surfcontrol e-mail filter 5.0 for smtp getting started guidekb.websense.com/pf/12/webfiles/wbsn...

E-mail Filter

www.surfcontrol.com The World’s #1 Web & E-mail Filtering Company

SurfControl E-mail Filter 5.0 for SMTP Getting Started Guide

CONTENTS

CONTENTS

INTRODUCTION

About This Document ...........................................................................................................................................................2Product Overview ...................................................................................................................................................................2What’s New in Version 5.0 ....................................................................................................................................................3How SurfControl E-mail Filter Works ................................................................................................................................5

BEFORE YOU BEGIN

System Requirements .............................................................................................................................................................8Minimum Requirements .........................................................................................................................................8Other Requirements ................................................................................................................................................11

Installation Decisions .............................................................................................................................................................12Location of E-mail Filter on the Network ..........................................................................................................13Database Size and Location ...................................................................................................................................13Load Balancing Methods ........................................................................................................................................14Server Size.................................................................................................................................................................15

INSTALLATION

In This Chapter .......................................................................................................................................................................18Running the Setup Wizard .....................................................................................................................................................19

E-mail Filter Components......................................................................................................................................20Typical Installation ..................................................................................................................................................21Custom Installation - Administration Client .......................................................................................................27Custom Installation - Report Central ...................................................................................................................31

CONFIGURATION WIZARD

In This Chapter .......................................................................................................................................................................36Running the Configuration Wizard ......................................................................................................................................37Next Steps ................................................................................................................................................................................46

Launching E-mail Filter ..........................................................................................................................................46Launching Report Central ......................................................................................................................................46Upgrading from a Previous Release......................................................................................................................47

DEPLOYMENT

In This Chapter .......................................................................................................................................................................50Deployment Options ..............................................................................................................................................................51

Deployment Option 1: E-mail Filter Installed on the Mail Server ..................................................................51Deployment Option 2: Simple Dedicated Server ...............................................................................................53Deployment Option 3: In a DMZ ........................................................................................................................55Deployment Option 4: A Protected Network ....................................................................................................57Deployment Option 5: Multiple Sites...................................................................................................................59

SurfControl E-mail Filter for SMTP 5.0 Getting Started Guide ii

CONTENTS

iii Getting Started Guide SurfControl E-mail Filter for SMTP 5.0

Chapter 1 Introduction

About This Document page 2Product Overview page 2What’s New in Version 5.0 page 3How SurfControl E-mail Filter Works page 5

INTRODUCTIONAbout This Document1

About This DocumentThis document explains how to install and configure SurfControl E-mail Filter so that you can protect your system against e-mail threats as quickly as possible.

Product OverviewSurfControl E-mail Filter is a comprehensive filtering solution that deals with current and evolving threats:

Table 1 Enterprise Threat Protection

Threat How You’re Protected

Phishing and Fraud The E-mail Filter Threat Database contains the digital signatures of thousands of known phishing e-mails and fraudulent URLs.

Because E-mail Filter uses Adaptive Threat Intelligence, it can also detect when an e-mail has phishing characteristics - protecting you against new and emerging threats.

Spam The Anti-Spam Agent comprises four separate tools that work independently to offer a complete solution. As well as a comprehensive database of known spam, E-mail Filter’s advanced heuristics tools can detect new outbreaks of spam and stop them before they reach your inbox.

Corporate Confidentiality Regulations such as Sarbanes-Oxley, Gramm-Leach-Bliley and HIPAA demand absolute protection of network data. The Virtual Learning Agent is a powerful tool that you can train to recognize and protect your organization’s specific confidential data.

Viruses and Malware E-mail Filter works with your resident Anti-Virus Solution to prevent transmission of viruses, spyware and other malware through your e-mail system. The Adaptive Threat Intelligence suite can also determine the likelihood that any e-mail is infected, offering you advanced protection against new outbreaks.

2 Getting Started Guide SurfControl E-mail Filter 5.0

INTRODUCTIONWhat’s New in Version 5.0 1

What’s New in Version 5.0 Table 2 explains the new features in version 5.0

Table 2 New Features in Version 5.0

Feature What It Does

Quicker Setup

New Setup Wizard The new Setup Wizard makes E-mail Filter quicker to download and install.

Configuration Wizard After the Setup Wizard has installed E-mail Filter, the Configuration Wizard will guide you through the configuration process step by step so that you can begin filtering e-mail as quickly as possible.

Advanced Ant i -Spam Protect ion

Enhanced Anti-Spam Agent Digital Fingerprinting, Heuristics, LexiRules, and Neural Net tools provide industry-leading anti-spam effectiveness with zero administration cost.

Directory Harvest attack detection Prevents spammers stealing your e-mail addresses by brute-force attacks.

Web Threat Protect ion

URL Category List Protects against inappropriate and fraudulent Web links in e-mails.

Conf ident ia l Data Protect ion

Expanded Dictionaries support 10 pre-packaged language packs, including: English, French, Spanish, Dutch, Italian, German, Portuguese, Japanese, Traditional Chinese and Simplified Chinese.

Easier Virtual Learning Agent Uses Real-time Threat Intelligence to understand and protect your confidential data.

Improved Secur i ty

Denial of Service protection Detects and manages suspicious SMTP connections and offers fine-tuning of all SMTP connections, internal and external.

Secure Remote Access Locks down remote administration by user logon.

Expanded Sca labi l i ty

Unlimited Connection Threads Supports unlimited simultaneous connections, scaling up to meet requirements of the most demanding mail gateways.

Pipelining and Chunking (eSMTP) Significantly improves mail throughput between mail servers that support these commands, such as MS Exchange and Lotus Domino.

LDAP Organizational Units Tailors message-processing rules based on organizational structures already defined in LDAP.

SurfControl E-mail Filter 5.0 Getting Started Guide 3

INTRODUCTIONWhat’s New in Version 5.01

Eas ier Administ rat ion

Grouping of Rules Organizes your rules by the type of e-mail threats being managed. The default rule set includes anti-spam, network security, and other useful groupings.

