Dell SonicWALL Hosted Security. Administration Guide

Transcription

1 Dell SonicWALL Hosted Security

2 2015 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of Dell Inc. The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Dell does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Dell Inc. Attn: LEGAL Dept 5 Polaris Way Aliso Viejo, CA Refer to our website (software.dell.com) for regional and international office information. Trademarks Dell, the Dell logo, SonicWALL, SonicWALL ViewPoint. Reassembly-Free Deep Packet Inspection, Dynamic Security for the Global Network, SonicWALL Clean VPN, SonicWALL Clean Wireless, SonicWALL Global Response Intelligent Defense (GRID) Network, SonicWALL Mobile Connect, and all other SonicWALL product and service names and slogans are trademarks of Dell Inc. Microsoft Windows 7, Windows Server 2010, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation. Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims any proprietary interest in the marks and names of others. Legend CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death. IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information. HES Updated - April 2015 Version Rev. A

3 Contents Using This Guide About this Guide Guide Conventions Pre-Configuration Tasks Initial configuration Activating the Hosted Security service Adding MX records Logging in Configuring System Settings System > License Management Available security services License table License Keys Hosted Security Master Account Miscellaneous System > Network Architecture Server Configuration Spooling System > LDAP Configuration LDAP Overview Configuring LDAP Add LDAP Mappings System > Monitoring Configure System Monitoring Viewing Alerts Configuring Anti-Spoofing Anti-Spoofing Overview Enabling Inbound SPF Validation Configuring SPF Settings SPF Hard Fail SPF Soft Fail Outbound DKIM Settings Configuring Outbound DKIM Settings Generating DNS Record Using Outbound DKIM Settings Configuring Anti-Spam Identifying Spam Anti-Spam > Spam Management Anti-Spam > Address Books Using the Search Field

4 Adding People, Companies, Lists, or IPs Deleting People, Companies, Lists, or IPs Import Address Book Anti-Spam > Anti-Spam Aggressiveness Configuring GRID Network Aggressiveness Configuring Adversarial Bayesian Aggressiveness Settings Unjunking Spam Determining Amounts and Types of Spam Anti-Spam > Languages Configuring Anti-Phishing Anti-Phishing Overview Configuring Phishing Protection Configuring Anti-Virus Anti-Virus Overview Configuring Anti-Virus Protection Configuring Zombie and Spyware Protection Configuring Flood Protection Using the Auditing Features Auditing Overview Using Simple Search Mode Using the Advanced Search Mode Configuring Policy & Compliance Understanding Mail Threats Policy Management Overview Policy & Compliance > Filters Adding Filters Managing Filters Policy & Compliance > Policy Groups Policy Groups Overview Adding a New Policy Group Removing a Policy Group Policy & Compliance > Compliance Compliance Overview Dictionaries Approval Boxes Record ID Definitions Using the Encryption Service Outbound Messages Enabling the Secure Mail Policy Licensing Encryption Service Configuring Encryption Service Users in Encryption Service Adding a New User

5 Updating an Existing User Adding an Existing User Importing Users Exporting Users Cobrand and Reporting Users, Groups & Domains Users, Groups & Domains> Users Authenticating non-ldap Users Searching for Users Sorting through Users Signing In as a User Editing User Rights Resetting User Message Management Setting to Default Adding a User Removing Users Importing Users Exporting Users Users, Groups & Domains> Groups About LDAP Groups Adding a New Group Finding a Group Removing a Group Listing Group Members Setting an LDAP Group Role User View Setup Anti-Spam Aggressiveness Languages Junk Box Summary Spam Management Phishing Management Virus Management Forcing All Members to Group Settings Users, Groups & Domains > Domains Domains Overview Adding a Domain Hosted Security User Roles Managing the Junk Box Junk Box Management > Junk Box Using the Junk Box Simple View Using the Junk Box Advanced View Outbound Messages Stored in Junk Box Supported Search in Audit and Junk Box Boolean Search Wildcard Search Phrase Search Fuzzy Search

6 Junk Box Management > Junk Box Settings General Settings Action Settings Miscellaneous Junk Box Management > Junk Box Summary Frequency Settings Message Settings Miscellaneous Settings Other Settings Viewing Reports and Monitoring Reports & Monitoring > Reports Dashboard Anti-Spam Reports Anti-Phishing Reports Anti-Virus Reports Anti-Spoof Reports Encryption Service Reports Policy Management Reports Compliance Reports Directory Protection Reports & Monitoring > Scheduled Reports Reports & Monitoring > DMARC Reporting Downloads Anti-Spam Desktop for Outlook Junk Button for Outlook Send Secure Button for Outlook About Dell

7 Part 1 Introduction Using This Guide Pre-Configuration Tasks SonicOS 6.2 5

8 1 Using This Guide About this Guide Welcome to the. This document provides detailed configuration procedures for the various features of the product. For installation and set up instructions for your HES solution, refer to the Quick Start Guide. For configuration information for your Hosted Security Junk Box, refer to the Dell SonicWALL Hosted Security User Guide. Navigate to for the latest version of this guide as well as other Dell SonicWALL products and services documentation. Guide Conventions The following conventions used in this guide are as follows: Table 1. Guide conventions Convention Bold Italic Use Highlights dialog box, window, and screen names. Also highlights buttons. Also used for file names and text or values you are being instructed to type into the interface. Indicates the name of a technical manual. Also indicates emphasis on certain words in a sentence. Sometimes indicates the first instance of a significant term or concept. 6

9 2 Pre-Configuration Tasks This chapter provides pre-configuration information, such as purchasing and activating the Dell SonicWALL Hosted Security solution. This chapter includes the following sections: Initial configuration on page 7 Activating the Hosted Security service on page 7 Logging in on page 9 Initial configuration To configure a solution, you must have a computer that meets or exceeds the following requirements: An Internet connection A Web browser supporting Java Script and HTTP uploads. Refer to the following table for supported browsers: Table 1. HES Supported Browsers Accepted Browsers Internet Explorer Firefox Opera Chrome Safari Browser Number Version 7.0 or higher 3.0 or higher 9.10 or higher for Windows 4.0 or higher 3.0 or higher for Mac OS X NOTE: Because many of the screens are pop-up windows, configure your Web browser s pop-up blockers to allow pop-ups from your organization s server before using Dell SonicWALL Hosted Security. Activating the Hosted Security service After purchasing the service, you are then directed to the activation screen. 7

10 Specify the following fields, then click Activate Services: Domain Name The primary domain name that is associated with your Dell SonicWALL Hosted Security solution. Inbound Mail Server Host / IP Address The IP address of the mail server hosting your user mailbox(es) for inbound messages. Outbound Mail Server Host / IP Address The IP address provided during the provisioning stage of your Hosted Security solution. For example, if you registered the domain name soniclab.us.snwlhosted.com, then the Outbound Mail Server Host will be soniclab.outbound.snwlhosted.com. Address / Login The address or login name associated with your Dell SonicWALL Hosted Security account. Password The password associated with your account. Re-enter Password The password you entered in the previous field. Data Center Location Select the location of your Data Center. You are not able to change this option once it has been specified. A message displays confirming successful activation and product registration. Click Go to HES Console to continue. Adding MX records After activating your Hosted Security service, you may receive a message to replace your current MX records settings for inbound messages. Mail exchange (MX) records specify the delivery route for messages sent to your newly specified Dell SonicWALL Hosted Security domain name.the Dell SonicWALL Data Center can then create an internal MX record so mail is correctly routed to the specified domain. Multiple MX records are assigned to your domain name. Each MX record designates a priority to organize the way your domain s mail servers receive incoming messages; the lower the number, the higher the priority. You should always set back-up priority numbers in case the primary mail server fails or is down. For example, a customer wishes to activate the domain name jumbo.com. Since the Dell SonicWALL Data Center hosts snwlhosted.com, the domain then becomes jumbo.com.snwlhosted.com. After an MX record is created, where the customer publishes jumbo.com MX jumbo.com.snwlhosted.com, Dell SonicWALL then publishes an A record: jumbo.com.snwlhosted.com A , where is the IP address that Dell SonicWALL s Hosted analyzers use to route s sent to the jumbo.com domain. Dell SonicWALL publishes an A record for outbound messages: jumbo.com.outbound.snwlhosted.com A For outbound messages, you will need to configure the mail server hosting your user mailbox(es) for outbound messages to route all outbound s to jumbo.com.outbound.snwlhosted.com. 8

11 For more information regarding MX records, contact your ISP or refer to the Knowledge Base Article Setting Up Your MX Record for Security Hosted Solution located at: Logging in After completing the activation process, click the Go to HES Console button to be directed to the Hosted Security console. You can also open a new Web browser and navigate to: Enter the User Name and Password you configured in the Activation process, then click Log In. 9

12 Part 2 Configuring Hosted Security Settings Configuring System Settings Configuring Anti-Spoofing Configuring Anti-Spam Configuring Anti-Phishing Configuring Anti-Virus SonicOS

13 3 Configuring System Settings This chapter provides more detailed configuration procedures and additional system administration capabilities for the system. This chapter contains the following sections: System > License Management on page 11 System > Administration on page 13 System > Network Architecture on page 14 System > LDAP Configuration on page 17 System > User View Setup on page 20 System > Monitoring on page 22 System > License Management The System > License Management page allows you to view current Security and Support Services for your Hosted Security solution. To see more regarding the information on the License Management page, log in to your hosted.mysonicwall.com account. The following settings display on the License Management page: Serial Number The serial number of your Hosted Security solution. Authentication Code The code you entered upon purchasing/activating the Hosted Security solution. Model Number Since there is no physical appliance for the Hosted Security solution, the model number is listed as Software. See the following topics for more information: Available security services on page 11 License table on page 12 License Keys on page 12 Available security services comes with several services that must be licensed separately. For maximum effectiveness, all services are recommended. The following services are available: Security The standard license that comes with the service and enables basic components. This license allows the use of basic service features. Protection Subscription (Anti-Spam and Anti-Phishing) This license protects against spam and phishing attacks. 11

14 Anti-Virus (McAfee and SonicWALL Time Zero) Provides updates for McAfee anti-virus definitions and Dell SonicWALL Time Zero technology for immediate protection from new virus outbreaks. Anti-Virus (Kaspersky and SonicWALL Time Zero) Provides updates for Kaspersky anti-virus definitions and Dell SonicWALL Time Zero technology for immediate protection from new virus outbreaks. Anti-Virus (SonicWALL Grid A/V and SonicWALL Time Zero) Provides updates for Dell SonicWALL Grid anti-virus definitions and Dell SonicWALL Time Zero technology for immediate protection from new virus outbreaks. Compliance Subscription Provides a license for compliance features, including pre-defined Dictionaries, Approval Boxes, and Record ID Definitions. Encryption Service Provides access to the secure delivery of your messages. With this service, the user can also customize policies and actions to have messages routed through the Encryption Service. License table The following table provides details about the different types of licenses: Security Service Status Count Expiration Name of the service. The status may be one of the following: Licensed - Services have a regular valid license. Free Trial - Service has been using the 14-day free trial license. Not licensed - Service has not been licensed, neither through a regular license nor through a free trial license. Perpetual - The Base Key license comes with the purchase of the product and is perpetual. Note that the Base Key is the only perpetual license. Number of users to which the license applies. Expiration date of the service. Never - Indicates the license never expires. Date - A specific date on which the given service expires. License Keys Once the product is registered with hosted.mysonicwall.com, the Hosted Security obtains the purchased licenses. The License Management page displays a summary of the credentials that were received and stored on the Hosted Security server. The Refresh Licenses button is used to synchronize the state of the licenses on the server with the hosted.mysonicwall.com website. Upon successfully synchronizing, the licenses will automatically update to those of your online account. This button is used to update the license status of your product manually. NOTE: To manage licenses, login to your hosted.mysonicwall.com/login.aspx account. 12

15 System > Administration The System > Administration page allows you to make changes to the master account, password policy, invalid login policy, custom text for login, and quick configuration. Hosted Security Master Account The Hosted Security Master Account section allows you to change the master account username and password. NOTE: Dell SonicWALL strongly recommends that you change the master account password. To change the password: 1 On the System > Administration page, navigate to the Security Master Account section. 2 The Username you originally registered with appears as the default Username. 3 Specify the Old Password. 4 Specify the New Password. 5 Type the same new password in the Confirm password field. 6 Click Apply Changes. Miscellaneous The Miscellaneous section allows you to Enable Support user to handle organization changes. Select the check box to enable this feature. 13

16 System > Network Architecture The System > Network Architecture page allows you to configure both inbound and outbound capabilities for your Hosted Security server. See the following topics for more information: Server Configuration on page 14 Spooling on page 16 Server Configuration From the System > Network Architecture > Server Configuration page, click the Inbound tab to configure the inbound destination server, which is the server that will accept good after Dell SonicWALL Hosted Security removes and quarantines junk mail. For example, this could be the IP address of a Microsoft Exchange server. The default port is

17 The following table explains the available settings on the Inbound mail server: Setting Any source IP address is allowed to connect to this path, but relaying is only allowed for s sent to one of these domains. Your mail server host name or IP address. If multiple destination servers are provided, then s will be routed using load balancing. Require the destination server to support StartTLS Description This field only displays the domain for s to be relayed to. Note the default domain listed is the domain you initially activated for the Hosted Security solution. Navigate to the Users, Groups & Domains > Domains screen to configure Domain settings. Enter the mail server host name or IP address. Note the default IP address is the address you initially activated for the Hosted Security solution. If multiple destination servers are provided, will be routed using load balancing, in which you can also configure as either Round-robin or Fail-over. Test Downstream: Click this button to test connection to the specified mail server host name or address. A message displays, notifying you if the connection was successful or if the connection failed. Select the check box to enable Transport Layer Security (TLS) encryption for your downstream messages. Click the Outbound tab to configure the outbound mail server. 15

18 The following table explains the available settings on the Outbound mail server: Setting Relaying is allowed only for s sent from one of these domains Only these IP addresses/fqdns can connect and relay through this path Require the destination server to support StartTLS Description This field only displays domain name(s) for s to be relayed to. Note the default domain listed is the domain you initially activated for the Hosted Security solution. Navigate to the Users, Groups & Domains > Domains screen to configure Domain settings. Enter the server name or IP address t connect and relay with. Test Upstream: Click this button to test connection to the specified server name or address. A message displays, notifying you if the connection was successful or if it failed. Select the check box to enable Transport Layer Security (TLS) encryption. Click the Configure StartTLS button to configure settings. Spooling The Inbound Spooling feature available on the Hosted Security solution allows users to spool, or hold, mail when all the customer s receivers are unavailable. Inbound mail is then delivered when the receivers become available. The Hosted Security solution normally operates as an SMTP proxy, relaying directly to your downstream receiver. However, it can also be configured to spool when all of your organization s downstream receivers are unavailable. When spooling is engaged, the proxy directs all good mail to the Hosted Security MTA for queuing and later delivery. When spooling is disengaged, the proxy resumes directly relaying mail to the receivers, and the MTA delivers the queued mail. Choose the spooling option that best suits your needs: Never Spool Select this option to never spool mail, regardless of the state of the downstream receivers. This is the default setting. Automatic Fallback Select this option to spool mail if the downstream receivers unexpectedly go down or become unreachable. When configured to Automatic Fallback, spooling engages after the receiver farm has been unavailable for a period of time. Spooling then disengages when the receiver farm becomes available again. Always Spool Select this option to leave the spooling feature engaged for all mail and to remain engaged until the mode is configured to Never Spool or Automatic Fallback. Note that manual spooling is intended for situations when the administrator knows the receivers will be down, such as a scheduled maintenance. NOTE: The Automatic Fallback feature initiates if the server becomes completely unresponsive. Because the feature may take a few moments to verify that the server is completely unresponsive, senders may see a transient error message. 16

