en-US
search-icon

Email Security 9.0 Admin Guide

System Configuration

This section provides configuration procedures for System settings, as well as additional system administration features.

Topics:

License Management

The System > License Management page allows you to view and manage current Security Service and Support Service for your Email Security solution.

Serial Number—The serial number of your SonicWall Email Security appliance/software.
Authentication Code—The code you entered upon purchasing/activating the SonicWall Email Security solution.
Model Number—The model number of the SonicWall Email Security appliance. If you are using the SonicWall Email Security software, the model number is listed as Software.
Manage Licenses—Click this button to log in to your MySonicWall.com account to register appliances and manage all security services, upgrades, and changes.
Refresh Licenses—Click this button to refresh the license status for Security and Support services.
Upload Licenses—Click this button to manually update your licenses. This feature is useful in the event that you are unable to use the dynamic licensing feature for any reason. Before clicking this button, download a license file from the MySonicWall.com website. Then, click the Choose File button, select the license file you downloaded, and click the Upload button. Your product’s licenses updates based on the license file.
Test Connectivity—Click this button to validate connectivity to the SonicWall License Manager.
 
* 
NOTE: The hourly license update synchronizes with the online license manager and overwrite licenses applied by the offline method.

SonicWall Email Security comes with several service modules that must be licensed separately. For maximum effectiveness, all services are recommended. Refer to Available Module Licenses descriptions.

The Security Service table on the Administration page provides information on the status of the various offerings in your configuration.

 

Status

The status for the Security or Support Service may be one of the following:

Licensed

Services have a regular valid license.

Free Trial

Services are using a 14-day free trial license.

Not licensed

Service has not been licensed.

Perpetual

The base Key license comes with the purchase of the product and is perpetual. Note that the Base Key is the only perpetual license.

Count

The number of users to which the license applies.

Expiration

Expiration date of the service. Either a specific expiration date is listed or Never is listed, indicating no expiration.

The Support Service table shows the kinds of service support agreements that have been licensed for your solution. It includes license status and expiration date.

Administration

The System > Administration page allows you to make configuration changes for various settings

Email Security Master Account

The Email Security Master Account section allows you to change the master account username and password.

 
* 
NOTE: SonicWall strongly recommends that you change the master account password.
To change the password:
1
Navigate to Email Security Master Account section of the System > Administration page. Note that the Username you originally registered with appears as the default Username.
2
Type in the Old Password.
3
Type in the New Password.
4
Type the same new password in the Confirm password field.
5
Click Apply Changes.

Password Policy

To configure the password policy for users:
1
Navigate to the Password Policy section of the System > Administration page.
2
Check the box to enable the following parameters. Leave unchecked if you don’t want to require that feature.
Require upper case characters: A-Z
Require lower case characters: a-z
Require numeric characters: 0-9
Require special characters: ~!@#$%^&*_-+='|(){}[]"<>,.?/
Allow OU Admins to change password policy
3
Set the minimum number of characters required for passwords in the Minimum password length field.
4
From the drop down list, select the amount of hours after which the Change Password link expires. If the user has not accessed the link within the amount of hours selected, a new Change Password link needs to be sent.
5
Click Apply Changes.

Invalid Login Policy

The Invalid Login Policy section allows administrators to configure a user lockout feature, locking out user accounts if the number of unsuccessful attempts to login is reached.

 
* 
NOTE: The Invalid Login Policy is only available if the Global Administrator configures this feature for all users.
To configure the invalid login policy:
1
On the System > Administration page, navigate to the Invalid Login Policy section.
2
Specify the number of invalid attempts allowed before the user account is locked in the Number of unsuccessful attempts before lockout field. The default value is 5, but can range between 0-9. If the value is set to 0, the feature is disabled.
3
Specify the amount of time the user account is locked in the Lockout Interval field.

The user has to wait for this time interval to lapse before being able to login again; any correct or incorrect attempts are not be allowed. The default value is 15 minutes. The hours value can range from 0-72 hours, and the minutes value can range from 1-59 minutes.

4
Select the Alert administrator when account is locked check box to alert the administrator with an emergency message when an account is locked.
5
Click Apply Changes.
To reset a locked out account:
1
Go to the Users, Groups & Organizations > Users page.
2
Scroll down to Locked Users.
3
Select the user and select Unlock User.

Login Custom Text

You can customize the text that appears when users log into Email Security.

1
Navigate to the System > Administration page.
2
Scroll to the Login Custom Text section.
3
Enter custom text in the space provided.
4
Select Apply Changes.

Allow Admin Access from Specific IPs

This feature allows the administrator to add restricted IP addresses or address ranges. This restricts administrators so that they have admin access only from those specific IP addresses. The IP addresses can be entered in these formats: IPv4, IPv6, or IPv4 CIDR. Multiple IPs can be entered but must be separated by commas.

 
* 
IMPORTANT: Users with admin roles can be locked out of web access if the incorrect IPs are specified.

Quick Configuration

Most organizations that are using SonicWall Email Security can configure their system by using the Quick Configuration window, located at the bottom of the System > Administration page. Note that you must configure the same choices for message handling for each SonicWall appliance to use Quick Configuration. For more complex installations and advanced options, use the appropriate options in the left-hand side links of the Server Configuration page.

Network Architecture

The System > Network Architecture page allows you to configure various settings:

Server Configuration

The first step of server configuration is to select the Email Security architecture. Choose either All in One or Split. The user interface actively configures the display in response to your selection. Refer to Email Security Deployment Architecture for more information on the different configurations.

To configure the your server, follow these general processes and see the details provided in the referenced sections.

 

For All in One Configuration

For Split Configuration

1. Select the All in One architecture on the System > Network Architecture > Server Configuration page.

1. Select the Split architecture on the System > Network Architecture > Server Configuration page.

2. Configure the inbound email flow and apply it as described in Inbound Mail Path Configuration.

2. Choose the button to designate the server as a Remote Analyzer or Control Center.

3. Configure the outbound email flow and apply it as described in Outbound Mail Path Configuration.

3. If you selected Control Center, choose the additional functions that may apply: Main Control Center, Search Engine Server, or Reporting Server.

4. Test mail servers.

4. Add or delete servers on a Split configuration as described in Managing Servers for a Split architecture.

 

5. Select the Remote Analyzer to configure the inbound email flow and apply it as described in Inbound Mail Path Configuration.

 

6. Select the Remote Analyzer to configure the outbound email flow and apply it as described in Outbound Mail Path Configuration.

 

7. Configure communications between Remote Analyzers and Control Centers as described in Configuring Communications for Split Configurations.

 

8. Test mail servers.

Additional information on managing a Split configuration is provided in Changing Configurations.

Inbound Mail Path Configuration

The inbound path options for both All in One and Split configurations are very similar. The window is divided into several segments with various options for each. Definitions and recommendations are reviewed in the following sections:

Source IP Contacting Path for Inbound Mail

The Source IP Contacting Path section allows you to specify the IP addresses of other systems that are allowed to connect to and relay through this path.

Select one of the following options:

Any source IP address is allowed to connect to this path—Use this setting if you want any sending email server to be able to connect to this path and relay messages. Using this option could make your server an open relay.
 
* 
CAUTION: This may make an open relay.
* 
NOTE: You need to use this setting if you configure your SonicWall Email Security solution to listen for both inbound and outbound email traffic on the same IP address on port 25.
Any source IP address is allowed to connect to this path but relaying is allowed only for specified domains—Use this setting if you want any sending email servers to connect to this path, but you want to relay messages only to the domains specified. Simply enter the domains in the space provided, adding one domain per line.
Only these IP addresses can connect and relay—Use this setting if you know the sending email server IP addresses, and you do not want any other servers to connect. Separate multiple IP addresses with a comma.
Path Listens On for Inbound Mail

The Path Listens On section allows you to specify the IP addresses and port number on which the path listens for connections.

Listen for all IP address on this port—This is the typical setting for most environments, as the service listens on the specified port using the machine’s default IP address. The usual port number for incoming email traffic is 25.
Listen only on this IP address and port—If you have multiple IP addresses configured on this machine, you can specify which IP address and port number to listen on.
Destination of Path for Inbound Mail

Destination of Path section allows you to specify the destination server for all incoming email traffic in this path.

This is a Proxy. Pass all email to destination server—This setting configures the path to act as a proxy and relay messages to a downstream email server. If the downstream server is unavailable, incoming messages will not be accepted. Enter the host name or IP address and the port number of the downstream email server. Note that no queuing or routing are performed.
This is a Proxy. Route email in Round-Robin or Failover mode to the following multiple destination servers—This setting configures the path to act as a proxy and relay messages to a downstream email server. If Round-Robin is selected, email is load-balanced by sending a portion of the email flow through each server listed in the text box. If Failover is selected, email is sent to the servers listed in the text box only if the downstream server is unavailable. Email is queued if all of the servers listed are unavailable.
This is an MTA. Route email using SmartHost to destination server—This setting is similar to the “This is a Proxy. Pass all email to destination” option, except that incoming messages are accepted and queued if the downstream server is unavailable. In this instance, this path acts as a SMTP smarthost. With this setting selected, you can also include Exceptions, specifying which domains should use MX record routing and which should use the associated IP address or hostname.
This is an MTA. Route email using SmartHost in Round-Robin or Failover mode to the following multiple destination servers—This setting is similar to the previous MTA option, however incoming messages can be routed to multiple servers. If Round-Robin is selected, email is load-balanced by sending a portion of the email flow through each server listed in the text box. If Failover is selected, email is sent to the servers listed in the text box only if the downstream server is unavailable. Email is queued if all of the servers listed are unavailable.
This is an MTA. Route email using MX record routing. Queue email if necessary—This setting routes any mail by standard MX (Mail Exchange) records. Messages can be queued on disk and will retry transmissions later if the destination SMTP server is not immediately available.
This is an MTA. Route email using MX record routing with these exceptions—This setting routes any mail by standard MX (Mail Exchange) records. However, email messages sent to the email addresses or domains in the table to the right are routed directly to the associated IP address or hostname. Messages can be queued on disk and will retry transmissions later if the destination SMTP server is not immediately available.
 
* 
NOTE: You can specify email addresses in addition to domains in this routing table. Also, hostnames can be specified instead of IP addresses. For example, if you want to route customer service emails to one downstream server and the rest of the traffic to a different downstream server, you can specify something similar to the following:

service@mycompany.com
10.1.1.1

mycompany.com
internal_mailserver.mycompany.com

Directory Harvest Attack (DHA) Protection Settings for Inbound Mail

Directory Harvest Attack Protection allows you to configure settings to protect against spammers that attempt to find valid email addresses on your directory.

Configure any of the following settings:

Action for messages sent to email addresses that are not in your LDAP server—Select one of the following from the drop down menu:
Adhere to corporate setting—Messages from addresses not in your LDAP adhere to the corporate settings.
Process all messages the same—Messages from addresses not in your LDAP will be processed the same as messages from addresses in your LDAP server.
Permanently delete—Messages from addresses not in your LDAP will be permanently deleted.
Reject invalid addresses—Messages from addresses not in your LDAP will be rejected.
Always store in Junk Box—Messages from addresses not in your LDAP will be stored in your Junk Box.
Enable tarpitting protection—Select the check box to enable tarpitting protection, which slows the transmission of email messages sent in bulk by spammers.
Apply DHA protection to these recipient domains—Select one of the following options for applying DHA protection:
Apply to all recipient domains—Select to apply DHA protection to all recipient domains.
Apply only to the recipient domains listed below—In the text box, specify the recipient domains to which DHA protection applies.
Apply to all recipient domains except those listed below—In the text box specify the recipient domains to which DHA protection does NOT apply.
Advanced Settings for Inbound Mail

The following settings are optional. When finished configuring settings, click Apply to save changes made for the outbound path.

