of other MX records may cause mail to bypass the filtering system, increasing threat exposure.
Email Defense with Continuity--Admin Guide / SETUP--Confirm Domain Policies Page 17 of 41 Confirm the Policies for Your Domains Email Defense with Continuity has default inbound and outbound mail filters. These filters are called policies. The default policies are automatically assigned to each of your domains after the domain is defined. For many companies, the default policy filters email effectively and doesn t require changes. However, it is strongly recommended that you review the default policy to make sure the policy meets your needs. If the policy does not meet your needs, you can customize the policy. For information on customizing policies, see Customize Inbound Mail Filters. To confirm your policies, perform the following steps 1 Click Email Protection > Policies. The list of policies is displayed. Because the same default policy applies to all domains, you do not need to select a domain to see the default policy. 2 Click Default Inbound. 3 Click the Edit button. 4 Click each of the following tabs and review the options that are selected and those that are available: For information on what the all options mean, see the online help. Virus Look at both the Action and Notifications tabs. Spam Look at all three tabs Classification, Content Groups, and Reporting. Content Look at all four tabs Content Groups, Notifications, HTML Shield, and ClickProtect. Attachments Look at the following three tabs File Types, Filename Policies, and Notifications. Allow/Deny Look at the following three tabs Sender Allow, Sender Deny and Recipient Shield. a Notifications Look at all three tabs Virus, Content, and Attachments. Group Subscriptions
Email Defense with Continuity--Admin Guide / SETUP--Activate Content Filters Page 18 of 41 Activate Content Filters By default, the Profanity, Racial Insensitivity, and Sexual Overtones email content filters within the default inbound policy are inactive. If you choose not to customize your inbound policy (see Customize Inbound Mail Filters (Optional), you should activate these content filters in the default Inbound Policy. 1 Click Email Protection > Policies. 2 Click Default Inbound. 3 Click Content. The Content Groups screen is displayed. 4 Select Profanity, and click Edit. The Edit Content Group Policy section is displayed. 5 Click the Enable checkbox, then click Save.
Email Defense with Continuity--Admin Guide / SETUP--Check Message Quarantine Page 19 of 41 Check Message Quarantine To ensure Email Defense with Continuity is filtering email messages in a way that is acceptable, check the email messages that appear in the Message Quarantine areas. To check the quarantine, perform the following steps: 1 Click Email Protection > Quarantine. 2 From the Threat drop-down menu, select All Threats. 3 From the Day drop-down menu select All Days. 4 From the Direction drop-down menu, select Inbound or Inbound and Outbound if you also use outbound email filtering. 5 Click Search.
Email Defense with Continuity--Admin Guide / SETUP--Check Message Quarantine Page 20 of 41 The list of quarantined messages is displayed at the bottom of the screen. 6 Review the type of threat of each message, as well as the sender, recipient, and subject. 7 To view more detail about a message, hover your cursor over the From column of the message. Different information is displayed depending on the type of violation incurred. For a SPAM violation, you see the SPAM score. For an attachment violation, you see the attachment name that invoked the violation. For a virus violation, you see the Virus name that invoked the violation. For a content violation, you see the Content Keyword that invoked the violation. 8 Ensure that messages from senders of desired organizations are not being quarantined unnecessarily. Those sender addresses may be added to the Policy-level Allow List. 9 Ensure that senders from undesired organizations can also be determined by Message Quarantine monitoring, and those senders can be added to the Policy-level Deny List.
