eprism Email Security Appliance 6.0 Release Notes What's New in 6.0



Similar documents
eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

Intercept Anti-Spam Quick Start Guide

Training Guide eprism Security Appliance 4.0

eprism Security Appliance User Guide

provides several new features and enhancements, and resolves several issues reported by WatchGuard customers.

SESA Securing with Cisco Security Appliance Parts 1 and 2

Firewall Server 7.2. Release Notes. What's New in Firewall Server 7.2

M1000, M2000, M3000. eprism User Guide

How To Configure Forefront Threat Management Gateway (Forefront) For An Server

Implementing MDaemon as an Security Gateway to Exchange Server

Websense Security Transition Guide

POP3 Connector for Exchange - Configuration

Configuring Your Gateman Server

Barracuda Spam&Virus Firewall v5.1 a Web Filter v5.0 Nové funkce, pluginy a uživatelská vylepšení. Jiří Blažek, Product Manager

MailFoundry Users Manual. MailFoundry User Manual Revision: MF Copyright 2005, Solinus Inc. All Rights Reserved

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

Service Launch Guide (US Customer) SEG Filtering

Government of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam

Barracuda Spam Firewall User s Guide

FortiMail Filtering Course 221-v2.2 Course Overview

Services Deployment. Administrator Guide

Guardian Digital Secure Mail Suite Quick Start Guide

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

Frequently Asked Questions

Configuration Information

BorderWare Firewall Server 7.1. Release Notes

F-Secure Messaging Security Gateway. Deployment Guide

Comprehensive Anti-Spam Service

IBM Express Managed Security Services for Security. Anti-Spam Administrator s Guide. Version 5.32

Eiteasy s Enterprise Filter

Do you need to... Do you need to...

Symantec Hosted Mail Security Getting Started Guide

Barracuda Spam Firewall Administrator s Guide

escan SBS 2008 Installation Guide

Feature Comparison Guide

CipherMail Gateway Quick Setup Guide

D3 TECHNOLOGIES SPAM FILTER

INLINE INGUARD GUARDIAN

Comodo KoruMail Software Version 4.0

MDaemon Vs. Microsoft Exchange Server 2013 Standard

Norman Protection

Quick Heal Exchange Protection 4.0

AND SERVER SECURITY

AND SERVER SECURITY

Installing GFI MailEssentials

GFI Product Manual. Administration and Configuration Manual

Technical Note. ISP Protection against BlackListing. FORTIMAIL Deployment for Outbound Spam Filtering. Rev 2.2

Filter. SurfControl Filter 5.0 for SMTP Getting Started Guide. The World s #1 Web & Filtering Company

8.6. NET SatisFAXtion Gateway Installation Guide. For NET SatisFAXtion 8.6. Contents

Mod 08: Exchange Online FOPE

F-Secure Internet Gatekeeper

Configuration Guide for Exchange 2003, 2007 and 2010

eprism Enterprise Tech Notes

Microsoft Exchange 2003

Frequently Asked Questions for New Electric Mail Administrators 1 Domain Setup/Administration

Installing Policy Patrol with Lotus Domino

MailFoundry User Manual. Page 1 of 86. Revision: MF Copyright 2007, Solinus Inc. All Rights Reserved. Page 1 of 86

Migration Quick Reference Guide for Administrators

Exim4U. Server Solution For Unix And Linux Systems

WatchGuard QMS End User Guide

Sophos Appliance Configuration Guide

Configuration Information

Security. Help Documentation

Trustwave SEG Cloud Customer Guide

the barricademx end user interface documentation for barricademx users

PureMessage for Microsoft Exchange Help. Product version: 4.0

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Security

Security Management Mail abuse prevented by Origin-based Anti Spam measures Getting started

Migration Project Plan for Cisco Cloud Security

8.7. NET SatisFAXtion Gateway Installation Guide. For NET SatisFAXtion 8.7. Contents

Sophos Appliance Configuration Guide

NETASQ MIGRATING FROM V8 TO V9

Security 8.0 Administrator s Guide

Installing GFI MailSecurity

FortiMail Filtering. Course 221 (for FortiMail v5.0) Course Overview

Premium Filtering MX Verify, Redundancy, Virus & Spam. Why Sorting Solutions? Why Vircom?

SPAMfighter SMTP Anti Spam Server

Basic Funneling MX Verify and Redundancy. Why Sorting Solutions? Why Vircom?