Expanded Filtering in Rules Supports inbound/outbound “Who” functionality, filtering of PDF, TNEF, and RTF, and supports Office 2003 and Web Archive formats.

Redesigned Server Configuration Offers a more powerful way to configure any server and view settings by service.

E-mail notifications of failed events Instant awareness that any scheduled event has not been successful.

Report Central Provides web-based reporting of filtering activity, with ability to lock down reporting access by user.

Single Management Console Allows easy administrative access to each SurfControl server within the organization, providing a single portal view of multiple SurfControl E-mail & Web Filter deployments.

Table 2 New Features in Version 5.0

Feature What It Does


INTRODUCTIONHow SurfControl E-mail Filter Works 1

How SurfControl E-mail Filter WorksFigure 1 explains how E-mail Filter processes messages:

Figure 1 How SurfControl E-mail Filter Works


INTRODUCTIONHow SurfControl E-mail Filter Works1

SurfControl E-mail Filter’s functionality is managed by four software services:

• Receive Service

• Rules Service

• Send Service

• Administration Service

The services fit together like this

Figure 2 E-mail Filter Services

During the installation and configuration process you will:

• Install the services to your server or servers.

• Install the SQL databases

• Specify where the queue folders will be located.


Chapter 2 Before You Begin

System Requirements page 8Minimum Requirements page 8Other Requirements page 11

Installation Decisions page 12Location of E-mail Filter on the Network page 13Database Size and Location page 13Load Balancing Methods page 14Server Size page 15

BEFORE YOU BEGINSystem Requirements2

System Requirements

MINIMUM REQUIREMENTSDuring installation, the System Checker will check your system to see if it meets the minimum requirements for SurfControl E-mail Filter to be installed correctly. Tables 1 to 3 show the Minimum RequirementsTable 1 SurfControl E-mail Filter SMTP

Processor Intel Pentium III processor 600MHz or higher

Memory 512MB RAM minimum, 1024MB recommended

Operating System

Windows 2000 Server with Service Pack 4

Windows 2000 Advanced Server with Service Pack 4

Windows Server 2003 with Service Pack 1

Disk Space 200MB Minimum Disk Space

500MB is recommended.

Display Super VGA (800 x 600) or higher resolution video adaptor and monitor

Web Browser Microsoft Internet Explorer 5.0 or later

Networking TCP/IP installed and configured with an Internet connection

DNS Internal or External DNS configured

E-mail E-mail system with SMTP gateway or MTA installed

MDAC Microsoft Data Access Components MDAC 2.7 (Service Pack 2) or later

Database Microsoft SQL Server 2000. If this is not installed on your system, SurfControl E-mail Filter can install MSDE 2000 Service Pack 3.

SQL Server is recommended for larger sites, as it handles large volumes of data more easily


BEFORE YOU BEGINSystem Requirements 2

Table 2 SurfControl E-mail Filter for SMTP Admin Client

Processor Intel Pentium III processor 600MHz or higher.

Operating System

Windows 2000 Server with Service Pack 4

Windows 2000 Advanced Server with Service Pack 4

Windows Server 2003 with Service Pack 1

Windows 2000 Professional with Service Pack 4

Windows XP

Display Super VGA (800 x 600) or higher resolution video adaptor and monitor.

Web Browser Microsoft Internet Explorer 5.0 or later.

MDAC Microsoft Data Access Components MDAC 2.7 (Service Pack 2) or later.


BEFORE YOU BEGINSystem Requirements2

Report Central Minimum RequirementsThe computer where you are installing Report Central must meet the requirements listed in Table 3. The computer must be part of a network that meets the requirements listed in Table 4. Table 3 Basic requirements

Operating System

Windows 2000 Server Service Pack 4

Windows 2000 Advanced Server Service Pack 4

Windows Server 2003 Standard Edition

Windows Server 2003 Enterprise Edition

Processor Pentium III or higher

Memory 512 MB

Disk space 1GB

Applications Internet Explorer 5.0 or higher

Adobe Reader 6.0 or later to read reports in PDF format

Other The SQL Server tembDB transaction log file should have a capacity of more than 5MB. 15MB is recommended. To allocate more memory to this file, consult the E-mail FilterAdministrator’s Guide. You can do this after you have installed Report Central.

Table 4 Network requirements

Operating System

Windows 2000 Server SP4

Windows 2000 Advanced Server SP4

Windows Server 2003 Standard Edition

Windows Server 2003 Enterprise Edition

Database Microsoft MSDE Service Pack 3

Microsoft SQL Server 2000

Applications SurfControl E-mail Filter 5.0

Microsoft Internet Explorer 5.0 or higher

Adobe Reader 6.0 or later to read reports in PDF format


BEFORE YOU BEGINSystem Requirements 2

OTHER REQUIREMENTSPlease note the following:

• None of the E-mail Filter components can be installed via a terminal server client.

• You must have full administrative rights to install E-mail Filter.

You will also need the following information:

• Your mail system’s pre-registered domain name.

• The IP address or host name of your e-mail system’s SMTP gateway or MTA.

• The e-mail address of your e-mail system security administrator.

• Your Activation Key as supplied by SurfControl.

• The HTTP port number (default 8181) to install and start the Administration Service.

• The IP address of the relay host (for example your ISP) if you use a relay host to send mail to the Internet.


BEFORE YOU BEGINInstallation Decisions2

Installation DecisionsBefore you begin installing SurfControl E-mail Filter you need to make decisions about the following:

• Location of SurfControl E-mail Filter on your network.

• Database size and location.

• Load balancing method.


BEFORE YOU BEGINInstallation Decisions 2

LOCATION OF E-MAIL FILTER ON THE NETWORKBefore you install E-mail Filter on your network, consider

• Whether you will install E-mail Filter on the mail server / MTA or on a dedicated server.