Email Defense with Continuity--Admin Guide / SETUP--Review Reports Page 21 of 41 Review Reports to Check Policies To ensure Email Defense with Continuity is filtering email messages in a way that is acceptable, review the various service mail flow statistical reports. To review reports, perform the following steps: 1 Click Email Protection > Reports. 2 From the Report drop-down menu, select a report. 3 From the Period calendar, select the month whose data you want to view. 4 Check the reports for data such as the following: Threats encountered Messages released from the Quarantine Inbound server connections
Email Defense with Continuity--Admin Guide / SETUP--Lock Down Your Environment Page 22 of 41 Lock Down Your Environment Five to seven days after you have redirected your MX record, and after you have verified that email is being filtered and delivered appropriately, restrict all IP access to your mail server with the exception of the following subnets. This action ensures that no mail is presented to your mail server without filtering. The preferred setting is to include the Classless Inter-Domain Routing (CIDR) for the entire Class 8 C notation. Alternate settings are also provided below. Preferred Setting If your firewall solution accepts Classless Inter-Domain Routing (CIDR) and can support Class 8 C notation please include the following: CIDR Starting IP Ending IP 208.65.144.0/21 208.65.144.0 208.65.151.255 208.81.64.0/22 208.81.64.0 208.81.67.255 Alternate Setting (1) If your firewall solution accepts Classless Inter-Domain Routing (CIDR) and only supports Class 1 C notation, you will need to include the following entries to the entire subnet: CIDR Starting IP Ending IP 208.65.144.0/24 208.65.144.0 208.65.144.255 208.65.145.0/24 208.65.145.0 208.65.145.255 208.65.146.0/24 208.65.146.0 208.65.146.255 208.65.147.0/24 208.65.147.0 208.65.147.255 208.65.148.0/24 208.65.148.0 208.65.148.255 208.65.149.0/24 208.65.149.0 208.65.149.255 208.65.150.0/24 208.65.150.0 208.65.150.255 208.65.151.0/24 208.65.151.0 208.65.151.255 208.81.64.0/24 208.81.64.0 208.81.64.255 208.81.65.0/24 208.81.65.0 208.81.65.255 208.81.66.0/24 208.81.66.0 208.81.66.255 208.81.67.0/24 208.81.67.0 208.81.67.255 Alternate Setting (2) If your firewall solution does not accept Classless Inter-Domain Routing (CIDR) notation, you will need to include the starting and ending IP address for either the Class 8 C addresses or the Class 1C addresses which are included above. Note: This task is performed on your inbound email server or servers or on your network firewall server.
Email Defense with Continuity--Admin Guide / ADMIN USERS--Define User Login Page 23 of 41 Administer Users Define How Users Log in You can use one of four methods for authenticating users when they log in: Passwords LDAP POP3 IMAP The latter three methods cause the Account Management software to query a server for user credentials. Note: If you plan to use the User Synchronization process to add users, it is recommended that you use LDAP User Authentication since this method allows you to take advantage of Active Directory and can save you a lot of time. Passwords Authentication means that users log into the Control Console with the standard user name and password method. If this authentication method is selected, each user must have a defined user account with a non-null password in the Control Console. Note: This feature does not affect users logging in by clicking a hyperlink in the Spam Quarantine Report. 1 Click Account Management > Users > Authentication. 2 From the Authentication Type drop-down menu, select Passwords. 3 Click More Options if you want to use a batch file to set or change passwords for multiple users all at once. Only passwords for users in the domain currently being viewed can be changed. Only passwords for users who have a role less than or equal to your own can be changed. Note: Depending on your role, this area may or may not be accessible. 4 See the online help for more information.
Email Defense with Continuity--Admin Guide / ADMIN USERS--Review User List Page 24 of 41 Review the Current User List The default method for adding users to Email Defense with Continuity is SMTP Discovery. SMTP Discovery is a method in which Email Defense with Continuity checks incoming messages for recipients, and if multiple messages are addressed to the same recipient, that recipient is added to the system as an Email Defense with Continuity user. As a result, there may be user accounts initially added in the Control Console that do not actually exist on your mail server. Administrators are encouraged to delete these invalid User Accounts. To delete invalid users, perform the following steps: 1 Click Account Management > Users. 2 Click Delete. 3 In the Users List, look for users who are not administered on your mail server. 4 Highlight each invalid user and click Add to add the user to the Delete List. Note: You can add multiple users to the Delete List at one time. To do this, hold down the Ctrl button on your keyboard as you click each user. Each selected user stays highlighted and is added to the Delete List when you click Add. 5 Click Save. Note: It is not recommended to use the SMTP Discovery method of adding new users with the Message Continuity service. See the section Turn on Explicit User Creation for the proper method of adding users with Message Continuity.
