Dell SonicWALL Hosted Security. Administration Guide

Transcription

1 Dell SonicWALL Hosted Security

2 2015 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of Dell Inc. The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Dell does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Dell Inc. Attn: LEGAL Dept 5 Polaris Way Aliso Viejo, CA Refer to our website (software.dell.com) for regional and international office information. Trademarks Dell, the Dell logo, SonicWALL, SonicWALL ViewPoint. Reassembly-Free Deep Packet Inspection, Dynamic Security for the Global Network, SonicWALL Clean VPN, SonicWALL Clean Wireless, SonicWALL Global Response Intelligent Defense (GRID) Network, SonicWALL Mobile Connect, and all other SonicWALL product and service names and slogans are trademarks of Dell Inc. Microsoft Windows 7, Windows Server 2010, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation. Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims any proprietary interest in the marks and names of others. Legend CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death. IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information. HES Updated - April 2015 Version Rev. A

3 Contents Using This Guide About this Guide Guide Conventions Pre-Configuration Tasks Initial configuration Activating the Hosted Security service Adding MX records Logging in Configuring System Settings System > License Management Available security services License table License Keys Hosted Security Master Account Miscellaneous System > Network Architecture Server Configuration Spooling System > LDAP Configuration LDAP Overview Configuring LDAP Add LDAP Mappings System > Monitoring Configure System Monitoring Viewing Alerts Configuring Anti-Spoofing Anti-Spoofing Overview Enabling Inbound SPF Validation Configuring SPF Settings SPF Hard Fail SPF Soft Fail Outbound DKIM Settings Configuring Outbound DKIM Settings Generating DNS Record Using Outbound DKIM Settings Configuring Anti-Spam Identifying Spam Anti-Spam > Spam Management Anti-Spam > Address Books Using the Search Field

4 Adding People, Companies, Lists, or IPs Deleting People, Companies, Lists, or IPs Import Address Book Anti-Spam > Anti-Spam Aggressiveness Configuring GRID Network Aggressiveness Configuring Adversarial Bayesian Aggressiveness Settings Unjunking Spam Determining Amounts and Types of Spam Anti-Spam > Languages Configuring Anti-Phishing Anti-Phishing Overview Configuring Phishing Protection Configuring Anti-Virus Anti-Virus Overview Configuring Anti-Virus Protection Configuring Zombie and Spyware Protection Configuring Flood Protection Using the Auditing Features Auditing Overview Using Simple Search Mode Using the Advanced Search Mode Configuring Policy & Compliance Understanding Mail Threats Policy Management Overview Policy & Compliance > Filters Adding Filters Managing Filters Policy & Compliance > Policy Groups Policy Groups Overview Adding a New Policy Group Removing a Policy Group Policy & Compliance > Compliance Compliance Overview Dictionaries Approval Boxes Record ID Definitions Using the Encryption Service Outbound Messages Enabling the Secure Mail Policy Licensing Encryption Service Configuring Encryption Service Users in Encryption Service Adding a New User

5 Updating an Existing User Adding an Existing User Importing Users Exporting Users Cobrand and Reporting Users, Groups & Domains Users, Groups & Domains> Users Authenticating non-ldap Users Searching for Users Sorting through Users Signing In as a User Editing User Rights Resetting User Message Management Setting to Default Adding a User Removing Users Importing Users Exporting Users Users, Groups & Domains> Groups About LDAP Groups Adding a New Group Finding a Group Removing a Group Listing Group Members Setting an LDAP Group Role User View Setup Anti-Spam Aggressiveness Languages Junk Box Summary Spam Management Phishing Management Virus Management Forcing All Members to Group Settings Users, Groups & Domains > Domains Domains Overview Adding a Domain Hosted Security User Roles Managing the Junk Box Junk Box Management > Junk Box Using the Junk Box Simple View Using the Junk Box Advanced View Outbound Messages Stored in Junk Box Supported Search in Audit and Junk Box Boolean Search Wildcard Search Phrase Search Fuzzy Search