T E C H N I C A L S A L E S S O L U T I O N

Security 7.4 Administrator s Guide

Preface Introduction to Proofpoint Essentials... 5

Cloud Services. Anti-Spam. Admin Guide

GFI Product Manual. Getting Started Guide

Setting up Microsoft Office 365

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

Admin Quick Start Guide Protection Service Anti-Virus & Anti-Spam

Sophos Mobile Control SaaS startup guide. Product version: 6

How does the Excalibur Technology SPAM & Virus Protection System work?

Funkwerk UTM Release Notes (english)

IronPort X1000 Security System

Cisco IronPort C370 for Medium-Sized Enterprises and Satellite Offices

Ciphermail Gateway Administration Guide

How To Set Up A Barcuda Server On A Pc Or Mac Or Mac (For Free) With A Webmail Server (For A Limited Time) With An Ipad Or Ipad (For An Ipa) With The Ip

Trend Micro Hosted Security. Best Practice Guide

1 Accessing accounts on the Axxess Mail Server

Advanced Settings. Help Documentation

SPAM FILTER Service Data Sheet

Transcription:

eprism Email Security Appliance 6.0 Release Notes St. Bernard is pleased to announce the release of version 6.0 of the eprism Email Security Appliance. This release adds several new features while considerably improving the functionality of existing features. What's New in 6.0 Intercept Anti-Spam eprism 6.0 introduces the Intercept Anti-Spam engine that offers considerable improvements to eprism s existing anti-spam technology: Simplified and Efficient Administration Intercept provides administrators with powerful default settings and simpler actions to increase the efficiency of Anti- Spam administration. Intercept s default Anti-Spam settings provide a strong default configuration to ensure that organizations can deal with a majority of spam messages with little additional configuration. Intercept s improved anti-spam technologies require no training to capture a majority of spam when first enabled. Powerful and Comprehensive Anti-Spam Processing Intercept introduces enhanced spam fighting technologies to provide a more informed and accurate decision on whether a message is spam or legitimate mail. The addition of technologies such as Spam Dictionaries, IP Reputation and DomainKeys ensures that Intercept catches spam and reduces false positives. Hosted Anti-Spam Services New hosted technologies such as Bulk Analysis, DNS Black Lists and reputation-based detection allow customers to more efficiently monitor and trap real-world spam and provide feedback for analysis purposes. Intercept is configured via Mail Delivery Anti-Spam Intercept on the menu.

New Anti-Spam Features eprism v6.0 incorporates several new and exciting anti-spam features to help simplify the administration of the eprism, while ensuring a high level of spam detection and low false positive statistics. Local IP Reputation Many spammers and attackers do not send mail from legitimate mail sources. eprism inspects the incoming IP address and decides whether the IP address is valid or not based on the incoming connection s behaviour. This information is then used in the overall Intercept decision process to help determine the nature on an incoming message. Reputation-based Detection Helps to identify spam by reporting behavior information about the sender of a mail message, including their overall reputation, whether the sender is a dial-up, and whether the sender appears to be virus-infected or sends large amounts of spam messages. This is based on information collected from customer eprism e-mail servers and global DNS Block Lists. This information can be used by eprism to either reject the message immediately or contribute to the Intercept score. Spam Dictionaries Pre-defined spam dictionaries containing known spam words and phrases are included with eprism to help eliminate the need to initially train eprism systems. By providing spam default dictionaries, eprism systems can provide comprehensive spam protection after installation without any additional configuration. DomainKeys eprism s existing anti-phishing features have been enhanced to include Yahoo DomainKeys. DomainKeys is a popular sender authentication technology to validate sending servers to ensure they are delivering legitimate mail. Threat Prevention eprism 6.0 introduces threat prevention capabilities that allow organizations to detect and block incoming threats in real-time. Threat types can be monitored and recorded to track client IP behaviour and reputation. By examining mail flow patterns, eprism detects whether a sending host is behaving maliciously by sending out viruses, spam or attempting denial-ofservice (DoS) types of attacks. Inbound mail connections can be blocked or throttled before the content is processed to lessen the impact of a large number of inbound messages. Threat Prevention features can also be integrated with third party perimeter devices, such as F5 BIG-IP traffic managers and Cisco IOS based devices. By pushing threat information to a perimeter device, threats can be blocked at the network edge to reduce incoming mail traffic before it reaches eprism. Threat Prevention is configured via Mail Delivery Threat Prevention on the menu. 2