Email Defense with Continuity--Admin Guide / ADMIN USERS--Disable User Access Page 25 of 41 Disable User Access to the Control Console (Optional) Users can access quarantined email by clicking on the links within the Spam Quarantine Reports that they receive. By default, users also can log into the Control Console to create Allow or Deny lists or customize their Email Defense with Continuity notifications and displays. To prevent Control Console access to users, you must disable this access. To disable user access to the Control Console, perform the following steps: 1 Click Email Protection > Policies > Spam > Reporting 2 Unselect the field Allow non-admin users to login directly to the Control Console. 3 Click Save.
Email Defense with Continuity--Admin Guide / ADMIN USERS--Explicit User Creation Page 26 of 41 Turn on Explicit User Creation (Optional) The default method for populating users in Email Defense with Continuity is SMTP Discovery. SMTP Discovery automatically adds a user within Email Defense with Continuity after Email Defense with Continuity receives several incoming emails for that user. At times, email incorrectly addressed to a user that does not exist in your email system can cause invalid users to be added to Email Defense with Continuity. Therefore, it is strongly recommended that you set the User Creation option to Explicit, which you can do at any time. Explicit requires you to add email users using one of the methods provided within Account Management, including: Batch file Directory Integration Manual user creation. 1 Click Email Protection > Setup > User Creation 2 Select Explicit. 3 Under When a recipient is invalid, select an option to handle messages when the recipient is not a valid user. 4 Click Save.
Email Defense with Continuity--Admin Guide / ADMIN USERS--Create Remaining Users Page 27 of 41 Create the Remaining Users You can add users with any of three methods: Use Directory Integration This is the recommended method if your email server uses Active Directory. You cannot add passwords with this method. Add Users Manually This is the simplest, but most time-consuming, method. You can also add passwords with this method. Add Users with a Batch File This method requires you to create a text file with user addresses. You cannot add passwords with this method. Add Users Manually 1 Click Account Management > Users > Create 2 In the Creation Modes drop-down list, select Individual. 3 See the online help for how to complete the remaining fields for adding users. Note: Group administration currently applies only to Email Defense with Continuity and Web Protection.
Email Defense with Continuity--Admin Guide / ADMIN USERS--Create Remaining Users Page 28 of 41 Add Users with a Batch File You can upload a text file with the all email addresses. Note: If you are also adding alias email addresses, you can include them in the batch file. If you add users with a batch file, but do not add aliases at the same time, and later you want to add aliases with a batch file, you must re-add the users along with the aliases. See Create User Aliases, If Necessary. 1 Open a text editor, for example Notepad, to create your file of addresses. On the first line of the file, type the primary domain address for a user, as well as any other alias recipient names desired, separated by a single space or a comma. Do not enter the domain portion (the @ followed by a domain name) of the address to the alias names. See the following example: In the previous figure, the line jsmith@acme.com joesmith josephsmith adds the primary address jsmith@acme.com, and two alias addresses jsmith@acme.com and josephsmith@acme.com. Up to five aliases can be created per user, depending on your company s configuration. 2 Press the Enter key or an equivalent key to create a hard return and start a new line in the file. 3 Create one line of addresses per user. Email addresses must be unique. Valid and invalid characters are as follows: Valid Characters Alphanumeric characters (A-Z and/or 0-1) Invalid Characters Spaces at the beginning or end of the user account name Spaces within the name Comma (, ) Hyphen ( - ) Plus sign ( + ) Single apostrophe ( ' ) Double quotes ( " ) Ampersand ( & ) Left arrow ( < ) Right arrow ( > ) Semi-colon ( ; ) Hash sign ( # ) 4 Save the file to your computer s hard drive with a filename of your choice. The file size can be up to 100 KB. 5 Click Account Management > Users > Create. 6 From the Creation Mode drop-down list under Create Users, select Batch. The Create Users screen changes to show batch creation fields
Email Defense with Continuity--Admin Guide / ADMIN USERS--Create Remaining Users Page 29 of 41 7 See the online help for how to complete the remaining fields for batch creation. The alias recipient names are automatically added as alias addresses with the primary domain.
