Introduction. SonicWALL Email Security



Similar documents
Comprehensive Anti-Spam Service

SonicWALL Anti-Spam Desktop User Guide

SonicWALL Security Quick Start Guide. Version 4.6

USER S MANUAL Cloud Firewall Cloud & Web Security

SonicWALL Security. User Guide. Version 4.6

What makes Panda Cloud Protection different? Is it secure? How messages are classified... 5

Barracuda Spam Firewall

University of Mary s Spam Solution

Core Protection Suite

PANDA CLOUD PROTECTION User Manual 1

Premium Anti Spam User s Guide. Table of Contents

Purchase College Barracuda Anti-Spam Firewall User s Guide

Using SonicWall Anti-Spam Utility Managing your junkbox settings

IBM Express Managed Security Services for Security. Anti-Spam Administrator s Guide. Version 5.32

Security 8.0 User Guide

MXSweep Hosted Protection

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Security

Dealing with spam mail

Introduction. How does filtering work? What is the Quarantine? What is an End User Digest?

Spam Filter Message Center. User Guide

AntiSpam QuickStart Guide

PROOFPOINT - SPAM FILTER

Chapter 10 Encryption Service

Do you need to... Do you need to...

How To Filter Spam On Gcu.Com

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

Anti Spam Best Practices

Microsoft Outlook 2010 contains a Junk Filter designed to reduce unwanted messages in your

Hosted Security Administrator s Guide

FastNetSecurity SpamGuard Spam Filter How-To

Tufts Technology Services (TTS) Proofpoint Frequently Asked Questions (FAQ)

SonicWALL Security User Guide

Security 7.4 Administrator s Guide

Avira Managed Security (AMES) User Guide

Frequently Asked Questions

Setting up Microsoft Office 365

Overview. Accessing the User Interface. Logging In. Resetting your Password

Quarantine Central for end users: FAQs

Cloud Services. Anti-Spam. Admin Guide

Security 8.0 Administrator s Guide

Filtering Admin Guide. Guide to Administrative Functions of Spam and Virus Filtering Service

EEndPoint. SonicWALL Anti-Spam Desktop. Endpoint Security. SonicWALL Anti-Spam Desktop 5.0. User s Guide

SonicWALL Security Appliance Administrator Guide

Barracuda Security Service User Guide

Managing Junk Company: VanDeMark Chemical Inc. Authors: Jeffrey Marshal & Mark Thompson Date Created: May 2013 Date Last Updated: August 2013

SonicWALL Security User s Guide. Version 7.0

FortiMail Filtering Course 221-v2.2 Course Overview

Security. Help Documentation

Click Home > Junk > Not Junk.

ContentCatcher. Voyant Strategies. Best Practice for Gateway Security and Enterprise-class Spam Filtering

Anglia IT Solutions Managed Anti-SPAM

eprism Security Appliance 6.0 Release Notes What's New in 6.0

MDaemon configuration recommendations for dealing with spam related issues

Core Filtering Admin Guide

Hosted Security 2.0 Administrator s Guide

Setting up Microsoft Office 365

Outlook Safe Sender s Filtering

PORTLANDDIOCESE.ORG - How to Connect Table of Contents

Green House Data Spam Firewall Administrator Guide

MailFoundry Users Manual. MailFoundry User Manual Revision: MF Copyright 2005, Solinus Inc. All Rights Reserved

Websense Security Transition Guide

Barracuda Spam Firewall User s Guide

It is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes.

Barracuda Spam & Virus Firewall User's Guide 5.x

SPAM ARREST WORKS! Quick Start Enterprise Administrators. Take Control of Your Inbox. Protecting mailboxes since 2001

Filter User Guide

How to Use Red Condor Spam Filtering

Barracuda Spam Firewall User s Guide

INLINE INGUARD GUARDIAN

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

BULLGUARD SPAMFILTER

ExchangeDefender. Understanding the tool that can save and secure your business

Configuration Information

How to Manage Spam and Junk

User guide Business Internet features

Symantec Hosted Mail Security Getting Started Guide

Avira Exchange Security Small Business Edition. Quick Guide

NoSpam Anti-Spam Service End User Guide

How to make sure you receive all s from the University of Edinburgh

Hosting Control Panel (CP) Admin Guide

No filter is perfect. But with your help, MailCleaner may aim at perfection. Case Description Solution

Barracuda Spam Firewall User 's Guide 6.x

Configuring MDaemon for Centralized Spam Blocking and Filtering

M+ Guardian Firewall. 1. Introduction

Deploying Layered Security. What is Layered Security?