Use this text instead of a host name in the SMTP banner—This setting allows you to customize the host name of the server that appears in the heading of the email messages relayed through this path. If left blank, the host name is used.
Reserve the following port—This setting allows you to designate a port for miscellaneous “localhost to localhost” communication between Email Security components.
Enable StartTLS on this path—Select this check box if you want a secure internet connection for email. SonicWall Email Security uses Transport Layer Security (TLS) to provide the secure internet connection. Click the Configure STARTTLS button to configure encrypted email communications.

a
Set the TLS for Connecting Client. Choose one of these options:
Advertise support for STARTTLS to connecting clients
Require clients to connect using STARTTLS
b
Set the TLS for Destination Servers. Choose one of the these options:
TLS is disabled to Destination
Attempt to use TLS if the sender used TLS; otherwise send in the clear
Always attempt to use TLS; if TLS cannot be started, then send in the clear
TLS is mandatory if the sender used TLS; otherwise send in the clear
TLT is mandatory to the destination; if TLS cannot be started, then the message is deferred
c
Set the Cipher Strength; select from Strong, Normal or Weak. For more information on the cipher set included in Email Security, refer to Cipher Set.
d
Provide the Sender Domain for the Destination servers and select Add.
e
Select Apply when settings are complete.
Configure SMTP AUTH on this path—Authentication provides a way for a mail server to verify the identity of the email sender. During authentication, the sender supplies credentials to the receiving mail server, which may refuse email delivery if the sender's identity cannot be verified.

Select one of three options:

This path does not use SMTP authentication—This is the default setting, where no authentication is required.
This path relays SMTP AUTH commands unchanged from upstream to downstream—This is typically selected when you want to relay mail through to an external mail server. The AUTH commands are relayed downstream to the external mail server that requires it before accepting the mail. This option is not available for paths that use the MTA.
This path uses credentials as follows—This option allows you to perform Server Side Authentication and Client Side Authentication.
For Server Side Authentication, check the box for Authenticates the credentials it received from the upstream mail server and also choose one of the following:
Use This path accepts the following credentials if you want to configure a single set of credentials that is used for all email. These credentials can be used to identify a specific customer or server. Provide the username and password to complete the configuration.
Use This path uses user login credentials to authenticate to require user authentication.
For Client Side Authentication (for example, when sending outbound email through an ISP that requires authentication), select Sends an SMTP AUTH command with the following credentials to the downstream mail server. Provide the username and password to complete the configuration.
At the bottom of the window, you can require encryption for both upstream and downstream connections. The default is that both are selected.
 
* 
CAUTION: Authentication commands include credentials like usernames and passwords. To protect them they should only be transmitted over encrypted connections.

Outbound Mail Path Configuration

The outbound path options for both All in One and Split configurations are very similar. The window is divided into several segments with various options for each. Definitions and recommendations are reviewed in the following sections:

Source IP Contacting Path for Outbound Mail

This section allows you to specify the IP addresses of other systems that are allowed to connect to and relay outgoing mail. Select from the following:

Any source IP address is allowed to connect to this path—Use this setting if you want any sending email server to be able to connect to this path and relay messages. Using this option could make your server an open relay.
* 
CAUTION: This may make an open relay.
* 
NOTE: You need to use this setting if you configure your SonicWall Email Security solution to listen for both inbound and outbound email traffic on the same IP address on port 25.
Only these IP addresses/FQDNs can connect and relay through this path—Use this setting if you know the sending email server IP addresses and you do not want any other servers to connect. Separate multiple IP addresses with a comma.
* 
NOTE: If your configuration is running in Split mode, and this path is on a remote analyzer, the control center must be able to connect and relay through this path.
Path Listens On for Outbound Mail

This section allows you to specify the IP addresses and port number on which this path listens for connections.

Listen for all IP address on this port—This is the typical setting for most environment as the service listens on the specified port using the machine’s default IP address. The default port is 25.
Listen only on this IP address and port—If you have multiple IP addresses configured in this machine, you can specify which IP address and port number to listen to.
Destination of Path for Outbound Mail

Destination of path allows you to specify the destination server to which this pat routes email. You can choose whether to make a path through the SonicWall Email Security, or through one of the following:

If Round robin is specified, email traffic is balanced by sending a portion of the flow through each of the servers specified in the text box in round-robin order. All of the servers will process email all the time.
If Failover is specified, the first server listed will handle all email processing under normal operation. If the first server cannot be reached, email will be routed through the second server. If the second server cannot be reached, email will be routed through the third server, and so on.
MTA with MX record routing—This setting configures this path to route messages by standard MX (Mail Exchange) records. To use this option, your DNS server must be configured to specify the MX records of your internal mail servers that need to receive the email.
MTA with MX record routing (with exceptions)—This setting configures this path to route messages by standard MX (Mail Exchange) records, except for the specified domains. For the specified domains, route messages directly to the listed IP address.

Choose one of these options in the Destination of Path section.

This is a Proxy. Pass all email to destination server—This setting configures the path to act as a proxy and relay messages to an upstream MTA. If the upstream server is unavailable, outgoing messages will not be accepted or queued. Note that no queuing or routing are performed.
This is a Proxy. Route email in Round-Robin or Failover mode to the following multiple destination servers—This setting configures the path to act as a proxy and relay messages to a downstream email server. Select Round-Robin to balance the email load by sending a portion of the email flow through each server listed in the text box. Select Failover to send email to the servers listed in the text box only if the downstream server is unavailable. Email is queued if all of the servers listed are unavailable.
This is an MTA. Route email using SmartHost to destination server—This setting is similar to the “This is a Proxy. Pass all email to destination” option, except that outgoing messages are accepted and queued if the upstream MTA is unavailable. These domains should use MX (Mail Exchange) record routing. However, you can list the specific domains that won’t use MX record routing.

You can also specify which domains should route using SmartHost in Round-Robin mode. Provide IP addresses or host names.

This is an MTA. Route email using SmartHost in Round-Robin or Failover mode to the following multiple destination servers—This setting is similar to the previous MTA option, however outgoing messages can be routed to multiple upstream MTAs. Select Round-Robin to balance email load by sending a portion of the email flow through each MTA listed in the text box. Select Failover to send email to the MTAs listed in the text box only if the upstream MTA is unavailable. Email is queued if all of the MTAs listed are unavailable.
This is an MTA. Route email using MX record routing. Queue email if necessary—This setting routes any outbound email messages by standard MX records.
This is an MTA. Route email using MX record routing with these exceptions—This setting routes any outbound email messages by standard MX records. However, email messages sent to the email addresses or domains listed in the configuration table are routed directly to the associated IP address or hostname in Round-Robin mode. Messages are queued if necessary.
Advanced Settings for Outbound

The following settings are optional. When finished configuring settings, click Apply to save changes made for the outbound path.

Use this text instead of a host name in the SMTP banner—This setting allows you to customize the host name of the server that appears in the heading of the email messages relayed through this path. If left blank, the host name is used.
Reserve the following port—This designates a port for miscellaneous “localhost to localhost” communication between Email Security components.
Enable STARTTLS on this path—Check this box for a secure internet connection for email. SonicWall Email Security uses Transport Layer Security (TLS) to provide the secure internet connection. Click the Configure STARTTLS button to configure encrypted email communications.
a
Set the TLS for Connecting Client. Choose one of these options:
Advertise support for STARTTLS to connecting clients
Require clients to connect using STARTTLS
b
Set the TLS for Destination Servers. Choose one of the these options:
TLS is disabled to Destination
Attempt to use TLS if the sender used TLS; otherwise send in the clear
Always attempt to use TLS; if TLS cannot be started, then send in the clear
TLS is mandatory if the sender used TLS; otherwise send in the clear
TLT is mandatory to the destination; if TLS cannot be started, then the message is deferred
c
Set the Cipher Strength; select from Strong, Normal or Weak.
d
Provide the Recipient Domain for the Destination servers and select Add.
e
Select Apply when settings are complete.
Configure SMTP AUTH on this path—Authentication provides a way for a mail server to verify the identity of the email sender. During authentication, the sender supplies credentials to the receiving mail server, which may refuse email delivery if the sender's identity cannot be verified. Select one of three options:
This path does not use SMTP authentication—This is the default setting, where no authentication is required.
This path relays SMTP AUTH commands unchanged from upstream to downstream—This is typically selected when you want to relay mail through to an external mail server. The AUTH commands are relayed downstream to the external mail server that requires it before accepting the mail. This option is not available for paths that use the MTA.
This path uses credentials as follows—This option allows you to perform Server Side Authentication and Client Side Authentication.
For Server Side Authentication, check the box for Authenticates the credentials it received from the upstream mail server and also choose one of the following:
Use This path accepts the following credentials if you want to configure a single set of credentials that is used for all email. These credentials can be used to identify a specific customer or server. Provide the username and password to complete the configuration.
Use This path uses user login credentials to authenticate to require user authentication.
For Client Side Authentication (for example, when sending outbound email through an ISP that requires authentication), select Sends an SMTP AUTH command with the following credentials to the downstream mail server. Provide the username and password to complete the configuration.
At the bottom of the window, you can require encryption for both upstream and downstream connections. The default is that both are selected.
 
* 
CAUTION: Authentication commands include credentials like usernames and passwords. To protect them they should only be transmitted over encrypted connections.

Managing Servers for a Split architecture

A Split architecture is made up of at least one Control Center and one or more Remote Analyzer. A Control Center can perform as the main control center, the search engine server and/or the reporting server. Remote analyzers can process inbound messages, outbound messages or both.

To configure a Split architecture:
1
Navigate to the System > Network Architecture > Server Configuration page.
2
Choosing the option button next to Split.
3
Select the option button to designate the server as a Remote Analyzer or Control Center.
4
If you selected Control Center, select all the additional functions that apply to the server: Main Control Center, Search Engine Server, or Reporting Server.
5
Click Apply.
6
Click the Test Connectivity button to verify if the server successfully connected to the Control Center. It can take 15 seconds to refresh settings so if the first test fails, try it again.
To add a Remote Analyzer:
1
Click the Add Server button in the Server Configuration - Inbound Remote Analyzer Paths section.
2
Enter the Remote Analyzer’s hostname.
3
Enter the port number for the field Remote Analyzer allows http access on port number.
4
Check the box if you configuration Requires SSL.
5
List the Hostname in received header.
6
Click the Add button.
* 
NOTE: If the network traffic has high volume, it might take some time before the new Remote Analyzer is displayed in the System > Network Architecture > Server Configuration window.
7
Click the Test Connectivity button to verify if the server successfully connected to the Control Center. It can take 15 seconds to refresh settings so if the first test fails, try it again.

Any changes you make at the Control Center are propagated to the Remote Analyzers you just added. You can monitor their status on the Reports page as well.