19 System > LDAP Configuration See the following topics for more information: LDAP Overview on page 17 Configuring LDAP on page 17 Using the LDAP Query Panel on page 18 Add LDAP Mappings on page 19 LDAP Overview uses Lightweight Directory Access Protocol (LDAP) to integrate with your organization s environment. LDAP is an Internet protocol that programs use to look up users contact information from a server. As users and distribution lists are defined in your mail server, this information is automatically reflected in Hosted Security in real time. Many enterprise networks use directory servers like Active Directory or Lotus Domino to manage user information. These directory servers support LDAP, and Hosted Security can automatically get user information from these directories using the LDAP. You can run without access to an LDAP server as well. If your organization does not use a directory server, users cannot access their Junk Boxes, and all inbound is managed by the message-management settings defined by the administrator. uses the following data from your mail environment: Login Name and Password When a user attempts to log into the Hosted Security server, their login name and password are verified against the mail server using LDAP authentication. Therefore, changes made to the usernames and passwords are automatically uploaded to in real time. Multiple Aliases If your organization allows users to have multiple aliases, Hosted Security ensures any individual settings defined for the user extends to all the user s aliases. This means that junk sent to those aliases aggregates into the same folder. Groups or Distribution Lists groups or distribution lists in your organization are imported into Dell SonicWALL Hosted Security. You can manage the settings for the distribution list in the same way as a user s settings. LDAP groups allow you to assign roles to user groups and set spam-blocking options for user groups. Configuring LDAP Navigate to the System > LDAP Configuration screen to configure your Hosted Security solution for username and password authentication for all employees in the enterprise. Dell SonicWALL recommends completing the LDAP configuration to get the complete list of users who are allowed to login to their Junk Box. If a user does not appear in the User list in the User & Group screen, their will be filtered, but they cannot view their personal Junk Box or change default message management settings. Enter the server information and login information to test the connection to the LDAP server. To configure LDAP: 1 Click the Add Server button to add a new LDAP Server. Configuring the LDAP server is essential to enabling per-user access and management. These settings are limited according to the preferences set in the User Management pane. See User View Setup on page 84for details. 17

20 2 The following check boxes appear under the Settings section: Show Enhanced LDAP Mappings fields Select this option for Enhanced LDAP, or LDAP Redundancy. You will have to specify the Secondary Server IP address and Port number. Auto-fill LDAP Query fields when saving configurations Select this option to automatically fill the LDAP Query fields upon saving. 3 Enter the following information under the LDAP Server Configuration section: Friendly Name The friendly name for your LDAP server. Primary Server Name or IP address The DNS name or IP address of your LDAP server. Port number The TCP port running the LDAP service. The default LDAP port is 389. LDAP server type Choose the appropriate type of LDAP server from the drop down list. LDAP page size Specify the maximum page size to be queried. The default size is 100. Requires SSL Select this check box if your server requires a secured connection. Allow LDAP referrals Leaving this option unchecked will disable LDAP referrals and speed up logins. You may select this option if your organization has multiple LDAP servers in which the LDAP server can delegate parts of a request for information to other LDAP servers that may have more information. 4 In the Authentication Method section, specify if the LDAP login method for your server is by Anonymous Bind or Login. Specify the Login name and Password. This may be a regular user on the network, and typically does not have to be a network administrator. NOTE: Some LDAP servers allow any user to acquire a list of valid addresses. This state of allowing full access to anybody who asks is called Anonymous Bind. In contrast to Anonymous Bind, most LDAP servers, such as Microsoft's Active Directory, require a valid username/password in order to get the list of valid addresses. (Configuration checklist parameter O and P) 5 Click the Test LDAP Login button. A successful test indicates a simple connection was made to the LDAP server. If you are using anonymous bind access, be aware that even if the connection is successful, anonymous bind privileges might not be high enough to retrieve the data required by. 6 Click Save Changes. Using the LDAP Query Panel To access the LDAP Query Panel settings window, click the Friendly Name link or the Edit button of the server you wish to configure. If the Auto-fill LDAP Query Fields check box is selected in the Settings section, the following fields will be automatically filled in with default values after the basic configuration steps are completed. Configuring Query Information for LDAP Users 1 Enter values for the following fields: Directory node to begin search The node of the LDAP directory to start a search for users. (Configuration checklist parameter Q). Filter The LDAP filter used to retrieve users from the directory. User login name attribute The LDAP attribute that corresponds to the user ID. alias attribute The LDAP attribute that corresponds to aliases. Use SMTP addresses only Select the check box to enable the use of SMTP addresses. 2 Click the Test User Query button to verify that the configuration is correct. 18

21 3 Click Save Changes to save and apply all changes made. NOTE: Click the Auto-fill User Fields button to have automatically complete the remainder of this section. Add LDAP Mappings On some LDAP servers, such as Lotus Domino, some valid addresses do not appear in LDAP. Use this section with LDAP servers that only store the local or user portion of the addresses. Click the View Rules button. The LDAP Mappings screen displays: This panel provides a way to add additional mappings from one domain to another. For example, a mapping could be added that would ensure s addressed to [email protected] are sent to [email protected]. It also provides a way of substituting single characters in addresses. For example, a substitution could be created that would replace all the spaces to the left of the "@" sign in an address with a "-". In this example, addressed to Casey [email protected] would be sent to [email protected]. NOTE: This feature does not make changes to your LDAP system or rewrite any addresses; it makes changes to the way Hosted Security interprets certain addresses. To add LDAP Mappings: 1 Click the Friendly Name link or the Edit button of the server you wish to configure. 2 Scroll to the Add LDAP Mappings section, and click View Rules. 3 From the first drop down list, choose one of the following: Domain is Choose this option to add additional mappings from one domain to another. Replace with Choose this option from the second drop down menu to replace the domain. Also add Choose this option from the second drop down menu, then when first domain is found, the second domain is added to the list of valid domains. For example, if engr.corp.com is the first domain and sales.corps.com is the second, then when the domain engr.corp.com is found in the list of valid LDAP domains, then sales.corps.com is also added to that list. Left hand side character is Choose this option to add character substitution mappings. Replace with Choose this option from the second drop down menu to replace all characters to the left of the "@" sign in the address. Also add Choose this option from the second drop down menu to add a second address to the list of valid addresses. 4 Click the Add Mapping button. NOTE: This screen does not make changes to your LDAP system or rewrite any addresses; it only makes changes to the way interprets certain addresses. 19

22 System > User View Setup Configure how the end-users of the solution access the system and what capabilities of the solution are exposed to the end users on the System > User View Setup page. To configure User View Setup settings: 1 Select which items appear in the User Navigation Toolbar: Select the Login enabled check box to allow users to log into Hosted Security and have access to their per-user Junk Box. If you disable this, mail is still analyzed and quarantined, but users will not have access to their Junk Box. Select the Anti-Spam check box to include the user-configurable options available for blocking spam s. Users can customize the categories People, Companies, and Lists into their personal Allowed and Blocked lists. You can choose to grant users full control over these settings by selecting the Full user control over anti-spam aggressiveness settings check box, or force them to accept the corporate aggressiveness defaults by not selecting this check box. Select the Reports check box to provide junk blocking information about your organization. Even if this option is selected, users may view only a small subset of the reports available to administrators. Select the Settings check box to provide options for management of the user's Junk Box, including individual Spam Management. Select the Spam Management check box to allow users to manage their individual spam settings. 20

23 Select the Allow audit view to Helpdesk users check box to enable access to the audit view for Helpdesk users. 2 Determine the User Download Settings: With the Allow users to download SonicWALL Junk Button for Outlook check box selected, users will be able to download the Hosted Security Junk Button for Outlook. The Junk Button is a lightweight plugin for Microsoft Outlook. It allows users to mark s they receive as junk, but does not filter . With the Allow users to download SonicWALL Anti-Spam Desktop for Outlook and Outlook Express check box selected, users will be able to download the Anti-Spam Desktop. Anti-Spam Desktop is a plug-in for Microsoft Outlook and Outlook Express that filters spam and allows users to mark s they receive as junk or good . With the Allow users to Download SonicWALL Secure Mail Outlook plugin check box selected, users will be able to download the Secure Mail plugin for Microsoft Outlook. The Secure Mail button allows users to send mail securely through the Encryption Service. See Using the Encryption Service on page 67 for more information about this feature. 3 Determine the settings for Quarantined Junk Mail Preview Settings: Select the Users can preview their own quarantined junk mail check box to enable users to view their individual mail that is junked. Choose the other types of users can preview quarantined junk mail. These roles are configured within Hosted Security. 4 Determine the Reports view settings: Users are not usually shown reports which include information about users, such as addresses. Select the Show reports that display information about individual employees check box to give user access to those reports. 21

24 System > Monitoring The System > Monitoring screen allows you to configure system monitoring settings and alerts. Note that some of these fields may be pre-defined based on the information provided upon initial setup of the Dell SonicWALL Hosted Security solution. Configure System Monitoring on page 22 Viewing Alerts on page 22 Configure System Monitoring The following settings are available for configuration: address of the administrator who receives emergency alerts The address of the mail server administrator. Enter the complete address. For example, Name or IP address of backup SMTP servers Enter the name or IP address of one or more SMTP servers that can be used as fallback servers to send alerts to if the configured downstream server(s) cannot be contacted. For example, mail2.example.com or Customized Signature Enter a signature to append at the end of your messages. Subscribe to alerts Select the check box to receive alerts. View Alerts Click this button to view all configured alerts. See Viewing Alerts on page 22 for more information. Test Fallbacks Click this button to test the name or IP address(es) listed as backup SMTP servers. Viewing Alerts Under the Configuring System Monitoring section of the System > Monitoring page, you can also click the View Alerts button to see the Alert history for a specific Host. 22

25 Alerts in Hosted Security provide the following details: A time stamp In local time In GMT The severity of the alert, which is one of the following: Info Warning Critical The domain of which the alert applies A summary of the alert You may apply a severity filter to better assist you in viewing the alerts. Select the check box(es) of which alerts you want to view, then click Apply Filter. 23

26 4 Configuring Anti-Spoofing This chapter provides an overview and configuration information specific to the Anti-Spoofing feature for Dell SonicWALL Hosted Security. This chapter contains the following sections: Anti-Spoofing Overview on page 24 Enabling Inbound SPF Validation on page 24 Configuring Inbound DKIM Settings on page 26 Configuring Inbound DMARC Settings on page 28 Outbound DKIM Settings on page 30 Anti-Spoofing Overview The Anti-Spoofing page on your solution allows you to enable and configure settings to prevent illegitimate messages from entering your organization. Spoofing consists of an attacker forging the source IP address of a message, making it seem like the message came from a trusted host. By configuring SPF, DKIM, and DMARC settings, your Hosted Security solution will run the proper validation and enforcement methods on all incoming messages to your organization. The Anti-Spoofing page works in an order of precedence, where rules set at the top of the page are of a lower priority than rules set towards the bottom of the page. In general, a message will be subjected to SPF, DKIM, and DMARC if all are enabled. The results from DKIM validation will take precedence over the results from SPF validation, and DMARC validation results will take precedence over DKIM validation results. Enabling Inbound SPF Validation The Anti-Spoofing > Inbound tab features SPF validation for inbound messages. Sender Policy Framework (SPF) is an validation system designed to prevent spam by detecting spoofing by verifying the sender IP addresses. SPF records, which are published in the DNS records, contain descriptions of the attributes of valid IP addresses. SPF is then able to validate against these records if a mail message is sent from an authorized source. If a message does not originate from an authorized source, the message fails. You can configure the actions against messages that fail. There are two types of SPF fails: SPF HardFail The SPF has designated the host as NOT being allowed to send messages and does not allow messages through to the recipient. See SPF Hard Fail on page 25 for more information. SPF SoftFail The SPF record has designated the host as NOT being allowed through to the recipient.see SPF Soft Fail on page 26 for more information. See the following topics for more information: Configuring SPF Settings on page 25 SPF Hard Fail on page 25 SPF Soft Fail on page 26 24

27 Configuring SPF Settings To enable SPF, click the Enable SPF validation for incoming messages check box. SPF Hard Fail With SPF Validation enabled for incoming messages, you can configure the following SPF Hard Fail settings: Ignore allow lists When a SPF hard fail occurs, mail messages from senders in the Allow list are not sent through to the recipient. This feature is enabled by default. Action for messages marked as SPF Hard Fail Select one of the following actions for messages marked as SPF Hard Fail: No Action No action is taken against messages marked as SPF hard fail. Permanently delete Messages marked as SPF hard fail are permanently deleted. Reject with SMTP error code 550 Messages marked as SPF hard fail are rejected with an SMTP error code 550. Store in Junk Box Messages marked as SPF hard fail are stored in the Junk Box. This is the recommended setting for most configurations. Send to [field] Messages marked as SPF hard fail are sent to the user specified in the available field. For example, you can send to [postmaster]. Tag with [field] added to the subject Messages marked as SPF hard fail are tagged with a term in the subject line. For example, you may tag the messages [SPF Hard Failed]. Add X-Header: X-[field]:[field] Messages marked as SPF hard failed add an X-Header to the with the key and value specified to the message. The first text field defines the X- Header. The second text field is the value of the X-Header. For example, a header of type X- 25

28 EMSJudgedThis with value spfhard results in the header as: X- EMSJudgedThis spfhard. Add Domain Click this button to add a domain and configure SPF hard fail-specific settings for that domain. SPF Soft Fail With SPF Validation enabled for incoming messages, you can configure the following SPF Soft Fail setting: Ignore allow lists When a SPF soft fail occurs, mail messages from senders in the Allow list are not sent through to the recipient. This feature is enabled by default. Configuring Inbound DKIM Settings Domain Keys Identified Mail (DKIM) uses a secure digital signature to verify that the sender of a message is who it claims to be and that the contents of the message have not been altered in transit. A valid DKIM signature is a strong indicator of a message s authenticity, while an invalid DKIM signature is a strong indicator that the sender is attempting to fake his identity. For some commonly phished domains, the absence of a DKIM signature can also be a strong indicator that the message is fraudulent. Users benefit from DKIM because it verifies legitimate messages and prevents against phishing. Remember that DKIM does not prevent spam - proper measures should still be taken against fraudulent content. To configure DKIM signature settings, navigate to the Anti-Spoofing > Inbound page and click the Enable DKIM validation for incoming messages check box. 26