6 Junk Box Management > Junk Box Settings General Settings Action Settings Miscellaneous Junk Box Management > Junk Box Summary Frequency Settings Message Settings Miscellaneous Settings Other Settings Viewing Reports and Monitoring Reports & Monitoring > Reports Dashboard Anti-Spam Reports Anti-Phishing Reports Anti-Virus Reports Anti-Spoof Reports Encryption Service Reports Policy Management Reports Compliance Reports Directory Protection Reports & Monitoring > Scheduled Reports Reports & Monitoring > DMARC Reporting Downloads Anti-Spam Desktop for Outlook Junk Button for Outlook Send Secure Button for Outlook About Dell

7 Part 1 Introduction Using This Guide Pre-Configuration Tasks SonicOS 6.2 5

8 1 Using This Guide About this Guide Welcome to the. This document provides detailed configuration procedures for the various features of the product. For installation and set up instructions for your HES solution, refer to the Quick Start Guide. For configuration information for your Hosted Security Junk Box, refer to the Dell SonicWALL Hosted Security User Guide. Navigate to for the latest version of this guide as well as other Dell SonicWALL products and services documentation. Guide Conventions The following conventions used in this guide are as follows: Table 1. Guide conventions Convention Bold Italic Use Highlights dialog box, window, and screen names. Also highlights buttons. Also used for file names and text or values you are being instructed to type into the interface. Indicates the name of a technical manual. Also indicates emphasis on certain words in a sentence. Sometimes indicates the first instance of a significant term or concept. 6

9 2 Pre-Configuration Tasks This chapter provides pre-configuration information, such as purchasing and activating the Dell SonicWALL Hosted Security solution. This chapter includes the following sections: Initial configuration on page 7 Activating the Hosted Security service on page 7 Logging in on page 9 Initial configuration To configure a solution, you must have a computer that meets or exceeds the following requirements: An Internet connection A Web browser supporting Java Script and HTTP uploads. Refer to the following table for supported browsers: Table 1. HES Supported Browsers Accepted Browsers Internet Explorer Firefox Opera Chrome Safari Browser Number Version 7.0 or higher 3.0 or higher 9.10 or higher for Windows 4.0 or higher 3.0 or higher for Mac OS X NOTE: Because many of the screens are pop-up windows, configure your Web browser s pop-up blockers to allow pop-ups from your organization s server before using Dell SonicWALL Hosted Security. Activating the Hosted Security service After purchasing the service, you are then directed to the activation screen. 7

10 Specify the following fields, then click Activate Services: Domain Name The primary domain name that is associated with your Dell SonicWALL Hosted Security solution. Inbound Mail Server Host / IP Address The IP address of the mail server hosting your user mailbox(es) for inbound messages. Outbound Mail Server Host / IP Address The IP address provided during the provisioning stage of your Hosted Security solution. For example, if you registered the domain name soniclab.us.snwlhosted.com, then the Outbound Mail Server Host will be soniclab.outbound.snwlhosted.com. Address / Login The address or login name associated with your Dell SonicWALL Hosted Security account. Password The password associated with your account. Re-enter Password The password you entered in the previous field. Data Center Location Select the location of your Data Center. You are not able to change this option once it has been specified. A message displays confirming successful activation and product registration. Click Go to HES Console to continue. Adding MX records After activating your Hosted Security service, you may receive a message to replace your current MX records settings for inbound messages. Mail exchange (MX) records specify the delivery route for messages sent to your newly specified Dell SonicWALL Hosted Security domain name.the Dell SonicWALL Data Center can then create an internal MX record so mail is correctly routed to the specified domain. Multiple MX records are assigned to your domain name. Each MX record designates a priority to organize the way your domain s mail servers receive incoming messages; the lower the number, the higher the priority. You should always set back-up priority numbers in case the primary mail server fails or is down. For example, a customer wishes to activate the domain name jumbo.com. Since the Dell SonicWALL Data Center hosts snwlhosted.com, the domain then becomes jumbo.com.snwlhosted.com. After an MX record is created, where the customer publishes jumbo.com MX jumbo.com.snwlhosted.com, Dell SonicWALL then publishes an A record: jumbo.com.snwlhosted.com A , where is the IP address that Dell SonicWALL s Hosted analyzers use to route s sent to the jumbo.com domain. Dell SonicWALL publishes an A record for outbound messages: jumbo.com.outbound.snwlhosted.com A For outbound messages, you will need to configure the mail server hosting your user mailbox(es) for outbound messages to route all outbound s to jumbo.com.outbound.snwlhosted.com. 8