• Whether the mail server uses MX records for domain name resolution, or whether the mail server passes this task to a relay host.

• Where the E-mail Filter server will be located in relation to your firewall or DMZ.

Chapter 5 describes a range of deployment options for different sized enterprises.

DATABASE SIZE AND LOCATIONSurfControl E-mail Filter stores all configuration data and filtering policies in a SQL database called STEMConfig. All logging data is stored in a SQL database called STEMLog.

SQL Server vs. MSDEMSDE, included with the SurfControl E-mail Filter download, is the run-time version of SQL. MSDE databases have a 2 GB size limit and few management tools, but it is an effective database for small environments.

Although you can install a SQL database onto the SurfControl server, SurfControl recommends that large environments install a fully licensed version of SQL onto a separate, dedicated server.

Dedicated vs. CentralizedIf your network requires multiple SurfControl servers, you have two database options: dedicated or centralized. A dedicated database stores data for a single SurfControl server in a single database; a centralized database stores the data for multiple SurfControl servers in a single database.

Many customers choose to use the centralized database option, which provides the advantages of centralized policy management and message administration, plus the ability to run reports from a single repository.

However, the size of a centralized database grows in direct relation to the number of SurfControl servers that write to it. Depending on the size of your environment and the number of e-mails that pass through your network, a centralized database can require additional administration. In this case, you may choose to use a dedicated database for each SurfControl server.

Database SizeThe size of the database depends on the number of e-mails your organization receives per day, and the length of time you plan to retain the logged data for message administration and reporting purposes. To size your database appropriately, SurfControl estimates that each e-mail generates approximately 1KB of log data stored in the database. (This calculation can also be helpful when determining whether MSDE is sufficient for your environment.)

No matter where you store the SurfControl E-mail Filter data, make sure the server has as much RAM as the anticipated size of the database (for example, a one GB database requires one GB of RAM. (This is in accordance with Microsoft’s recommendations for optimal performance.)



LOAD BALANCING METHODSYou can load balance SurfControl E-mail Filter using MX records. On the DNS server hosting your domain, create an MX record for each primary SurfControl server using the same MX preference, while giving the failover server a higher number (which gives it a lower preference). Table 5 provides an example of MX preference assignments for load-balancing and failover using MX records. Figure 1 further shows this method.

Figure 1 Using MX records for load balancing.

Table 5 MX Records for Load Balancing.

Mail Exchanger IP Address MX Preference

Site A

mx1.siteA.com 208.126.216.20 5

mx2.siteA.com 208.126.216.21 5

mx3.siteA.com 208.126.216.22 5

mx4.siteA.com 197.201.56.201 10

Site B

mx1.siteB.com 197.201.56.201 5

mx2.siteB.com 197.201.56.202 5

mx3.siteB.com 197.201.56.203 5

mx4.siteB.com 208.126.216.20 10


BEFORE YOU BEGINInstallation Decisions 2

In Figure 1, e-mail sent to siteA.com round-robins between mail exchangers 1, 2, and 3, because each SurfControl server has the same MX preference of 5. (A lower MX preference number means that it has a higher priority -- 5 having a higher priority than 10.) The same thing happens for e-mails sent to siteB.com. If site A is down (e.g., with a network failure), the sending mail server will route e-mail to the fourth (failover) MX record, which is the address of a server in a different physical location.

For the described failover to work properly, SurfControl servers in site A are configured to accept messages for site B, and SurfControl servers in site B are configured to accept messages for site A. The failover servers also have static routes configured so that SurfControl knows where to route the e-mails.

In addition to load balancing and failover using MX records, there are also sophisticated load balancing switches that can be used for these purposes. These switches offer a variety of load balancing algorithms, in addition to round-robin delivery, which provide efficient load distribution and timely failover. Although this is not a required component for a SurfControl implementation, the use of load balancing switches may improve the overall efficiency of your SMTP infrastructure.

SERVER SIZETable 2 shows SurfControl’s server recommendations, depending on how many e-mails per hour your organization typically handles.

Table 6 Server Recommendations.

E-mails Per Hour Server Recommendations

< 10K e-mails PIII 1Ghz + 1 GB RAM.

< 25K e-mails Dual Xeon 2GB RAM.

<40K e-mails Quad Xeon, 2GB RAM, 3 or more HDDs (10,000 + RPM) for e-mail processing.

< 120K e-mails 3-Quad Xeon, 2GB RAM, 3 or more HDDs (10,000 + RPM) for e-mail processing.

< 240K e-mails 6-Quad Xeon, 2GB RAM, 3 or more HDDs (10,000 + RPM) for e-mail processing.

Actual processing speeds are dependent on several factors: number of rules processing threads, number of enabled rules, size of e-mails, and complexity of the e-mails (e.g., attachments, embedded files, etc.).



Partitioning the ServerYou can optimize E-mail Filter’s performance by installing onto a server capable of fast disk I/O and configured to support multiple HDDs. Figure 2 shows the optimal HDD and partitioning configuration for SurfControl. Because SurfControl frequently reads from and writes to disk as it processes e-mail, SurfControl recommends that you have a server capable of fast disk I/O.

Figure 2 shows a server with five SCSI HDDs. Two of the HDDs are in a RAID1 configuration and are divided into three partitions: a partition for the operating system, a partition for the page file, and a partition for the SurfControl application.

The other three HDDs each have a single partition and are capable of fast disk I/O. The first drive contains the In folder where SurfControl stores the received e-mails. The second drive contains the Work folder. SurfControl retrieves e-mails from the In folder and moves them to the Work folder, where the e-mails are processed against the configured rule set. SurfControl then moves the e-mail to a quarantine folder for review or to the Out folder for delivery. The third drive contains the Out folder where SurfControl relays processed messages to the intended recipient.

Figure 2 Partitioning the SurfControl server.

Now turn to the next chapter to begin the installation process.