29 With DKIM validation enabled for incoming messages, you can configure the following settings: Ignore allow lists When a DKIM Failure occurs, mail messages from senders in the Allow list are not sent through to the recipient. This feature is enabled by default. Action for messages marked as DKIM signature failed Select one of the following actions for messages marked as DKIM signature failed: No Action No action is taken against messages marked as DKIM signature failed. Permanently delete Messages marked as DKIM signature failed are permanently deleted. Reject with SMTP error code 550 Messages marked as DKIM signature failed are rejected with an SMTP error code 550. Store in Junk Box Messages marked as DKIM signature failed are stored in the Junk Box. This is the recommended setting for most configurations. Send to [field] Messages marked as DKIM signature failed are sent to the user specified in the available field. For example, you can send to [postmaster]. Tag with [field] added to the subject Messages marked as DKIM signature failed are tagged with a term in the subject line. For example, you may tag the messages [DKIM Failed]. Add X-Header: X-[field]:[field] Messages marked as DKIM signature failed add an X-Header to the with the key and value specified to the message. The first text field defines the X-Header. The second text field is the value of the X-Header. For example, a header of type X- EMSJudgedThis with value dkim results in the header as: X- EMSJudgedThis dkim. Add Domain Click to add a domain and configure DKIM fail-specific settings for that domain. The following settings are configurable: Domains List the domains to add, separating multiple domains with a comma. Ignore allow lists When a SPF hard fail occurs, mail messages from senders in the Allow list are not sent through to the recipient. This feature is enabled by default. Action for messages marked as DKIM signature failed Select one of the following actions for messages marked as DKIM signature failed: No Action No action is taken against messages marked as DKIM fail. Permanently delete Messages marked as DKIM fail are permanently deleted. Reject with SMTP error code 550 Messages marked as DKIM fail are rejected with an SMTP error code

30 Store in Junk Box Messages marked as DKIM fail are stored in the Junk Box. This is the recommended setting for most configurations. Send to [field] Messages marked as DKIM fail are sent to the user specified in the available field. For example, you can send to [postmaster]. Tag with [field] added to the subject Messages marked as DKIM fail are tagged with a term in the subject line. For example, you may tag the messages [DKIMFailed]. Add X-Header: X-[field]:[field] Messages marked as DKIM failed add an X-Header to the with the key and value specified to the message. The first text field defines the X-Header. The second text field is the value of the X-Header. For example, a header of type X- EMSJudgedThis with value dkim results in the header as: X- EMSJudgedThis dkim. Domain required to have DKIM signature By default, this feature is enabled, which requires a DKIM signature for messages sent to the domain being added. Configuring Inbound DMARC Settings Domain-based Message Authentication, Reporting & Conformance (DMARC) is a policy that works in tandem with SPF and DKIM to fully authenticate incoming and outgoing messages. A DMARC policy allows a sender to indicate that his s are protected by SPF and/or DKIM, and also tells a receiver what to do if neither of those authentication methods passes, such as junk or reject the message. To configure DMARC settings: 1 Navigate to the Anti-Spoofing > Inbound page. 2 Click the Enable DMARC judgement for incoming messages check box. 3 Click the Enable DMARC Policy Enforcement for incoming messages check box. NOTE: To use DMARC, you must also have DKIM and SPF enabled. 4 Exclude these sender domains Enter any sender domains (for example, sonicwall.com or gmail.com) you want excluded from DMARC policy enforcement in the space provided. Multiple domains can be entered, separated by a comma. 5 Enable DMARC Outgoing Reports By default, this feature is enabled when the Enable DMARC check box is also enabled. Select the check box to disable the sending of DMARC reports to outside domains. Once DMARC is enabled, outgoing reports are automatically sent. The following settings can be configured if you are attempting to override reporting attributes for a specific domain: Domain Enter the domain name to send DMARC reports to. You have the option of using * as a value for the domain field. A few considerations: 28

31 A configuration created with the domain name * will be considered the default domain. If the domain is not provided, DMARC will use configuration settings from the * domain. If no * domain is added, then a hard-coded default value, such as postmaster@domain, will be used as the Sender ID. Override DNS RUA Address Click the check box to override reports being sent to the RUA address specified in the DNS record. An example from the DNS record is rua=mailto:[email protected]. RUA Address If you selected the Override DNS RUA Address, specify the RUA Address you would like the reports sent to. NOTE: The RUA is the aggregated report for domains with published domain records. Reports are sent daily. DMARC Incoming Reports You can configure DMARC Incoming Report settings by clicking the Add Domain button in the DMARC Incoming Reports Settings section. DMARC Incoming Reports will be collected and processed only for the domains added. In the Add Domain window that displays, enter the following information: Domain Enter the domain name to add for DMARC incoming reports. Override DNS RUA Address Click the check box to override reports being sent to the RUA address specified in the DNS record. An example from the DNS record is rua=mailto:[email protected]. RUA Address If you selected the Override DNS RUA Address, specify the RUA Address to which the reports are being sent. NOTE: The RUA is the aggregated report for domains with published domain records. Reports are sent daily. 29

32 Outbound DKIM Settings See the following topics: Configuring Outbound DKIM Settings on page 30 Generating DNS Record on page 31 Using Outbound DKIM Settings on page 31 Configuring Outbound DKIM Settings Navigate to the Anti-Spoofing > Outbound tab to configure outbound DKIM settings. To configure DKIM signature settings, click the Add Configuration button. The DKIM Outbound Configuration page displays: Configure the following settings: Domain Enter the domain name. Identity of Signer Enter an identity of the signer. Click the Same as domain check box to use the specified Domain name as the Identity of Signer. Selector Enter a value for the selector. The selector is used to differentiate between multiple DKIM DNS records within the same organization (for example, feb2014.domainkey.yourorganization.com. 30

33 List of Header fields for Signing Click the Sign all standard headers button to include all headers, or specify the headers in the designated field. Separate multiple headers with a colon (for example, from:to:subject ). Generate Key Pair Specify the Key Size from the values in the drop down list, then click the Generate Key Pair button. Copy and paste the Public Key into your DNS record. The Private Key is simply for your own reference and should be stored on your local machine. Import existing public-private key pair Select this option to upload an existing public-private key pair. Click the Browse button on the Upload Public key field to upload a Public key for DKIM signing. Click the Browse button on the Upload Private key field to upload a Private key for DKIM signing. Enter the Passphrase for the Private key in alphanumeric characters only. If a Private key is uploaded in plain text without a passphrase, a default passphrase will be used to encrypt the Private key. Click the Save button to finish. The signature will be added to the DKIM Signature Configurations list. Generating DNS Record Once a domain has been successfully added to the Outbound DKIM Settings tab, you can generate a DNS Record. Under the DNS Record column for the domain you want to generate a record for, click the Generate button. The Generate DNS Record page displays with the following settings: Domain This field auto-populates with the Domain you entered when adding a new configuration. This field cannot be edited. Selector This field auto-populates with the Selector you entered when adding a new configuration. This field cannot be edited. Public Key This field populates with the Public Key for your DNS record. You can copy and paste from this field. Domain is testing DKIM Select the check box to enable testing DKIM for this domain. Subdomains required to have their own DKIM keys Select the check box to enable the requirement for all subdomains to have their own DKIM keys. Click the Generate DNS Record button to save the settings and generate your DNS record. Using Outbound DKIM Settings The Settings column of each domain listed in the Outbound DKIM Signature Configurations list has the following icons: Edit Click this icon to edit the DKIM Signature settings. Note that not all fields are editable. Delete Click this icon to delete the DKIM Signature. 31

34 Download Click this icon to download the Public Key for this DKIM Signature. Status The status icon notifies you if the DKIM Signature is enabled (green icon) or disabled (gray icon). 32

35 5 Configuring Anti-Spam This chapter provides an overview and configuration information specific to the Anti-Spam feature for Dell SonicWALL Hosted Security. This chapter contains the following sections: Identifying Spam on page 33 Anti-Spam > Spam Management on page 34 Anti-Spam > Address Books on page 36 Anti-Spam > Anti-Spam Aggressiveness on page 39 Anti-Spam > Languages on page 41 Identifying Spam Hosted Security uses multiple methods of detecting spam and other unwanted . These include using specific Allowed and Blocked lists of people, domains, and mailing lists, patterns created by studying what other users mark as junk mail, and the ability to enable third-party blocked lists. Administrators can define multiple methods of identifying spam for your organization; users can specify their individual preferences to a lesser extent. In addition, Hosted Security provides updated lists and collaborative thumbprints to aid in identifying spam and junk messages. When an comes in, the sender of the is checked against the various allowed and blocked lists first, starting with the corporate list, then the recipient s list, and finally the Hosted Security-provided lists. If a specific sender is on the corporate blocked list but that same sender is on a user s allowed list, the message is blocked, as the corporate settings are a higher priority than a user s. More detailed lists take precedence over the more general lists. For example, if a message is received from [email protected] and your organization s Blocked list includes domain.com but a user s Allowed list contains the specific address [email protected], the message is not blocked because the sender s full address is in an Allowed list. After all the lists are checked, if the message has not been identified as junk based on the Allowed and Blocked lists, Hosted Security analyzes messages headers and contents, and use collaborative thumb-printing to block that contains junk. 33

36 Anti-Spam > Spam Management Use the Anti-Spam > Spam Management window to select options for dealing with definite spam and likely spam. The default setting for definite spam and likely spam will quarantine the message in the user s junk box. To manage messages marked as definite spam or likely spam: 1 Choose one of the following responses for messages marked as Definite Spam and Likely Spam: Response No Action Permanently Delete Reject with SMTP error code 550 Store in Junk Box (default setting) Send To Effect No action is taken for messages. The message is permanently deleted. CAUTION: If you select this option, your organization risks losing wanted . Deleted cannot be retrieved. The message is rejected and responds with a 550 error code, which indicates the user s mailbox was unavailable (for example, not found or rejected for policy reasons). The message is stored in the Junk Box. It can be unjunked by users and administrators with appropriate permissions. This option is the recommended setting. Forward the message for review to the specified address. For example, you could Send To [postmaster]. 34

37 Response Tag With Add X-Header Effect The is tagged with a term in the subject line, for example [SPAM]. Selecting this option allows the user to have control of the and can junk it if it is unwanted. This option adds an X-Header to the with the key and value specified to the message. The first text field defines the X- Header. The second text field is the value of the X-Header. For example, a header of type X-EMSJudgedThis with value DefiniteSpam results in the header as: X-EMSJudgedThis DefiniteSpam 2 Select the Accept Automated Allowed List check box to allow automated lists that are created by User Profiles to prevent spam. With this feature enabled, User Profiles analyze the recipients of s from members of your organization and automatically added them to Allowed Lists. This helps reduce the false positives, which are good messages judged as junk. This feature can be configured globally, for particular groups, or for specific users. Dell SonicWALL recommends enabling this feature. NOTE: If this check box is unchecked in the Corporate, Group, or User windows, User Profiles have no effect. 3 Select the Skip spam analysis for internal check box to exclude internal s from spam analysis, resulting in a reduced amount of false positives. If you are routing internal mail through the Hosted Security product, Dell SonicWALL recommends that you enable this feature. 4 Select the Allow users to delete junk check box to allow users to control the delete button on individual junk boxes. NOTE: Leave this check box unselected if you have an extended away / out of the office message turned on so that your auto-reply does not automatically place all recipients on your Allowed list. 5 Click Apply Changes to save. 35

38 Anti-Spam > Address Books The Anti-Spam > Address Books page enables you to allow or block people, companies, mailing lists or IP addresses from sending you . The page shows a compilation of allowed and blocked senders from your organization s lists and lists provided by default. If you attempt to add your own address or your organization s domain, Dell SonicWALL Hosted Security will display a warning. A user s address is not automatically added to the allowed list because spammers sometimes use a recipient s own address. Leaving the address off the allowed list does not prevent users from ing themselves, but their s are evaluated to determine if they are junk. See the following topics: Using the Search Field on page 36 Adding People, Companies, Lists, or IPs on page 36 Deleting People, Companies, Lists, or IPs on page 37 Import Address Book on page 37 Using the Search Field To search for an address, enter all or part of the address in the Search field. For example, entering sale displays [email protected] as well as [email protected]. Narrow your search by selecting the People, Companies, Lists, or IPs check box(es) below the Search field. Click Go to perform the search. Adding People, Companies, Lists, or IPs To add People, Companies, Lists, or IPs to the Allowed or Blocked lists: 1 From the Anti-Spam > Address Books page, click the Allowed or Blocked tab. 2 Click the Add button. 3 Select the list type (People, Companies, Lists, IPs) from the drop down menu. Enter one or more address, separated by carriage returns, to add to the chosen list. Then, click Add to complete. 36

39 When adding addresses, consider the following: You cannot put an address in both the Allowed and Blocked list simultaneously. If you add an address in one list that already exists on the other, it is removed from the first one. Hosted Security will warn you if you attempt to add your own address or your own organization. addresses are not case-sensitive; Hosted Security converts the address to lowercase. You can allow and block messages from entire domains. If you do business with certain domains regularly, you can add the domain to the Allowed list; Hosted Security allows all users from that domain to send . Similarly, if you have a domain you want to block, enter it here and all users from that domain are blocked. Hosted Security does not support adding top-level domain names such as.gov or.abc to the Allowed and Blocked lists. Mailing list messages are handled differently than individuals and domains because Hosted Security looks at the recipient s address rather than the sender s. Because many mailing list messages appear spam-like, entering mailing list addresses prevents misclassified messages. Deleting People, Companies, Lists, or IPs To delete people, companies, lists, or IPs from your Address Books: 1 From the Anti-Spam > Address Books page, click the Allowed or Blocked tab. 2 Select the check box next to the address(es) you want to delete. 3 Click the Delete button. Import Address Book You can also import an address book of multiple addresses. Note that users and secondary domains should be added prior to importing their respective address books. The Address Book file for import must follow specific formatting to ensure successful importing: <TAB> delimiter between data <CR> to separate entries Each address book entry must include each of the following: Identifier Specified as < address / primary domain> Domain / List / Specified as D / L / E Allowed / Blocked Specified as A / B 37

40 Address List Specified as example.com See the following examples: To import Address Books: 1 From the Anti-Spam > Address Books page, click the Import button on either the Allowed or Blocked tabs. 2 Click the Choose File button. Select the correct file from your system. 3 Click the Import button. 38

41 Anti-Spam > Anti-Spam Aggressiveness The Anti-Spam > Anti-Spam Aggressiveness page allows you to tailor the product to your organization s preferences. Configuring this window is optional. recommends using the default setting of Medium unless you require different settings for specific types of spam blocking. This section includes the following subsections: Configuring GRID Network Aggressiveness on page 39 Configuring Adversarial Bayesian Aggressiveness Settings on page 39 Unjunking Spam on page 40 Determining Amounts and Types of Spam on page 40 Configuring GRID Network Aggressiveness The GRID Network Aggressiveness technique determines the degree to which you want to use the collaborative database. Hosted Security maintains a database of junk mail identified by the entire user community. You can customize the level of community input on your corporate spam blocking. Selecting a stronger setting makes Hosted Security more likely more responsive to other users who mark a message as spam. Use the following settings to specify how stringently Hosted Security evaluates messages: If you choose Mildest, you will receive a large amount of questionable in your mailbox. This is the lightest level of Anti-Spam Aggressiveness. If you choose Mild, you are likely to receive more questionable in your mailbox and receive less in the Junk Box. This can cause you to spend more time weeding through unwanted from your personal mailbox. If you choose Medium, you accept Hosted Security s spam-blocking evaluation. If you choose Strong, Hosted Security rules out greater amounts of spam for you. This can create a slightly higher probability of good messages in your Junk Box. If you choose Strongest, Hosted Security heavily filters out spam. This creates an even higher probability of good messages in your Junk Box. Configuring Adversarial Bayesian Aggressiveness Settings The Adversarial Bayesian technique refers to s statistical engine that analyzes messages for many of the spam characteristics. This is the high-level setting for the Rules portion of spam blocking and lets you choose where you want to be in the continuum of choice and volume of . This setting determines the threshold for how likely an message is to be identified as junk . Use the following settings to specify how stringently evaluates messages: If you choose Mildest, you will receive a large amount of questionable in your mailbox. This is the lightest level of Anti-Spam Aggressiveness. If you choose Mild, you are likely to receive more questionable in your mailbox and receive less in the Junk Box. This can cause you to spend more time weeding through unwanted from your personal mailbox. If you choose Medium, you accept Hosted Security s spam-blocking evaluation. If you choose Strong, Hosted Security rules out greater amounts of spam for you. This can create a slightly higher probability of good messages in your Junk Box. If you choose Strongest, Hosted Security heavily filters out spam. This creates an even higher probability of good messages in your Junk Box. 39