11 For more information regarding MX records, contact your ISP or refer to the Knowledge Base Article Setting Up Your MX Record for Security Hosted Solution located at: Logging in After completing the activation process, click the Go to HES Console button to be directed to the Hosted Security console. You can also open a new Web browser and navigate to: Enter the User Name and Password you configured in the Activation process, then click Log In. 9

12 Part 2 Configuring Hosted Security Settings Configuring System Settings Configuring Anti-Spoofing Configuring Anti-Spam Configuring Anti-Phishing Configuring Anti-Virus SonicOS

13 3 Configuring System Settings This chapter provides more detailed configuration procedures and additional system administration capabilities for the system. This chapter contains the following sections: System > License Management on page 11 System > Administration on page 13 System > Network Architecture on page 14 System > LDAP Configuration on page 17 System > User View Setup on page 20 System > Monitoring on page 22 System > License Management The System > License Management page allows you to view current Security and Support Services for your Hosted Security solution. To see more regarding the information on the License Management page, log in to your hosted.mysonicwall.com account. The following settings display on the License Management page: Serial Number The serial number of your Hosted Security solution. Authentication Code The code you entered upon purchasing/activating the Hosted Security solution. Model Number Since there is no physical appliance for the Hosted Security solution, the model number is listed as Software. See the following topics for more information: Available security services on page 11 License table on page 12 License Keys on page 12 Available security services comes with several services that must be licensed separately. For maximum effectiveness, all services are recommended. The following services are available: Security The standard license that comes with the service and enables basic components. This license allows the use of basic service features. Protection Subscription (Anti-Spam and Anti-Phishing) This license protects against spam and phishing attacks. 11

14 Anti-Virus (McAfee and SonicWALL Time Zero) Provides updates for McAfee anti-virus definitions and Dell SonicWALL Time Zero technology for immediate protection from new virus outbreaks. Anti-Virus (Kaspersky and SonicWALL Time Zero) Provides updates for Kaspersky anti-virus definitions and Dell SonicWALL Time Zero technology for immediate protection from new virus outbreaks. Anti-Virus (SonicWALL Grid A/V and SonicWALL Time Zero) Provides updates for Dell SonicWALL Grid anti-virus definitions and Dell SonicWALL Time Zero technology for immediate protection from new virus outbreaks. Compliance Subscription Provides a license for compliance features, including pre-defined Dictionaries, Approval Boxes, and Record ID Definitions. Encryption Service Provides access to the secure delivery of your messages. With this service, the user can also customize policies and actions to have messages routed through the Encryption Service. License table The following table provides details about the different types of licenses: Security Service Status Count Expiration Name of the service. The status may be one of the following: Licensed - Services have a regular valid license. Free Trial - Service has been using the 14-day free trial license. Not licensed - Service has not been licensed, neither through a regular license nor through a free trial license. Perpetual - The Base Key license comes with the purchase of the product and is perpetual. Note that the Base Key is the only perpetual license. Number of users to which the license applies. Expiration date of the service. Never - Indicates the license never expires. Date - A specific date on which the given service expires. License Keys Once the product is registered with hosted.mysonicwall.com, the Hosted Security obtains the purchased licenses. The License Management page displays a summary of the credentials that were received and stored on the Hosted Security server. The Refresh Licenses button is used to synchronize the state of the licenses on the server with the hosted.mysonicwall.com website. Upon successfully synchronizing, the licenses will automatically update to those of your online account. This button is used to update the license status of your product manually. NOTE: To manage licenses, login to your hosted.mysonicwall.com/login.aspx account. 12

