en-US
search-icon

Hosted Email Security 9.0 Admin Guide

Users, Groups & Domains

This chapter contains the following sections:

 
* 
NOTE: To manage users and groups, you need to have configured your Hosted Email Security setup to synchronize with your organization’s LDAP server. You can configure LDAP settings and queries on the System > LDAP Configuration page. Refer to LDAP Configuration for more information.

Users

The Users, Groups & Organizations > Users page displays the list of users who can log in. The list is determined by the query entered on the System > LDAP Configuration page. While SonicWall <product name> filters the email messages received by users not on the list, such users cannot log in to configure their individual settings.

 
* 
NOTE: The user data may come from multiple sources, so before performing a task on any user, select an option from the Using Source drop-down list, then click Go.

On this page you can perform the following functions:

Assign roles to groups of users. For example, you can give an LDAP group Administrator privileges on Email Security.
Set junk blocking options for a group of users. For example, you can set anti-spam aggressiveness for the Sales department.
Sign in as any user.
Add non-LDAP Users.

Select the Refresh Users & Group button to refresh the entries in the data table.

User View Setup

The administrator should add all employees to the list of users who can log in. Corporate mailing lists and aliases (such as info@example.com) should also be added to ensure junk mail sent to those aliases can be filtered. No harm if extra addresses that do not receive email appear here as a result of too broad an LDAP query.

Check the box if you want to Enable authentication for non LDAP users.

Searching for Users

If too many users show in a window, you can conduct a search using the Find all users in column search tool.

To use this search feature:
1
Navigate to the Users, Groups & Domains > Users page.

2
Select from the drop down list to do a search by User Name or Primary Email.
3
In the next drop down list, select from the search parameters: equal to (fast), starting with (medium), or containing (slow).
4
In the text field, type the word or phrase you are searching for.
5
Select if you want the search to Show LDAP entries or Show non-LDAP entries by checking the boxes next to either option.
6
Select Go.

Sorting through Users

To sort the list of users in the table, click the User Name or Primary Email heading. The arrowhead in the column indicates whether the data is sorted in ascending or descending order.

Signing in as a User

Administrators can sign in as any user, see their Junk Box, and change the settings for that user. In addition, you can sign in as a particular user to manage their delegates for them. Select the check box next to the User Name, then click the Sign In as User button.

The user’s Junk Box is displayed and you can make changes as needed. Refer to the SonicWall Email Security 9.0 User Guide for more information, if needed.

Editing User Rights

Administrators can assign different privileges to different users in the system by assigning them pre-defined roles. The pre-defined roles are described in the following table.

 

Pre-defined roles for users and groups

Role

Description

OU Administrator

The Organizational Unit (OU) Administrator role has full administrative rights to a specific list of domains the Global Administrator specifies. Typically, the Global Administrator of an enterprise-sized organization may wish to delegate the management of a smaller group of domains, or Organizational Units, between several users requiring administrative rights for successful management of these OUs. The OU Admin can log in as any other user within the group of domains assigned to change a user’s individual settings, view and manage Junk Boxes, and configure other areas of the Hosted Email Security system.

Help Desk

A user assigned as Help Desk has access to the corporate Junk Box and can unjunk items. This role also allows the user to log in as any user to change that user’s individual settings and view Junk Boxes. The Help Desk role does not allow the user to change global settings or other server configurations.

Group Admin

A group administrator role is similar to the Help Desk role except that this role’s privileges are limited to users for the group that they are specified to administer. The Group Admin role is always associated with one or more groups added to the Spam Blocking Options for Groups section.

Manager

A user assigned as Manager has access to corporate Reports and Monitoring screens. The user cannot change any configuration settings, nor are they able to sign in as any other user.

User

A user role is only allowed to log in to the SonicWall <product name> system, has access to his own individual user settings, and can only customize his own settings.

To assign a role to a user:
1
Select the user and click on Edit User Rights button.

2
Choose which role to assign to a user. (Refer to Pre-defined roles for users and groups.)
3
Click on Apply Changes.

Resetting User Message Management Settings

Select one or more users and click Set Message Management to Default to restore all settings to the defaults. Be aware that this overrides all individual preferences the user might have set.