Chapter 3 Installation

In This Chapter page 18Running the Setup Wizard page 19

E-mail Filter Components page 20Typical Installation page 21Custom Installation - Administration Client page 27Custom Installation - Report Central page 31

INSTALLATIONIn This Chapter3

In This ChapterOnce you have made the installation decisions discussed in the previous chapter, you are ready to begin installing SurfControl E-mail Filter. There are two stages to complete before SurfControl E-mail Filter can begin filtering e-mail:

• The Setup Wizard will install the files on your computer.

• The Configuration Wizard will guide you through the basic configuration process and download the latest Threat Databases. The Configuration Wizard will begin automatically once the Setup Wizard is finished.

This chapter explains how to install the E-mail Filter files on your computer using the Setup Wizard.


INSTALLATIONRunning the Setup Wizard 3

Running the Setup WizardThere are two ways to install SurfControl E-mail Filter:

• Typical Installation

A typical installation will install all the SurfControl E-mail Filter Core Components. If you run a typical installation, everything that SurfControl E-mail Filter needs to begin filtering e-mail will be installed on the same server.

• Custom Installation

You can select which e-mail filter components you want to install. This is useful if you want to access the E-mail Filter server from a remote location. Figure 1 shows the Monitor installed as an Administration Client on the administrator’s workstation, which enables the administrator to view e-mail traffic passing through the E-mail Filter server in real time.

Figure 1 Using the Administration Client for remote access

You can also use the custom installation to install Report Central.


INSTALLATIONRunning the Setup Wizard3

E-MAIL FILTER COMPONENTSTable 1 describes the E-mail Filter Components.

If you install the Server Components, the Administration Clients are also installed automatically. You can install the Administration Clients without the Server Components and specify the remote location of the Server Components so that the Administration Clients can connect to them.

Table 1 E-mail Filter Components

Component Description

Server Components E-mail Filter services Manages the processing of e-mail. See “E-mail Filter Services” on page 6.

Scheduler Schedules the updating of the Threat Management Database and other management tasks.

Administration client Manages communication between the components.

Administration Clients

E-mail Monitor Displays the progress of e-mails through E-mail Filter in real time.

Rules Administrator Displays and manages the rules you set up to enforce your organization’s Acceptable Use Policy.

Message Administrator

Displays information about e-mails that have triggered rules, and enables you to act on them.

Report Central Creates reports on e-mail use in your organization.



TYPICAL INSTALLATIONA typical installation will install all of the E-mail Filter components on your computer. Follow Procedure 1.

Procedure 1 : Typica l Insta l lat ionStep Action

1 Double click the setup.exe icon to start the Setup Wizard.

2 Specify where you want the Setup Wizard to copy the SurfControl installation files.

Click Next to continue.

3 The Welcome page will display. Click Next to continue.

4 You will be asked to agree to the SurfControl License Agreement.

Select I accept the terms of the license agreement and click Next.



5 You will be asked to accept the GNU public license agreement.


6 You will be asked to select a Setup Type. Choose Typical.

Click Next.

7 You will see that the core components are selected by default.

By default, Report Central is also selected. You need Report Central to create reports on e-mail use in your organization.

You cannot deselect any of the core components but you can choose not to install Report Central.

To change which core components are installed, click Back to return to step 6, and select a Custom installation.




8 The System Checker will check that your computer meets the recommended requirements.

If your computer meets the minimum requirements but not the recommended requirements, the system checker will display a warning, but you can continue the installation process. If your computer does not have MDAC the Setup Wizard will install it automatically when you click Next.

If your computer does not meet the minimum requirements you will be asked to abort the installation.

To continue installing, click Next.

If you plan to create the E-mail Filter databases on the local computer, proceed to step 9.

If you plan to create the E-mail Filter databases on a remote computer, proceed to step 15.

Creat ing loca l E -mai l F i l ter databases

9 The Setup Wizard will check whether a valid SQL Server is installed on your computer:

• If a SQL Server is present, you can use it to create the E-mail Filter databases on the local computer. See step 10.

• If SQL Server is not present, you can install MSDE and use it to create the E-mail Filter databases on the local computer. See steps 11- 14.

10 To create the databases on an existing SQL Server, select Create SurfControl E-mail Filter databases on this computer.

Click Next. Proceed to step 17




11 To install MSDE select Install MSDE and create SurfControl E-mail Filter databases on this computer.

12 Specify the location of the MSDE database. By default this is C:\Program files\Microsoft SQL Server

Click Browse… to change the path.

Click Next to proceed.

13 Specify a password for the SQL Server administrator account SA

Enter a password for the SA account, then enter it again to confirm.

Click Next




14 When the MSDE setup program has finished, you will be asked to restart your computer. When the computer has restarted the Setup Wizard will resume where it left off.

Select Create SurfControl E-mail Filter databases on this computer and click Next.

Creat ing the E-mai l F i l ter databases on a Remote SQL Server

15 Select Create SurfControl E-mail Filter databases on another computer.

16 Specify the server name of the SQL Server where you want to install the E-mail Filter databases.

Choose how the SurfControl E-mail Filter server will connect to the SQL Server:

• Windows NT Authentication

• SQL Authentication

Enter a user name and password to log into the SQL Server.

Click Next.




Once you have finished installing SurfControl E-mail Filter the Configuration Wizard will begin immediately. See “Configuration Wizard” on page 35

17 The summary screen will now display, showing the options you have chosen.

To proceed with the installation, click Next. Click Back to amend your settings.

18 When the installation is complete, you will see the final screen of the Setup Wizard.

Click Finish.




CUSTOM INSTALLATION - ADMINISTRATION CLIENTProcedure 2 describes how to use a Custom Installation to install the Administration Client components of your choice. See “E-mail Filter Components” on page 20 for a description of each component.