Quarantined Messages 5 What are quarantined messages? 5 What username and password do I use to access my quarantined messages? 5

Version 5.x. Barracuda Spam & Virus Firewall User s Guide. Barracuda Networks Inc S. Winchester Blvd Campbell, CA

ModusMail Software Instructions.

Using the Barracuda Spam Firewall to Filter Your s

Security Series

Configuring -to-Feed in MangoApps

About the Junk Filter

More Details About Your Spam Digest & Dashboard

700 Fox Glen Barrington, Illinois ph: [847] fx: [847] Webmail System User Guide

Barracuda Spam Firewall Users Guide. How to Download, Review and Manage Spam

10 Sneaky Things a Spammer Will Do. Just when you thought your inbox was safe

About this documentation

Installing GFI MailEssentials

Configuration Information

Transcription:

SonicWALL Email Security Configuration Tips Introduction SonicWALL Email Security is designed to install quickly and be easy to maintain while protecting a company from email threats. The out-of-the-box effectiveness rate in blocking email threats is excellent, but given that every organization is different optimal effectiveness can vary from organization to organization. This document identifies those product settings where it is possible to configure SonicWALL Email Security to optimize effectiveness for a given organization. Select a topic from the list below, each topic is on a separate page. 1. Product Version Are you using the latest version of the product? 2. Product Licensing Are all of your subscriptions up to date? 3. MX Records Are all of your MX Records configured correctly? 4. SMART Network Updates Are you receiving regular protection updates? 5. Directory Harvest Attacks (DHA) Is DHA protection enabled? 6. Likely Spam Are you letting Likely Spam through to your users? 7. Policy Overrides Do you use policies to give email a Free Pass? 8. Aggressiveness Is anti-spam aggressiveness right for your organization? 9. Is your CORPORATE address book allowing bad email? 10. Are your USER address books allowing bad email? 11. Language Blocking Are you blocking or allowing foreign languages? 12. RBLs Have you added RBL lists that are slowing down throughput?

1. Product Version Are you using the latest version of the product? What to Check As of June 19th, 2007 the latest version is 6.0. How to Check Login to SonicWALL Email Security as Admin. If you require an update you will receive a notification that a new version is available and instructions on how to download and install the update. If you are unsure if you have the correct version you can click the About link at the bottom of every page. The About window will tell you the current version of the Email Security system. Why does this matter? SonicWALL continually adds new functionality to its products. Staying current with product updates allows an organization access to this new functionality and ensures that the system has the latest email protection strategies included. 2

2. Product Licensing Are all of your subscriptions up to date? How to Check The registered administrator of a system will receive notifications (emails and phone calls) prior to the expiration of their subscriptions. Regardless of these notifications, you can always check on your Email Security subscriptions. First, log in to the SonicWALL Email Security system as Admin. Review your product licenses by going to Server Configuration > License Management as shown in Figure 1. FIGURE 1 Why does this matter? Sometimes the administrator of the SonicWALL Email Security system will leave an organization and the subscription notification notices are not forwarded. If you miss the expiration notifications and subsequently the product subscriptions expire, the product will stop filtering your email for spam, phishing, and other threats. 3

3. MX Records Are all of your MX Records configured correctly? What to Check Check that all of your company s MX records are pointing the SonicWALL Email Security system (appliance or software). Any records not pointing to the system will NOT be filtered by the system. How to Check Login to SonicWALL Email Security as Admin. Check Server Configuration > Network Architecture for path information of your MX Record(s). If the MX Record points to a firewall, ensure the firewall correctly routes all Email to the SonicWALL Email Security system, an example is shown in Figure 2. FIGURE 2 Why does this matter? Some companies have multiple MX Records, a primary which accepts all email and a secondary which is used as a backup. They point the primary to the SonicWALL Email Security system, but route the secondary MX Record directly to their email server. Spammers learn this and send spam email directly to the secondary MX Record bypassing the filter but showing up in user s inboxes. Advanced Topic You can determine if your email is flowing through the SonicWALL Email Security system by reviewing the Received: header of an email message looking for X-Mlf-Threat for any email received from an external source. If external email does NOT have this string, it was NOT processed by the SonicWALL Email Security system. 4