Adding a User

The administrator can add individual non-LDAP users. Fill out the Primary Address and Alias fields, then click Add. If users have an alias associated with them, the alias should also be added. This is not dependent on LDAP status.

 
* 
NOTE: Users added in this way remain non-LDAP users. Their User Rights cannot be changed. Their source is listed as Admin. Users can edit their Junk Box setting only if the administrator sets the Junk Box setting: Enable “Single Click” viewing of messages to “Full Access” on the System > Junk Box Summary page.

Removing Users

The administrator can remove individual non-LDAP users. First select a non-LDAP user by using the check box in front of the name, then click the Remove button to delete the name from the list.

Exporting Users

The administrator can download a tab-delimited list by clicking this button. The file generated lists multiple non-LDAP users and can later be imported using the Import feature.

Importing Users

The administrator can add multiple non-LDAP users by importing a list of names. The list is made up of the primary addresses followed by the corresponding aliases of the users. The imported file can be appended to the existing names, or overwrite them. The format of the file is tab-delimited. One may use an Excel spreadsheet to generate a user list and save it as a tab-delimited file.

To import the list, click the browse button to locate the file and click Import.

Locked Users

On the Users page, in the Locked Users section, SonicWall <product name> displays a list of users that are currently locked out. The administrator can reset the lockout for any user.

To unlock the user:
1
Check the box by the locked out user.
2
Select the Unlock User button.

Groups

Navigate to the Users, Groups & Domains > Groups page to manage Group settings. Note that the settings on this page are optional.

This section describes how SonicWall <product name> lets you query and configure groups of users managed by an LDAP server. Most organizations create LDAP groups on their Exchange server according to the group functions. Different groups may have—or need—different settings specified.

Configure LDAP groups on your corporate LDAP server before configuring the rights of users and groups on SonicWall <product name> in the LDAP Configuration screen.

SonicWall SonicWall <product name> allows you to assign roles and set spam-blocking options for user groups. Though a user can be a member of multiple groups, SonicWall <product name> assigns each user to the first group it finds when processing the groups. Each group can have unique settings for the aggressiveness for various spam prevention. You can configure each group to use the default settings or specify settings on a per-group basis.

 
* 
NOTE: Any policy filter created by a group admin is applicable to all users belonging to the group.

Updates to groups settings in this section do not get reflected immediately. The changes are reflected the next time SonicWall <product name> synchronizes itself with your corporate LDAP server. If you want to force an update, click on the Refresh Users & Groups button.

Assign Roles to Groups Found in LDAP

In this section of the Groups page, you can find and add groups to manage their settings.

 
* 
NOTE: For administrative purposes, a user is a member of only one group. If a user is a member of more than one group, that user is a member of the group that is highest on the list.

Find and Add a Group

To find a group to add:
1
Click the Add Group button under the heading Assign Roles to Groups Found in LDAP. The Add Group window appears.

2
Choose the search mechanism in the Find all groups field. Select from equal to (fast), starting with (medium), or containing (slow).
 
* 
NOTE: The type of search you choose could affect the length of the search. The relative speed is indicated in the parentheses.
3
Type the search string in the text box.
4
Click Go to begin the search.
5
Check the box next to the group you want to include.
6
Select Add Group. A message displays stating that the group was added successfully.

Remove a Group

To remove a group:
1
Click the check box adjacent to the group(s) to remove.
2
Click the Remove Group button. A success message displays.

List Members

To list group members:
1
Click the check box adjacent to the group to list.
2
Click the List Group Members button. Users belonging to that group will be listed in a pop-up window.

Setting an LDAP Group Role

All members of a group are also given the role assigned to the group.

To set the role of a group:
1
Click the check box adjacent to the group to edit.
2
Click Edit Role. A window appears with the group’s name and current role.

3
Click the option button for the role that you want to assign to the group.
4
Click Apply Changes. A message appears stating that the group was changed successfully.
 