Email Defense with Continuity--Admin Guide / ADMIN USERS--Create User Aliases Page 30 of 41 Create User Aliases, If Necessary User aliases might be administered on your email server to provide alternative email addresses for your users. For example, Joe Smith might have a primary email address of joesmith@acme.com and alias addresses of jsmith@acme.com and josephsmith@acme.com. If your users have aliases on your mail server, it is recommended that you add these aliases to the Control Console. By adding aliases, you ensure that: Email Defense with Continuity can consolidate emails received for multiple addresses into a single set of quarantine areas (Virus, Spam, Content, and Attachments). Email Defense with Continuity sends a single Spam Quarantine Report to the user for all quarantined spam emails. The Spam Quarantine Report and any emails released from any quarantine are sent to the primary email address. Email Defense with Continuity can filter the emails received for the alias addresses with the same policies defined for the primary email address. You can add aliases in one of three ways: Add Aliases User-by-User Use the Alias Addresses screen. Add Aliases with a Batch File See Add Users with a Batch File. Use Directory Integration This is the recommended method if your email server uses Active Directory. You cannot add passwords with this method. Add Aliases User-by-User 1 Click Account Management > Users > Create. 2 Click a user name from the list. 3 Click Aliases. The screen lists all existing alias email addresses. 4 Type an alias prefix into the Alias Address field. The system automatically creates an alias address beginning with the prefix for every alias domain associated with the primary domain. For Message Continuity, Create a Batch File to Add Users and Passwords To use the Message Continuity service, it is recommended you add users to Email Defense with Continuity with a method other than SMTP Discovery. The default SMTP Discovery method does not add users until they have received several emails. As a result, some users might not be added for quite some time, and therefore, those users email would not be immediately available in case of disaster recovery. See Create the Remaining Users.
Email Defense with Continuity--Admin Guide / CUSTOMIZE INBOUND--Filters Page 31 of 41 Customize Inbound Mail Filters (Optional) You can customize the default inbound policy for groups of users to fit your business needs. To create and use custom policies, you must create a group or groups of users, and for each group, you can create a custom policy. A group can be created according to domain membership (see Figure 5) or according to any other user characteristics that may apply across multiple domains (see Figure 6). For procedures, see Create a Group (Enterprise Customer Only)). Note: Because a group defined can contain users from different domains, a group policy does not necessarily apply to a domain, but rather to the group of users to which it is defined. A custom group policy supersedes the default policy that is assigned to all domains. Figure 5: Enterprise Custom Policy Assignment (Groups by Domain) Figure 6: Enterprise Custom Policy Assignment (Groups by Other Attributes)
Email Defense with Continuity--Admin Guide / CUSTOMIZE INBOUND--Custom Policy Page 32 of 41 Create a Custom Policy (Optional) 1 Click Email Protection > Policies. 2 Click New. The New Policy Set fields are displayed: 3 See the online help for more information on completing the fields. 4 Click Save. The Policy Sets list is updated with the new policy. You can now modify the new policy to meet your business needs. See Create a New Content Filter, which is a typical portion of a policy that is customized.