42 Unjunking Spam Select the Allow users to unjunk spam check box if you want to enable users to unjunk spam messages. If left unchecked, users cannot unjunk spam messages. Determining Amounts and Types of Spam You can determine how aggressively to block particular types of spam, including sexual content, offensive language, get rich quick, gambling, advertisements, and images. For each of the aforementioned types of spam: Choose Mildest to be able to view most of the s that contain terms that relate to these topics. Choose Mild to be able to view that contains terms that relate to these topics. Choose Medium to cause Hosted Security to tag this as likely junk. Choose Strong to make it more likely that with this content is junked. Choose Strongest to make it certain that with this content is junked. For example, the administrator has determined that they want to receive no with sexual content by selecting Strong. They are less concerned about receiving advertisements, and selected Mild. You can also select the Allow Unjunk check box to allow users to unjunk specific types of spam. 40

43 Anti-Spam > Languages From the Anti-Spam > Languages page, you can allow, block, or enter no opinion on messages in various languages. If you select No opinion, Hosted Security judges the content of the message based on the modules that are installed. After configuring Language settings, click the Apply Changes button. NOTE: Some spam messages are seen in English with a background encoded in different character sets such as Cyrillic, Baltic, or Turkish. This is done by spammers to bypass the anti-spam mechanism that only scans for words in English. In general, unless used, it is recommended to exclude these character sets. Common languages such as Spanish and German are normally not blocked. 41

44 6 Configuring Anti-Phishing The Anti-Phishing page allows you to protect your organization from messages with fraudulent content, intended to steal consumers personal identity data and financial account credentials. This chapter contains the following sections: Anti-Phishing Overview on page 42 Configuring Phishing Protection on page 43 Anti-Phishing Overview There are two audiences for fraud: Consumer phishers try to con users into revealing personal information such as social security numbers, bank account information, credit card numbers, and driver s license identification. This is known as identity theft. Recouping from having a phisher steal your identity can take many hours and can cost consumers many dollars. Being phished can bring your life to a virtual standstill as you contact credit card companies, banks, state agencies, and others to regain your identity. Enterprise phishers attempt to trick users into revealing the organization s confidential information. This can cost thousands of executive and legal team hours and dollars. An organization s electronicinformation life can stop abruptly if hackers deny services, disrupt , or infiltrate sensitive databases. Phishing aimed at the IT group in the organization can take the following forms: that appears to be from an enterprise service provider, such as a DNS server, can cause your organization s network to virtually disappear from the Web. Hacking into your Website can cause it to be shut down, altered, or defaced. might request passwords to highly sensitive databases, such as Human Resources or strategic marketing information. The might take the form of bogus preventive maintenance. Other information inside the organization s firewall, such as Directory Harvest Attacks (DHA) to monitor your users. Phishing can also take the form of malicious hackers spoofing your organization. is sent that appears to come from your organization can damage your community image and hurt your customers in the following ways: Spoofed can ask customers to confirm their personal information. Spoofed can ask customers to download new software releases, which are bogus and infected with viruses. 42

45 Configuring Phishing Protection To configure the Hosted Security solution for phishing: 1 Navigate to the Anti-Phishing page of your Hosted Security solution. 2 Click the radio button to choose which action to take for messages identified as Definite Phishing. For more information about available actions, see the following table: Response No Action Permanently Delete Reject with SMTP error code 550 Store in Junk Box (default setting) Send To Effect No action is taken for messages. The message is permanently deleted. CAUTION: If you select this option, your organization risks losing wanted . Deleted cannot be retrieved. The message is rejected and responds with a 550 error code, which indicates the user s mailbox was unavailable (for example, not found or rejected for policy reasons). The message is stored in the Junk Box. It can be unjunked by users and administrators with appropriate permissions. This option is the recommended setting. Forward the message for review to the specified address. For example, you could Send To [postmaster]. 43

46 Response Tag With Add X-Header Effect The is tagged with a term in the subject line, for example [PHISHING] or [LIKELYPHISHING]. Selecting this option allows the user to have control of the and can junk it if it is unwanted. This option adds an X-Header to the with the key and value specified to the message. The first text field defines the X- Header. The second text field is the value of the X-Header. For example, a header of type X-EMSJudgedThis with value Fraud results in the header as: X-EMSJudgedThis Fraud 3 Click the radio button to choose which action to take for messages identified as Likely Phishing. 4 Select the Allow users to unjunk phishing messages check box if you want to allow users to unjunk fraudulent messages. 5 To send copies of fraudulent messages to a person or people designated to deal with them, enter the recipients addresses in the Send copies of s containing phishing attacks to the following addresses text box. 6 Click Apply Changes. 44

47 7 Configuring Anti-Virus This chapter provides an overview and configuration information specific to the Anti-Virus feature for Dell SonicWALL Hosted Security. This chapter contains the following sections: Anti-Virus Overview on page 45 Configuring Anti-Virus Protection on page 45 Configuring Zombie and Spyware Protection on page 47 Configuring Flood Protection on page 49 Anti-Virus Overview s Anti-Virus feature protects your organization from inbound -borne viruses and prevent your employees from sending viruses with outbound . The Anti Virus feature uses virusdetection engines to scan messages and attachments for viruses, Trojan horses, worms, and other types of malicious content. Once Hosted Security has identified the message or attachment that contains a virus or is likely to contain a virus, you can determine how to manage the message. The virus-detection engines receive periodic updates to keep them current with the latest definitions of viruses. When any one of the virus-detection engines is activated, you also get the benefit of Dell SonicWALL Hosted Security s Time Zero Virus Technology. This technology uses heuristic statistical methodology and virus outbreak responsive techniques to determine the probability that a message contains a virus. If the probability meets certain levels, the message is categorized as Likely Virus. This technology complements virus-detection engines and enabling this technology provides the greatest protection for time zero viruses, the first hours that a virus is released, when major anti-virus companies have not yet modified their virus definitions to catch it. Configuring Anti-Virus Protection To configure Anti-Virus protection: 1 Navigate to the Anti-Virus page of your Security solution. If you have licensed more than one virus-detection engines, they will all work in tandem. Licensed virusdetection engines can be used on both inbound and outbound paths. Be sure to select the Inbound or Outbound tab to configure settings for the correct path. 45

48 2 Determine how to treat messages that contain Definite Viruses or Likely Viruses and select the action to take. The following table describes the available actions: Response No Action Permanently Delete Reject with SMTP error code 550 Store in Junk Box (default setting) Send To Tag With Add X-Header Effect No action is taken for messages. The message is permanently deleted. CAUTION: If you select this option, your organization risks losing wanted . Deleted cannot be retrieved. The message is rejected and responds with a 550 error code, which indicates the user s mailbox was unavailable (for example, not found or rejected for policy reasons). The message is stored in the Junk Box. It can be unjunked by users and administrators with appropriate permissions. This option is the recommended setting. Forward the message for review to the specified address. For example, you could Send To [postmaster]. The is tagged with a term in the subject line, for example [VIRUS]. Selecting this option allows the user to have control of the and can junk it if it is unwanted. This option adds an X-Header to the with the key and value specified to the message. The first text field defines the X- Header. The second text field is the value of the X-Header. For example, a header of type X-EMSJudgedThis with value Virus results in the header as: X-EMSJudgedThis Virus 3 In the Miscellaneous section, select the Allow Users to Unjunk Viruses check box to allow users to view messages with viruses from Junk Box. The virus is removed before the user accesses the message. This setting allows both Viruses and Likely Viruses to be unjunked. 4 Click Apply Changes. 46

49 Configuring Zombie and Spyware Protection Unauthorized software may be running on a computer within your organization and sending out junk messages such as: Spam, phishing, virus, or other unauthorized content. This scenario could happen if your organization was subjected to a virus attack called Trojans or a user downloaded something from the web and unauthorized software got installed without user s knowledge. These unauthorized software programs that send out malicious content are called Zombies or Spyware. 's Zombie and Spyware Protection technology brings the same high standard of threat protection available on the inbound path to messages leaving your organization through the outbound path. To enable Zombie and Spyware Protection: 1 Navigate to the Anti-Virus page, and click on the Outbound tab. 2 Select the check box Enable Zombie and Spyware Protection. 3 Use the Monitoring for Zombie and Spyware Activity section to configure several alerts to notify the administrator. The following alerts can be sent: is sent from an address not in LDAP More than (specify number) messages are identified as possible threats (within the last hour) More than (specify number) messages are sent by one user within the last hour 47

50 The following table describes the available Action and Miscellaneous Settings for the Zombie Protection feature: Action Action for messages leaving your organization that are identified as spam, phishing attacks, or other threats Description Select one of the following settings: Allow Delivery Allows the delivery of the message without interference. Permanently Delete The message is permanently deleted. Use this option with caution since deleted cannot be retrieved. Store in Junk Box Stores messages with potential threats in the outbound Junk Box. Action for messages leaving your organization in which the From address is not in LDAP Select one of the following settings: Allow any From address Allows messages from all addresses. Note that this is the only option you are able to use if you have not configured LDAP. Permanently delete The message is permanently deleted. Use this option with caution since deleted cannot be retrieved. Store in Junk Box Stores messages from unknown senders in the Junk Box. Activate/Deactivate Outbound Safe Mode preventing any dangerous attachments from leaving your organization Outbound Safe Mode blocks all s with potentially dangerous attachments from leaving your organization. When there is a new virus outbreak and one or more of your organization s computers is affected, the virus can often propagate itself using your outbound traffic. Outbound Safe Mode also minimizes the possibility of new virus outbreaks spreading through your outbound traffic. When Outbound Safe Mode is on, take this action for any message with dangerous attachments If you have enabled Outbound Safe Mode, select one of the following actions when a message with dangerous attachments is received: Permanently delete The message is permanently deleted. Use this option with caution since deleted cannot be retrieved. Store in Junk Box Stores messages from unknown senders in the Junk Box. 48

51 Action Automatically turn Outbound Safe Mode on and alert administrators every 60 minutes that Safe Mode is on if Description These settings do not take any action other than alerting the administrator of a potential zombie infection. Select any of the check boxes to send and alert to the administrator if: is sent from an address not in the LDAP (within the last hour) More than (specify number) messages are identified as possible threats within the last hour More than (specify number) messages are sent by one user within an hour Specify senders that will not trigger alerts or actions Enter addresses in this box that you want exempt from Zombie Protection. (This list might include any addresses that are not in LDAP and addresses that are expected to send a lot of messages.) Configuring Flood Protection The Flood Protection feature supports Zombie Protection by automatically blocking specified users from sending outbound mail when it exceeds the specified Message Threshold. To enable Flood Protection: 1 Navigate to the Anti-Virus page, and click the Outbound tab. 2 Scroll down to the Flood Protection section. Then, click the Enable Flood Protection check box. 49

52 3 Configure the following settings: Message Threshold Specify the amount of outbound messages (between 1-10,000) that are sent by a sender. Then, specify the interval (in hours) by selecting a value from the drop down list. The Flood Protection service activates when a sender has exceeded the amount of messages sent within the specified interval of hours. Alert sender when threshold is crossed Enable this option to alert the sender that he/she has exceeded the organizational threshold. Note that as a result, outbound s are now affected. Action on outbound message from Flood Senders Select one of the following options to determine what action is taken on outbound messages from flood sender(s): Permanently delete The message is permanently deleted. Use this option with caution since deleted cannot be retrieved. Store in Junk Box The message moves to the Junk Box and flagged as likely virus with the category name flood_protection. The administrator is able to unjunk the message, which is then delivered from the outbound path. None No action is taken; messages go through as usual. Flood Protection Senders Exception List Found under the Miscellaneous section, specify the list of outbound senders that are exempt from the Flood Protection rule. Flood Senders List Users that exceeded the specified Message Threshold values are added to this table by Address and the time which the Flood Sender was found exceeding the threshold. To remove a user from the Flood Senders List, select the check box next to the address(es) you wish to remove, then click the Delete button. 4 When finished configuring the Flood Protection settings, click the Apply Changes button. 50

53 Part 2 Managing Hosted Security Using the Auditing Features Configuring Policy & Compliance Using the Encryption Service Users, Groups & Domains Managing the Junk Box Viewing Reports and Monitoring Downloads SonicOS

54 8 Using the Auditing Features s Auditing module enables the user to monitor all s, both inbound and outbound, that pass through the Hosted Security. This allows the user to monitor where s have filtered into or locate the destination of a particular . This chapter contains the following sections: Auditing Overview on page 52 Using Simple Search Mode on page 52 Using the Advanced Search Mode on page 53 Auditing Overview Inbound s processed by Hosted Security are those that originate from outside of your organization including the total number of junk messages and good messages. Below the search section a list of s is displayed with the following information: the recipient of the where the is located the type of threat the is identified as notes about the attachments from the the subject heading of the the sender of the the timestamp of the Outbound s processed by Hosted Security are those that come from the recipients of your organization. This includes both junk s and good s. Using Simple Search Mode To use the Audit Simple Search Mode: 1 Navigate to the Auditing page of your Hosted Security system. 52

55 2 Search for messages by selecting specific strings from the drop down list in the following fields: Subject From To Unique Message ID. Ensure sentence fragments are surrounded by quotation marks. 3 Select the specific date or Show all to search from the drop down list. 4 Click Search. Using the Advanced Search Mode This view provides support to search on multiple fields to get the results in more granularity. To use Advanced Search: 1 On the Auditing page, click the Advanced View button. 53

56 2 To search for specific threat types or in specific mail locations, select the desired check boxes. 3 Click Search. Messages matching your search criteria are displayed. To move quickly through results pages, click in the field that says Page 1 of and type the result page you want to view. You can also change the number of messages displayed on each page. 54

57 As an example, suppose you wanted to see only messages that were Spam or Likely Spam. Clear all the check boxes except the Spam and Likely Spam check boxes. Leave all the locations selected and click Search. You can also Send Copy To, Download, or Export to csv specific messages: Send Copy To To send a copy of specific messages, select the check box next to the message, then click the Send Copy To button. Enter the address, then click Send. Download To download specific messages, select the check box next to the message, then click the Download button. The message will download to your local drive. Export to csv To export specific messages, select the check box next to the message, then click the Export to csv button. The messages are exported as a csv file on your local drive. 55

58 9 Configuring Policy & Compliance s Policy Management feature enables you to write policies to filter messages and their contents as they enter or exit your organization. Policies can be defined only by an administrator. Typical use of policies include capturing messages that contain certain business terms, such as trademarked product names, company intellectual property, and dangerous file attachments. This chapter contains the following sections: Understanding Mail Threats on page 56 Policy Management Overview on page 56 Policy & Compliance > Filters on page 57 Policy & Compliance > Policy Groups on page 62 Policy & Compliance > Compliance on page 63 Understanding Mail Threats determines that an fits only one of the following threats: Spam, Likely Spam, Phishing, Likely Phishing, Virus, Likely Virus, Policy Violation, or Directory Harvest Attack (DHA). It uses the following precedence order when evaluating threats in messages: Virus Likely Virus Policy Filters Phishing Likely Phishing Spam Likely Spam For example, if a message is both a virus and a spam, the message will be categorized as a virus since virus is higher in precedence than spam. If determines that the message is not any of the above threats, it is delivered to the destination server. Policy Management Overview Policy Management enables you to filter based on message contents and attachments. You can filter for specific terms that you want, such as terms in your product or terms you do not want in your organization s . 56