* 
NOTE: SonicWall <product name> queries your corporate LDAP server every hour to update users and groups. Changes made to some settings in this section may not be reflected immediately on SonicWall <product name>, but are updated within an hour.

Set Junk Blocking Options for Groups Found in LDAP

In this section of the Groups page, you can set up and manage the groups that need to be set up for junk blocking. Each group can have different settings.

Find and Add a Group

Finding and adding a group in this segment is the same as adding a group in the prior segment of the of the Group page.

To find a group to add:
1
Click the Add Group button under the heading Set Junk Blocking Options for Groups Found in LDAP.
2
Choose the search mechanism in the Find all groups field. Select from equal to (fast), starting with (medium), or containing (slow).
 
* 
NOTE: The type of search you choose could affect the length of the search. The relative speed is indicated in the parentheses.
3
Type the search string in the text box.
4
Click Go to begin the search.
5
Check the box next to the group you want to include.
6
Select Add Group. A message displays stating that the group was added successfully.

Remove a Group

To remove a group:
1
Click the check box adjacent to the group(s) to remove.
2
Click the Remove Group button. A success message displays.

List Members

To list group members:
1
Click the check box adjacent to the group to list.
2
Click the List Group Members button. Users belonging to that group will be listed in a pop-up window.

Edit Junk Blocking Options

Once a group has been added you can set up the junk blocking options for the group. You can choose to adhere to junk blocking parameters that have been defined for the corporate level, or you can customize the options for each group. The following parameters can be set:

User View Setup
Anti-Spam Aggressiveness
Languages
Spam Management
Phishing Management
Virus Management
Anti-Spoofing
To edit junk blocking options:

1
Check the box by the name of the group for which you want update junk blocking options.
2
Select Edit Junk Blocking Options. The following page displays with User View Setup as the default view. Each of the Junk Blocking Options are described in more detail the following sections.

User View Setup

The User View Setup option for Junk Blocking controls what options are available to the users in this group when they log in to the server using their user name and password. Enable any of the options by checking the box associated with the option. The options are defined in User View Setup Options. Be sure to select Apply Changes when done.

 

User View Setup Options

Option

Definition

Adhere to Corporate defaults

Sets the group options the same as the options defined at the corporate level. If this option is selected ,the other options are grayed out and not available.

Login enabled

Enables users in this group to log into their Junk Box.

Anti-spam

Allows or blocks specified people companies, lists, aggressiveness and languages. You can enable more user control by checking the box for Full user control over anti-spam aggressiveness settings.

Reports

Allows users in this group to view their spam reports.

Settings

Enables users in this group to view their settings. You can allow user access to their junk management settings by also checking the box for Junk mail management.

Quarantined junk mail preview settings

Allows users to preview quarantined junk mail if the box is checked for Users in the group are allowed to preview quarantined junk mail.

Anti-Spam Aggressiveness

On the Junk Blocking Options page, select Anti-Spam Aggressiveness on the left of the page. Here you can opt to Adhere to Corporate defaults by checking the box at the top of the page. If you wish to customize settings for the group, set the anti-spam aggressiveness as described below.

To configure Anti-Spam Aggressiveness settings for a group:
1
Choose the appropriate Grid Network Aggressiveness level for this group. Note that selecting a stronger setting will make SonicWall <product name> more responsive to other users who mark a message as spam.
2
Choose the appropriate Adversarial Bayesian Aggressiveness level for this group. Note that selecting a stronger setting will make SonicWall <product name> more likely to mark a message as spam.
3
Select the check box to Allow users to unjunk spam. If the box is unchecked, users cannot unjunk spam messages.
4
For each category of spam, determine level aggressiveness. The aggressiveness level ranges from Mildest to Strongest (left to right).
5
For each category of spam, specify whether members of the group are allowed to unjunk mail in their Junk Boxes.
6
Click Apply Changes.
Languages

On the Junk Blocking Options page, select Languages on the left of the page. Here you can opt to Adhere to Corporate defaults by checking the box at the top of the page. If you wish to customize settings for the group, set the blocking options as described below.