4. SMART Network Updates Are you receiving regular protection updates? How to Check Login to SonicWALL Email Security as Admin. Check Server Configuration > Updates page. SonicWALL HIGHLY recommends that the Check for spam, phishing, and virus blocking updates: pull down be set to 5 minutes. See Figure 3. FIGURE 3 Why does this matter? Spammers are constantly creating and sending out new attacks. The SMART Network senses these attacks, validates that they are real threats and automatically begins blocking these attacks. By downloading new attack signatures every 5 minutes you are always current in fighting late-breaking spam attacks and other threats. 5

5. Directory Harvest Attacks (DHA) Is DHA protection enabled? How to Check Login to SonicWALL Email Security as Admin. For versions 4.8 or below, see the Server Configuration > Directory Protection page. For 5.0 and above, see the Server Configuration > Connection Management page shown in Figure 4. Consider selecting the option to Permanently Delete DHA messages. FIGURE 4 Why does this matter? On average DHA-based email accounts for 60% of incoming email. These messages are typically short and friendly (for example Hi John ) and can sometimes be missed by spam filters. They also clog email systems with millions of emails, bog down processing, and can bring an Email Server to its knees. 6

6. Likely Spam Are you letting Likely Spam through to your Users? How to Check Login to SonicWALL Email Security as Admin. Go to the Anti-Spam Anti- Phishing > Default Spam Management page. See the Actions for messages marked Likely Spam in Figure 5 below. Check to see if this is set to Store in Junk Box, this is the suggested setting. FIGURE 5 Why does this matter? SonicWALL uses the concept of Likely Spam because everyone has a slightly different definition of spam. Newsletters, Stock Market reports, and even some casual or personal email (jokes, chain letters, etc) would be spam to one person, but acceptable communication to another. The best course of action to minimize user complaints is to send Likely Spam to the user s Junk Box. Once there, the system has the opportunity to learn about each user s personnel preferences without bothering IT. The user can view and even unjunk Likely Spam messages that they want to receive. This action also lets the system know not to Junk similar messages from the same sender in the future. What about Likely Phishing and Likely Virus? For Likely Phishing and Likely Virus you should ensure that Store in Junk Box is selected for each. The only question is whether or not you want the user to view or view and unjunk these messages. We recommend you allow users to view these messages, but NOT be able to unjunk them. When a user views the message it is displayed in text mode and no images or attachments are shown. If there is a good business reason for the message to be unjunked and it is safe (no viruses attached for example), then the user can ask IT to unjunk the message. 7

7. Policy Overrides Do you use policies to give email a Free Pass? How to Check Login to SonicWALL Email Security as Admin. Go to the Policy & Compliance > Filters page. This will display a list of all of the Policy Rules your organization is using. Check all the rules for logic errors which would let email bypass spam processing. This is especially true for those Policy Rules which have an Action of Deliver and Skip Spam and Phishing analysis. Why does this matter? The Policy & Compliance filters are very powerful. Improper set-up of a Policy rule can lead to unexpected results. This can cause increases in spam, but more often leads to increases in False Positives stopping good email. One area of trouble is the use of multiple conditions in a single Policy rule. Do you want ALL or ANY of the conditions to be true for the policy rule to operate? For example, you want to block all messages with attachments that have EXE or PIF extensions. If you set-up two separate conditions, one for the EXE extension and a second for the PIF extension, you would need to use the match ANY conditions selection. Using AND would never be true unless a single email message had both types of files attached. 8

8. Aggressiveness Is anti-spam aggressiveness right for your organization? How to Check Login to SonicWALL Email Security as Admin. Go to Anti-spam > Anti-Spam Aggressiveness page. On this page, shown in Figure 6, are a number of slider bars to adjust the sensitivity of certain message categories for your organization. The default is 3. To be more aggressive in blocking spam you can move a given slider to the right (4 or 5). To be less aggressive in blocking spam you can move a given slider to the left (1 or 2). FIGURE 6 Why does this matter? Every company has different types of email it wants to receive. For example a Doctor s office may need to see emails containing medical terms and drug names, while most other organizations don t care. The slider bars allow you to adjust your organization s sensitivity to certain types of email. Having this setting low (1 or 2) will allow more email in that category to pass through the email filter potentially allowing more spam. Having this setting high (4 or 5) will block more email in that category, potentially creating false positives. CORPORATE versus USER settings The Corporate settings that are selected by the Email Administrator affect everyone in the organization who receives email filtered by SonicWALL Email Security. Individual users can be allowed to adjust their own settings to be more aggressive. The User Settings page is similar to that shown in Figure 6, except that the User allowed to Unjunk entries are not present. If a spam / false positive issue seems specific to a given user, the user s User Settings are a good place to look. 9