59 You manage policy by creating filters in which you specify the words to search for in content, senders, or other parts of the . After filtering for specified characteristics, you can choose from a list of actions to apply to the message and its attachments. NOTE: Any of the policies configured in the Policy section take precedence over any configurations made in the Allowed List entries. Policy & Compliance > Filters Organizations can create policies to deal with both inbound and outbound messages. To create inbound policies, select the Inbound tab and click on Add New Filters. To create outbound policies, select the Outbound tab and click on Add New Filter. NOTE: Policies created on the inbound path can not be shared with the outbound path and vice versa. See Managing Filters on page 61 for examples of adding inbound and outbound policies. This section contains the following topics: Adding Filters on page 57 Managing Filters on page 61 Adding Filters A Policy Filter is an action or actions you want Hosted Security to take on messages that meet the conditions you define. Dell SonicWALL s Policy Management module enables you to filter as it enters or exits your organization. Note that Policy Management is a tool only for administrators; policies cannot be managed individually and are not user-configurable. To create and manage policy filters: 1 Navigate to the Policy & Compliance > Filters page. 2 Select the Inbound or Outbound tab to create filters for inbound or outbound messages. 3 Click the Add New Filter button. The Add Filter window displays. 57

60 NOTE: The fields in the window change based on the action you choose. 4 The Enable this Filter check box is checked by default. Unselect the check box to create rules that do not go into effect immediately. 5 Choose whether the filter matches All of the conditions or Any of the conditions All Causes to be filtered when all of the filter conditions apply (logical AND) Any Causes to be filtered when any of the conditions apply (logical OR) 6 Choose the parts of the message to filter. See the following table for more information: Select Spam/Phishing Judgment or Likely Spoof Judgment From To/Cc/Bcc Subject Body Definition The server s assessment of a Spam, Phishing, or Likely Spoof message threat Filter by the sender s name Filter by the names in the To, Cc, or Bcc fields Filter by words in the subject Filter based on information in the body of the 58

61 Select Subject or Body Message header Attachment name Attachment type Country Code Size of message Number of recipients Source IP Single Message Header Originating IP All Good Messages Definition Filter based on information in the subject and body of the Filter by the RFC822 information in the message header fields, which includes information like the return path, date, message ID, received from, and other information Filter attachments by name Filter based on information in the attachments Filter messages based on sender s country code Filter messages based on the size of the message Filter messages based on the number of recipients Filter messages based on the sender s IP address Filter messages containing a single message header Filter messages based on the IP address from where the message was sent Filter all messages judged good 7 Choose the matching operation. The choices for matching operation vary with the message part being matched against. The following table describes the matching operations available: Type Explanation Example With Specific Word Equivalent to Find the whole word only Search for the word Mail from the subject line This is Mail will match. Search for the word Mail from the subject line This is MailFrontier will not match. Without Specific Word Not equivalent to Find the whole word only With Specific Phrase Without Specific Phrase Starts With Ends With Equivalent to Find complete phrase Not equivalent to Find complete phrase The message part being searched for should start with the search value The message part being searched for should end with the search value Search for the words is Mail from the subject line This is Mail will match. Search for the words is Mail from the subject line This is MailFrontier will not match. Search for This from the subject line This is Mail will match. Search for is Mail from the subject line This is Mail will match. 59

62 Type Explanation Example Is Is Not Only the search criteria should exist (exact match) Only the search criteria should not exist 8 Enter the words or phrase that you want to filter in the Search Value text box. Select the appropriate check boxes. Match Case Filters a word or words sensitive to upper and lower case. Search for the word Mail from the subject line This is Mail will not match. Search for is Mail from the subject line is Mail will match. Search for the phrase is Mail from the subject line This is MailFrontier will match. Contains Substring search Search for is Mail from the subject line This is Mail will match. Does not contain Substring search does not match Intelligent Attachment Matching Filters attachment names, such as.exe or.zip. Disguised Text Identification Filters disguised words through the sequence of its letters, for example Vi@gr@. NOTE: Disguised Text Identification cannot be used together with Match Case and can be selected only for Body and Subject message parts. 9 Choose the response action from the Action drop down list. The following table describes the available response actions: Action Permanently delete Store in Junk Box Store in Approval Box Bounce back to sender Deliver and bounce Deliver and skip Spam and Phishing Analysis Route to Deliver and route to Tag subject with Effect The message is permanently deleted and no further processing occurs in any module occurs. This option does not allow the user to review the and can cause good to be lost. The message is stored in the Junk Box. It can be unjunked by users and administrators with appropriate permissions. The user has the option of unjunking the . The message is stored in the Approval Box. It will not be delivered until an administrator approves it for delivery. The message is returned to sender with an optional message indicating that it was not deliverable. The message is delivered to the recipient and is bounced back to the sender with an optional message. The message is delivered without spam or phishing analysis. The message is routed to the specified address. The message can be routed to only one address. Deliver to the recipients and also route to the specified address. The message can be routed to only one address The subject of the is tagged with a the specified term. Strip all attachments Remove all the attachments from the . 60

63 Action Append text to message Issue notification Add X-header to message Remove X-header from message Route to IP Deliver and Route to IP Effect The specified text is appended to the message body. Sends an notification to the recipients of the that triggered the rule. Adds an X-header to the . Removes an X-header from an . The message is routed to the specified IP address. The message can be routed to only one IP address. Deliver to the recipients and also route to the specified IP address. The message can be routed to only one IP address. When no additional filtering is required on a message, select the Stop processing policy filters check box. This check box is automatically selected and grayed out when you have selected a terminal action. If additional actions need to be performed on the same message, select the plus sign (+) to the right. You cannot add the same action more than once to a specific filter rule. As a result, once an action has been selected, it will not be available in the drop down list for further selection within the current filter rule. 10 Type a descriptive name in the Filter Name text box. 11 Select a policy group you want to apply this filter to. By default, All Groups will be selected and this filter will apply to all messages. 12 Click the Save This Filter button. Managing Filters The Policy Management page lists all the filters created in the system for the Inbound and Outbound path. From this view, you can Add New Filter, change the order of filters, Edit or Delete filters. Filters that have been enabled are indicated with a green tick mark. This section contains the following topics: Editing a Filter on page 61 Deleting a Filter on page 61 Changing Filter Order on page 62 Policy & Compliance > Policy Groups on page 62 Editing a Filter To change a filter that has been saved: 1 On the Policy & Compliance > Filters page, select the Inbound or Outbound tab (wherever the filter is located. 2 Click the Edit button adjacent to the filter to be changed. 3 Change any of the filter conditions. 4 Click Save This Filter. Deleting a Filter To delete a filter, click the Delete button adjacent to the filter. 61

64 Changing Filter Order Filters are processed in the order they appear. To change the order of the filters, drag and drop the filter in the order you prefer. Policy & Compliance > Policy Groups This section contains the following topics: Policy Groups Overview on page 62 Adding a New Policy Group on page 62 Removing a Policy Group on page 62 Policy & Compliance > Compliance on page 63 Policy Groups Overview In some cases, it may be appropriate to associate a policy filter to a group of users rather than the entire organization. For example, you may want a policy filter to be applied to all incoming messages sent to your sales team and no one else in your organization. If you want policy filters you create to be applied to particular group of users, you first have to create policy groups from LDAP. Policy groups, once created, can be associated with either inbound or outbound policies. Adding a New Policy Group To add a new policy group: 1 Navigate to the Policy & Compliance > Policy Groups page. 2 Select the Add New Group button. 3 From the pull down menu, select one of three methods to locate a desired group: equal to (fast) search using the actual name starting with (medium) search using the first few characters containing (slow) search using a substring of characters 4 Once the list of group names is displayed, select the check box of the group you wish to add. 5 Click on the Add Group button. Removing a Policy Group To remove a group, check the group(s) to be removed and select the Remove Group button. You can view the members of a group by selecting that group and clicking on the List Group Members button. If a user is present in more than one group, that user is treated to be a member of the group that is listed highest in the list. You can change group ordering, by clicking on the arrows to the left of listed groups. To change the order in which groups are listed, use the up and down arrow icons to the left of the groups. 62

65 For example in the above illustration, if is listed under both SalesEngineering and Sales, the policy filter that is associated with SalesEngineering will be applied to messages for Policy & Compliance > Compliance This section contains the following topics: Compliance Overview on page 63 Dictionaries on page 63 Approval Boxes on page 64 Record ID Definitions on page 65 Compliance Overview The Policy & Compliance > Compliance module is accessible through the optional purchase of a Compliance Subscription License Key and enables organizations to make efforts in ensuring that complies with relevant regulations and/or corporate policies. When the Compliance Module license expires, filters that were created during the valid license period will continue to work, taking advantage of the advanced features. However, the administrator will not be able to add any new filters to use licensed features until a license to the module is obtained. Dictionaries A dictionary is a convenient collection of set of words or phrases that you can group together for use in policy filters. A dictionary can be specified as a search value in a policy filter. Dictionaries can be created or modified either manually or by importing from a file in the file system. A predefined dictionary is a group of words or phrases all belonging to a specific theme such as medical or financial terms, which can be used as a database of words that filters can look for. By default, Hosted Security provides two pre-installed dictionaries: Financial Terms Medical Drug Names Potentially Dangerous File Types Encryption Service IPs - Dell SonicWALL These dictionaries may be modified by clicking the Edit button. For more information on adding or importing dictionaries, see the following topics: Add New Dictionary on page 64 Import Dictionary on page 64 63

66 Add New Dictionary To manually add a dictionary: 1 Click on the Add New Dictionary button. 2 Enter a word or phrase under Dictionary Terms and click Add Term. Repeat for all the terms you want to add to the dictionary. 3 Give your dictionary a name. 4 Click Save Dictionary. You will automatically be returned to the Policy & Compliance > Compliance > Dictionaries module. Import Dictionary To import a dictionary from a file on the file system: 1 Click on the Import Dictionary button. 2 Choose to name a new dictionary or to replace an existing dictionary by selecting the appropriate radio button next to your selection. 3 Find the import file by browsing to the correct location. The imported file should contain one word or phrase per line and each line should be separate by <CR>. 4 Click the Import button. Approval Boxes An Approval Box is a list of stored messages that are waiting for an administrator to take action. They will not be delivered until an administrator approves them for delivery. The View Approval Box drop down list allows you to have two different views of Approval Boxes: The Manager view and the individual approval box view. To see a list of the Approval Boxes that have been created, select Approval Box Manager from the pull-down menu in the View box from this list. The Approval Box Manager view allows you to edit or delete existing Approval Boxes, and to create new Approval Boxes. To see the contents of a particular Approval Box, choose the desired Approval Box name from the View Approval Box for drop down list. This page allows you to search the messages stored in that Approval Box and to take action on any of those messages. NOTE: Only users who have administrative rights can see the contents of an approval box. See Users, Groups & Domains on page 78 for managing user rights and privileges. To store messages in an Approval Box: 1 Create the Approval Box by clicking the Add New Approval Box button in the Policy & Compliance > Compliance Module > Approval Boxes page. 2 Enter a name for this Approval Box. This name appears in the page that shows the list of approval boxes and in the drop down list that allows you to select the detailed view of individual approval boxes. 3 From the Default action pull-down menu, select an action to be taken. This action will automatically be taken on the message waiting for approval if the administrator does not respond to the notification within the period of time specified. None Approve & Deliver No action is taken. The remains in the Approval Box. The is passed to the recipient. 64

67 Delete Bounce Back to Sender The is deleted. The is automatically bounced back to the sender and removed from the Approval Box after the specified length of time elapses. 4 Enter a list of Notification recipients in the text box. Separate multiple addresses with a carriage return. NOTE: Make sure that the recipients you enter are users that have administrative rights to the Hosted Security. If they do not have administrative access, they will not be able to view the approval boxes when they receive notification. 5 Select a Frequency of notifications value from the drop down list for this approval box. Approval box notification s for this approval box will be sent according to the schedule you choose here. 6 Write the subject line for this notification. 7 Click the Apply Changes button to save your changes to this approval box notification. 8 Go to the Policy & Compliance > Filters page and create a policy filter that has the Action as Store in Approval Box. Then, choose the desired Approval Box for messages caught by that filter. Record ID Definitions A Record ID Definition can be used to detect specific IDs described by a series of generic patterns. The Policy & Compliance > Compliance Module > Record ID Definitions section allows the administrator to predefine a cluster or clusters of letters and numbers into logical sets of groups such as social security numbers, patient medical record numbers, or credit card numbers. When these patterns are discovered, compliance actions can be taken to ensure that the organization's privacy and security regulations are met. The filter will stop processing a message after it finds the first matching Record ID Definition. By default, provides the following Record ID Definitions pre-installed: ABA Bank Routing Number Canadian Social Security Number Credit Card Number 65

68 Date Phone Number Social Security Number Zip Code Adding a New Record ID Definition To add a new Record ID Definition: 1 Navigate to the Policy & Compliance > Compliance > Record ID Definitions page. 2 Click the Add New Record ID Definition button. The following window displays: 3 Enter a name in the Record Definition Name field. 4 Enter a term including correct spacing, dashes or other symbols. Use the key to set values to the sets of characters. 5 Click Add Pattern to add the term to the Record ID. Repeat this step for each Record ID as necessary. 6 Click Save Definition when finished. The new Record ID Definition displays on the Policy & Compliance > Compliance Module > Record ID Definitions screen. 66

69 10 Using the Encryption Service The Encryption Service feature works in tandem with as a Software-as-a- Service (SaaS), which provides secure mail delivery solutions. The mail messages that have [SECURE] as part of the Subject will be encrypted and securely delivered to the recipient via the Encryption SaaS. A few things to consider when using the Hosted Security Encryption Service: It is the customer's responsibility to protect user passwords and use care in spelling addresses when sending s, especially s containing sensitive information. Encrypted s automatically expire after 30 days and are not recoverable. The subject lines of messages are not encrypted and should not include electronic protected health information (ephi) or confidential information. This chapter contains the following sections: Encryption Service Overview on page 67 Enabling the Secure Mail Policy on page 68 Licensing Encryption Service on page 68 Configuring Encryption Service on page 69 Users in Encryption Service on page 70 Encryption Service Overview The Encryption Service works with both outbound and inbound messages. The Encryption Service must first be licensed through the System > License Management page. The administrator will then enable the default policy filter that enables sending secure via the Encryption Service. After adding the necessary sender domains and public IP addresses, the administrator can then add users that are licensed to use Encryption Service. 67