To determine the foreign language emails that groups can receive:
1
Select one of the following options for each language:
Allow All to allow all users in a group to receive email in the specified language.
Select Block All to block all users in a group from receiving email in the specified language.
Click No opinion to permit email to be subject to the spam and content filtering of SonicWall SonicWall <product name>.
2
Click Apply Changes to save setting made.
Junk Box Summary

On the Junk Blocking Options page, select Junk Box Summary on the left side of the page. Here you can opt to Adhere to Corporate defaults by checking the box at the top of the page. If you wish to customize settings for the group, set the options for the Junk Box Summary as described below.

To configure settings for the Junk Box for groups:
1
Select the Frequency of Summaries sent to users. Options include: Never, 1 Hour, 4 Hours, 1 Day, 3 Days, 7 Days or 14 Days.
2
Select the Time of Day users receive junk summary emails. Choose Any time of day or Within an hour of <select hour>.
3
Select the Day of the Week users receive junk summary emails. Choose Any day of the week or Send summary on <select day>.
4
Choose one option for summaries to include: All junk messages or Only likely junk (hide definite junk).
5
Select the Language of Summary Email from the drop down list.
6
Check the box if you want to receive a Plain Summary. The default is to receive a Graphic Summary.
7
Select the check box to if you want to Send Junk Box Summary to Delegates.
 
* 
NOTE: When this check box is selected, the summary email is sent to the delegate, not to the original recipient.
8
Click Apply Changes.
Spam Management

On the Junk Blocking Options page, select Spam Management on the left side of the page. Here you can opt to Adhere to Corporate defaults by checking the box at the top of the page. If you wish to customize settings for the group, set the options for mail tagged as Definite Spam and LIkely Spam as described below.

To manage Definite Spam or Likely Spam for this group:
1
Chose an action for messages marked as Definite Spam. The options are defined below.
Spam blocking off (deliver messages to recipients)—Passes all messages to users without filtering.
Permanently Delete—If determined Definite or Likely Spam, messages are permanently deleted.
REject with SMTP error code 550—Messages are sent back to the sender. In cases of self-replicating viruses that engage the sender’s address book, this can inadvertently cause a denial-of-service to a non-malicious user.
Store in Junk Box (recommended for most configurations)—Messages are quarantined in the Junk Box for review and deletion later.
Send to—Specify an email address for the recipient.
Tag with—Label the email to warn the user. The default is [SPAM] or [LIKELY_SPAM].
2
Choose an action message marked as Likely Spam. The options are the same as defined for Step 1.
3
Select the check box This Group accepts automated Allowed Lists if you want automated Allowed Lists to apply to this group.
4
Click Apply Changes.
Phishing Management

The phishing management window gives you the option of managing phishing and likely phishing settings at a group level. Just like Spam Management options, you can configure phishing management differently for different groups. However, unlike Spam Management options, these settings cannot be altered for individual users.

On the Junk Blocking Options page, select Phishing Management on the left side of the page. Here you can opt to Adhere to Corporate defaults by checking the box at the top of the page. If you wish to customize settings for the group, set the options for mail tagged as Definite Phishing and LIkely Phishing as described below.

To manage Definite Phishing or Likely Phishing for this group:
1
Chose an action for messages marked as Definite Phishing. The options are defined below.
No action—Passes all messages to users without filtering.
Permanently Delete—If determined Definite or Likely Phishing, messages are permanently deleted.
Reject with SMTP error code 550—Messages are sent back to the sender. In cases of self-replicating viruses that engage the sender’s address book, this can inadvertently cause a denial-of-service to a non-malicious user.
Store in Junk Box (recommended for most configurations)—Messages are quarantined in the Junk Box for review and deletion later.
Send to—Specify an email address for the recipient.
Tag with—Label the email to warn the user. The default is [SPAM] or [LIKELY_SPAM].
2
Choose an action message marked as Likely Phishing. The options are the same as defined for Step 1.
3
Click Apply Changes.
Virus Management

On the Junk Blocking Options page, select Virus Management on the left side of the page. Here you can opt to Adhere to Corporate defaults by checking the box at the top of the page. If you wish to customize settings for the group, set the options for mail tagged as Definite Viruses and LIkely Viruses as described below.