15 System > Administration The System > Administration page allows you to make changes to the master account, password policy, invalid login policy, custom text for login, and quick configuration. Hosted Security Master Account The Hosted Security Master Account section allows you to change the master account username and password. NOTE: Dell SonicWALL strongly recommends that you change the master account password. To change the password: 1 On the System > Administration page, navigate to the Security Master Account section. 2 The Username you originally registered with appears as the default Username. 3 Specify the Old Password. 4 Specify the New Password. 5 Type the same new password in the Confirm password field. 6 Click Apply Changes. Miscellaneous The Miscellaneous section allows you to Enable Support user to handle organization changes. Select the check box to enable this feature. 13

16 System > Network Architecture The System > Network Architecture page allows you to configure both inbound and outbound capabilities for your Hosted Security server. See the following topics for more information: Server Configuration on page 14 Spooling on page 16 Server Configuration From the System > Network Architecture > Server Configuration page, click the Inbound tab to configure the inbound destination server, which is the server that will accept good after Dell SonicWALL Hosted Security removes and quarantines junk mail. For example, this could be the IP address of a Microsoft Exchange server. The default port is

17 The following table explains the available settings on the Inbound mail server: Setting Any source IP address is allowed to connect to this path, but relaying is only allowed for s sent to one of these domains. Your mail server host name or IP address. If multiple destination servers are provided, then s will be routed using load balancing. Require the destination server to support StartTLS Description This field only displays the domain for s to be relayed to. Note the default domain listed is the domain you initially activated for the Hosted Security solution. Navigate to the Users, Groups & Domains > Domains screen to configure Domain settings. Enter the mail server host name or IP address. Note the default IP address is the address you initially activated for the Hosted Security solution. If multiple destination servers are provided, will be routed using load balancing, in which you can also configure as either Round-robin or Fail-over. Test Downstream: Click this button to test connection to the specified mail server host name or address. A message displays, notifying you if the connection was successful or if the connection failed. Select the check box to enable Transport Layer Security (TLS) encryption for your downstream messages. Click the Outbound tab to configure the outbound mail server. 15

18 The following table explains the available settings on the Outbound mail server: Setting Relaying is allowed only for s sent from one of these domains Only these IP addresses/fqdns can connect and relay through this path Require the destination server to support StartTLS Description This field only displays domain name(s) for s to be relayed to. Note the default domain listed is the domain you initially activated for the Hosted Security solution. Navigate to the Users, Groups & Domains > Domains screen to configure Domain settings. Enter the server name or IP address t connect and relay with. Test Upstream: Click this button to test connection to the specified server name or address. A message displays, notifying you if the connection was successful or if it failed. Select the check box to enable Transport Layer Security (TLS) encryption. Click the Configure StartTLS button to configure settings. Spooling The Inbound Spooling feature available on the Hosted Security solution allows users to spool, or hold, mail when all the customer s receivers are unavailable. Inbound mail is then delivered when the receivers become available. The Hosted Security solution normally operates as an SMTP proxy, relaying directly to your downstream receiver. However, it can also be configured to spool when all of your organization s downstream receivers are unavailable. When spooling is engaged, the proxy directs all good mail to the Hosted Security MTA for queuing and later delivery. When spooling is disengaged, the proxy resumes directly relaying mail to the receivers, and the MTA delivers the queued mail. Choose the spooling option that best suits your needs: Never Spool Select this option to never spool mail, regardless of the state of the downstream receivers. This is the default setting. Automatic Fallback Select this option to spool mail if the downstream receivers unexpectedly go down or become unreachable. When configured to Automatic Fallback, spooling engages after the receiver farm has been unavailable for a period of time. Spooling then disengages when the receiver farm becomes available again. Always Spool Select this option to leave the spooling feature engaged for all mail and to remain engaged until the mode is configured to Never Spool or Automatic Fallback. Note that manual spooling is intended for situations when the administrator knows the receivers will be down, such as a scheduled maintenance. NOTE: The Automatic Fallback feature initiates if the server becomes completely unresponsive. Because the feature may take a few moments to verify that the server is completely unresponsive, senders may see a transient error message. 16