To add a Control Center:
1
Click Add Server in the Control Center section of the Server Configuration window.
2
Enter the Control Center Hostname.
3
Enter the port number for the field Control Center allows http access on port number.
4
Click Add.
5
Click the Test Connectivity button to verify if the server successfully connected to the Control Center. It can take 15 seconds to refresh settings so if the first test fails, try it again.
To delete a Remote Analyzer:
 
* 
NOTE: Before deleting a Remote Analyzer, ensure there are no messages in the queue for quarantine.
1
Stop SMTP traffic to the Remote Analyzer by turning off the Email Security Service. Click Control Panel > Administrative Tools > Services > MlfASG Software > Stop.
2
After a few minutes, view the last entry in the mfe log on the Remote Analyzer log.
3
View the mfe log in the Control Center logs directory to ensure the last entry in the mfe log for the Remote Analyzer is there.
4
Turn off the ability of the associated email server to send mail to this Remote Analyzer, and/or point the associated email server to another installed and configured Remote Analyzer.

Configuring Communications for Split Configurations

After you have set up the Control Center, configure each Remote Analyzer so that it can communicate with its Control Center.

To configure a Remote Analyzer:
1
Log in to each server set up as a Remote Analyzer.
2
From the Server Configuration > Control Center section, click the Add Path button to identify which Control Center this Remote Analyzer can accept instructions from.
3
Enter the hostname of your Control Center. If your Control Center is a cluster, you must add each individual hostname as a valid Control Center.
* 
NOTE: If your Control Center is a cluster, add each individual hostname as a valid Control Center by repeating steps 2-3.

Changing Configurations

Only two situations warrant changing your configuration:

You are a current SonicWall Email Security customer running All in One architecture and want to upgrade to a Split Network configuration.
You are a new customer and have incorrectly configured for All in One architecture and you want to configure for Split Network

In either instance, reach out to SonicWall Customer Support as described in SonicWall Support for help in planning the proper steps.

MTA Configuration

Navigate to the System > Network Architecture > MTA Configuration screen to configure the Mail Transfer Agent (MTA) settings. You can specify how the MTA handles a case in which Email Security is unable to deliver a message right away.

* 
NOTE: Most installations do not require any change to the MTA settings.

This section includes the following topics:

Mail Transfer Agent Settings

On the MTA Configuration page, you can configure the retry and bounce intervals for the MTA. Messages are bounced if the recipient domain returns a permanent failure (5xxx error code). For transient failures (4xx error codes, indicating a delay), the MTA retries delivery of the message periodically based on the schedule specified.

To configure the Mail Transfer Agent Settings:
1
In the Retry interval field, set how frequently the MTA tries to resend the email message after failure.
2
In the Bounce after field, when delayed messages will be bounced if they cannot be delivered. When the Bounce after time elapses, no further attempts will be made to deliver the delayed messages.
3
Choose to Ignore 8-bit Mime encoded content by selecting the On option button. Select Off if you don’t want to ignore 8-bit Mime content.
4
Click Save when finished configuring the Mail Transfer Agent Settings.

Rate Limit Settings

The Rate Limiting Settings section is an advanced feature. The MTA automatically minimizes the number of connection it uses. If you are unsure of the impact any changes to these settings will have on your configuration, do not change them.

The default for rate limiting is 0, which is the default limit, or no limit, for all MX record domains. To limit the number of connections used, enter the new default number you want.

You can also limit the maximum number of simultaneous connections the MTA can open to a specific MX record domain.

 
* 
NOTE: The connection limits configured in this section only apply to connections opened by MTA, not connections opened by the SMTP proxy.
To add a specific domain:
1
Navigate to the System > Network Architecture > MTA Configuration page.
2
Scroll to the Rate Limiting Settings section.
3
Set a Default Limit for all MX record domains. 0 is defined as no limit.
4
To add an override for specific MX record domains, click the Add Domain button. The screen displays for Configure Overrides for MX Record Domain.
5
Specify the MX record domain in the space provided.
6
Specify the Limit.
7
To Include Subdomains to adhere to the rate limit, select the check box.
8
Click Save.

Non-Delivery Reports (NDR)

When an email cannot be sent due to either a transient delay or a permanent failure, the sender may receive a notification email, or a Non-Delivery Report (NDR), describing the failure. Administrators can use this pane to customize the schedule and contents of the NDR. Permanent NDR may not be disabled, but sending NDR for transient failure is optional.

Topics:  
Transient Failure Settings

To enable Transient NDR, select the Send NDR for transient failures check box. Also specify:

The interval (in days, hours, and minutes) at which notifications are sent
The email address and sender name (for example, “ericsmith@example.com” and “Eric Smith”)
A customized subject line for the NDR (for example, “Delay in sending your email”)
A customized body for the NDR
Permanent Failure Settings

To define the parameters of an NDR for permanent failures, specify:

An email address and a name from which NDRs will be sent (for example, “ericsmith@example.com” and “Eric Smith”)
A customized subject line for the NDR (for example, “Your email could not be sent”)
A customized body for the NDR.
 
* 
NOTE: Permanent Failure Settings cannot be disabled.
General Settings

All NDRs include a diagnostic report about the problem that prevented delivery, including the headers of the original message. Permanent NDRs may optionally have the contents of the original message attached. To enable the option to Attach original message to the NDR, check the box.

When finished configuring this section, click Save.

 
* 
NOTE: Some mail servers, such as Microsoft Exchange, may send their own NDRs or rewrite the contents of NDRs sent from other products. Please see the administrator's guide Microsoft Exchange for information on integrating this product's NDR functionality with Microsoft Exchange.

Email Address Rewriting

Use this window to rewrite email addresses for inbound or outbound emails. These operations affect only the email envelope (the RFC 2821 fields); the email headers are not affected in any way. For inbound email, the “To” field (the RCPT TO field) is rewritten. For outbound email, the “From” field (the MAIL FROM field) is rewritten.

To enable the Email Address Rewrite Operations:
1
Navigate to System > Network Architecture > Email Address Rewriting.
2
Select either the Inbound tab (to rewrite the “To” field) or the Outbound tab (to rewrite the “From” field).
3
Click on Add New Rewrite Operation.

4
Check the box for Enable this Rewrite Operation.
5
In the Type of Operation drop-down menu, select one of the possible options:
If Exact Match is selected, the operation is triggered by the exact email address (including the domain). The full email address is rewritten. For example, an email sent to billy@corp.example.com could be rewritten so that the address is mandy@example.net.
If Starts With is selected, the operation is triggered when the starting characters of the full email address (including the domain) match the characters specified. The entire email address including the domain is replaced. For example, if the operation is intended to be triggered by email addresses that start with billy@corp, an email sent to billy@corp.example.net could be rewritten so that the address was mandy@sales.example.com.
If Ends With is selected, the operation is triggered when the ending characters of the full email address (including the domain) match the characters specified. The entire email address including the domain is replaced. For example, if the operation is intended to be triggered by email addresses that end with .com, an email sent to billy@example.com could be rewritten so that the address was mandy@corp.example.net.
If Domain is selected, the operation is triggered by a particular email domain. The operation rewrites only the domain portion of the email address. For example, an email sent to joe@corp.example.com could be rewritten so that the address is joe@example.net. If an asterisk, *, is entered, all domains are matched, and the rewrite operation will be triggered by any domain.
If LDAP Rewrite to Primary is selected, the operation is applied to every inbound email. The operation rewrites the entire email address to be the primary mail attribute in LDAP. For example, an email sent to joe@corp.example.com could be rewritten so that the address is joe@example.com.
If LDAP Email List Expansion is selected, the operation is triggered by the email list you select. Click the Select Email List button to choose an email list to expand. This operation replaces the email list in the envelope with a RCPT TO header for each member of the list. For example, an email sent to sysadmins@corp.example.com could be rewritten so that the addresses in the envelope are joe@example.com, sue@example.com, and malcom@example.com.
6
Enter the text that triggers the rewrite operation in the Original RCPT TO envelope address text field. For example, if you want to rewrite a domain from corp.example.com, enter corp.example.com in this section.
7
In the Perform the following actions section, enter the text that triggers the rewrite operation in the Rewrite entire RCPT TO envelope address to be field. For example, if you want to rewrite a domain from example.com to be example.net, enter example.net here.
8
In the section called Name of Rewrite Operation, enter a descriptive name for the operation you created.
9
Click on Save This Rewrite Operation. The new operation appears on the respective Inbound or Outbound tab.

Trusted Networks

When the Email Security is not a “first-touch” server and receives email messages from an upstream server that uses a non-reserved or public IP address, the GRID Network effectiveness may degrade. To avoid this degradation on the GRID Network, users can put public IP addresses on a privatized list to make the address look like it’s part of a trusted network.

To add IP addresses to a Trusted Network:
1
Navigate to System > Network Architecture > Trusted Networks.
2
Click the Add Server button.

3
Type in the IP addresses you want to add. If you want to add multiple IP addresses, put each IP address on a separate line, followed by a carriage return.
4
Click Save. The IP addresses appear on the Server List.

LDAP Configuration

SonicWall Email Security uses Lightweight Directory Access Protocol (LDAP) to integrate with your organization’s email environment. LDAP is an Internet protocol that email programs use to look up users’ contact information from a server. As users and email distribution lists are defined in your mail server, this information is automatically reflected in Email Security in real time.

Many enterprise networks use directory servers like Active Directory or Lotus Domino to manage user information. These directory servers support LDAP, and Email Security can automatically get user information from these directories using LDAP. You can run SonicWall Email Security without access to an LDAP server as well.

 
* 
NOTE: If your organization does not use a directory server, users cannot access their Junk Boxes, and all inbound email is managed by the message-management settings defined by the administrator.

SonicWall Email Security uses the following data from your mail environment:

Login Name and Password

When a user attempts to log into the Email Security server, their login name and password are verified against the mail server using LDAP authentication. Therefore, changes made to the usernames and passwords are automatically uploaded to SonicWall Email Security in real time.

Multiple Email Aliases

If your organization allows users to have multiple email aliases, Email Security ensures any individual settings defined for the user extends to all the user’s email aliases. This means that junk sent to those aliases aggregates into the same folder.

Email Groups or Distribution Lists

Email groups or distribution lists in your organization are imported into DSonicWall Email Security. You can manage the settings for the distribution list in the same way as a user’s settings.

LDAP groups allow you to assign roles to user groups and set spam-blocking options for user groups. SonicWall recommends completing the LDAP configuration to get the complete list of users who are allowed to login to their Junk Box. If a user does not appear in the User list in the User & Group screen, their email is filtered, but they cannot view their personal Junk Box or change default message management settings.

The default view for the LDAP Configuration page shows the Available LDAP Servers section expanded and the other sections (Global Configurations, Server Configuration, LDAP Query Panel, and Add LDAP Mappings) minimized. The Available LDAP Servers lists the LDAP servers that have been configured and provides the option to add, edit, or delete a server.

Configuring LDAP

Configuring the LDAP server is essential to enabling per-user access and management. These settings are limited according to the preferences set in the User Management pane.

To add an LDAP server or configure an existing server:
1
Navigate to the System > LDAP Configuration.
2
Click the Add Server button to add a new LDAP Server or select the Edit icon to dedit a server’s configuration.
 
* 
NOTE: When the Server Configuration section is enabled, the fields in the LDAP Query Panel and Add LDAP Mappings sections are also enabled for editing

The Server Configuration section of the page opens.