To manage Definite Viruses or Likely Viruses for this group:
1
Chose an action for messages marked as Definite Viruses. The options are defined below.
No action—Passes all messages to users without filtering.
Permanently Delete—If determined Definite or Likely Phishing, messages are permanently deleted.
Reject with SMTP error code 550—Messages are sent back to the sender. In cases of self-replicating viruses that engage the sender’s address book, this can inadvertently cause a denial-of-service to a non-malicious user.
Store in Junk Box (recommended for most configurations)—Messages are quarantined in the Junk Box for review and deletion later.
Send to—Specify an email address for the recipient.
Tag with—Label the email to warn the user. The default is [SPAM] or [LIKELY_SPAM].
2
Choose an action message marked as Likely Viruses. The options are the same as defined for Step 1.
3
Click Apply Changes.
Anti-Spoofing

On the Junk Blocking Options page, select Anti-Spoofing on the left side of the page. Here you can opt to Adhere to Corporate defaults by checking the box at the top of the page. If you wish to customize settings for the group, set the options as described below.

To configure the anti-spoofing settings:
1
If you want to Ignore allow lists for SPF hard failures, check the box provided.
2
Choose an action message marked as SPF hard fail. The options are:
 

No Action

No action is taken against messages marked as SPF hard fail.

Permanently delete

Messages marked as SPF hard fail are permanently deleted.

Reject with SMTP error code 550

Messages marked as SPF hard fail are rejected with an SMTP error code 550.

Store in Junk Box (recommended for most configurations)

Messages marked as SPF hard fail are stored in the Junk Box. This is the recommended setting for most configurations.

Send to [field]

Messages marked as SPF hard fail are sent to the user specified in the available field. For example, you can send to postmaster.

Tag with [field] added to the subject

Messages marked as SPF hard fail are tagged with a term in the subject line. For example, you may tag the messages [SPF Hard Failed].

Add X-Header: X-[field]:[field]

Messages marked as SPF hard failed add an X-Header to the email with the key and value specified to the email message. The first text field defines the X-Header. The second text field is the value of the X-Header. For example, a header of type X-EMSJudgedThisEmail with value spfhard results in the email header as: X-EMSJudgedThisEmail:spfhard.

3
For SPF soft failures, decide if you want to Ignore allow lists. A check ignores the allowed lists and unchecked uses the lists.
4
For DKIM settings, decide if you want to Ignore allow lists. A check ignores the allowed lists and unchecked uses the lists.
5
Choose the action to take for messages marked as DKIM signature failed. The options are the same as those listed for Step 2. In the text field, you can use text to indicate DKIM failures, rather than SPF failures.
6
Select Apply Changes when done.

Forcing All Members to Group Settings

Select the check box next to the Group(s) you want to adhere to Group Settings. Then, click the Force All Members to Group Settings button. All individual settings are overwritten by the Group Settings.

Domains

The Users, Groups & Domains > Domains page lists the domains that have been defined within the SonicWall <product name> solution.

This section includes the following topics:

Domains Overview

Domains are a smaller group of domains set by the Global Administrator as an efficient way of managing an entire enterprise-sized SonicWall <product name> system setup. These subset groups, also known as a Domain Unit (OU), are managed by a sub-Administrator, called the OU Administrator. The OU Administrator role has full administrative rights to the OU he has been assigned to by the Global Administrator.

The OU Admin can log in as any other user within the group of domains assigned to edit a user’s individual settings, edit group settings for groups within their OU, and manage Junk Boxes, and view Reports. The OU Admin is not able to add or remove domains from a Domain, regardless if he is the OU Admin of that Domain; only the Global Administrator has the ability to perform these tasks.

Adding a Domain

To add a Domain:
1
Navigate to the Users, Groups & Domains > Domains page.
2
Click the Add Domain button.
3
Enter the Domain(s). Acceptable domains follow the form of domain.com or sub.domain.com.
4
Click the Save button.