19 System > LDAP Configuration See the following topics for more information: LDAP Overview on page 17 Configuring LDAP on page 17 Using the LDAP Query Panel on page 18 Add LDAP Mappings on page 19 LDAP Overview uses Lightweight Directory Access Protocol (LDAP) to integrate with your organization s environment. LDAP is an Internet protocol that programs use to look up users contact information from a server. As users and distribution lists are defined in your mail server, this information is automatically reflected in Hosted Security in real time. Many enterprise networks use directory servers like Active Directory or Lotus Domino to manage user information. These directory servers support LDAP, and Hosted Security can automatically get user information from these directories using the LDAP. You can run without access to an LDAP server as well. If your organization does not use a directory server, users cannot access their Junk Boxes, and all inbound is managed by the message-management settings defined by the administrator. uses the following data from your mail environment: Login Name and Password When a user attempts to log into the Hosted Security server, their login name and password are verified against the mail server using LDAP authentication. Therefore, changes made to the usernames and passwords are automatically uploaded to in real time. Multiple Aliases If your organization allows users to have multiple aliases, Hosted Security ensures any individual settings defined for the user extends to all the user s aliases. This means that junk sent to those aliases aggregates into the same folder. Groups or Distribution Lists groups or distribution lists in your organization are imported into Dell SonicWALL Hosted Security. You can manage the settings for the distribution list in the same way as a user s settings. LDAP groups allow you to assign roles to user groups and set spam-blocking options for user groups. Configuring LDAP Navigate to the System > LDAP Configuration screen to configure your Hosted Security solution for username and password authentication for all employees in the enterprise. Dell SonicWALL recommends completing the LDAP configuration to get the complete list of users who are allowed to login to their Junk Box. If a user does not appear in the User list in the User & Group screen, their will be filtered, but they cannot view their personal Junk Box or change default message management settings. Enter the server information and login information to test the connection to the LDAP server. To configure LDAP: 1 Click the Add Server button to add a new LDAP Server. Configuring the LDAP server is essential to enabling per-user access and management. These settings are limited according to the preferences set in the User Management pane. See User View Setup on page 84for details. 17

20 2 The following check boxes appear under the Settings section: Show Enhanced LDAP Mappings fields Select this option for Enhanced LDAP, or LDAP Redundancy. You will have to specify the Secondary Server IP address and Port number. Auto-fill LDAP Query fields when saving configurations Select this option to automatically fill the LDAP Query fields upon saving. 3 Enter the following information under the LDAP Server Configuration section: Friendly Name The friendly name for your LDAP server. Primary Server Name or IP address The DNS name or IP address of your LDAP server. Port number The TCP port running the LDAP service. The default LDAP port is 389. LDAP server type Choose the appropriate type of LDAP server from the drop down list. LDAP page size Specify the maximum page size to be queried. The default size is 100. Requires SSL Select this check box if your server requires a secured connection. Allow LDAP referrals Leaving this option unchecked will disable LDAP referrals and speed up logins. You may select this option if your organization has multiple LDAP servers in which the LDAP server can delegate parts of a request for information to other LDAP servers that may have more information. 4 In the Authentication Method section, specify if the LDAP login method for your server is by Anonymous Bind or Login. Specify the Login name and Password. This may be a regular user on the network, and typically does not have to be a network administrator. NOTE: Some LDAP servers allow any user to acquire a list of valid addresses. This state of allowing full access to anybody who asks is called Anonymous Bind. In contrast to Anonymous Bind, most LDAP servers, such as Microsoft's Active Directory, require a valid username/password in order to get the list of valid addresses. (Configuration checklist parameter O and P) 5 Click the Test LDAP Login button. A successful test indicates a simple connection was made to the LDAP server. If you are using anonymous bind access, be aware that even if the connection is successful, anonymous bind privileges might not be high enough to retrieve the data required by. 6 Click Save Changes. Using the LDAP Query Panel To access the LDAP Query Panel settings window, click the Friendly Name link or the Edit button of the server you wish to configure. If the Auto-fill LDAP Query Fields check box is selected in the Settings section, the following fields will be automatically filled in with default values after the basic configuration steps are completed. Configuring Query Information for LDAP Users 1 Enter values for the following fields: Directory node to begin search The node of the LDAP directory to start a search for users. (Configuration checklist parameter Q). Filter The LDAP filter used to retrieve users from the directory. User login name attribute The LDAP attribute that corresponds to the user ID. alias attribute The LDAP attribute that corresponds to aliases. Use SMTP addresses only Select the check box to enable the use of SMTP addresses. 2 Click the Test User Query button to verify that the configuration is correct. 18