Server Configuration

To configure or edit a server:
1
Check one of the following boxes that appear under the Settings section:
Show Enhanced LDAP Mappings fields—Select this option for Enhanced LDAP or LDAP Redundancy. You have to specify the Secondary Server IP address and Port number.
Auto-fill LDAP Query fields when saving configurations—Select this option to automatically fill the LDAP Query fields upon saving.
2
Enter the following information under the LDAP Server Configuration section:
Friendly Name—The friendly name for your LDAP server.
Primary Server Name or IP address—The DNS name or IP address of your LDAP server. (Configuration checklist parameter M)
Port number—The TCP port running the LDAP service. The default LDAP port is 389. (Configuration checklist parameter N)
LDAP server type—Choose the appropriate type of LDAP server from the drop down list.
LDAP page size—Specify the maximum page size to be queried. The default size is 100.
Requires SSL—Select this check box if your server requires a secured connection.
Allow LDAP referrals—Leaving this option unchecked will disable LDAP referrals and speed up logins. You may select this option if your organization has multiple LDAP servers in which the LDAP server can delegate parts of a request for information to other LDAP servers that may have more information.
3
In the Authentication Method section, specify if the LDAP login method for your server is by Anonymous Bind or Login.
4
Specify the Login name and Password. This is the credential used to allow a user access to the LDAP resource. It may be a regular user on the network, and does not have to be a network administrator.
 
* 
NOTE: Some LDAP servers allow any user to acquire a list of valid email addresses. This state of allowing full access to anybody who asks is called Anonymous Bind. In contrast to Anonymous Bind, most LDAP servers, such as Microsoft's Active Directory, require a valid username/password in order to get the list of valid email addresses.
5
Click the Test LDAP Login button.

A successful test indicates a simple connection was made to the LDAP server. If you are using anonymous bind access, be aware that even if the connection is successful, anonymous bind privileges might not be high enough to retrieve the data required by SonicWall Email Security.

6
Click Save Changes.

Global Configurations

In the Global Configurations section, you define settings that apply universally across all LDAP server configurations. Click on the circle beside the title to expand the section and define the settings.

Domain Aliases

You can require that end users authenticate using an alias. For Active Directory servers the pseudo-domains are the LDAP configuration friendly names paired with the NetBIOS domain name. It is otherwise the same as the LDAP friendly name. Any aliases created are made available in the drop-list on the logon screen.

The aliases can be alphanumeric, allowing up to 200 characters maximum. Some special characters are allowed, including hyphen, underscore, and dot, but no spaces. If a pseudo-domain has multiple aliases, separate each alias with a comma.

Settings

You can opt to Show a list of domains to end users for authentication. Just check the box to enable that feature.

You can also specify the number of minutes between refreshes of the list of users on the system by setting the Usermap Frequency field. Specify the value in minutes.

Select Save Changes when finished setting Global Configurations.

LDAP Query Panel

To access the LDAP Query Panel settings, click the Friendly Name link or the Edit button for the server you wish to configure. If the “Auto-fill LDAP Query Fields” check box is selected in the Settings section, the fields in the LDAP Query Panel section are automatically filled in with default values after the basic configuration steps are completed.

Query Information for LDAP Users

Email Security uses your existing Active Directory or LDAP server to authenticate groups as they log into their Junk Boxes. This LDAP configuration section must be filled out correctly to return the complete list of groups who are allowed to log into their Junk Box. If a group does not appear in this list, their email is still filtered, but they can not log in to the group junk box. Refer to the detailed field help for information on each of the text fields.

1
Enter values for the following fields:
Directory node to begin search—The node of the LDAP directory to start a search for users (configuration checklist parameter Q).
Filter—The LDAP filter used to retrieve users from the directory.
User login name attribute—The LDAP attribute that corresponds to the user ID.
Email alias attribute—The LDAP attribute that corresponds to email aliases.
Use SMTP addresses only—Select the check box to enable the use of SMTP addresses.
2
Click the Test User Query button to verify that the configuration is correct.
3
Click Save Changes to save and apply all changes made.
* 
NOTE: Click the Auto-fill User Fields button to have SonicWall Email Security automatically complete the remainder of this section.

Query Information for LDAP Groups

Email Security uses your existing Active Directory or LDAP server to authenticate groups as they log into their Junk Boxes. This LDAP configuration section must be filled out correctly to return the complete list of groups who are allowed to log into their Junk Box. If a group does not appear in this list, their email is still filtered, but they can not log in to the group junk box. Refer to the detailed field help for information on each of the text fields.

If you have a large number of user mailboxes, applying these changes could take several minutes.

1
Enter values for the following fields:
Directory node to begin search—The node of the LDAP directory to start a search for users.
Filter—The LDAP filter used to retrieve groups from the directory.
Group name attribute—The LDAP attribute that corresponds to group names.
Group members attribute—The LDAP attribute that corresponds to group members.
User member attribute—The LDAP attribute that specifies attribute inside each user's entry in LDAP that lists the groups or mailing lists that this user is a member of.
2
Click the Test User Query button to verify that the configuration is correct.
3
Click Save Changes to save and apply all changes made.
* 
NOTE: Click the Auto-fill Group Fields button to have SonicWall Email Security automatically complete the remainder of this section.

Add LDAP Mappings

SonicWall Email Security uses your existing Active Directory or LDAP server to authenticate end users as they log in to their personal Junk Boxes. The Add LDAP Mappings segment of the page must be correctly filled out to return the complete list of users who are allowed to log in to their Junk Box. If a user does not appear in this list, their email is filtered, but they can not log in to their personal junk box.

For the Microsoft Window Environment

In a Microsoft Windows environment, you need to specify the NetBIOS domain name, sometimes called the pre-Windows 2000 domain name.

To locate the NT/NetBios domain name:
1
Login to your domain controller.
2
Navigate to Start > All Programs > Administrative Tools > Active Directory Domains and Trusts.
3
In the left pane of the Active Directory Domains and Trusts dialog box, highlight your domain.
4
Click Action.
5
Click Properties. In the domain's Properties dialog box on the General tab you should find the domain name or pre-Windows 2000 name.
To add the Windows NT/NetBIOS domain names:
1
Add the Windows NT/NetBIOS Domain Names into the field provided. Domain names can be made of up to 200 alphanumeric characters with hyphens and periods allowed.
2
Separate multiple domain names with a comma.
3
Click Save Changes to save the new domain names.

For the LDAP Environment

On some LDAP servers, such as Lotus Domino, some valid addresses do not appear in LDAP, for example, LDAP servers that only store the “local” or “user” portion of the email addresses. This section provides a way to add additional mappings from one domain to another. For example, a mapping could be added that would ensure emails addressed to anybody@engr.corp.com are sent to anybody@corp.com.

It also provides a way of substituting single characters in email addresses. For example, a substitution could be created that would replace all the spaces to the left of the “@” sign in an email address with a “-”. In this example, email addressed to Casey Colin@corp.com would be sent to Casey-Colin@corp.com.

* 
NOTE: This feature does not make changes to your LDAP system or rewrite any email addresses; it makes changes to the way SonicWall Email Security interprets certain email addresses.
To add LDAP Mappings:
1
Scroll to the Conversion Rules section, and click View Rules.

2
From the first and second drop down list, choose one of the following combinations:
 

First drop down menu

Second drop down menu

Resulting action

domain is

replace with

The domain name typed in the first field is replaced with the domain name typed in the second field.

domain is

also add

When domain listed in the first field is found, the second domain is added to the list of valid domains.

left hand side character is:

replace with

The character typed in the first field is replaced with all characters to the left of the “@” sign in the email address.

left hand side character is:

also add

A second email address is added to the list of valid email addresses.

3
Enter text into the text fields as dictated by your choices.
4
Click the Add Mapping button.

User View Setup

Configure how the end-users of the SonicWall Email Security solution access the system and what capabilities of the solution are exposed to the end users on the System > User View Setup page.

To configure User View Setup:
1
Under the User View Setup section, select following options:
Check the Login enabled box to allow users to log into Email Security and have access to their per-user Junk Box. If you disable this, mail is still analyzed and quarantined, but users do not have access to their Junk Box.
Select the Anti-Spam box to include the user-configurable options available for blocking spam emails. Users can customize the categories People, Companies, and Lists into their personal Allowed and Blocked lists. You can choose to grant Full user control over anti-spam aggressiveness settings by checking the box, or force them to accept the corporate aggressiveness defaults by leaving the check box empty.
Check the Reports box to provide junk email blocking information about your organization. Even if this option is checked, users may view only a small subset of the reports available to administrators.
Check the Policy box if you want end users to define their own policy filters. Note that these would be a subset of the policy filters listed in Policy & Compliance > Filters.
Check the Settings box to provide options for management of the user's Junk Box
Check the Spam Management box to allow individual spam management.
Check the Allow audit view to Helpdesk users box to allow those with the Helpdesk role to view the information in the Auditing section.
 
* 
NOTE: Checked items appear in the navigation tool bar for users.
2
Under the User download settings section:
With the Allow users to download SonicWall Junk Button for Outlook check box selected, users can download the Email Security Junk Button for Outlook. The Junk Button is a lightweight plugin for Microsoft Outlook that allows users to mark emails they receive as junk, but it does not filter email.
With the Allow users to download SonicWall Anti-Spam Desktop for Outlook and Outlook Express check box selected, users will be able to download the Anti-Spam Desktop. Anti-Spam Desktop is a plugin for Microsoft Outlook and Outlook Express that filters spam and allows users to mark emails they receive as junk or good email.
With the Allow users to Download SonicWall Secure Mail Outlook plugin check box selected, users will be able to download the Secure Mail plugin for Microsoft Outlook. The Secure Mail button allows users to send mail securely through the Encryption Service.
3
Define the settings for Quarantined Junk Mail Preview Settings:
Select the Users can preview their own quarantined junk mail check box to enable users to view their individual mail that is junked.
Choose which other types of users can preview quarantined junk mail for the entire organization. These roles are configured within SonicWall Email Security.
Administrators
Help Desk and Group Administrators
4
Set the Reports view setting. Users are not usually shown reports which include information about users, such as email addresses. Select the Show reports that display information about individual employees check box to give user access to those reports.
5
Determine the Miscellaneous Settings:
Enter an Optional login help URL for your organization. An administrator can specify a URL for any customized help web page for users to view on the Login screen. If no URL is entered, Email Security provides a default login help screen. If a URL is entered, that page is launched when the user clicks the Login Help link. Click the Test Connectivity button to verify this URL is valid.
Select the Show Forgot Your Password Link check box to enable this feature for users.
To send notification to the Administrator when the ‘Forgot Your Password’ link is clicked, select the Alert administrator when Forgot Your Password request is raised check box.

Updates

SonicWall Email Security uses collaborative techniques as one of many tools to block junk messages. The collaborative database incorporates thumbprints of junked email from SonicWall Anti-Spam Desktop and users. Your server uses the HTTP protocol to communicate with SonicWall to download data used to block spam, phishing, viruses, and other evolving threats.

To configure settings for updates to the Email Security service:
1
Navigate to the System > Updates page.

2
Define how often your system contacts SonicWall to Check for spam, phishing, and virus blocking updates.

The recommended frequency is 20 minutes. Setting this value too low generates unnecessary HTTP traffic. It may adversely affect the performance of your Email Security appliance or software and does not improve junk blocking effectiveness. Setting this value too high may result in less frequent updates, also causing junk blocking to be less effective.

3
Check the box for Submit unjunk thumbprints if you want to submit thumbprints to SonicWall when a user Unjunks a message.

Thumbprints sent to SonicWall contributes to the collaborative community by improving junk-blocking accuracy. Note that these thumbprints contain no readable information.

4
Check the box to Submit message features.
5
Check the box for Submit generic spam-blocking data if you want to help SonicWall customer support and help improve spam blocking.