70 Outbound Messages Outbound messages flow in the following order: 1 A user in an organization sends a secure message. It is sent through the exchange server of the organization. 2 The message is then processed by. The Hosted Security will be able to recognize the message as Secure Mail based on the auto sender domains or any other policy set to Route to Encryption Service. 3 The message is sent from via TLS to the Dell SonicWALL Encryption Cloud. The Encryption Cloud will be able to determine this is a secure message based on the auto sender domains or any other policy set to Route to Encryption Service. 4 The Encryption Cloud then sends a notification to the recipient. This includes a URL to the secure message. 5 The Secure Mail recipient clicks the URL and is required to log into the Encryption Cloud to retrieve the message. Once the recipient views the message, the sender gets a notification mail from Encryption Cloud indicating that the secure message has been viewed. Enabling the Secure Mail Policy In order to begin using the Secure Mail Service, you must first enable the default outbound policy to Send Secure Mail. Follow the procedures listed below to successfully enable the Secure Mail policy. To enable Outbound Secure Mail: 1 Navigate to the Policy & Compliance > Filters page of your Hosted Security. 2 Click the Outbound tab. 3 Locate the Send Secure Mail: Deliver Message via Encryption Service filter, and click the Edit button. The Edit Filter screen displays. 4 Click the Enable this filter check box. You can either keep the default settings or edit the settings for this filter. 5 When finished configuring the settings, click Save This Filter. NOTE: The Policy & Compliance > Filters page allows you to drag-and-drop filters, changing the precedence order of policies, which may be useful for your specific corporate needs. For more information regarding policies, refer to Configuring Policy & Compliance on page 56. Licensing Encryption Service Because Encryption Service is a subscription service, you must purchase a license by logging in to your Hosted MySonicWALL account or by contacting your Dell SonicWALL reseller. Licensing with an Activation Key If you already purchased the Encryption Service through a Dell SonicWALL reseller, you will receive an Activation Key for the service. To license the service through Hosted MySonicWALL: 1 Log in to Hosted Security solution. 2 Navigate to the Encryption Service page on Hosted MySonicWALL. 3 Since the Encryption Service is not activated, a warning displays at the top of the screen. Click the link to navigate to hosted.mysonicwall.com. 68

71 4 Log in with your hosted.mysonicwall.com Username and Password. 5 On the page that displays, click the Activate Service button. 6 Enter the Activation Key(s) for the Encryption Service. Click Submit. 7 The following screen displays: Data Center Location The Encryption Service Data Center location is automatically selected based on your geographical location. You are not able to edit this setting. Auto Sender Domain(s) Specify the domains from where the mail is being sent. These domains must be domains that you own and control. Admin Address Enter the administrator address to be associated with the Encryption Service, for example [email protected]. Company Name Enter the company name to be associated with the Encryption Service. 8 Click Submit. Configuring Encryption Service Once you have successfully enabled the Secure Mail outbound policy and licensed the Encryption Service through the License Management screen, you can begin configuring settings for the service. 69

72 To configure the Encryption Service: 1 Navigate to the Encryption Service page on your. 2 Under the Account Management Settings section, click the Refresh button to synchronize the settings and user list from the Dell Encryption Service. 3 Click the Reset Credentials button to reset and create new credentials. The credentials will be used to authenticate the Secure Mail Server gateway. 4 The Company Name field auto-populates with the name specified in Licensing Encryption Service on page 68. Edit the Company Name, if needed. 5 Enter the Auto Sender Domains in the space provided, if needed. The Auto Sender Domains field autopopulates with the domains specified in Licensing Encryption Service on page Select the check box to enable the use of TLS for secure mail sent from the Encryption Service to your organization. If you decide to enable this feature, verify that all your inbound paths have TLS enabled, located in the Network Architecture > Server Configuration page. 7 Click Apply Changes when finished. Users in Encryption Service Dell SonicWALL recommends that the administrator should add users to the Encryption Service. If any mail messages are sent to the Encryption Cloud from a sender account not already created, the Encryption Cloud will automatically create a Secure Mail sender account, as long as the domain in the address is one of the Auto Sender domains. See the following topics: Adding a New User on page 71 Updating an Existing User on page 71 Adding an Existing User on page 71 Importing Users on page 72 Exporting Users on page 72 Cobrand and Reporting on page 72 70

73 Adding a New User To add a new user to the Secure Mail Encryption Service: 1 Navigate to the Encryption Service page on. 2 Scroll down to the User View Setup section, and click the Add button. 3 Enter the following fields: Address Enter the address for the user. First Name Enter the first name of the user. Last Name Enter the last name of the user. Role Select the role of the user from the drop down list. The available options are User or Admin. 4 Click Add to finish. The new user displays in the User View Setup list. NOTE: You may need to click the Refresh button to synchronize user accounts and settings from the Secure Encryption server if it does not automatically display. Updating an Existing User To update the information of an existing user: 1 Select the check box corresponding to the user you want to update. 2 Click the Update button. The Update User account screen displays. 3 Edit the First Name, Last Name, or Role. Note that you cannot update the User Address. 4 Click Update to save changes made and update the user information. Adding an Existing User If you have LDAP configured, you can add existing users to the Secure Encryption Service. To add existing users: 1 Navigate to the Encryption Service page on. 2 Click the Add Existing Users button. 3 A list of users displays based on what you have configured for your LDAP directory. You can search for an existing user by address in the search field. 71

74 4 Select the user you wish to add, then click the Add button. The new user displays in the User View Setup list. Importing Users If there are multiple users you would like to add, you can import a.txt list of users to be added to the Secure Encryption Service. The.txt file must use a <TAB> delimiter between the primary address, first name, last name, and role of each user. You must use <CR> to separate entries. See the following example: primary_ @company.com<tab>firstname<tab>lastname<tab>admin<cr> primary_ @company.com<tab>firstname<tab>lastname<tab>user<cr> Note that the Primary address is mandatory, while the other fields are optional. To import users: 1 Navigate to the Encryption Service page on. 2 Click the Import Users button. 3 Click the Choose File button to select the file containing the list of users. 4 Click Import. Exporting Users To export the list of Secure Encryption Service: 1 Navigate to the Encryption Service page on. 2 Click the Export Users button. The list exports a.txt file and saves to your local system. Cobrand and Reporting The Secure Encryption Service allows you the option to customize features on the management console. You can also customize reports from the Secure Encryption Service. The following are Cobrand and Reporting settings you can configure through the Secure Encryption server portal: Company and User Type Properties on page 72 Cobrand Management Console on page 73 Message Tracking Report on page 74 User Logon Report on page 74 User Reports by Message Size, Volume, Date, and Summary on page 75 Total View Report on page 76 Company and User Type Properties The Company Configuration > Company Information page allows you to edit your organization s information. The following fields are editable: Company Name This is the Company Name specified in the System > License Management page upon licensing the Encryption Service. 72

75 Address This is the Admin Address specified in the System > License Management page upon licensing the Encryption Service. The Company Configuration > Company Properties page allows you to edit the Automatically Create Sender Accounts setting. Select one of the following options: Off, On, or Off Send Plain Text. Cobrand Management Console The Cobrand Management Console page allows you to edit your organization s existing cobrand settings or create a new cobrand. To edit an existing cobrand or create a new cobrand: 1 Under the Cobrand Information section, select (Create a New Cobrand) from the drop down list to create a new cobrand. To edit an existing cobrand, select it from the drop down list. 2 Specify the following cobrand settings: Company Name A descriptive name that is associated with the cobrand and will be displayed in the drop down list for editing. Default URL The URL where users are directed when they click the cobrand image. Note that you must include the protocol/scheme ( ) in the URL. Cobrand Color The web color used for the login panel, top and bottom ribbon bars (menu and status bars) for Web pages on the server portal. The web color is identified with 6-character hexadecimal number, commonly used with HTML, CSS, and other applications. You can also identify the cobrand color using the Color Selector box that displays upon editing the hexadecimal number. Top HTML (Optional) Allows you to specify a block of HTML coding to be used in place of the cobrand image in the page header. The HTML can contain text, links, graphics, and columns, or follow an HTML style sheet. Note that if the Top HTML field contains boilerplate code, do not delete it unless you intend to replace it with customized HTML. Loaded Image (Optional) Displays the database server path and internal filename for the uploaded cobrand image. Click the Clear Image button to immediately remove the image from the cobrand. Allow users to stay signed in Select the check box to enable, and then specify the amount of time for users to stay signed in. Filter Messages Allows you to limit the messages that users see in their mailbox to messages related to the cobranded company. If enabled, the Secure Mail recipient s mailbox only displays messages from or to the cobranded company, as long as the recipient accesses the server using the notification link. Select Image Select a cobrand image, such as an organization or company logo, that displays at the top of all the server portal pages. This is an efficient and easy way to create professional branding without requiring the use of HTML. Click the Choose File button to select the image you want assigned to the cobrand. 3 Click the Save button to save your changes and apply the cobrand to your organization. 73

76 Message Tracking Report The Message Tracking Report enables you to search through addresses and subject lines of Secure Mail messages (message bodies are not included in the search). To generate a Message Tracking Report: 1 Click the Message Tracking Report link from the Secure Mail Encryption Service portal. 2 Enter the search parameters into the Address or Pattern, Start Date, and End Date fields. The To/From drop down list specifies whether to search for the parameters in the To or From field of messages. 3 Click Generate Report link. The report displays all messages matching the specified criteria. User Logon Report The User Logon Report generates reports about user log on activity. You can search activity based on specific users, defined time frames, and also how the user logged into the service. To generate a User Logon Report: 1 Click the User Logon Report link from the Secure Mail Encryption Service portal. 74

77 2 Enter the search parameters into the Address or Pattern, Start Date, and End Date fields. The Logon Source drop down list specifies which service the user accessed. The default is All, which includes every service the user may have used. 3 Click the Generate Report link. The report generates all log on events for the user, based on the specified criteria. User Reports by Message Size, Volume, Date, and Summary There are several types of user reports, each of which can be filtered for sent or received messages (or both) for each user. These reports are summaries of user statistics, differing from the more detailed reports such as the Message Tracking Report. The following types of reports can be generated: Report Type Message Size Statistics Message Date Statistics Message Volume Statistics Message Summary Data Description Shows the size of messages sent and received by each user Shows when messages have been sent by the user (first and last messages for each user) Shows the number of messages sent/received by the user Shows the fields of other statistics reports on one screen To access any User Report: 1 Click the User Reports by Message Size, Volume, Date, and Summary link from the Secure Mail Encryption Service portal. 75

78 2 Click on the Report to view the information. Total View Report The Total View Report provides complete tracking of all messages sent through the Secure Mail system. The report contains a record of every messages sent along with the tracking data for the message (and attachments) in a single report. This report is provided as a CSV file. The Total View Report includes the following fields: Message ID Date From To Subject Notification Timestamp Message Status (Opened / Not Opened) Message Open Time Attachment Name Attachment (Accessed /Not Accessed) Attachment Open Time NOTE: Each message and every attachment within a message is reported separately. For example, a message to two recipients with two attachments will generate four rows of data: Two for each recipient, with one attachment listed on each line per recipient. To generate a Total View Report: 1 Click the Total View Report link from the Secure Mail Encryption Service portal. 76

79 2 Specify the Date range for the report. For more efficiency, you can click one of the quick links: Last day, 30 days, or 60 days. This will automatically select the specified time period. 3 Click the Generate Report link. 4 Click the Download Report link to save the CSV file to your local system. Click Select Different Dates to return to the previous screen and conduct a new search with different dates. 77

80 11 Users, Groups & Domains This chapter contains the following sections: Users, Groups & Domains> Users on page 78 Users, Groups & Domains> Groups on page 82 Users, Groups & Domains > Domains on page 90 Hosted Security User Roles on page 91 NOTE: To manage users and groups, you need to have configured your Hosted Security setup to synchronize with your organization s LDAP server. You can configure LDAP settings and queries on the System > LDAP Configuration page. Users, Groups & Domains> Users The Users, Groups & Domains> Users page allows you to manage users in Hosted Security, sign in as any user, set their message management settings to corporate default, and edit their privileges in the system. Select the Source to use from the drop down list, then click Go. This section contains the following topics: Authenticating non-ldap Users on page 78 Searching for Users on page 79 Sorting through Users on page 79 Signing In as a User on page 79 Editing User Rights on page 79 Resetting User Message Management Setting to Default on page 80 Adding a User on page 80 Removing Users on page 80 Importing Users on page 80 Exporting Users on page 81 Authenticating non-ldap Users To enable authentication for non-ldap users, select the corresponding check box in the User View Setup section. 78

81 Searching for Users If there are too many users to display in a window, you can conduct a search using the Find all users in column section. To use this search feature: 1 Navigate to the Users, Groups & Domains > Users page. 2 Select from the drop down list to do a search by User Name or Primary . 3 Next, select from the next drop down list if the search parameter is equal to, starts with, or contains. Note that each of these fields determines the speed of the search, where equal to is the fastest type of search and contains is the slowest. 4 Select if you want the search to Show LDAP entries or Show non-ldap entries by selecting the check boxes next to either option. 5 Enter the search parameter in the blank field, and click Go. Sorting through Users To sort the list of users by that column, click the User Name or Primary heading. Signing In as a User Administrators can sign in as any user, see their Junk Box, and change the settings for that user. In addition, you can sign in as a particular user to manage their delegates for them. Click the check box next to the User Name, then click the Sign In as User button. Editing User Rights Administrators can assign different privileges to different users in the system by assigning them pre-defined roles. To assign a role to a user, select the user and click on Edit User Rights button. Select which role to assign to a user, then click Apply Changes. For information regarding User Roles, see the Hosted Security User Roles on page

82 Resetting User Message Management Setting to Default Select one or more users and click Set Message Management to Default to restore all settings to the defaults. Be aware that this overrides all individual user preferences the user might have set. Adding a User The administrator can add individual non-ldap users. Fill out the Primary Address and Alias fields, then click Add. Add an existing user with an alias and the user will have that alias added to them. This is not dependent on LDAP status. NOTE: Users added in this way remain non-ldap users. Their User Rights cannot be changed. Their source will be listed as Admin. Users can edit their Junk Box setting only if the administrator sets the Junk Box setting: Enable Single Click viewing of messages to Full Access in the System > Junk Box Summary page. Removing Users The administrator can remove individual non-ldap users. First select a non-ldap user by using the check box in front of the name, then click the Remove button to delete the name from the list. Importing Users The administrator can add multiple non-ldap users by importing a list of names. The list is made up of the primary addresses followed by the corresponding aliases of the users. The imported file can be appended to the existing names, or overwrite them. The format of the file is tab-delimited. One may use an Excel spreadsheet to generate a user list and save it as a tab-delimited file. To import the list, click the browse button to locate the file and click Import. 80

83 Exporting Users The administrator can download a tab-delimited list by clicking this button. The file generated lists multiple non-ldap users and can later be imported using the Import feature. 81

84 Users, Groups & Domains> Groups Navigate to the Users, Groups & Domains > Groups page to manage Group settings. Note that the settings on this page are optional. This section includes the following topics: About LDAP Groups on page 82 Adding a New Group on page 82 Finding a Group on page 83 Removing a Group on page 83 Listing Group Members on page 83 Setting an LDAP Group Role on page 84 User View Setup on page 84 Anti-Spam Aggressiveness on page 85 Languages on page 86 Junk Box Summary on page 87 Spam Management on page 88 Phishing Management on page 89 Virus Management on page 90 Forcing All Members to Group Settings on page 90 About LDAP Groups This section describes how Hosted Security lets you query and configure groups of users managed by an LDAP server. Most organizations create LDAP groups on their Exchange server according to the group functions. For example, a group configured on their Exchange server called support represents the technical support groups in Exchange. Configure LDAP groups on your corporate LDAP server before configuring the rights of users and groups on Hosted Security in the LDAP Configuration screen. allows you to assign roles and set spam-blocking options for user groups. Though a user can be a member of multiple groups, Hosted Security assigns each user to the first group it finds when processing the groups. Each group can have unique settings for the aggressiveness for various spam prevention. You can configure each group to use the default settings or specify settings on a per-group basis. Updates to groups settings in this section do not get reflected immediately. The changes will be reflected the next time Hosted Security synchronizes itself with your corporate LDAP server. If you want to force an update, click on the Refresh Users & Groups button. Adding a New Group To add a new group, click the Add New Group button. The Add Group window appears with a list of all the groups to which you can assign roles. You can also add new groups in this window. 82