Procedure 2 : Insta l l ing the Administrat ion C l ient Step Action

1 Double click the setup.exe icon to start the Setup Wizard.

2 Specify where you want the Setup Wizard to copy the SurfControl installation files.


3 The Welcome page will display. Click Next to continue.





5 You will be asked to accept the GNU public license agreement.


6 Select the Custom setup type.

7 Select the components you want to install.

Note: You can install the E-mail Filter Client without the E-mail Filter Server, but you cannot install the E-mail Filter Server without the E-mail Filter Client.




8 The System Checker will check that your computer meets the recommended requirements.

If your computer meets the minimum requirements but not the recommended requirements, the system checker will display a warning, but you can continue the installation process. If your computer does not have MDAC the Setup Wizard will install it automatically when you click Next.

If your computer does not meet the minimum requirements you will be asked to abort the installation.

To continue installing, click Next.

9 Specify the location of the E-mail Filter server. Enter:

• The server name or IP address of the computer where the E-mail Filter Server Component is installed.

• The port number that the E-mail Filter client will use to communicate with the server.

• A user name and password that the E-mail Filter client will use to log in to the E-mail Filter Server.

Click Next to continue

10 The summary screen will show the installation choices you have made. Click Next to proceed.




11 The Installation Complete screen will display. Click Next to launch SurfControl E-mail Filter.

If you selected to install Report Central, the Report Central installation process will now begin.




CUSTOM INSTALLATION - REPORT CENTRALIf you install Report Central as part of a full installation, the Setup Wizard will install all the files you need automatically. If you install Report Central as part of a custom installation, you will need to follow further steps in the setup wizard that are specific to Report Central.

Procedure 3 : Insta l l ing Report Centra lStep Action

1 If you have already installed any E-mail Filter Components, you will be asked whether you want to

• Install Report Central v1.5

• Uninstall SurfControl E-mail Filter

Select Install Report Central v1.5 and click Next.

2 If you are installing Report Central without any SurfControl E-mail Filter components, select Custom from the Setup Type screen.


3 You will see the Report Central welcome screen.






5 Specify the folder where you want to install Report Central.


6 Select the server where the SurfControl E-mail Filter logging database is installed.

7 Specify how Report Central will authenticate itself to the E-mail Filter logging database. Choose one of the following:

• Windows Authentication

• SQL Authentication

Enter the user name and password of an account to log into the SQL Server.





8 Create a username and password for the Report Central administrator account. When you run Report Central for the first time, you will need this account to log in.

9 Select the database that Report Central will connect to. Report Central will use this database to generate reports.

If you want to choose a database later, leave the Database field blank.


10 The Setup Wizard is now ready to begin installing.

Click Install to continue.




11 When the Setup Wizard has finished copying the files, you will see the Installation Complete screen.

Click Finish to launch Report Central.



Chapter 4 Configuration Wizard

In This Chapter page 36Running the Configuration Wizard page 37Next Steps page 46

Launching E-mail Filter page 46Launching Report Central page 46Upgrading from a Previous Release page 47

CONFIGURATION WIZARDIn This Chapter4

In This ChapterThis chapter explains how to use the Configuration Wizard to set up SurfControl E-mail Filter and begin filtering e-mail.

Once you have finished installing E-mail Filter the Configuration Wizard will begin immediately. It will guide you through a basic configuration process that will protect your primary domain against common threats. Once the Configuration Wizard has finished, E-mail Filter will be up and running, and you can fine-tune the configuration to suit your needs.

The Configuration Wizard has four stages.

• Your Organization

• System Details

• Mail Routing

• Filtering Options


CONFIGURATION WIZARDRunning the Configuration Wizard 4

Running the Configuration WizardThe Configuration Wizard will launch automatically after you finish the installation process. Follow Procedure 1:

Procedure 1 : Conf igurat ion Wizard Step Action

1 As soon as you have finished installing SurfControl E-mail Filter, the Configuration Wizard will launch.

Your Organizat ion

2 Enter your contact information to register with SurfControl.

(Sheet 1 of 9)


CONFIGURATION WIZARDRunning the Configuration Wizard4

3 If you are evaluating E-mail Filter, select I am evaluating SurfControl E-mail Filter.

If you have purchased SurfControl E-mail Filter, select I have purchased a license and enter your license key.

4 If you have entered a license key, you will be asked if you have license keys for any of the Adaptive Threat Intelligence components. If you have license keys, enter them here.

System Informat ion

5 The System Details introduction screen will display. Click Next.

Procedure 1 : Conf igurat ion Wizard (Cont inued)Step Action

(Sheet 2 of 9)



6 Enter the following:

• User name and password of a Windows user account with administrative privileges. E-mail Filter will use this account to log its services on to Windows.

• The domain or machine name of the server where the Windows user account is defined.


7 If you have not yet installed Report Central, you can opt to install it now.

Alternatively, if you want have installed Report Central on another server and want to use it for reporting on e-mail activity, enter the machine name and port number of the server where Report Central is running.

Note: If you are running SurfControl Report Central for Web Filter on the remote server, you need to install Report Central for E-mail Filter there as well.

8 If you installed Report Central during the Installation process, or if you opted to install Report Central in step 7, create a username and password for the Report Central administrator account. When you run Report Central for the first time, you will need this account to log in.


(Sheet 3 of 9)



Mai l Rout ing

9 The Mail Routing introduction will display. Click Next.

10 Specify the SMTP port that SurfControl E-mail Filter will use to receive inbound e-mail. This is usually port 25.

The Configuration Wizard will check that the port you specify is available. If it is being used, either disable the service using it, or choose another port.


(Sheet 4 of 9)



11 Enter the following information about your primary local domain:

• Local domain name

The domain for which you want to filter e-mail. If you have more than one domain in your organization, you can add others once E-mail Filter is up and running.

• Postmaster e-mail address

The e-mail address of the postmaster for your primary local domain.

• Name or IP address of mail server

The machine name or IP address of your mail server.

• Mail Server SMTP Port

The port that the E-mail Filter server will use to communicate with the domain’s mail server.