Message Encryption eprism encryption support now includes the ability to encrypt and decrypt individual messages when used in conjunction with a third party encryption product. E-mail encryption helps organizations address compliancy needs while ensuring that the privacy of confidential e-mails is maintained. This integration allows organizations to ensure that encrypted messages are still processed by eprism for security issues such as viruses, malformed mail, and content filtering and scanning. Message encryption is configured via Mail Delivery Encryption on the menu. Advanced Content Filtering and Scanning Several new content filtering features have been added to provide more powerful filtering rules that can be integrated directly into organizational policies. These additional functions allow organizations to have greater control and flexibility over e-mail policy decisions. Advanced Content Scanning eprism s advanced content scanning feature can perform deep scanning of e-mail attachments for content filtering purposes, ensuring that private and confidential content is not sent out over the Internet. Document attachments such as PDFs and Microsoft Word documents can be scanned for individual words and phrases that may be blocked due to compliancy policies. Expanded Filtering Options New content filtering actions have been added to allow filter rules to be created that encrypt, quarantine, BCC, notify, redirect or discard messages, in addition to existing filter actions. These new filter options provide greater flexibility when setting up and enforcing e-mail policies using eprism. Dictionaries eprism 6.0 adds custom dictionary support for content filtering allowing organizations to easily match simple words and phrases against message and attachment content. Policy Integration Content filtering is integrated with eprism s policy engine allowing organizations to create different sets of filter rules for different sets of users, groups and domains. Content filtering and scanning is configured via Mail Delivery Content Management on the menu. Policy Improvements eprism 6.0 introduces an improved policy engine that provides more policy options and enhanced granularity. These updated policy features provide complete flexibility and control over incoming and outgoing e-mail traffic. Policy Feature Integration eprism v6.0 offers more features for defining policy, including Anti-Virus, Intercept Anti-Spam, Content Filtering, Attachment Control, Compliancy, Dictionaries support, Annotations and DomainKeys. Almost all aspects of eprism s e-mail security features are integrated with policies to provide organizations with complete control and flexibility over how their email is handled. 3

Improved Policy Granularity Organizations now have more granularity over policy decisions allowing administrators to customize policy rules for specific users or a set of users. Different actions and rules can be applied to different users to provide more comprehensive organizational policies. User-based Policies eprism 6.0 introduces user-based policies to the existing group and domain policies. Administrators can now create policies on a per user basis to provide a more granular policy configuration. Policy Diagnostics Administrators can run diagnostics to view the result of their policy configuration. By entering the e-mail address of a specific user, a chart will display what policies are applied to that user and the final result. Diagnostics reduce the administrative effort by helping to eliminate any policy conflicts. Policies are configured via Mail Delivery Policy on the menu. Advanced Log Searches A new advanced search menu allows administrators to search all current and archived log files of a particular log type for specific patterns. Advanced log searches are accessed via Status/Reporting System Logs Advanced Search. Log Rollout and Offload eprism can automatically compress older files to save disk space when a certain amount of log files have been generated. For backup purposes and offline reporting, eprism can also copy log and reporting files to another system at regular intervals using FTP or SCP file copy utilities. This allows administrators to backup the log files to a separate host for analysis and storage. Configure log rollout and offload via Status/Reporting System Logs Rollout and Offload. Show Multiple Recipients on Activity Screen On the main Activity screen, messages with multiple recipients can be expanded to see all recipients of the message and their disposition by clicking the Show Recipients button. New Mail Delivery Options The following new options have been added to the Mail Delivery Delivery Settings menu. Maximum time in queue for bounces Specifies how many days a systemgenerated bounce message (from MAILER-DAEMON) is queued before it is considered undeliverable. Maximum original message text in bounces Specifies the maximum amount of original message text (in bytes) that is sent in a non-delivery notification. Deliver mail to local users Disable this option to prevent delivery to local users. The postmaster (admin) account will not be affected by this setting. 4