85 Finding a Group To find a group: 1 From the Add Group screen, search for the group you want by entering the name in the text box. Choose the search mechanism and search speed: equal to (fast), starts with (medium), or contains (slow). Click Go to begin the search. OR Scroll through the list of groups to locate the group you want to add. 2 Click the check box to include the group. 3 Click Add Group. A message displays stating that the group was added successfully. Removing a Group To remove a group: 1 Click the check box adjacent to the group(s) to remove. 2 Click the Remove Group button. A success message displays. Listing Group Members To list group members: 1 Click the check box adjacent to the group to list. 2 Click the List Group Members button. Users belonging to that group will be listed in a pop-up window. 83

86 Setting an LDAP Group Role All members of a group are also given the role assigned to the group. To set the role of a group: 1 Click the check box adjacent to the group to edit. 2 Click Edit Role. A window appears with the group s name and current role. 3 Click the radio button for the appropriate role that you want to assign to the group. 4 Click Apply Changes. A message appears stating that the group was changed successfully. NOTE: Hosted Security queries your corporate LDAP server every hour to update users and groups. Changes made to some settings in this section may not be reflected immediately on Hosted Security, but are updated within an hour. User View Setup This controls what options are available to the users in this group when they login to server using their user name and password. You can change the settings on the following items: Login Enabled Enables users in this group to log into their Junk Box. Anti-Spam Techniques Allows or blocks specified people, companies, lists, aggressiveness, foreign languages. Full user control over anti-spam aggressiveness settings Allows users full access to configuring Anti- Spam aggressiveness settings. Reports Allow users in this group to look at their Spam reports. Settings Enables users in this group to view their settings. Junk mail management Allows users access to junk mail management settings. Quarantined Junk Mail Preview Settings Click the Users in this group are allowed to preview quarantined junk mail check box to enable this setting for users. 84

87 Anti-Spam Aggressiveness To configure Anti-Spam Aggressiveness settings for a group: 1 Choose the appropriate Grid Network Aggressiveness level for this group. Note that selecting a stronger setting will make Hosted Security more responsive to other users who mark a message as spam. 2 Choose the appropriate Adversarial Bayesian Aggressiveness level for this group. Note that selecting a stronger setting will make Hosted Security more likely to mark a message as spam. 3 Select the check box to Allow users to unjunk spam. If the check box is unchecked, users are not able to unjunk spam messages. 4 For each category of spam, determine level and whether members of the group are allowed to unjunk their Junk Boxes. 5 Click Apply Changes. 85

88 Languages To determine the foreign language s that groups can receive: Select Allow All to allow all users in a group to receive in the specified language. Select Block All to block all users in a group from receiving in the specified language. Click No opinion to permit to be subject to the spam and content filtering of Dell SonicWALL Hosted Security. Click Apply Changes to save setting made. 86

89 Junk Box Summary To configure settings for the Junk Box for groups: 1 Select the Frequency of Summaries sent to users. 2 Select the Time of Day users receive junk summary s. 3 Select the Day of the Week users receive junk summary s. 4 Select if the Summaries include All Junk Messages or Only Likely Junk. 5 Select from the drop down list the Language of Summary . 6 Choose to send Plain Summary or Graphic Rich Summary. 7 Select the check box to Send Junk Box Summary to Delegates. Note that when this check box is selected, the summary is sent to the delegate, not to the original recipient. 8 Click Apply Changes. 87

90 Spam Management To manage messages marked as Definite Spam or Likely Spam for this group: 1 Choose what you want done with messages: Spam Filtering Off Passes all messages to users without filtering. Permanently Delete If determined Definite or Likely Spam, messages are permanently deleted. Bounce back to sender Messages are sent back to the sender. In cases of self-replicating viruses that engage the sender s address book, this can inadvertently cause a denial-of-service to a nonmalicious user. Send to Specify an address for the recipient. Tag with Label the to warn the user. The default is [SPAM] or [LIKELY_SPAM]. 2 Select the check box This Group accepts automated Allowed Lists if you want automated Allowed Lists to apply to this group. 3 Click Apply Changes. 88

91 Phishing Management The phishing management window gives you the option of managing phishing and likely phishing settings at a group level. Just like Spam Management options, it allows to you deal with phishing differently for different groups. However, unlike Spam Management options, these settings cannot be altered for individual users. 89

92 Virus Management The virus management window gives you the option to manage Definite Virus and Likely Virus settings at a group level. Just like Spam Management options, it allows to you deal with viruses and likely viruses differently for different groups. However, unlike Spam Management options, these settings can not be altered for individual users. Forcing All Members to Group Settings Select the check box next to the Group(s) you want to adhere to Group Settings. Then, click the Force All Members to Group Settings button. All individual settings are overwritten by the Group Settings. Users, Groups & Domains > Domains The Users, Groups & Domains > Domains page lists the available Domain Units paired with the Hosted Security solution. This section includes the following topics: Domains Overview on page 90 Adding a Domain on page 91 Domains Overview Domains are a smaller group of domains set by the Global Administrator as an efficient way of managing an entire enterprise-sized Hosted Security system setup. These subset groups, also known as a Domain Unit (OU), are managed by a sub-administrator, called the OU Administrator. The OU Administrator role has full administrative rights to the OU he has been assigned to by the Global Administrator. The OU Admin can log in as any other user within the group of domains assigned to edit a user s individual settings, edit group settings for groups within their OU, and manage Junk Boxes, and view Reports. The OU 90

93 Admin is not able to add or remove domains from a Domain, regardless if he is the OU Admin of that Domain; only the Global Administrator has the ability to perform these tasks. Adding a Domain To add a Domain: 1 Navigate to the Users, Groups & Domains > Domains page. 2 Click the Add Domain button. 3 Enter the Domain(s). Acceptable domains follow the form of domain.com or sub.domain.com. 4 Click the Save button. Hosted Security User Roles Roles are a set of privileges that you can grant any individual user or group of users in the Hosted Security system. The possible roles that can be assigned to any user or groups are: OU Administrator The Organizational Unit (OU) Administrator role has full administrative rights to a specific list of domains the Global Administrator specifies. Typically, the Global Administrator of an enterprise-sized organization may wish to delegate the management of a smaller group of domains, or Organizational Units, between several users requiring administrative rights for successful management of these OUs. The OU Admin can log in as any other user within the group of domains assigned to change a user s individual settings, view and manage Junk Boxes, and configure other areas of the Hosted Security system. Help Desk A user assigned as Help Desk has access to the corporate Junk Box and can unjunk items. This role also allows the user to log in as any user to change that user s individual settings and view Junk Boxes. The Help Desk role does not allow the user to change global settings or other server configurations. Group Admin A group administrator role is similar to the Help Desk role except that this role s privileges are limited to users for the group that they are specified to administer. The Group Admin role is always associated with one or more groups added to the Spam Blocking Options for Groups section. Manager A user assigned as Manager has access to corporate Reports and Monitoring screens. The user cannot change any configuration settings, nor are they able to sign in as any other user. User A user role is only allowed to log in to the Hosted Security system, has access to his own individual user settings, and can only customize his own settings. 91

94 12 Managing the Junk Box This chapter contains the following sections: Junk Box Management > Junk Box on page 92 Supported Search in Audit and Junk Box on page 94 Junk Box Management > Junk Box Settings on page 95 Junk Box Management > Junk Box Summary on page 97 Junk Box Management > Junk Box The Junk Box allows you to review and process messages that have been flagged as spam, virus-infected, organization policy violations, or phishing. You can unjunk or release a falsely identified message. When you or the recipient unjunks an incoming message, Hosted Security adds the sender of the message to the recipient s Allowed list and delivers the to the recipient. The size of the junk box can grow rapidly. By default, the messages are stored in the junk box for 30 days and deleted after that. You may need to customize this setting depending on your organization s policies and storage capacity on the shared data directory for messages are stored. To change this setting, go to Junk Box Management > Junk Box Settings > Number of days to store in Junk Box before deleting, and choose a value between 1 and 180 days. Messages in junk box can be quickly sorted and viewed by threat types. Messages that contain definite spam, phishing, and viruses have red asterisks (*) adjacent to them. Messages that contain likely spam, phishing, and viruses do not have any marks. Type of Message Spam (definite) Likely Spam Phishing (definite) Likely Phishing Virus (definite) Likely Virus Display *Spam Spam *Phishing Phishing *Virus Virus See the following topics: Using the Junk Box Simple View on page 92 Using the Junk Box Advanced View on page 93 Outbound Messages Stored in Junk Box on page 94 Using the Junk Box Simple View The Junk Box Management > Junk Box window displays all the messages that have been categorized as the selected threats. You can also: 92

95 Search for messages containing specific strings in the following fields: Subject, From, To, or Unique Message ID. Search is not case sensitive. Select a specific date to search on any particular date. Using the Junk Box Advanced View Additional search capabilities give administrators the ability to support users more effectively, audit more selectively, and dispose of unwanted messages with more granularity. To use Advanced Search: 1 On the Junkbox Management > Junk Box page, click the Advanced View button. 2 To search for specific threat types, select the check boxes in the Threats section. 3 Click Search. Messages matching your search criteria are displayed. To move quickly through results pages, click in the field that says Page 1 of and type the result page you want to view. You can also change the number of messages displayed on each page. As an example, suppose you wanted to see only messages that were Spam or 93

96 Likely Spam. Clear all the check boxes except the Show Spam and Show Likely Spam check boxes. Leave all the locations selected and click Search. Outbound Messages Stored in Junk Box To display the outbound messages in junk box, navigate to the Junk Box Management > Junk Box page and click on the Outbound tab. Outbound message management detects messages sent by users in your organization that contain viruses, likely viruses, and message that trigger policy alerts. Outbound message management also quarantines outbound spam, phishing, and UAS. NOTE: Messages stored in the Outbound Junk Box cannot be reviewed by the senders. The senders will not see their messages in their Junk Box Summary notifications. Only administrators can review and process messages quarantined in the Outbound Junk Box. Messages in the Junk Box are deleted after the number of days shown at the top of the Junk Box page. This setting can be changed in the Junk Box Management > Junk Box Settings page. Supported Search in Audit and Junk Box The following types of search can be performed in the To, From, or Subject field: Boolean Search on page 94 Wildcard Search on page 95 Phrase Search on page 95 Fuzzy Search on page 95 Boolean Search OR Operator This is the default search. Add OR in between search words. The results will contain any of these search words. AND Operator Add + before the search word (or) AND in between search words. Each result must contain these words. NOT Operator Add - before the search words (or) NOT in between search words. The results must not contain these search words. 94

97 Wildcard Search * operator Add * to the middle or end of the word. This substitutes more than one character to the search word, and attempts to perform a search on all possible words.? operator Add? to the middle or end of the word. This substitutes one character and will find the match for the word. NOTE: Wildcard operators should be added to the middle or end of the text, rather than at that beginning. Phrase Search A phrase is a group of words surrounded by quotes. The exact phrase will be searched. Fuzzy Search Add ~ to the end of the word to search for the closest possible match. This search is useful when search words have an error, or the exact spelling for the text is unknown. Proximity Search This searches for words closer to each other. The syntax is word 1 word2 ~distance. Junk Box Management > Junk Box Settings The Junk Box Management > Junk Box Settings screen contains the General, Action, Miscellaneous Message Settings sections, which enable the administrator to set default settings for users messages. This section includes the following topics: General Settings on page 95 Action Settings on page 95 Miscellaneous on page 96 General Settings The General Message Settings window allows you to choose default settings for messages that contain spam, phishing, virus, and policy management issues. Select one of the following for When a user unjunks a message: Automatically add the sender to the recipient s Allowed List Ask the user before adding the sender to the recipient s Allowed List Do not add the sender to the recipient s Allowed List Action Settings The Action Message Settings define conditions for tagging messages delivered to users inboxes. Review the four check box options that allow the user to define conditions for tagging messages incoming to their inbox. Each of the tags below will be prefixed to the subject line of the message. 95

98 To tag unjunked messages, check the Tag unjunked messages with this text added to the subject line check box, and input word(s) to be used for tagging. To tag messages which were considered as junk but will be delivered because the sender s domain is on the user s Allow list, check the Tag messages considered junk, but delivered because sender/domain/list is in Allowed list with the text added to the subject line check box, and input word(s) to be used for tagging. To tag messages which were considered as junk but will be delivered because of a Policy action in effect, check the Tag messages considered junk, but delivered because of a Policy action with the text added to the subject line check box, and input word(s) to be used for tagging. To tag all those messages that are processed by Hosted Security Server for testing, check Tag all messages processed by Hosted Security for initial deployment testing with this text added to the subject line check box, and input word(s) to be used for tagging. Miscellaneous The Miscellaneous Message Settings provide links that direct you to configure message management for the Anti-Spam, Anti-Virus, Anti-Phishing, and Policies modules. By clicking the Click here links, you are directed away from the Junk Box Management > Junk Box Settings screen. 96

99 Junk Box Management > Junk Box Summary Both administrators and users receive Junk Box summaries listing the incoming that Hosted Security has classified as junk. From these messages, users can choose to view or unjunk an if the administrator has configured these permissions. From the Junk Box Management > Junk Box Summary window, users can determine the language, frequency, content, and format of Junk Box summaries. Configure the following for Junk Box Summaries: Frequency Settings on page 97 Message Settings on page 97 Miscellaneous Settings on page 99 Other Settings on page 100 Frequency Settings Select the Frequency of summaries from the drop down list. Select the Time of day to send summary. You can select Any time of day or specify an hour to send. Select the Day of week to send summary. You can select Any day of the week or specify a day. Specify the Time Zone for the Hosted Security system. Message Settings Select to include All Junk Messages or Only likely junk (hide definite junk) in Junk Box Summaries. Note that if All Junk Messages is selected, both definite and likely junk messages are included. If Only likely junk is selected, only likely junk messages are included in the summary. Select the Language of summary from the drop down list. Send plain summary Select this check box to send junk box summaries without graphics. The following image shows a Plain Summary: 97

100 98

101 The following image shows a Graphic Summary: Select the Display junk statistics in summary check box if you prefer to have junk statistics included in the Junk Box Summary. Miscellaneous Settings Select the Send Junk Box Summary to delegates check box to have summary s sent directly to a user s delegates. With this option enabled, users with delegates no longer receive summary s. Select the radio button next to the Enable single click viewing of messages setting. You can select from the following: Off The single click viewing of messages setting is not enabled. View messages only Users are able to preview messages without having to type their name or password. Full Access Users can click any link in a Junk Box Summary and are granted full access to the particular user s settings. Select the Enable Authentication to Unjunk check box to require authentication for unjunking messages in the Junk Box Summary. Select the Only send Junk Box Summary s to users in LDAP check box to only include LDAP users as recipients of the Junk Box Summary s. With this setting selected, users not associated with the LDAP do not receive Junk Box Summary s. To enable authentication for non-ldap users, click the link. You are automatically directed to the Users, Groups & Domains > Users screen. For more information regarding LDAP and non-ldap users, refer to the Users, Groups & Domains> Users on page

102 Other Settings Specify the address from which summary is sent. Select from the following: Send summary from recipient s own address Send summary from this address. Specify the address in the space provided. Specify the Name from which summary is sent in the space provided. Specify the Subject in the space provided. Specify the URL for User View in the space provided. The Junk Box Summary includes this URL for User View to allows users to easily view quarantined s, unjunk quarantined s, and to log in to the Hosted Security system. Click the Test Connectivity button to verify the URL specified in the URL for User View field properly connects. 100