To test the connectivity between the E-mail Filter server and the mail server, click Test.

12 Specify how you want E-mail Filter to route outbound mail. E-mail Filter can route e-mail in two ways:

• By sending it directly to the internet. E-mail Filter will perform a DNS lookup to resolve the e-mail address.

• By sending it to another mail server. The mail server will handle domain name resolution and any further routing.

Select how you want outbound messages to be routed. If you want to route outbound mail via a mail server, fill in the fields as follows:

• Host Name or IP

Enter the host name or IP address of the mail server to which you want to forward e-mails.

• Port

Enter the port that SurfControl E-mail Filter will use to communicate with the mail server.

Once E-mail Filter is up and running you can add further mail servers.


(Sheet 5 of 9)



13 The Filtering Options introduction screen will display. Click Next.

14 SurfControl E-mail Filter has a set of standard rules so that you can begin filtering e-mail as soon as possible. Select which rule groups you want to activate. You can choose one or all of the following:

• Spam Filtering rules.

• Virus protection rules.

• Network security rules.

When you have chosen which rule groups to activate, click Next.

15 Specify where the queue folders that hold isolated e-mail will be located. The Configuration Wizard will automatically select the drive with the most disk space as the default.

Click Next.


(Sheet 6 of 9)



16 If messages build up in the Isolate queues it can impair E-mail Filter’s performance. You can automatically delete each e-mail from the Virus or Spam queues once it has been held there for a set number of days.

You can delete:

• E-mails over 7 days old from the Virus queue.

• E-mails over 14 days old from the Spam queue.

Once E-mail Filter is up and running you can set up automatic management for other queues, and change the number of days after which e-mails are deleted.

17 E-mail activity is recorded in the STEMLog database. If this database becomes too large, it can slow down the processing and delivery of e-mail.

To maintain efficiency, you should schedule regular database updates. Select Purge database once a month to set up a regular database purge.

Once E-mail Filter is up and running, you can use the Scheduler to specify when database purges take place.

18 E-mail Filter can send notifications via e-mail to your domain’s systems administrator to notify them of system events.

Enter the e-mail address of a system administrator for your protected domain who you want to be notified of system events.

Click Next.


(Sheet 7 of 9)



19 The Configuration Wizard is now ready to complete the configuration tasks.

Click Start to begin configuring.

20 The Configuration Wizard will work through the list of tasks. When a task is complete it will be marked with a green check.

If there is a problem with the configuration process, you will see a red exclamation point next to the task. If this happens the Back button will become enabled so that you can amend your settings if necessary.

21 SurfControl strongly recommends that you exclude the E-mail Filter work folder and its subfolders from scanning by your resident anti-virus solution.

Click Check folders to check that the correct folders are excluded from anti-virus scanning.

The Configuration Wizard uses the Eicar test pattern to test the response of your anti-virus software. The Eicar test pattern is not a virus and will not damage your system in any way.



(Sheet 8 of 9)



22 The Configuration Wizard is now complete. The Monitor will launch automatically. Use the Server Configuration Console to fine-tune your configuration to suit your needs.


(Sheet 9 of 9)


CONFIGURATION WIZARDNext Steps4

Next StepsSurfControl E-mail Filter is now protecting your primary e-mail domain using the standard rules you specified. You now need to launch E-mail Filter and fine-tune the configuration settings. You can:

• Add other protected domains: if you have an additional e-mail domain, it will not receive any e-mail until you add it to the protected domains list in the Server Configuration Console.

• Change the timing of scheduled events: use the Scheduler to change how frequently database purges and other events take place.

• Create additional rules: use the Rules Administrator to create, amend and group rules to suit your Acceptable Use Policy.

Consult the Administrator’s Guide for more information.

LAUNCHING E-MAIL FILTERWhen the Configuration Wizard is finished, the Monitor will start automatically.

At other times, you can launch E-mail Filter from the Start menu.

Now consult the E-mail Filter Administrator’s Guide for more information.

LAUNCHING REPORT CENTRALFrom the Start menu, select Programs > E-mail Filter 5.0 Reports.

Log in using the Admin account that you created when you were installing and configuring Report Central.

Consult the E-mail Filter Administrator’s Guide for more information about Report Central.


CONFIGURATION WIZARDNext Steps 4

UPGRADING FROM A PREVIOUS RELEASEIf you have upgraded from a previous release of E-mail Filter, your existing rule set will be preserved. The standard rules shipped with Version 5.0 will be saved to the root of the SurfControl E-mail Filter folder. To import the new rules, follow Procedure 2:

Procedure 2 : Upgrading the Rule SetStep Action Action

1 Launch the Rules Administrator

2 From the File menu, select Import Rules... The Open dialog will display.

3 Select Default.rul and click Open. A list of rules in the file will display

4 Select the ones you want and click Import to transfer them into the Rules Administrator.

5 You will see the rules you selected in the Rules Administrator. Imported rules are initially disabled. Check the boxes of the rules you want to enable.

6 If any of the imported rules, need to be re-configured, the Rules Wizard will start when you enable them. Skipping this configuration may cause the rule to behave incorrectly.


CONFIGURATION WIZARDNext Steps4

Dictionary UpgradesWhen you upgrade to version 5.0, the new dictionaries are automatically installed. However, only new words are added to your existing dictionaries, so any dictionary scores you have changed or words you have added will be preserved.

Retraining the Virtual Learning AgentWhen you have installed version 5.0 you will also need to re-train the Virtual Learning Agent. For instructions on how to do this, consult the Administrator’s Guide.