21 3 Click Save Changes to save and apply all changes made. NOTE: Click the Auto-fill User Fields button to have automatically complete the remainder of this section. Add LDAP Mappings On some LDAP servers, such as Lotus Domino, some valid addresses do not appear in LDAP. Use this section with LDAP servers that only store the local or user portion of the addresses. Click the View Rules button. The LDAP Mappings screen displays: This panel provides a way to add additional mappings from one domain to another. For example, a mapping could be added that would ensure s addressed to anybody@engr.corp.com are sent to anybody@corp.com. It also provides a way of substituting single characters in addresses. For example, a substitution could be created that would replace all the spaces to the left of the "@" sign in an address with a "-". In this example, addressed to Casey Colin@corp.com would be sent to Casey-Colin@corp.com. NOTE: This feature does not make changes to your LDAP system or rewrite any addresses; it makes changes to the way Hosted Security interprets certain addresses. To add LDAP Mappings: 1 Click the Friendly Name link or the Edit button of the server you wish to configure. 2 Scroll to the Add LDAP Mappings section, and click View Rules. 3 From the first drop down list, choose one of the following: Domain is Choose this option to add additional mappings from one domain to another. Replace with Choose this option from the second drop down menu to replace the domain. Also add Choose this option from the second drop down menu, then when first domain is found, the second domain is added to the list of valid domains. For example, if engr.corp.com is the first domain and sales.corps.com is the second, then when the domain engr.corp.com is found in the list of valid LDAP domains, then sales.corps.com is also added to that list. Left hand side character is Choose this option to add character substitution mappings. Replace with Choose this option from the second drop down menu to replace all characters to the left of the "@" sign in the address. Also add Choose this option from the second drop down menu to add a second address to the list of valid addresses. 4 Click the Add Mapping button. NOTE: This screen does not make changes to your LDAP system or rewrite any addresses; it only makes changes to the way interprets certain addresses. 19

22 System > User View Setup Configure how the end-users of the solution access the system and what capabilities of the solution are exposed to the end users on the System > User View Setup page. To configure User View Setup settings: 1 Select which items appear in the User Navigation Toolbar: Select the Login enabled check box to allow users to log into Hosted Security and have access to their per-user Junk Box. If you disable this, mail is still analyzed and quarantined, but users will not have access to their Junk Box. Select the Anti-Spam check box to include the user-configurable options available for blocking spam s. Users can customize the categories People, Companies, and Lists into their personal Allowed and Blocked lists. You can choose to grant users full control over these settings by selecting the Full user control over anti-spam aggressiveness settings check box, or force them to accept the corporate aggressiveness defaults by not selecting this check box. Select the Reports check box to provide junk blocking information about your organization. Even if this option is selected, users may view only a small subset of the reports available to administrators. Select the Settings check box to provide options for management of the user's Junk Box, including individual Spam Management. Select the Spam Management check box to allow users to manage their individual spam settings. 20

23 Select the Allow audit view to Helpdesk users check box to enable access to the audit view for Helpdesk users. 2 Determine the User Download Settings: With the Allow users to download SonicWALL Junk Button for Outlook check box selected, users will be able to download the Hosted Security Junk Button for Outlook. The Junk Button is a lightweight plugin for Microsoft Outlook. It allows users to mark s they receive as junk, but does not filter . With the Allow users to download SonicWALL Anti-Spam Desktop for Outlook and Outlook Express check box selected, users will be able to download the Anti-Spam Desktop. Anti-Spam Desktop is a plug-in for Microsoft Outlook and Outlook Express that filters spam and allows users to mark s they receive as junk or good . With the Allow users to Download SonicWALL Secure Mail Outlook plugin check box selected, users will be able to download the Secure Mail plugin for Microsoft Outlook. The Secure Mail button allows users to send mail securely through the Encryption Service. See Using the Encryption Service on page 67 for more information about this feature. 3 Determine the settings for Quarantined Junk Mail Preview Settings: Select the Users can preview their own quarantined junk mail check box to enable users to view their individual mail that is junked. Choose the other types of users can preview quarantined junk mail. These roles are configured within Hosted Security. 4 Determine the Reports view settings: Users are not usually shown reports which include information about users, such as addresses. Select the Show reports that display information about individual employees check box to give user access to those reports. 21