No emails, email content, header information, or any other uniquely identifiable information is ever sent. Sample information that is sent includes: volume of messages processes and junked, success of various junking methods, and number of users protected.

To configure a web proxy server:
1
Specify the web proxy server Primary Server name or IP address.
2
Specify the Port Number for the web proxy server.
3
If you want to Enable web proxy authentication automatically, check the box and enter the Username and Password.
4
Click on Apply Changes.
5
Click the Test Connectivity button to verify that you successfully connected to the Data Center.

Monitoring

The System > Monitoring screen allows you to configure settings and alerts for system monitoring. Some of these fields may be pre-defined based on the information provided upon initial setup of Email Security.

 
* 
NOTE: If you are running SonicWall Email Security in split mode, and you route outbound email through Email Security, you must enter the IP addresses or fully-qualified domain names of any Remote Analyzers through which outbound email is routed in this text box on the Control Center.
Topics:  

Configure System Monitoring

You can set up Email Security to monitor certain parameters and notify key personnel.

To configure the Monitoring section:

1
Provide the Email address of the administrator who receives emergency alerts in the text box. Enter the complete email address: for example, user@example.com. Separate multiple email addresses with a comma.
2
Provide the Email address of administrator who receives outbound quarantine notifications.

Notifications are not sent more than once every ten minutes. If this field is left blank, notifications are not sent.

3
If Email Security has been configured to be an MTA, specify the Postmaster for the MTA. This person receives notifications generated by the MTA. Notifications are not sent more than once every ten minutes.
4
If you want to Use MX Record to deliver mail, check the box.
5
Enter the Name or IP address of backup SMTP servers. You may have one or more SMTP servers that are used as fallback servers to send alerts to if the configured downstream email server(s) cannot be connected. Separate multiple entries with a comma.
6
Enter a Customized signature to append at the end of your email messages.
7
Click on Test Fallbacks to test the name or IP address(es) listed as backup SMTP servers.
8
Click on Apply Changes. If you want to go back to prior settings click on Revert.
9
Click on View Alerts to view all configured alerts. You can filter by server or by host name. Time stamp and summary of the issue is also provided.

Alert Suppression Schedule

You can suppress alerts for short periods of time, for example, during a product maintenance window, if you want.

To suppress alerts:
1
Click on Schedule Alert Suppression.

2
Select the host that you want to Suppress alerts for from the drop down list.
3
In the drop down list for Select severity of alerts to suppress from the drop down lists choose on of the following options:
Info Alerts
Info + Warning Alerts
Info + Warning + Critical Alerts.
4
Set the Start time.
5
Set the End time.
6
Enter Your name.
7
Enter the Reason for suppressing alerts.
8
Click Submit to finish setting an alert suppression schedule.

Miscellaneous

In the Miscellaneous section you can specify the age-out for alerts history logs and configure system logging.

Age-Out for Alerts History Logs

To set the Age-out for alert history logs:
1
Input the number of days you want the system to retain the history logs.
2
Click on Apply Changes to update the age-out time.

Configure System Logging

To define the system logging:
1
Click on the Configure System Logging button.

2
In the Severity Level drop down menu, select the lowest severity level that you want to log. Anything at that level and higher is sent to the syslog. For example, choosing the default level of SYSLOG_ALERT means that only messages of level SYSLOG_ALERT and SYSLOG_EMERGENCY are sent to the syslog. The following table lists the severity levels from highest to lowest.
 
* 
NOTE: Logging lower severity messages means more data is logged.
 

SYSLOG_EMERGENCY

The system is unusable. Because this is the highest on the severity scale, this level minimizes the amount of logging.

SYSLOG_ALERT

Action must be taken immediately. This is the default severity level for the syslog.

SYSLOG_CRITICAL

Critical conditions.

SYSLOG_ERROR

Error conditions.

SYSLOG_WARNING

Warning conditions.

SYSLOG_NOTICE

Normal, but significant conditions.

SYSLOG_INFORMATIONAL

Informational messages.

SYSLOG_DEBUG

Debug-level messages. Because this is the lowest on the severity scale, this level maximizes the amount of logging.

 
* 
NOTE: The severity level chosen for the syslog is not related to the log level chosen for EMS logging on the System > Advanced page.
3
Select where you want the logs to be written and stored:
Check the Local box to write syslogs to the EMS server.
* 
NOTE: For Windows™ software installations of Email Security, syslogs are written to the Windows Event Viewer. For Email Security appliances, syslogs are written to files on the EMS server. On appliances, syslog files may be downloaded from the System > Advanced page.
Check the Remote box to send syslogs to remote servers. Specify the IP addresses and ports of one or two servers to receive syslog messages. Port 514 is the recommended port for syslog.
* 
NOTE: The second server is not a fallback server: if two servers are configured, syslogs will be sent to both remote servers.
If both Local and Remote are checked, syslogs are written locally and sent to remote servers.
 
* 
IMPORTANT: If neither check box is checked, then syslogs will not be written anywhere.
4
To send a syslog message for every email, check the box for Send message details. This option is available only if the syslog severity chosen is one of the lowest two levels, SYSLOG_INFO or SYSLOG_DEBUG.
* 
IMPORTANT: If you receive a lot of email, choosing to send a syslog message for every email can result in a very large amount of data being sent to the syslog.
5
Click on Save to save your settings.

Monitor Configure

In this section, you manage the queue size alert. Make the following selections as needed:

Set the MTA Process Queue Size Alert in the field provided.
Select Apply Changes if you made changes to the queue size.
Select Apply Default Value if you want to apply the default value of the queue size. The default value is 500.
Select Revert to revert back to the prior queue

Connection Management

SonicWall Email Security uses collaborative techniques as one of many tools to block junk messages. The collaborative database incorporates thumbprints of junked email from SonicWall Anti-Spam Desktop and users. Your server uses the HTTP protocol to communicate with a data center by us to download data used to block spam, phishing, viruses, and other evolving threats.

The System > Connection Management screen includes the following subsections:

 
* 
CAUTION: The Connection Management page provides advanced features. SonicWall recommends that you not make any changes to these features if you are unsure of the impact the changes will have on your configuration.

The System > Connection Management screen includes the following subsections:

Intrusion Prevention—Protection against Denial of Service (DoS) attacks, Directory Harvest Attacks (DHA), and invalid email addresses. For more information, refer to Intrusion Prevention.
Quality of Service—Enables a greater control over the server connection from suspicious clients. For more information, refer to Quality of Service.

Intrusion Prevention

Intrusion Prevention comprises of protection from Directory Harvest Attacks (DHA) and Denial of Service (DoS). Spammers also stage DHAs to get a list of all users in your directory, making unprotected organizations vulnerable to increased attacks on email and other data systems. A Denial of Service (DoS) attack aims at preventing authorized access to a system resource or delaying system operations and functions for legitimate users.

 
* 
NOTE: Your LDAP must be configured before Intrusion Prevention can be configured.

Directory Harvest Attack (DHA) Protection

DHA can threaten your network in a number of ways:

Expose the users in your directory to spammers. The people at your organization need their privacy in order to be effective. To expose them to malicious hackers puts them and the organization at significant risk from a variety of sources.
Users whose email addresses have been harvested are at risk. Once a malicious hacker knows an email address, users are at risk for being spoofed: someone can try to impersonate their email identity. In addition, exposed users can be vulnerable to spoofing by others. IT departments routinely receive email from people pretending to provide upstream services, such as DNS services.
Expose users to phishing. Exposed users can be targeted to receive fraudulent email. Some receive legitimate-appearing email from banks or credit cards asking for personal or financial information.
Some exposed users have been blackmailed; Reuters reported cases where users were told if they did not pay up, their computers would be infected with viruses or pornographic material.
Expose your organization to Denial of Service Attacks. DHA can lead to denial of service attacks because malicious hackers can send lots of information to valid email addresses in an effort to overwhelm the capacity of your mail server.
Expose your organization to viruses. DHA provides a highly effective means of delivering virus-infected email to users.
Exposes users to fraudulent email masquerading as good email. DHA can perpetuate fraudulent email messages by giving malicious hackers the ability to target your users individually and by name.
 
* 
NOTE: User must be configured before directory protection can be configured.
To configure Directory Harvest Attack (DHA) protection:
1
Navigate to System > Connection Management.

2
Define the Action for messages sent to email addresses that are not in your LDAP server. Choose one of the four options defined in the following table.
 

Actions for non-LDAP email addresses

Setting

Action

Result

Directory Harvest Attack (DHA) Protection Off

Processes all messages the same, whether email address is in LDAP or not.

No action is taken on messages.

No directory protection.

Permanently Delete

All email messages addressed to users not in the organization’s directory is permanently deleted

The sender does not receive notification about the email they have sent. This option can lead to permanently deleting legitimate mail with a typographical error in the address.

Reject Invalid Email Addresses with SMTP error code 550

SMTP clients that specify invalid recipients are rejected with and SMTP error code 550 (also know as being tarpitted)

Responses to invalid recipient commands are delayed for some time period to slow down the rate that they can attack an organization’s mail system. (See Caution below.)

Always Store in Junk Box (regardless of spam rating)

Email that is sent to an invalid address is stored in the Junk Box. Email Security does not process the email to determine if it is spam or another form of unwanted email.

Email Security recommends this option to protect the confidentiality of your directory population.

* 
CAUTION: Enabling tarpitting protection uses your system resources (CPU, memory) and may slow down your server which can adversely affect throughput.
3
Define the options to Apply DHA protection to these recipient domains. The following table describes the available actions for DHA protection to recipient domains:
 

Actions for DHA protection

Option

Result

Apply to all recipient domains

SonicWall recommends that most organizations choose Apply to all recipient domains.

Applies DHA protection to all recipient domains.

Apply only to the recipient domains listed below

Applies DHA protection to the recipient domain(s) listed in the text field. If listing multiple domains, separate them with a carriage return so they appear on different lines.

Apply to all recipient domains except those listed below

Enter each domain on a separate line in the text box.

Applies DHA protection to all recipient domains except for those listed. If listing multiple domains, separate them with a carriage return so they appear on different lines.

Denial of Service (DoS) Attack protection

The Denial of Service Attack Protection adds an extra level of security to thwart an attack. DoS attacks can threaten your network in the following ways:

Bandwidth consumption. The available bandwidth of a network is flooded with junkmail addressed to invalid recipients.
Resource starvation. The mail servers of an organization are overwhelmed trying to process the increased volume of messages coming from infected computers, which leads to the mail servers to run out of resources (CPU, memory, storage space).
 
* 
IMPORTANT: To use the DoS Attach Protection feature, your SonicWall Email Security appliance must be the first destination for incoming messages. If you are routing mail to your Email Security appliance from an internal mail server or using an MTA, do not use DoS Attack Protection.

To configure Denial of Service (DoS) attack protection:
1
Navigate to the System > Connection Management window.
2
Select the Enable DoS protection check box.
3
Read and acknowledge the warning.
4
Specify trigger by selecting the number of connections to allow from a given IP address. in a single day
5
Specify action to take if the maximum number of connections is exceeded by selecting one of the following options:
Defer future connections from that IP address for <XX> hours with SMTP error code 421, where XX hours is an option selected from the drop down menu.
Block all future connections from that IP address with SMTP error code 554.
6
Click the Apply Changes button.