Email Defense with Continuity--Admin Guide / CUSTOMIZE INBOUND--Content Filter Page 33 of 41 Create a New Content Filter (Optional) A policy component that is typically customized is the content filter. The content filter does the following: Blocks or quarantines the email that contains prohibited keywords. Notifies the sender or recipient when an email has been quarantined or blocked. Blocks HTML malicious tags or prohibited images. Manages the ability for users to click on links in email. To create a new policy content filter, perform the following steps: 1 Click Email Protection > Policies. 2 Click the policy you want to change. 3 Click Content. The Content Groups screen is displayed. 4 Click New. The New Content Group Policy fields are displayed. 5 In the Group Name field, type the name of your content group. 6 In the Keywords field, type words for which you want Email Defense with Continuity to filter email. Note: Each keyword or phrase you want to filter must be followed by a hard return. See the online help for more keyword formatting information. 7 From the Action drop-down menu, select an action to take on the emails that are in violation. See the online help for more information. 8 If desired, select a silent copy option. You can choose None or a previously- configured distribution list to which to send a copy of any email that violates the content restrictions. Distribution lists for this option are configured from Account Management > Customers > Distribution Lists. 9 Select Enable to turn on filtering for this content group.
Email Defense with Continuity--Admin Guide / CUSTOMIZE INBOUND--Content Filter Page 34 of 41 To customize a policy s content filter, perform the following steps: 1 Click Email Protection > Policies. 2 Click the policy you want to change. 3 Click Content. The Content Groups screen is displayed. 4 Click on a default content category you want change and click Edit. The Edit fields are displayed. Note: You cannot change keywords in a default content group. 5 From the Action drop-down menu, select an action to take on the emails that are in violation. See the online help for more information. 6 If desired, select a silent copy option. You can choose None or a previously- configured distribution list to which to send a copy of any email that violates the content restrictions. Distribution lists for this option are configured from Account Management > Customers > Distribution Lists. 7 Select Active to turn on filtering for this content group.
Email Defense with Continuity--Admin Guide / CUSTOMIZE INBOUND--Review Quarantine Page 35 of 41 Review Quarantined Mail Review quarantined email of your users to ensure the following: Messages from senders of desired organizations are not quarantined unnecessarily. These sender addresses may be added to the Policy-level Allow List. Senders from undesired organizations are quarantined. These sender addresses can be added to the Policy-level Deny List. As a customer administrator, you can view quarantined mail from all users. Personnel with domain administrator and quarantine manager permission can also review all user quarantine messages. To review quarantined mail, perform the following steps: 1 Click Email Protection > Quarantine. 2 From the Threat drop-down menu, select All Threats. 3 From the Day drop-down menu, select All Days. 4 From the Direction drop-down menu, select Inbound or Inbound and Outbound if you also use outbound email filtering. 5 Click Search. The list of matching messages is displayed. 6 Review the type of threat of each message, as well as the sender, recipient, and subject. 7 To view more detail about a message, hover your cursor over the From column of the message. Different information is displayed depending on the type of violation incurred. For a SPAM violation, you see the SPAM score. For an attachment violation, you see the attachment name that invoked the violation. For a virus violation, you see the Virus name that invoked the violation. For a content violation, you see the Content Keyword that invoked the violation. Note: From this screen, you can also release mail from quarantine so the email returns to the users inbox, or you can delete quarantined mail.
Email Defense with Continuity--Admin Guide / GROUPS--Determine Needs Page 36 of 41 Create a Group, If Necessary Determine Who Needs Separate Filtering Groups are used when there are users in the organization whose email should be filtered according to a policy other than the default policy. For example, you might have a support group that needs to receive email from a wide variety of customers, some of whom might send many advertisements via email. In this case, email those customers might be blocked periodically by the default policy. In this case, you can create a group for Support, and then create a new policy just for Support. Creating and applying groups is a three step process: 1 Create a new group. 2 Assign individual User Accounts to the group. 3 Create a new policy with special email filtering rules and associate the group to the policy. Once completed, the users in the group will have their email filtered according to the newly created policy, instead of the email filtering rules in the default policy. Note: All users who are not assigned a group continue to receive email according to the default policy. Also, users from up to three different domains can be assigned to the same group.