24 System > Monitoring The System > Monitoring screen allows you to configure system monitoring settings and alerts. Note that some of these fields may be pre-defined based on the information provided upon initial setup of the Dell SonicWALL Hosted Security solution. Configure System Monitoring on page 22 Viewing Alerts on page 22 Configure System Monitoring The following settings are available for configuration: address of the administrator who receives emergency alerts The address of the mail server administrator. Enter the complete address. For example, Name or IP address of backup SMTP servers Enter the name or IP address of one or more SMTP servers that can be used as fallback servers to send alerts to if the configured downstream server(s) cannot be contacted. For example, mail2.example.com or Customized Signature Enter a signature to append at the end of your messages. Subscribe to alerts Select the check box to receive alerts. View Alerts Click this button to view all configured alerts. See Viewing Alerts on page 22 for more information. Test Fallbacks Click this button to test the name or IP address(es) listed as backup SMTP servers. Viewing Alerts Under the Configuring System Monitoring section of the System > Monitoring page, you can also click the View Alerts button to see the Alert history for a specific Host. 22

25 Alerts in Hosted Security provide the following details: A time stamp In local time In GMT The severity of the alert, which is one of the following: Info Warning Critical The domain of which the alert applies A summary of the alert You may apply a severity filter to better assist you in viewing the alerts. Select the check box(es) of which alerts you want to view, then click Apply Filter. 23

26 4 Configuring Anti-Spoofing This chapter provides an overview and configuration information specific to the Anti-Spoofing feature for Dell SonicWALL Hosted Security. This chapter contains the following sections: Anti-Spoofing Overview on page 24 Enabling Inbound SPF Validation on page 24 Configuring Inbound DKIM Settings on page 26 Configuring Inbound DMARC Settings on page 28 Outbound DKIM Settings on page 30 Anti-Spoofing Overview The Anti-Spoofing page on your solution allows you to enable and configure settings to prevent illegitimate messages from entering your organization. Spoofing consists of an attacker forging the source IP address of a message, making it seem like the message came from a trusted host. By configuring SPF, DKIM, and DMARC settings, your Hosted Security solution will run the proper validation and enforcement methods on all incoming messages to your organization. The Anti-Spoofing page works in an order of precedence, where rules set at the top of the page are of a lower priority than rules set towards the bottom of the page. In general, a message will be subjected to SPF, DKIM, and DMARC if all are enabled. The results from DKIM validation will take precedence over the results from SPF validation, and DMARC validation results will take precedence over DKIM validation results. Enabling Inbound SPF Validation The Anti-Spoofing > Inbound tab features SPF validation for inbound messages. Sender Policy Framework (SPF) is an validation system designed to prevent spam by detecting spoofing by verifying the sender IP addresses. SPF records, which are published in the DNS records, contain descriptions of the attributes of valid IP addresses. SPF is then able to validate against these records if a mail message is sent from an authorized source. If a message does not originate from an authorized source, the message fails. You can configure the actions against messages that fail. There are two types of SPF fails: SPF HardFail The SPF has designated the host as NOT being allowed to send messages and does not allow messages through to the recipient. See SPF Hard Fail on page 25 for more information. SPF SoftFail The SPF record has designated the host as NOT being allowed through to the recipient.see SPF Soft Fail on page 26 for more information. See the following topics for more information: Configuring SPF Settings on page 25 SPF Hard Fail on page 25 SPF Soft Fail on page 26 24