Quality of Service

From the System > Connection Management screen, navigate to the Quality of Service section. The following sections describe how to configure the Quality of Service components:

Throttling

This section allows you to set specific thresholds to limit the sending ability of suspicious clients by limiting offensive IP addresses. Some examples of thresholds include:

one connection per hour
one message per minute for the next 24 hours
ten recipients per message
To configure the Throttling (flow control) feature:
1
Navigate to the System > Connection Management screen and scroll down to Quality of Service.
2
Select the check box to Enable Throttling.
3
Set Specify trigger by specifying the following options from the drop down menus
Specify the number which ranges from pre-defined values ranging from 10 to 7000.
Specify event type: Connections, Messages, or Recipient Commands from a given IP address
Specify the percentage of invalid emails to recipients. This setting only applies when Recipient Commands is selected.
4
Chose one of the following to Specify an action to take:
Defer future connections from that IP address for <XX> hours with SMTP error code 421, where XX hours is an option selected from the drop down menu.
Block all future connections from that IP address with SMTP error code 554.
Limit a future event type, for some number events per interval over a period of time by setting the following drop down menus:
Specify the event type: choose from Connections, Messages, or Recipient Commands
Number of events: options range from 1 to 60.
Interval: predefined values range from 1 minute to 24 hours.
Period: predefined values range from 1 hour to 1 year.
5
Click the Apply Changes button.
* 
NOTE: Some scenarios can be implemented with either Denial of Services Attack Protection or Throttling settings. You can choose to throttle mail from clients above one threshold and choose to block clients above a second threshold.

Connections

In the Connections section, you can impose a limit on the number of simultaneous inbound and outbound connections that your Email Security server can accept. On the inbound path, this value limits the number of simultaneous connections external hosts can make to the Email Security appliance or software. On the outbound path, this value limits the number of simultaneous connections internal hosts can make to the Email Security to deliver messages. When the connections limit is exceeded, the Email Security sends a transient failure message (421 error code).

To set the connection limits:
1
Navigate to the System > Connection Management screen and scroll down to Quality of Service > Connections.
2
Specify the Limit number of inbound connections option. You can input a number between 1 and 5000. SonicWall recommends 250. A 0 means no limit.
3
Specify the Limit number of outbound connections option. You can input a number between 1 and 5000. SonicWall recommends 250. A 0 means no limit.
4
Scroll down and click on Apply changes.

Messages

In the Messages section, you can limit messages based on number of recipients or message size.If too many recipients are specified in a message, Email Security sends a transient failure message (4xx error code). If the message size limit is exceeded, Email Security sends a permanent failure message (5xx error code).

Specify the Limit number of recipients and Limit message size (in bytes) in the fields provided. These values apply to both inbound and outbound paths.

To set the message parameter limits:
1
Navigate to the System > Connection Management screen and scroll down to Quality of Service > Messages.
2
Specify the Limit number recipients option. A 0 in that field means no limit.
3
Specify the Limit message size option. A 0 in that field means no limit.
4
Scroll down and click on Apply changes.

Miscellaneous

In the Miscellaneous section, you can enable a series of specific connection management settings. Bounce Address Tag Validation (BATV) reduces the number of unauthorized Non-Delivery Reports (NDR) delivered to your organization. Greylisting discourages spam without permanently blocking a suspicious IP address. By disabling strict MAIL FROM checking, you can reduce the load on the downstream server, and you can drop SMTP connections based on using the GRID Network IP reputation. You can also disable checks for IP addresses of unauthenticated mail senders.

To set the Miscellaneous settings:
1
Navigate to the System > Connection Management screen and scroll down to Quality of Service > Miscellaneous.
2
Select the Bounced Address Tag Validation (BATV) check box to enable the feature. Refer to Bounce Address Tag Validation (BATV) for details about how BATV works.
3
Select the Greylisting check box to enable the feature. Refer to Greylisting for details on how Greylisting works.
 
* 
IMPORTANT: Greylisting is useful only for Email Security servers running the “first touch” server, or the server receiving email directly from the Internet. SonicWall recommends disabling Greylisting if Email Security is not first touch.
4
Select the Disable strict MAIL FROM checking check box.

By default, this feature enforces the SMTP specification with regard to the Reverse Path, which is the MAIL FROM field or Envelope From field. This feature reduces the load on the downstream server (for example, Microsoft Exchange), as well as reduces the amount of junk email allowed into the system.

5
Select the GRID Network IP Reputation check box to drop SMTP connections based on IP reputation. Refer to GRID Network IP Reputation for details on the GRID Network IP Reputation works.
 
* 
IMPORTANT: This feature is useful only for SonicWall Email Security servers running as “first touch” servers. SonicWall recommends disabling the GRID Network IP Reputation feature if Email Security is not first touch.
6
Check the box if you want to Disable checks for IP addresses of unauthenticated mail senders.
7
Click the Apply Changes button.
Bounce Address Tag Validation (BATV)

BATV protects your organization by adding a signature to all outbound mail. When an NDR arrives, BATV checks for a valid signature. If the signature does not exist or does not pass the security check, then Email Security rejects the NDR. If the signature is authentic and the NDR is valid, Email Security continues analyzing the NDR.

BATV is not enabled by default. Although BATV is a powerful tool to eliminate invalid messages, some configurations on other mail servers may cause the BATV system to reject legitimate messages. The user who sent out the message is not notified that the message did not reach the intended recipient. Some reasons for false positives may include:

LDAP upstream of SonicWall Email Security
Null reverse paths instead of “From” fields
Divergent SonicWall Email Security configuration
Incorrect or altered reverse mail paths
Greylisting

When Greylisting is enabled, Email Security assumes that all new IP addresses that contact it are suspicious and requires those addresses to retry before it will accept the email. The Greylist is the list of IP addresses that have contacted the Email Security once, and have been sent a request to retry the connection. The Greylist is cleared and restarted every night; thus, if the connection is not retried before the Greylist is restarted, that server is asked to retry the connection again when it sends a retry of the initial connection request.

SonicWall Email Security also keeps track of the MTAs that have successfully retried the connection and are now deemed to be responsible MTAs. These IP addresses are added to a separate list. Connections from MTAs on this list are accepted without further retry requests, but the data from the connection is subjected to the rigorous checking performed by Email Security on all incoming mail.

The benefits of enabling Greylisting include:

Increased effectiveness. Less spam received into the gateway translates to less spam delivered to the Inbox.
Better performance, Greylisting reduces the volume of traffic at the gateway, as well as traffic to the downstream (for example, the Exchange server). As a result of the reduced volume, valuable system resources are freed up (such as sockets, memory, network utilization, etc.) allowing SonicWall Email Security to process more good mail in the same amount of time.
Storage requirements. With the increasing focus on archiving, Greylisting reduces the amount of junk that gets stored in an archive, saving valuable resources.

If Greylisting is enabled, the Source IP Address is cross-checked against the Email Security Connection Management components in the following order:

 

Allowed List

If an IP address is on this list, it gets a free pass through Connection Management. Note the message is still subject to plug-in chain processing.

Blocked List

This IP address is already blocked from connecting to Email Security/

Deferred List

Connections from this IP address are already configured to be deferred.

DoS

Checks to see if the IP address has crossed the DoS threshold, and if so, takes the appropriate action.

Throttling

Checks to see if the IP address has crossed the throttling threshold, and if so, takes the appropriate action.

Responsible MTA List

This IP address has already been through and passed the Greylisting filter.

Greylist

The IP address is added to the Greylist if this is first time the IP address has contacted the Email Security.

GRID Network IP Reputation

The GRID Connection Management with Sender IP Reputation feature is the reputation a particular IP address has with members of the SonicWall GRID Network. When a connection is received from a known bad IP address, the error “554 No SMTPd here” is given, and the SMTP session is rejected.

If IP Reputation is enabled, the source IP addresses is checked in the following order:

 

Allowed List

If an IP address is on this list, it gets a free pass through Connection Management. Note the message is still subject to analysis by the Email Security server as usual.

Blocked List

This IP address is already blocked from connecting to Email Security server.

Reputation List

If the IP address is not in the previous lists, the Email Security server checks with the GRID Network to see if this IP address has a bad reputation.

Deferred List

Connections from this IP address are deferred. A set interval must pass before the connection is allowed.

DoS

If the IP address is not on the previous lists, the Email Security server checks to see if the IP addressed has crossed the DoS threshold. If it has, the server uses the existing DoS settings to take action.

Throttling

Checks to see if the IP address has crossed the throttling threshold, and if so, takes the appropriate action.

Not Greylist

This IP address has already been through and passed the grey-list filter. Note that this feature applies to the GRID Network IP Reputation only if it enabled.

Greylist

The IP address is added to the Greylist if this is first time the IP address has contacted the Email Security.Note that this feature applies to the GRID Network IP Reputation only if it enabled.

Delayed Connection Management

Delayed Connection Management provides the option to delay dropping a connection that has been judged malicious. Delaying the connection allows more information to be gathered about the sender until all recipients are known.

The default is to reject connections as soon as possible, which also allows better performance. If you opt to delay dropping connections by selecting after all recipients are known, which ensures better tracking, additional logging and auditing could impose on I/O burden on the Email Security server.

To set the Delayed Connection Management:
1
Navigate to the System > Connection Management screen and scroll down to Quality of Service > Delayed Connection Management.
2
Select one of the options for Rejected connections:
as soon as possible (better performance) is the default.
after all recipients are known (better tracking) enables the delay.
3
Click on Apply Changes to finalize your choice.

Manually Edit IP Address Lists

This section allows you to manage the list of IP addresses to allow, defer, block, or throttle. Navigate to the System > Connection Management screen, then scroll down to the Manually Edit IP Address Lists section. Click on the appropriate button to edit the list.

 

Allowed List

When an IP address is added to the Allowed list, Email Security continues to check for spam and phishing attacks in messages from that IP address.

To add an IP address to the list or edit the existing list, click the Edit Allowed List button. Enter the IP address, then click the Add New IP Address button when finished. To delete an IP address from the list, select the check box of the IP address you wish to delete, then click the Delete Checked IP Addresses button.

Deferred List

In the case of a connection from a deferred IP address, the transient message is “421 4.4.5 Service not available, connection deferred.”

To add an IP address to the list or edit the existing list, click the Edit Deferred List button. Enter the IP address, then click the Add New IP Address button when finished. To delete an IP address from the list, select the check box of the IP address you wish to delete, then click the Delete Checked IP Addresses button.

Blocked List

When the server receives a connection from an IP address on a blocked list, the Email Security responds with a “554 No SMTP service here” error message, and reject the TCP/IP connection.”

To add an IP address to the list or edit the existing list, click the Edit Blocked List button. Enter the IP address, then click the Add New IP Address button when finished. To delete an IP address from the list, select the check box of the IP address you wish to delete, then click the Delete Checked IP Addresses button.

Throttled List

When the SMTP server receives a connection from an IP address on this list, Email Security responds with the error message “421 4.4.5 Service not available, too many connections due to throttling” and drops the TCP/IP connection.

To add an IP address to the list or edit the existing list, click the Edit Throttled List button. Enter the IP address and the amount of hours to throttle for, then click the Add New IP Address button when finished. To delete an IP address from the list, select the check box of the IP address you wish to delete, then click the Delete Checked IP Addresses button.

Backup/Restore Settings

System > Backup/Restore has three options where you can configure the backup and restore settings for the Email Security.

 
* 
NOTE: You are not required to use the backup and restore settings. Executing the backup and restore functions depend on the needs of your organization.
Topics:  

Manage Backups

On the System > Backup/Restore > Manage Backups page, you can view and manage the following features:

 

Backup Snapshots

Displays all of the backup snapshots that have been defined and saved. From that display you can restore, delete or download the data by selecting a specific snapshot and using the appropriate buttons at the far right.