Email Defense with Continuity--Admin Guide / GROUPS Create a Group Page 37 of 41 Create a Group To create a group, perform the following steps: 1 Click Account Management > Groups. 2 Click New. 3 In the Name field, type a unique name for the group. In our example, type Sales. 4 In the Description field, type the purpose of the group and a high-level description of who is in it. For example, type Extensive allow list for customers. Includes all support associates. 5 Click Save. If this is the first group, the Users tab is created so that you can assign users to the group.
Email Defense with Continuity--Admin Guide / GROUPS Add Users Page 38 of 41 Add Users to the Group 1 On the Groups screen, select the group to which you want to add users, then click Users. A list of users for the current domain is displayed. 2 Select the name of a user you want to add to the group. You can also press the Ctrl key on your keyboard and select multiple users to add at one time. 3 Click Add. 4 Repeat steps 2 and 3 for all users you want to add to the group. 5 From the Domain drop-down menu at the top of the screen, select a different domain from which to add users to the group. 6 Repeat steps 2 through 4 for the users you want to add from the selected domain. 7 Repeat steps 5 and 6 for adding users from a third domain, if desired.
Email Defense with Continuity--Admin Guide / GROUPS Custom Policy Page 39 of 41 Create a Custom Policy for the Group See Create a Custom Policy (Optional). Assign the Group to the Custom Policy 1 Click Email Protection > Policies. 2 Select the custom policy to which you want to assign a group. 3 Click Group Subscriptions. The Policy Configuration Groups screen is displayed. 4 Select the group you want to assign. 5 Click Add
Email Defense with Continuity--Admin Guide / DISASTER RECOVERY Setup Spooling Page 40 of 41 Administer Disaster Recovery Services Message Continuity Message Continuity saves messages for later delivery if your mail server becomes unavailable. When your mail server becomes available, Message Continuity intelligently delivers the messages to your on premise Email Server. Users can access their messages through a Web- based interface while messages are in Message Continuity only. Message Continuity also has unlimited storage capacity and removes messages that have been in Message Continuity storage for more than 60 days. Set up Spooling for Disaster Recovery 1 Click Email Protection > Setup > Disaster Recovery. 2 From the Domain drop-down menu, select the domain you want to set up for Disaster Recovery. 3 In the Configuration Settings section, select one of the following options: Automatic This option automatically spools all incoming email when Email Defense with Continuity detects a loss of connectivity with your email server(s). With this option, you must also specify how long Email Defense with Continuity should wait after connectivity is lost to begin spooling. o Note: It may take several minutes to determine that your inbound server is unavailable. During this time, and during the time delay, received emails can be temporarily failed if your inbound server is unavailable Manual T h i s option allows you to start and stop Disaster Recovery spooling manually for planned email server outages such as server maintenance. When necessary, you then select Start Spooling to initiate manual spooling; and select Stop Spooling to stop it. o Note: It may take a few minutes for manual spooling of incoming mail to start and stop. 4 If you selected the Manual option, check the Deliver spooled email when connectivity is available box to deliver spooled email when connectivity to the email server(s) is restored. 5 With Message Continuity, check the checkbox Allow users to use Message Continuity to set the default permission for users to get messages through Message Continuity. This setting applies to the domain. You can override this setting on the Disaster Recovery screen under Policies if you have some groups that you don t want to allow access.
Email Defense with Continuity--Admin Guide / DISASTER RECOVERY Notifications Page 41 of 41 Set up Notifications of Disaster Recovery You can specify that notifications are emailed automatically to designated recipients, typically yourself or other administrators, when the following Disaster Recovery events occur: Automatic spooling has started Automatic unspooling has started Automatic or manual unspooling has completed. 1 Under the Notifications section of the Disaster Recovery Setup screen, type, in the Recipient Email Address field, the email address of a person who should receive notification of a disaster recovery event. Note: In order to minimize the possibility that Disaster Recovery notifications cannot be delivered to listed recipients, it is recommended that notifications be sent to email addresses associated with cell phones or pagers. 2 Click Add. 3 Repeat steps 1 and 2 for up to three more notification recipients.