Chapter 5 Deployment

In This Chapter page 50Deployment Options page 51

DEPLOYMENTIn This Chapter5

In This ChapterThis chapter offers five sample deployment options for enterprises of differing size and complexity:

Table 1 Deployment Options

Option Description Find out more

1 E-mail Filter installed on the mail server page 51

2 Simple dedicated server page 53

3 In a DMZ page 55

4 On the protected network page 57

5 Multiple site installation page 59


DEPLOYMENTDeployment Options 5

Deployment Options

DEPLOYMENT OPTION 1: E-MAIL FILTER INSTALLED ON THE MAIL SERVERSurfControl recommends that you install E-mail Filter on a dedicated server for optimum performance. However, in small environments where cost is a consideration, you can install SurfControl E-mail Filter on a Windows-based mail server.This deployment is not recommended for large environments. In this scenario, SurfControl E-mail Filter is installed on the mail server. The E-mail Filter server accepts traffic from the firewall on port 25. It filters the e-mail and relays it to itself on port 26. The mail server then delivers the e-mail to the e-mail users.

Figure 1 Installing E-mail Filter on a Windows-based mail server


DEPLOYMENTDeployment Options5

To perform this installation, follow Procedure 1:

Procedure 1 : Insta l l ing E-mai l F i l ter on the Mai l ServerStep Action

1 On the mail server, run the SurfControl E-mail Filter Setup Wizard, selecting typical install. See “Typical Installation” on page 21.

2 When you have finished installing the product, the Configuration Wizard will run. It will ask you to enter:

• The IP address of your mail server: enter the IP or machine name of the mail server where E-mail Filter is installed.

• The SMTP Port of the mail server: change the port number from 25 to a different number, e.g. 26.

3 Configure your firewall to accept internal SMTP connections only from the SurfControl E-mail Filter server.

4 Configure the inbound port 25 tunnel on your firewall to the SurfControl E-mail Filter server.

POP3 C l ients us ing External Mai l Servers

5 If you have any POP3 clients that use external mail servers, set their SMTP host to be the SurfControl E-mail Filter server. Some POP configurations require that the mail server is placed in the DMZ or Packet Switching Network, SurfControl do not recommend this because of the data security risk.



DEPLOYMENT OPTION 2: SIMPLE DEDICATED SERVERThis deployment is a simple, low cost solution, suitable for a small to medium sized environment. All E-mail Filter components (including the SQL database) are installed on a single server. E-mail Filter is filtering all inbound and outbound SMTP traffic.

Figure 2 Simple installation for small and medium sized environments.

Inbound e-mail travels from the Internet to E-mail Filter for filtering. E-mail Filter then routes the e-mail to the next host, which is typically the SMTP service or the daemon of the internal mail server.

Outbound e-mail flows from the SMTP service/daemon of the internal mail server to E-mail Filter for filtering. E-mail Filter uses available DNS to resolve MX records and route the SMTP traffic.



Follow Procedure 2

Procedure 2 : S ingle Server Insta l lat ionStep Action

1 Run the SurfControl E-mail Filter Setup Wizard on the server where you want to install SurfControl E-mail Filter, selecting Typical Installation.

Make sure that the SurfControl E-mail Filter databases are installed on the same server.

2 After you have finished the Setup Wizard, the Configuration Wizard will run. It will ask you to enter:

• The IP address of your mail server: enter the IP or machine name of the mail server where E-mail Filter is installed.

• The SMTP Port of the mail server: this should be the default port 25.

3 The Configuration Wizard will ask if you want to route outbound e-mails directly to the Internet. If the answer is yes, you will also need to configure your firewall to allow the E-mail Filter server to access the Internet directly. Make sure both port 25 and port 53 are allowed and support SMTP and DNS requests.



DEPLOYMENT OPTION 3: IN A DMZMany large organizations deploy SurfControl E-mail Filter in the DMZ, as shown in Figure 3

Figure 3 SurfControl E-mail Filter in a DMZ.

Figure 3 shows SurfControl E-mail Filter installed on hardened servers in the DMZ. In this scenario, the E-mail Filter servers receive SMTP traffic for the organization, filter the e-mail accordingly, then route it to the next host, which is typically a mail server, gateway, or bridgehead on the protected network..

Many deployment scenarios include two or more SurfControl servers, with no single point of failure. In these scenarios, load balancing is typically achieved using DNS MX records with the same preference.

There are several different ways that SurfControl routes SMTP traffic in this type of deployment:

• SurfControl filters both inbound and outbound traffic. In this configuration, E-mail Filter Server 2 or E-mail Filter Server 2 receives inbound SMTP traffic, depending on the MX record. It then statically delivers all “allowed” messages to the internal mail server. When the mail server receives outbound e-mail, it routes the e-mail to either E-mail Filter Server 1 or E-mail Filter Server 2 for outbound DNS name resolution and delivery.

• E-mail Filter Server 1 primarily filters inbound traffic; E-mail Filter Server 2 primarily filters outbound traffic. In this configuration, the E-mail Filter Server 1 acts as a back-up for outbound traffic (based on internal configuration). E-mail Filter Server 2 acts as a back-up for inbound traffic (based on higher MX preference).



• E-mail Filter Server 1 and 2 for inbound filtering only. In this configuration, load balance E-mail Filter using MX records. Outbound mail is completely separate and can be routed through additional SurfControl servers, or through any existing outbound mail gateways. This configuration is typically used when there is a high requirement to filter inbound e-mail (e.g. spam), but little or no requirement to filter outbound e-mail.

SQL PlacementIn Figure 3, the SQL Server is placed inside the protected network. Firewall rules permit E-mail Filter Server 1 and E-mail Filter Server 2 to communicate with the SQL Server over port 1433. Both E-mail Filter servers share a single SQL database for policy management and logging, allowing E-mail Filter to be managed as a single entity.

Alternatively, you could install SQL or MSDE directly onto each SurfControl server, though policy management and message administration would not be centralized with this configuration. However, you can easily export policies from one SurfControl server and import them to any other SurfControl servers. This configuration is commonly used when SurfControl’s main objective is to discard spam, and you have no need for centralized reporting.