103 13 Viewing Reports and Monitoring allows you to view system status and data through the Reports & Monitoring screen. You can view statistics for different time periods on the local system or the mail transfer agent (MTA). Monitor the flow of traffic passing through the Hosted Security system in real time. The Reports & Monitoring screen also allows you to use SNMP to send information to a monitoring agent. This chapter contains the following sections: Reports & Monitoring > Reports on page 101 Reports & Monitoring > Scheduled Reports on page 107 Reports & Monitoring > Reports provides many types of reports. All reports allow you to optionally download the data in CSV or HTML format. You can also create custom reports by specifying a time period for the data, and download the report for analysis or the report. Per-domain reports are available for custom and scheduled reports. also provides several reports for Managed Service Provider (MSP) related data, including the following: breakdown (custom/scheduled report only) Bandwidth (custom/scheduled report only) Good v Junk per domain (custom/scheduled report only) By default, retains 366 days of reporting information in the database. You can change this setting in System > Advanced > Reports data will be deleted when older than field. Lowering this number means less disk space will be used, but you will not have report data older than the number of days specified. If your organization's volume is very high, you may want to consider lowering this number. This section includes the following topics: Dashboard on page 102 Anti-Spam Reports on page 103 Anti-Phishing Reports on page 104 Anti-Virus Reports on page 104 Anti-Spoof Reports on page 104 Encryption Service Reports on page 105 Policy Management Reports on page 105 Compliance Reports on page 106 Directory Protection on page

104 Dashboard The Reports > Dashboard page provides information about at a glance. These charts are updated hourly and display the statistics for the last 24 hours. On any report page, drag and drop the charts to customize the order of how each report appears on the page. The following settings are also available: Click the Stacked Chart tab to see the report visualized as a stacked chart view. Click the Line Chart tab to see the report visualized as a line chart. Click the Table tab to see the report in a table format. Click the Refresh Reports button to update the data in the reports with the most current data. Click the Zoom or Undo Zoom button to change the view of the report. Click the Save View button to save the current view of the report page, which saves any changes made to the view. Click Reset to Default View to return the page to default settings. Click the Download icon to download the report. You can download the report as a PDF or JPEG. See the following topics for more information: Inbound Good vs Junk on page 103 Outbound Good vs Junk on page 103 Spam Caught on page 103 Junk Breakdown on page 103 Top Spam Recipients on page

105 Top Outbound Senders on page 103 Inbound Good vs Junk Displays the number of Good messages in comparison to the Junk messages received. The Junk messages include spam, likely spam, phishing, likely phishing, viruses, likely viruses, Directory Harvest Attacks (DHA), and messages that trigger policy events. The information in this chart can also be found in the Reports & Monitoring > Overview Reports > Inbound Good vs. Junk report. Outbound Good vs Junk Displays the number of Good messages in comparison to the Junk messages received. The Junk messages include spam, likely spam, phishing, likely phishing, viruses, likely viruses, Directory Harvest Attacks (DHA), and messages that trigger policy events. The information in this chart can also be found in the Reports & Monitoring > Overview Reports >Outbound Good vs. Junk report. Spam Caught Displays the number of messages that are Definite Spam compared to the number of messages that are Likely Spam. The information on this chart can also be found in the Anti-Spam Reports > Spam Caught report. Junk Breakdown Displays the number of Junk messages, classified into the following categories: Spam (Definite Spam and Likely Spam) Phishing (Definite Phishing and Likely Phishing) Virus (Definite Virus and Likely Virus) Policy Directory Harvest Attack (DHA) Connection Management (CM) Top Spam Recipients Displays the volume of spam received by the Top 12 Recipients in your organization within the last 24 hours. This information is also available in the Reports & Monitoring > Overview Reports > Top Spam Recipients report. Top Outbound Senders Displays the number of outbound messages sent by the top 12 senders in your organization in the last 24 hours. This information is also available in the Reports & Monitoring > Overview Reports > Top Outbound Senders report. Anti-Spam Reports provides the following reports specific to the category of Anti-Spam: Spam Caught, Top Spam Domains, and Top Spam Recipients. See the following topics for more information: Spam Caught on page 104 Top Spam Recipients on page

106 Spam Caught The Spam Caught report displays the number of messages filtered by that are definitely Spam compared to the amount that are Likely Spam. This report also gives a percentage breakdown. You can view the Spam Caught report by specific time periods. Click the Hourly, Daily, or Monthly tabs to view data for each period. By default, the Daily tab displays. Top Spam Recipients The Top Spam Recipients report lists the addresses in your organization that receive the most spam. You can view the Top Spam Recipients report by specific time periods. Click the Today, This Month, or This Year tabs to view data for each period. By default, the This Month tab displays. Anti-Phishing Reports Phishing Messages are an especially pernicious form of fraud that use with fraudulent content to steal consumers personal identity data and financial account credentials. See the following topic for more information: Phishing Messages on page 104 Phishing Messages This report displays the number of messages that were identified as Phishing Attacks and Likely Phishing Attacks. You can view the Phishing Messages by specific time periods. Click the Daily, Weekly, and Monthly tabs to view the data for each period. By default, the Weekly tab displays. Anti-Virus Reports The Anti-Virus Report allows you to view the number of viruses detected by the Dell SonicWALL Hosted Security. See the following topics for more information: Inbound Viruses Caught on page 104 Inbound Viruses Caught The Inbound Viruses Caught report displays the number of viruses caught in inbound traffic. You can view the Inbound Viruses Caught by specific time periods. Click the Hourly, Daily, or Monthly tabs to view the data for each period. By default, the Daily tab displays. Anti-Spoof Reports The Anti-Spoof Report allows you to view the number of spoof threats and DMARC, SPF, and DKIM breakdowns detected by the. See the following topics for more information: Likely Spoof Messages on page

107 Likely Spoof Message Breakdown on page 105 SPF Breakdown on page 105 DKIM Breakdown on page 105 DMARC Breakdown on page 105 Likely Spoof Messages Displays the total number of likely spoof messages detected by the Hosted Security solution. Likely Spoof Message Breakdown Displays the amount of messages reported as SPF records, SPF Pass, SPF Hard Failures, SPF Soft Failures, DKIM Signatures, DKIM Passes, DKIM Failures, DMARC Judgements. SPF Breakdown Displays the details of each message marked SPF. DKIM Breakdown Displays the details of each message marked DKIM. DMARC Breakdown Displays the details of each message marked DMARC. Encryption Service Reports Displays reports specific to messages and the Encryption Service, if enabled. See the following topic for more information: Outbound vs. Encrypted on page 105 Outbound vs. Encrypted Displays the total number of outbound messages and messages sent as [SECURE] through the encryption service. Policy Management Reports Displays reports that are relevant to policy filters in Hosted Security. See the following topics for more information: Inbound Policies Filtered on page 106 Top Inbound Policies on page 106 Outbound Policies Filtered on page 106 Top Outbound Policies on page

108 Inbound Policies Filtered Displays the total number of inbound messages that Hosted Security has filtered based on your configured policies. Top Inbound Policies Displays the policy filter names that are triggered most often in inbound traffic. Outbound Policies Filtered Displays the total number of outbound messages that Hosted Security has filtered based on your configured policies. Top Outbound Policies Displays the policy filter names that are triggered most often in outbound traffic. Compliance Reports Displays various reports relevant to compliance in Hosted Security. See the following topics for more information: Top Inbound Approval Boxes on page 106 Top Outbound Approval Boxes on page 106 Top Inbound Approval Boxes Lists the approval boxes in which inbound messages sent through Hosted Security are stored most often. This report also displays the amount of messages that are stored in each approval box. Top Outbound Approval Boxes Lists the approval boxes in which inbound messages sent through Hosted Security are stored most often. This report also displays the amount of messages that are stored in each approval box. Directory Protection provides protection against directory attacks. Following directory protection reports are available to give more information on the directory attacks targeted towards your organization. See the following topics for more information: Number of Directory Harvest Attacks (DHA) on page 107 Top DHA Sending Domains on page

109 Number of Directory Harvest Attacks (DHA) This report displays the number of messages with invalid addresses that were sent to your organization. If this number is large, your organization may be experiencing one or more Directory Harvest Attacks (DHA), in which spammers try to harvest a list of all your addresses. You can view the Number of DHA Attacks by specific time periods. Click the Hourly, Daily, or Monthly tabs to view the data for each period. By default, the Daily tab displays. Top DHA Sending Domains Use the Top DHA Domains page to view the IP addresses from which the most frequent Directory Harvest Attacks (DHA) originate, and the number of invalid recipient addresses in those attacks. You can view the Top DHA Domains report by specific time periods. Click the Today, This Month, or This Year tabs to view the data for each period. By default, the This Month tab displays. Reports & Monitoring > Scheduled Reports allows you to schedule delivery of reports. You can choose the type of report, a time span the data covers, the list of recipients, etc. Data in scheduled reports is displayed in the time zone of the server on which Hosted Security stores data (either an All in One or a Control Center), just like the reports in the Reports & Monitoring section. Scheduled report s are sent according to the time zone on that computer as well. See the following topics for more information: Customize a Report on page 107 Add Scheduled Report on page 108 Customize a Report Clicking the Customize button on any Report screen brings up the Custom Reports dialog box. You can generate a report based on the following settings: Which Report Select from the drop down list the report you want to generate. Date Range Specify the period of dates you want to report to include. List Results By Select for the results to be listed by Hour, Day, Week, or Month. Report shows sent to these domains Specify the domains that are ed on this report. If left blank, the report will show sent to all domains. Delivery Select if you want the report to Display (in a separate window) or if you want the report ed To the specified address. Name from which report is sent The sender of the report. This field defaults to admin. address from which report is sent The address of the sender. This field defaults to postmaster. Subject Add a subject name for the report. Enter all the specifications for a report, then click the Generate This Report button. NOTE: The Custom Reports page displays the generated report in a new window. If you have configured a popup blocker for your web browser, it may interfere with displaying the window with the data. Configure your browser to allow popup windows from your organization's site. 107

110 Add Scheduled Report You can add a Scheduled Report by clicking the Add New Scheduled Report button. A dialog window displays where you can specify the following settings: Which Report Select from the drop down list of reports. Frequency of Report Select from the drop down list how frequent the chosen report is sent. Time of Day to Send Report Select either to send the report at Any time of day or Within an hour of the time you specify. Day of Week to Send Report Select either to send the report Any day of the week or Send report on the day you specify. Language of Report Select the language for the report. Report has Data for the Last Select the period of how many days to include in the report. Report Lists Results By Select for the results to be listed by Day, Week, or Month. Name From Which Report is Sent Type in the name from which the report is sent (i.e. Admin). Address From Which Report is Sent Type in the address from which the report is sent (i.e. [email protected]). Recipients of Report Type in the address(es) of who receives the report . Report Name Specify the name of the report. Click Save Scheduled Report when finished. Reports & Monitoring > DMARC Reporting See the following topics for more information: DMARC Reports on page 108 DMARC Reports When the Hosted Security Mail Server plays the role as sender and RUA receiver, it extracts and aggregates daily RUA files from the receiver and from RUA providers, such as Google, Yahoo, etc. The DMARC Reporting Scheduler then imports the RUA files hourly into its database. Based on date range and data filter, you can obtain five different types of reports: One report is graphic chart. The other four are tabulated reports. The Reports include: DMARC Statistic Report (Graphic Chart) DMARC Master Detail Report Source IP Aggregation Report Provider Aggregation Report Source IP and Provider Aggregation Report All five reports are able to be rendered in HTML format and downloadable PDF file. (HTML reports allow you to mouse over 'Alignment' value to see alignment reason description.) Dell SonicWALL recommends that the administrator enters the IP addresses of 'my server' on the 'Configure Known Networks' page before users (admin or manager role) view DMARC Reports because it retrieves reports data associated with those IP addresses by default. 108

111 Select Date Range Last x days Click the radio button for Last and select from the drop down list of values. Last x days means the number of day(s) before the latest date of imported data. Start Date and End Date Click the radio button to specify the dates. If no RUA data is in the database, the pop-up calendar displays the current date. If RUA data exists in the database, the calendar dates before the minimum date and after the maximum date display. Only data available on those available dates can be selected. Set Filter Filter Click this button to create a new filter. If a filter already exists, clicking this button allows you to edit the filter. See the Set Filter page for more information. Save After creating a new filter, click this button to save the newly configured settings. Clear Clears all settings of the current filter. Apply Filter Select from a drop down list of the available filters. When selected, its bulleted settings display in the Filter section. Delete To delete a filter, select it from the Apply Filter drop down list and click this button. Bullet icons Each bullet icon represents a filter condition. Click the condition to open the Set Filter dialog box, or click the small 'x' symbol on bullet to delete the condition from the filter. Select Report list Select a type of report from the drop down list. The available reports include: DMARC Statistic Report, DMARC Master Detail Report, Source IP Aggregation Report, Provider Aggregation Report, Source IP and Provider Aggregation Report. Generate After selecting a report from the drop down list, click this button to generate a report. Note: Some reports may take a few minutes to generate. Reports will be shown in a window below the 'Set Filters' section. For the statistic report, it will display either horizontally or vertically, depending on the date range. If days of selected date range are less than 15 days, three (3) bar charts will be horizontally display. If the date range is greater than 15 days, the bar charts will vertically display. For tabulated reports, scrolling the mouse over the 'Alignment' value displays the Alignment Reason. For example, if the 'Alignment' is 'No', moving the mouse over this 'No' makes the Title Box show: "No DKIM and SPF is passed, On SPF Relaxed, SPF Organization Domain(sina.com) Not Matched From Header Domain(sonicwall.com)" This message will be useful for DMARC troubleshooting. Download PDF Report Click this button to download a PDF report once the HTML report is generated. The PDF report name includes the Report Name and a time stamp. 109

112 14 Downloads This chapter provides information about the tools available for you to download to enhance your spam-blocking experience. Select one of the following to download and install to your local component. This chapter contains the following sections: Anti-Spam Desktop for Outlook on page 110 Junk Button for Outlook on page 110 Send Secure Button for Outlook on page 110 Anti-Spam Desktop for Outlook The Anti-Spam Desktop for Outlook and Outlook Express link is a trial version of the Dell SonicWALL Anti-Spam Desktop feature. This download provides Junk and Unjunk buttons for you to help customize your own Hosted Security solution. Junk Button for Outlook The Junk Button for Outlook link provides a Junk button for you to install on your own Microsoft Outlook program, which helps to customize your own Hosted Security solution. Send Secure Button for Outlook The Send Secure Button for Outlook link provides a Send Secure button for you to install on your own Microsoft Outlook program, which allows you to send secure, encrypted messages prefaced with [SECURE] in the message heading using the Encryption Service. 110

113 About Dell Dell listens to customers and delivers worldwide innovative technology, business solutions and services they trust and value. For more information, visit Contacting Dell Technical support: Online support Product questions and sales: (800) Technical support resources Technical support is available to customers who have purchased Dell software with a valid maintenance contract and to customers who have trial versions. To access the Support Portal, go to The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. In addition, the portal provides direct access to product support engineers through an online Service Request system. The site enables you to: Create, update, and manage Service Requests (cases) View Knowledge Base articles Obtain product notifications Download software. For trial software, go to Trial Downloads. View how-to videos Engage in community discussions Chat with a support engineer 111