27 Configuring SPF Settings To enable SPF, click the Enable SPF validation for incoming messages check box. SPF Hard Fail With SPF Validation enabled for incoming messages, you can configure the following SPF Hard Fail settings: Ignore allow lists When a SPF hard fail occurs, mail messages from senders in the Allow list are not sent through to the recipient. This feature is enabled by default. Action for messages marked as SPF Hard Fail Select one of the following actions for messages marked as SPF Hard Fail: No Action No action is taken against messages marked as SPF hard fail. Permanently delete Messages marked as SPF hard fail are permanently deleted. Reject with SMTP error code 550 Messages marked as SPF hard fail are rejected with an SMTP error code 550. Store in Junk Box Messages marked as SPF hard fail are stored in the Junk Box. This is the recommended setting for most configurations. Send to [field] Messages marked as SPF hard fail are sent to the user specified in the available field. For example, you can send to [postmaster]. Tag with [field] added to the subject Messages marked as SPF hard fail are tagged with a term in the subject line. For example, you may tag the messages [SPF Hard Failed]. Add X-Header: X-[field]:[field] Messages marked as SPF hard failed add an X-Header to the with the key and value specified to the message. The first text field defines the X- Header. The second text field is the value of the X-Header. For example, a header of type X- 25

28 EMSJudgedThis with value spfhard results in the header as: X- EMSJudgedThis spfhard. Add Domain Click this button to add a domain and configure SPF hard fail-specific settings for that domain. SPF Soft Fail With SPF Validation enabled for incoming messages, you can configure the following SPF Soft Fail setting: Ignore allow lists When a SPF soft fail occurs, mail messages from senders in the Allow list are not sent through to the recipient. This feature is enabled by default. Configuring Inbound DKIM Settings Domain Keys Identified Mail (DKIM) uses a secure digital signature to verify that the sender of a message is who it claims to be and that the contents of the message have not been altered in transit. A valid DKIM signature is a strong indicator of a message s authenticity, while an invalid DKIM signature is a strong indicator that the sender is attempting to fake his identity. For some commonly phished domains, the absence of a DKIM signature can also be a strong indicator that the message is fraudulent. Users benefit from DKIM because it verifies legitimate messages and prevents against phishing. Remember that DKIM does not prevent spam - proper measures should still be taken against fraudulent content. To configure DKIM signature settings, navigate to the Anti-Spoofing > Inbound page and click the Enable DKIM validation for incoming messages check box. 26

29 With DKIM validation enabled for incoming messages, you can configure the following settings: Ignore allow lists When a DKIM Failure occurs, mail messages from senders in the Allow list are not sent through to the recipient. This feature is enabled by default. Action for messages marked as DKIM signature failed Select one of the following actions for messages marked as DKIM signature failed: No Action No action is taken against messages marked as DKIM signature failed. Permanently delete Messages marked as DKIM signature failed are permanently deleted. Reject with SMTP error code 550 Messages marked as DKIM signature failed are rejected with an SMTP error code 550. Store in Junk Box Messages marked as DKIM signature failed are stored in the Junk Box. This is the recommended setting for most configurations. Send to [field] Messages marked as DKIM signature failed are sent to the user specified in the available field. For example, you can send to [postmaster]. Tag with [field] added to the subject Messages marked as DKIM signature failed are tagged with a term in the subject line. For example, you may tag the messages [DKIM Failed]. Add X-Header: X-[field]:[field] Messages marked as DKIM signature failed add an X-Header to the with the key and value specified to the message. The first text field defines the X-Header. The second text field is the value of the X-Header. For example, a header of type X- EMSJudgedThis with value dkim results in the header as: X- EMSJudgedThis dkim. Add Domain Click to add a domain and configure DKIM fail-specific settings for that domain. The following settings are configurable: Domains List the domains to add, separating multiple domains with a comma. Ignore allow lists When a SPF hard fail occurs, mail messages from senders in the Allow list are not sent through to the recipient. This feature is enabled by default. Action for messages marked as DKIM signature failed Select one of the following actions for messages marked as DKIM signature failed: No Action No action is taken against messages marked as DKIM fail. Permanently delete Messages marked as DKIM fail are permanently deleted. Reject with SMTP error code 550 Messages marked as DKIM fail are rejected with an SMTP error code