Restore from a snapshot file

Select Choose File and navigate to the snapshot file you wish to restore. Then click Start Restoring Data to begin the restore.

Settings

In the drop-down menu, select the length of time of keeping snapshot files. The choices are 1 day, 3 days, 7 days, 14 days, 30 days, 60 days, 90 days, 180 days, or 1 year. Click Apply Changes to finalize your choice.

Backup and Restore History

Displays the backup and restore history. You can filter or sort the data by clicking on drop-down menu to the right of each title. Then chose the options you want.

Schedule Backup

On the System > Backup/Restore > Schedule Backup page, you can define all your scheduled backups and snapshots.

To define a scheduled backup:
1
Click on the Add button and the Configure Schedule Backup page opens.

2
Select the Enable scheduled backup check box to use this feature.
3
Enter a name for the backup in the Schedule Name field.
4
Then, configure the following settings:
Backup Frequency—Specify how often you want the backups to occur: Daily, Weekly or Monthly.
Hour of day—Choose the hour the backup begins.
Day of week—Choose the day of the backup, if needed.
Day of month—Choose the date of the backup, if needed.
5
Select which of the following components to include in the backup:
Global Settings
Organization Settings
User Settings
Reports data: select how many days of data to include
Junk box: select how many days of data to include
Archive: select how many days of data to include
6
Select one of the following storage options:
Save to the Email Security if you want to save the file locally.
Save to FTP Server if you want to save and upload it to a remote server.
 
* 
NOTE: If an FTP server hasn’t been defined yet, you can click on the link to Create FTP Profile to set one up.
7
Click on Save to save the backup definition.
To initiate an immediate snapshot:
1
Click on the Backup Now button and the Create Backup Snapshot page opens.
2
Select the components to include in the backup:
Global Settings
Organization Settings
User Settings
Reports data: select how many days of data to include
Junk box: select how many days of data to include
Archive: select how many days of data to include
3
Select one of the following storage options:
Save to the Email Security if you want to save the file locally.
Save to FTP Server if you want to save and upload it to a remote server.
 
* 
NOTE: If an FTP server hasn’t been defined yet, you can click on the link to Create FTP Profile to set one up.
4
Click on Save to save the backup definition.

FTP Profiles

On the System > Backup/Restore > FTP Profile page, you can configure FTP Profiles so that snapshots and scheduled backup files can be stored on your FTP server.

To configure an FTP profile:
1
Click on the Add button and the Configure FTP Profile page opens.

2
Type in the FTP Profile Name.
3
Input the domain name or IP address of the FTP Server.
4
List the Port number.
5
Add the Username and Password in their respective fields.
6
List the Destination Path where you want the backup stored.
7
Click on Save to configure the profile.

On the table displaying the FTP profiles, you can filter or sort the profiles by clicking on the drop-down menu to the right of each title. Then chose the options you want.

Host Configuration

The System > Host Configuration page allows you to make changes to the server on which the SonicWall Email Security product is installed. After applying these settings, you can then use the Restart Services, Reboot this Server, or Shut Down Service buttons at the top of the Host Configuration page.

Hostname

To change the hostname of this server:
1
Enter the new fully-qualified hostname in the Hostname field. The hostname cannot be changed to an IP address.
 
* 
IMPORTANT: Changing the hostname causes a number of changes to be made to the Email Security settings, configuration files, and may rename some of the directories in the installation and data directories.
2
Click the Apply Changes button
 
* 
NOTE: The system performs a reboot following the hostname change.

HTTPS Settings

The HTTPS Settings section allows you to enable HTTP and HTTPS access on specific ports. The following are HTTPS settings you can configure. Click the Apply Changes button when done.

 

Enable HTTP access on port

Check the box to enable this setting. Enter the port number in the field provided. The default port for HTTP is Port 80.

Enable HTTPS (SSL) access on port

Check the box to enable this setting. Enter the port number in the field provided. The default port for HTTPS is Port 443.

Redirect access from HTTP to HTTPS

Select the check box to enable redirecting access from HTTP to HTTPS.

Date & Time Settings

Set the current date, time, and time zone for this host.

Settings

1
Select the time zone from the drop down list for Available time zones.
2
Set the time and date using the drop down lists provided for Year, Month, Day, Hour and Minute.
 
* 
NOTE: Hours are set using a 24-hour format.
NOTE: If the server is running Microsoft Windows, please use the Windows Control Panel to configure data and time settings.
3
Select Apply Changes to save any changes.

NTP settings

1
Enable Network Time Protocol by checking the box. It synchronizes server time using UDP on port 123.
2
Provide the list of NTP servers to use for synchronizing the time. Up to 8 entries are allowed. Separate each by a carriage return.
3
Select Apply Changes to save any changes.

Network Settings

The Networking section allows you to configure the host server to use DHCP or a static IP address. If you chose DHCP (Dynamic Host Configuration Protocol), all the necessary settings are automatically found from the network DHCP server.

If DHCP (Dynamic Host Configuration Protocol) is chosen, all the necessary settings are retrieved automatically from the network DHCP server. If static IP settings are chosen, the IP address, DNS servers, default gateway, and subnet mask must be configured.

If you choose static IP settings, set the following:

 

Primary DNS Server IP address:

The IP address of the server which is the primary Domain Name Server for this network.

Fallback DNS Server IP address:

The IP address of the server which is the fallback Domain Name Server for this network.

Default gateway IPv4 address:

The IP address of the server which is the default gateway for this network.

Default gateway IPv6 address:

Required when IPv6 interface is configured.

Subnet mask:

The subnet mask for this network.

For Ethernet 0:
1
Check the box if you want to Enable the use of Ethernet 0 port.
2
Enter the IP address in the text field.
3
Enter the Subnet mask in the text field.
4
Click Add Alias if you need to add more IPv4 or IPv6 addresses.
For Ethernet 1:
1
Check the box if you want to Enable the use of Ethernet 1 port.
2
Enter the IP address in the text field.
3
Enter the Subnet mask in the text field.
4
Click Add Alias if you need to add more IPv4 or IPv6 addresses.

If you make any changes to the Network Settings, be sure to Apply Changes.

CIFS Mount Settings

An external storage drive can be mounted to store the appliance's data. The available data on the current drive is migrated to the external storage drive, increasing the storage limit for the appliance. For dual control centers, the same external drive can be mounted on both control centers to share the data. The two control centers could be used either to share the load or as a failover.

Mount status: displays the mount status of the external drive. If no external drive is connected, status is shown as Unknown.
Migrate status: displays the status of the migration from the local data to the external drive.
Hostname (FQDN): Enter the hostname or IP address for the host managing the external drive.
Shared Drive Name: Enter the shared drive name of the remote drive.
Remote login userid: Enter the user ID for logging into the host. Use the format: domain\userid.
Remote login password: Enter the password for logging into the host.
Mount: Mounts the remote drive once the test mount passes.
Migrate: Migrates data from the local drive to the external drive.
Unmount: the button to unmount the remote drive.
Test Mount: the button to test whether the external drive is mounting or not.

Advanced

The System > Advanced page allows you to configure a variety of settings, such as customize the STMP banner, configure logging levels, setting log levels, reset to factory settings, download system/log files, as well as other advanced features.

 
* 
IMPORTANT: The Advanced page contains tested values that work well in most configurations. Changing these values my adversely affect performance.
Topics:  

General Settings

A series of general settings can be defined or enabled. General Settings below describes the options. When done setting the options, click on Apply Changes to save or click on Reset to Defaults to return the settings to the system default.

 

General Settings

Option

Definition

Message Management

Customize SMTP banner:

Use this setting to specify the SMTP banner. Be sure to use valid characters and syntax for an SMTP header.

Replace SonicWall in “Received:” headers:

Use this setting to replace the name in the “Received:” header, if you do not want to have the SonicWall Email Security name in the Received headers when sending good email downstream to your servers. Enter a new name in this field.

DNS Timeout for SPF:

Enter a value between 1 to 30 seconds. This sets the number of seconds SonicWall Email Security searches for the SPF record of the sender. If Email Security cannot find the SPF record in the number of seconds specified, it times out and does not return the SPF record of the sender. The default value is 2 seconds.

Saved emails will automatically be deleted when older than:

Enter the number of days that you want to preserve the data in the email archives. Lowering this number means less disk space is used, but note that you will not have report data older than the number of days specified.

Permit users to add members of their own domain to their Allowed Lists:

Selecting the on button allows users to add people within their domain to their personal Allowed Lists. For example, if you work at example.com and enable this feature, all users at example.com can be added to your Allowed List. As a result, email messages between internal users are not filtered by the Email Security product. You can either add people manually or configure to automatically add each person to whom users send email.

Save a copy of every email that enters your organization:

When the on button is selected, folders with the entire contents of every email are created in the logs directory of each server that analyzes email traffic (All-In-One Servers and Remote Analyzers). The emails are saved before being analyzed for threats by Email Security. Because saving inbound emails can be handled independently, separate folders are used for inbound email.

Save a copy of every email that leaves your organization:

When the on button is selected, folders with the entire contents of every email are created in the logs directory of each server that analyzes email traffic (All-In-One Servers and Remote Analyzers). The emails are saved before being analyzed for threats by Email Security. Because saving outbound emails can be handled independently, separate folders are used for saved outbound email.

Other Settings

Log level:

Use this option to change the log level for Email Security. Change the log level to increase or decrease the amount of information stored in your logs. Log level 1 provides the maximum quantity of logging information; level 6 results in the least. The default level is 3.

Reports data will be deleted when older than:

Enter the number of days of data you want to preserve for reporting information. Reducing this number means less disk space is used, but note that report data older than the number of days specified will not be available. The default value is 366 days.

Test Connectivity to reports database:

Click the Test Connectivity button to verify that you can access the Reports database. If this test fails, custom reports will not work and the database is not updated. If this test fails during normal operation, contact a system administrator immediately. Refer to Reports and Monitoring for more information on accessing and customizing reports.

SNMP Settings (for split configurations)

SNMP:

When the on button is selected, SNMP is enabled, allowing other SNMP-enabled upstream servers to pull information from it.

SNMP Community String:

Enter the SNMP string in the text field. This is the friendly same of your server.

SSH Settings

SSH

The default setting is off. When the on button is selected, it allows someone with the proper credentials to temporarily access the secure shell.

Miscellaneous Settings

The Miscellaneous Settings section includes uploading a patch to the Email Security server and downloading system/log files.

Upload Patch

Usually when a new Email Security update is available, Email Security automatically downloads the update and alerts the administrator by email that it is available.In some instances, an administrator may want or need to apply a patch manually. For example, if an administrator has multiple servers running in split configuration mode (Remote Analyzer / Control Center configuration), updates must be applied manually.

To upload a patch file manually:
1
Navigate to the System > Advanced page.
2
Scroll down to the Miscellaneous Settings > Upload Patch section.
3
Click the Choose File button, and select a file from your local hard drive to upload.
4
Then, click the Apply Patch button.

Download System/Log Files

The Download System/ Log Files feature allows you to download or email log files and system configuration files from your server.

To download or email the system/ log files
1
Select the Type of File from the drop down list.
2
Use the Choose specific files list to select one or more files to download.
3
Choose the delivery method:
Select Download to download the files locally
Click the Email To button, enter the Recipient email address in the dialog box, and click Send.
 
* 
NOTE: Emailing very large files and directories may be problematic depending on the size and limitations of your email system.