The following new options have been added to the Delivery Settings (Advanced) screen. Multiple recipient reject mode Indicates the reject handling of messages with multiple recipients, such as reject if all recipients reject a message, or if only one recipient rejects a message. This option only applies to features with reject actions such as Malformed and Very Malformed Mail, Attachment Control, Attachment Scanning, PBMF, OCF, Anti-Virus, and Intercept Anti-Spam features, including those used within a policy. Send EHLO Always send EHLO when communicating with another server, even if their banner does not include ESMTP. Disable this option if you are experiencing communications problems with specific SMTP servers. Received Header Setting The Received Header is the mail server information displayed in the Received: mail header of a message. The default is "St. Bernard eprism Email Security Appliance", but this can be modified to a more generic identifier to prevent attackers from knowing the mail server details. Configurable Mail Routing SMTP Port The SMTP port in Mail Delivery Routing Mail Routing can now be configured to ports other than 25 for special cases where mail delivery on another port is required. Product Notes Supported Web Browsers The following web browsers are supported for administering eprism 6.0 via the web interface: Microsoft Internet Explorer 6 and greater Firefox 1.0 and greater Mozilla 1.0 and greater Netscape 6.0 and greater Safari 1.0 and greater Attachment Content Scanning License Attachment Content Scanning is a licensed option and requires a separate license key to work after an initial 30-day evaluation period. Uploading PBMF Filter Rules from a Previous Version When upgrading to eprism 6.0 from a previous version, any existing Pattern Based Message Filter (PBMF) rules are automatically converted to 6.0 format. 5

Manually uploading a PBMF rule file from a previous version will not work unless changes are made to the upload file. In eprism 6.0, the "Valid" action has been modified to be "Accept+Train". The following procedure must be performed when uploading earlier versions of PBMF rules to an eprism 6.0 system. 1. Open your PBMF rules file (pbmf.csv) in a text editor or application that can read CSV files, such as Excel. 2. Modify the PBMF rule file to change every instance of the action "Valid" to "Accept+Train". 3. Save the PBMF rule file. 4. On the eprism 6.0 system, go to Mail Delivery Content Management Pattern Filters (PBMF) on the menu. 5. Click Upload File. 6. Select the updated PBMF file and click Continue. 7. Review the PBMF rules to ensure they were uploaded correctly. Attachment Scan Option The DS (Disable Scan) option in the attachment types list in Attachment Control has been changed to "Scan" in eprism 6.0. This option has been modified to more accurately reflect in the interface that scanning of attachments will be performed on this attachment type. Mail Routing Options Moved All routing features such as Mail Routing, Mail Aliases, Mail Mappings, and Virtual Mappings have been moved in the menu to Mail Delivery Routing. Known Issues In This Release PBMF Bypass Action does not Override Reputation-based Detection The PBMF "Bypass" action will not override an action from a reputation-based reject. To whitelist a system rejected by reputation-based Detection, create a PBMF rule with the action "Accept" instead of "Bypass." Threat Detection Still Active for Addresses in "mynetworks" Networks defined in the Threat Detection "mynetworks" static IP list are still scanned by Threat Prevention when they should be skipped. SPF Intercept Weight using DomainKeys Weight The SPF Intercept Weight is taking its value from the DomainKeys weight in Mail Delivery Anti-Spam Intercept Advanced. SQL Logging not Working The ability to create SQL logs (via Status/Reporting Reporting Configure Advanced) is not working in this release. 6

Policy Not Saved when Selecting Pattern Filters When configuring a policy, you must first click Apply to save the current policy before selecting the Pattern Filters link to add a PBMF. When finished adding a pattern filter, click Cancel to return to the policy screen. Modifying PBMF Action adds "Train" Action When modifying a PBMF to use the "Reject", "Accept", or "Relay" action, the "Train" action will also be added, such as "Reject+train". You must edit the PBMF again to set to "Reject" and then click Apply. Admin HTTP/S Ports The web server admin ports are not configurable via Misc Configure Web Admin on the eprism system console. After a system restart, the ports will revert to the defaults (80 and 443). LDAP Recipients and LDAP Relay: "$" Character not allowed in bind For the LDAP recipients and LDAP relay features, the bind password cannot contain a "$" character. Open Relay Tests Various Open Relay tests behave differently when testing e-mail systems. eprism is a secure mail gateway, and a correctly configured eprism does not and should not operate as an open relay. 7

Installation Notes For new installations of eprism 6.0, see the eprism Installation Guide for detailed instructions on setting up eprism for the first time. Upgrading from a Previous Version The eprism Email Security Appliance 6.0 upgrade replaces the current version running on eprism systems. eprism 6.0 supports an upgrade from the following versions: eprism 4.0 Update 2 eprism 5.0 Update 2 The upgrade procedure must be performed in the following order: 1. Perform a complete backup. 2. Restart the system in Re-install/Restore mode. 3. Load the new software image. 4. Install the new version of eprism. 5. Re-license the system and any additional options. 6. Restore system data from backup. Please see the How to Upgrade to eprism 6.0 document for detailed instructions on how to upgrade your current eprism software to 6.0, including instructions for eprism systems in a HALO cluster. Contact St. Bernard Technical Support if you require assistance with this procedure. Last Document Revision: February 8, 2006 8