Security ConsiderationsBecause of its placement in a DMZ, install SurfControl E-mail Filter onto a hardened Windows 2000 or Windows 2003 server, following Microsoft's OS hardening recommendations for a stand-alone server. SurfControl servers are stand-alone servers (not part of a domain or AD) and use local accounts for services. When communicating with the SQL database, SurfControl uses SQL authentication.

To implement this deployment option, follow Procedure 3

Procedure 3 : Deploy ing SurfContro l E -mai l F i l ter in the DMZStep Action

1 Configure the external firewall to allow the following ports:

• Port 53 to accept E-mail Filter’s DNS requests.

• Port 25 to allow SMTP traffic.

• Port 80 to allow Threat Database updates from the Internet.

2 Configure the internal firewall to allow the following ports:

• Port 25 to allow traffic from the mail server.

• Port 8181 (or the alternative port of your choosing) for the administration service and remote access.

• Port 1443 if you want E-mail Filter to connect to a remote SQL database using SQL authentication.

• Port 389 if you want E-mail Filter to perform LDAP lookups for user and group information.

3 Run typical installations on SurfControl E-mail Filter Servers 1 and 2. See “Typical Installation” on page 21

For both installations, choose a remote SQL Server. Enter the name of the SQL Server when prompted.



DEPLOYMENT OPTION 4: A PROTECTED NETWORKDepending on your environment, there can be specific advantages to installing SurfControl E-mail Filter on your protected network, such as enabling E-mail Filter to interact with existing user directories and filter outbound e-mail. Figure 4 depicts this deployment, where an organization’s e-mail is routed to a mail relay or anti-virus gateway and then routed to E-mail Filter servers on the protected network for additional filtering.

Figure 4 SurfControl E-mail Filter on the protected network.

This example includes an optional load balancing switch to help distribute the SMTP traffic evenly across the E-mail Filter servers. These servers share a centralized policy database and log database. The E-mail Filter servers deliver any “allowed” messages to the next host.



As with installing in the DMZ, there are numerous ways that SMTP traffic is routed in this type of deployment:

• The gateway in the DMZ receives inbound e-mail and routes the e-mail to SEF1 or SEF2 using a load balancer. SurfControl servers filter the content according to policy, then route any “allowed” e-mails to the next internal mail host. Mail servers route outbound mail to SEF1 or SEF2 for filtering. SEF1 or SEF2 can either resolve DNS to route outbound traffic, or route messages to the DMZ for any additional filtering and delivery.

For inbound traffic, designate one (or more) SurfControl servers to primarily filter inbound e-mail. For outbound traffic, designate one (or more) SurfControl servers to primarily filter outbound e-mail. When receiving an increased volume of traffic, the load balancing hardware/software dynamically utilizes any other available resources. In addition, you can use the load balancer to dynamically route outbound e-mail to SurfControl depending on server availability, or other load balancing algorithms specific to the device.

• Inbound e-mail is the same as above. Outbound SMTP traffic can bypass SurfControl. Internal mail servers may route mail directly to the Internet, or relay to the mail server/AV gateway for outbound delivery.

SQL PlacementThe database can be installed on a separate server or server cluster, on one of the SurfControl servers, or on each of the SurfControl servers. Once again, server requirements depend entirely on message volume and reporting requirements.

To implement this deployment option, follow Procedure 4

Procedure 4 : Deploy ing E-mai l F i l ter on a Protected NetworkStep Action

1 Configure the external firewall to allow the following ports:




2 Configure the internal firewall to allow the following ports:

• Port 25 to allow traffic from the mail server.

• Port 8181 (or the alternative port of your choosing) for the administration service and remote access.

• Port 1443 if you want E-mail Filter to connect to a remote SQL database using SQL authentication.

• Port 389 if you want E-mail Filter to perform LDAP lookups for user and group information.

3 Run typical installations on SurfControl E-mail Filter Servers 1 and 2. See “Typical Installation” on page 21

For both installations, choose a remote SQL Server. Enter the name of the SQL Server when prompted.



DEPLOYMENT OPTION 5: MULTIPLE SITESSome larger organizations may have more than one geographic location with multiple E-mail Filter servers on each site. If one site is unavailable or is seeing an increased volume of traffic, you can route overflow to a different site for processing. You can accomplish this with MX records of different preferences, as shown in Figure 5:.

Figure 5 SurfControl E-mail Filter at multiple sites.

In Figure 5, e-mail intended for Site A is primarily delivered to the SurfControl servers physically residing at Site A. However, in the unlikely event that Site A is unavailable, messages intended for Site A will be delivered to Site B, because of the failover configuration (specified by the lower MX preference).

E-mail Filter servers at both sites need to have static routes that identify where to route e-mail intended for both Site A and Site B.



To implement this deployment option, follow Procedure 5.

For more detailed information about the Server Configuration Console and Routing, read the E-mail Filter Administrator’s Guide.

Procedure 5 : Deploy ing E-mai l F i l ter Across Mult ip le S i tesStep Action

1 On each site, allow the following ports on the firewall:




2 On each site, complete a full SurfControl E-mail Filter install on the E-mail Filter servers.

Conf igur ing stat ic routes

1 On the E-mail Filter server in site A, launch the Monitor.

2 From the File menu select Server configuration.

3 In the left hand pane, select Send Service > Routing.

4 You will see that the mail server for your primary e-mail domain has already been added in the right hand pane.

5 Click Add… The Domain Route Properties dialog will display.

6 In the Domain Name for Static Route field, enter the name of the e-mail domain where the mail servers on site B are located.

7 In the Route Host for this Domain field, enter the IP address of one mail server on Site B.

8 In the IP Port to use for this SMTP Host, enter the port that the E-mail Filter Server will use to communicate with the mail server. This is usually port 25.

9 Repeat steps 5–8 until you have added all the mail servers on Site B.

10 Now configure the static routes for Site B, specifying mail servers on Site A.


surfcontrol e-mail filter 5.0 for smtp getting started guidekb.websense.com/pf/12/webfiles/wbsn...

Documents