Reset Settings

The Reset Settings section provides tools for cleaning up certain options and resetting others to the default.

Cleanup Per User

The Cleanup Per User tool deletes address books and settings filters of non-existent users in your Email Security user list.

Select the Use last generated report to clean up check box to reference the latest generated report for Per User Cleanup. The report is generated as a .txt file.
Click Generate Report to generate an updated list of users.
Click Cleanup Per user to use the Per User Cleanup tool to delete files of non-existent users.

Delete All Users’ Allowed and Blocked Lists

All users’ allowed and block lists on this server can be permanently deleted. The corporate Allowed and Blocked Lists are also deleted, along with Allowed and Blocked Lists for all groups. If you wish to retain any of this data, you need to back it up from the System > Backup/Restore page and download it to your local hard drive before deleting. Click the Delete All button to perform this action.

 
* 
IMPORTANT: With this action all Allowed and Blocked Lists are permanently deleted and can’t be recovered.

Reinitialize Appliance to Factory Settings

You can reinitialize the settings for this Email Security product to the factory default values. All log, settings, data, license keys, etc. on this server are permanently deleted. If you wish to retain any of this data, you need to back it up from the System > Backup/Restore page and download it to your local hard drive before deleting. Click the Reinitialize Appliance button to perform this action.

After clicking the Reinitialize Appliance button, you are logged out and redirected to the login page. It takes several minutes for the reinitialization process to finish. When reinitialization is complete, the server automatically reboots itself. When the reboot is finished, you need to reconfigure the appliance from scratch.

Reset Licenses

Reset all license key information associated with this SonicWall Email Security server by clicking the Reset Licences button. License keys can be restored by visiting https://www.mysonicwall.com/.

After clicking the Reset Licenses button, the license keys are deleted. You no longer have access to a majority of the user interface features, and many left-hand navigation links direct you to the License Management page.

Branding

Branding provides the ability to customize aspects of the user interface. Administrators can upload replacement assets for the key branding elements, including company name, logo, and other branding assets. Navigate to the System > Branding page to configure Branding feature settings. Select either the Quick Settings tab or the Packages tab. The Quick Settings tab allows administrators to specify global settings for the most commonly modified asset files on the GUI. The Packages tab allows administrators to manage, upload, and apply branding packages to their GUI.

Topics:  

Quick Settings

Use the Quick Settings tab on the System > Branding page to specify global settings for particular user interface elements.

 
* 
NOTE: Any settings specified in this section overrides those specified by deployed packages.

Text Preferences

The Contact Us URL is the email address or URL that appears as the “Contact Us” link at the footer of each page. This field supports “http://”, “https://”, and “mailto:” formats. To change the Contact Us URL, type the email address or URL in the field provided.

Click the Test Connectivity button to verify the email address or URL you specified is valid.

Image Preferences

The Image Preferences files can all be modified by clicking the Browse... button or clicking the Download icon. The Browse... option allows you to select a file from your local system. The Download icon downloads the default SonicWall image file. Note that an error message displays if you have uploaded an incorrect file type.

The following Image Preferences can be modified:

Web Icon file—This field replaces the 4-bit SonicWall logo that appears in the address bar of every web page across all browser platforms.
Logon logotype file—This field replaces the logon, logout, and mini-logon generic bitmap that displays the SonicWall challenge screen layout and design.
Logon backdrop art file—This field replaces the logotype bitmap that appears upon every challenge screen.
Page logotype file—This field replaces the short version of the SonicWall logotype that appears at the top of each web page’s banner art.
Page header art file—This field replaces the SonicWall banner art bitmap at the top of each web page.
Pop-up logotype file—This field replaces the smaller version of the SonicWall logotype that appears at the top of each pop-up dialog’s page banner art.
Pop-up header art file—This field replaces the smaller version of the SonicWall banner art that appears at the top of each pop-up dialog page.

Junk Summary Preferences

The Junk Summary Preferences can all be modified by clicking the Browse... button or clicking the Download icon. The Browse... option allows you to select a file from your local system. The Download icon downloads the default SonicWall image file. Note that an error message displays if you have uploaded an incorrect file type.

The following Junk Summary Preferences can be modified:

Junk Summary logotype file—This field replaces the black-on-white logotype that always appears at the top of each Junk Summary email.
Junk Summary header art file—This field replaces the Junk Summary banner art bitmap at the top of each page.

Click the Save button when you have finished modifying settings on the Quick Settings tab.

Packages

The Packages tab allows administrators to manage, upload, and apply branding packages to their user interface. The Manage Packages table displays the available packages the administrator can apply, including the SonicWall brand package.

 
* 
NOTE: The SonicWall branding package can never be deleted, but administrators can edit or delete all other brand packages that have been uploaded.
To upload a new package:
1
Navigate to the System > Branding page.
2
Click the Packages tab.
3
Click the Upload button under the Manage Packages section.
 
* 
NOTE: Uploads are restricted to .zip files and must contain the exact structure of the directories being modified or replaced.
4
Click on Browse... and navigate to and select the File to upload.
5
Enter the Brand Label name.
6
Enter the Full name of the packaging label.
7
Provide the email address or web sites as a contact point listed in the Contact Us field.
8
Add any additional notes about the package in the Notes field.
9
Click on Save to upload the package.

To manage the packages once they are loaded in the table, you can click on the management icons (Edit, Download, or Delete) listed in the Configure column of the table.

Certificates

The System > Certificates page allows administrators to configure settings specific to certificates, including trusted certificate authentication and enabling secured access. Refer to the following sections for more information:

Generate/Import

Choose between self signing and trusted certificate authority.

To generate a certificate:
1
Navigate to System > Certificates > Generate/Import.

2
Enter the Certificate Name in the field provided.
3
Select one of the following:
Generate generic self-signed SSL certificate—Select this option to have Email Security generate a generic self-signed SSL certificate. Specify the Passphrase for private key in the field provided.
Generate a self-signed SSL certificate—Select this option to have Email Security generate a self-signed SSL certificate. Specify the Hostname to be used when generating this certificate and the Passphrase for private key in the fields provided.
Import an existing certificate issued by a trusted authority like RapodSSL, Verisign and other CAs. The product supports PKCS #12 (.p12 or .pfx), PKCS #7 and PEM formats—Complete the following for this option:
Upload a PKCS #12/PKCS #7/PEM certificate by clicking Choose File and selecting the appropriate file.
Upload Private Key for PKCS #7/PEM certificate by clicking Choose File and selecting the appropriate file.
Enter the Passphrase for private key in the field provided.
Enter the Password for PKCS #12 file in the field provided.
4
Click the Generate/Import button.

Generate CSR

If you do not have an existing certificate, navigate to the System > Certificates> Generate CSR page. Fill out the form and click the Generate CSR button to submit a Certificate Signing Request (CSR) for a trusted certificate to a trusted authority, such as Verisign or Thawte.

Configure

On the System > Certificates > Configure screen, a table is generated that shows the server name, certificate type, and if it is SMTP or HTTPS.

Click the View icon of a specific certificate to see the certificate details.
Click the Download icon to download the certificate to your local hard drive.
Click the Delete icon to delete the certificate from the Email Security system.
Click the Apply button to apply changes to the settings.

Audit Trail

The Audit Trail feature, or Audit Log, on Email Security is a set of destination and source records that tracks the actions performed on every email message that passes through Email Security. This feature logs all the activity performed by users, where the Global Administrator can view and search these activities.

The Audit Trail feature includes information of any fields that may have been added, edited, or deleted; search queries in the Junkbox and Auditing pages; and all View, Unjunk, Delete, Sent Copy to, Download actions performed on messages in the Junkbox and Auditing pages.

Enabling Auditing

To enable Audit Trail:
1
Navigate to the System > Audit Trail page.
2
Click the Settings button.

3
Click the On button to Enable Audit Trail. This enables auditing for both inbound and outbound email messages.
4
Use the drop down list to specify how long to Keep auditing files for. The predefined selections range from 1 day to 7 years.
5
Click the Apply button when finished.
6
Click the Export to CSV button to export a list of Messages Found. The list is downloaded to your local system.

Navigating the audit data

The audit messages are displayed in a table on the Audit Trail page. You can configure the data display and manipulate the data through filters and sorts.

To configure the data:
1
Click the Add Columns button.The drop down menu shows all the fields that can be displayed in the data table.
2
Check the box for the fields you want to appear
3
Uncheck the box for the fields you want to hide.
4
Click on Save View if you want to have that view displayed all the time.
5
Click on Reset to Default View if you want to return to the default view.

To set or clear filters:
1
Select the field to search on.
2
Click on the drop down menu and select Filters.
3
Type the search string in the field. The data immediately begins filtering based on what you typed in.
4
Add filters to other fields if you want to further refine your search.
5
Click on Clear Filters to view all the data again.
To sort:
1
Place the cursor in the heading of a the data column you want to sort.
2
Click in the column heading and an arrow indicator appears.
An arrow pointing down indicates data is sorted in descending order.
An arrow pointing up indicates data is sorted in ascending order.
3
Click in the column heading again to change directions.
To refresh the data:
1
Click the Refresh button.
To save the data:
1
Click on the Export to cvs button. An excel download file appears at the bottom of the window.
2
Double-click on the files to open it.
3
View or save as needed.

Diagnostics

The System > Diagnostics page allows the Administrator to run different diagnostic tests on a specific SMTP Host or DNS Server.

To run the diagnostics:

1
Select an option in Diagnostics Category. The various options are described below.
 

Run SMTP Test for specified Host or IP

Run an SMTP test for the Input Domain/IPv4/IPv6 specified in the respective field. Optionally, you may specify the Alternate DNS Server IP.

Query DNS for A record of the specified Domain

Specify the Input Domain/IPv4/IPv6 and select this option to query the DNS server for the A record. Optionally, you may specify the Alternate DNS Server IP.

Query DNS for AAAA record of the specified Domain

Specify the Input Domain/IPv4/IPv6 and select this option to query the DNS server for the AAAA record. Optionally, you may specify the Alternate DNS Server IP.

Query Reverse DNS Lookup for a specified IP

Specify the Input Domain/IPv4/IPv6 and select this option to query reverse the DNS lookup server for the specified IP. Optionally, you may specify the Alternate DNS Server IP.

Query DNS for MX Record of the specified Domain

Specify the Input Domain/IPv4/IPv6 and select this option to query the DNS server for the MX Record. Optionally, you may specify the Alternate DNS Server IP.

Query DNS for SPF Policy of the specified Domain

Specify the Input Domain/IPv4/IPv6 and select this option to query the DNS server for the SPF Policy. Optionally, you may specify the Alternate DNS Server IP.

Query DNS for DMARC Policy of the specified Domain

Specify the Input Domain/IPv4/IPv6 and select this option to query the DNS server for the DMARC Policy. Optionally, you may specify the Alternate DNS Server IP.

Query DNS for DKIM Policy of the specified Domain

Specify the Input Domain/IPv4/IPv6 and select this option to query the DNS server for the DKIM Policy. Optionally, you may specify the Alternate DNS Server IP.

Ping the mentioned Host or IP

Ping the Host or IP specified in the Input Domain/IPv4/IPv6 field.

Connect to the specified Host or IP

Select this option to connect to the Host or IP specified in the Input Domain/IPv4/IPv6 field.

2
Enter the data for the remaining fields. Different fields show depending on choice made in Step 1.
3
Enter the Alternate DNS Server IP, if needed.
4
Click the Go button.