9. Is your CORPORATE address book allowing bad email? How to Check Login to SonicWALL Email Security as Admin. Go to Anti-spam and Anti- Phishing Techniques page. There are three different address books that can be maintained for the company: People, Company, and Lists. People - Email addresses on the People "Allowed" list get free passes. This means Email Security will deliver these messages to the end user even if we have judged the message to be spam. For the Corporate People-Allowed list, it would be unusual to have many people, perhaps only key individuals. Remember, every email received from an email address be delivered to the recipient (unless it is judged as a virus). FIGURE 7 Company The Company Allowed / Blocks lists contains domain names. For every domain on the Company "Allowed" list, all senders using that domain in their email address will receive a free pass and all email received from this domain will be delivered even if we judge the email as spam. Use Company-Allowed lists sparingly. NOTE: You should not have your own company's domain name in this list. A very common trick of spammers is to send email to a company and use that company s domain as the FROM address. If your company s domain is listed on the Company- Allowed list the spammers email can get a free pass past the spam filter. FIGURE 7 Lists - Email addresses on the Lists "Allowed" list get free passes. This means Email Security will deliver the email to the recipient even if we judge it to be spam. For the Corporate List- Allowed list, it would be unusual to have many lists, perhaps only a few key list names. Remember, each email address on this list will get a free-pass and will be delivered to the recipient. 10

Advanced Topic You can determine if an email message has received an Allowed list free-pass through the SonicWALL Email Security system by examining the Received: header of an email message. Email messages that are on Allowed lists will have list_addrbk_sender" or "list_addrbk_domain" in the X-Mlf-Threat-Detailed header. 11

10. Are your USER address books allowing bad email? What to Check Each user who receives email processed through SonicWALL Email Security can be allowed to own and manage their own address books for People, Companies, and Lists. These lists apply only to the given user and can not over ride Corporate settings. For example, if the Email Administrator blocks the domain (company) of adultxxx.com at the Corporate level, a user can not Allow this domain (Company) by adding it to their Company-Allowed list. How to Check Have the user login to SonicWALL Email Security as themselves, this is best done via a Junk Box Summary. Go to the Anti-spam Techniques page. There are three different address books that can be maintained for the user: People, Company, and Lists. People - Email addresses on the People "Allowed" list get free passes. This means Email Security will deliver all email from that email address to the recipient, even if we judge the email to be spam. Virus emails are always blocked regardless. FIGURE 8 Company The Company Allowed / Blocks list contains domain names. For every domain on the Company "Allowed" list, all senders using that domain in their email address will receive a free pass and all email received from this domain will be delivered to the recipient even if we judge it to be spam. This list must be updated manually by the user. Sometimes users will add domains without understanding the consequences. For example, they will add yahoo.com because they have a few email friends who use the Yahoo email service and they want to make sure they receive their email. The trouble is that yahoo.com is often used by spammers to send spam messages which will get a free pass through the spam filter and be delivered to that user. NOTE: Users should NOT add their own company's domain name in this list. A very common trick of spammers is to send email to a company and use that company s domain as the FROM address. If the company s domain is listed on the Users Company-Allowed list the spammers email can get a free pass past the spam filter. Lists - Email addresses on the Lists "Allowed" list get free passes. This means Email Security will deliver all email from that list even if we judge it to be spam. Advanced Topic You can determine if an email message has received an Allowed list free-pass through the SonicWALL Email Security system by examining the Received: header of an email message. Email messages that are on Allowed lists will have list_addrbk_sender" or "list_addrbk_domain" in the X-Mlf-Threat-Detailed header. 12

11. Language Blocking Are you blocking or allowing foreign languages? What to Check SonicWall Email Security can process email depending on the declared language (character set) of the email. The list of languages is shown in Figure 9. Each language has one of 3 states Allow All, Block All, or No Opinion. These are defined as follows: Block All ALL email in that language is not sent to the receiver. Allow All ALL email in that language is not processed by the spam filter. No Opinion ALL email in that language is processed normally. How to Check Login to SonicWALL Email Security as Admin. Go to Anti-spam and Anti- Phishing Techniques > Foreign Language page. Review the setting to how messages received in a given language are processed. FIGURE 9 Why does this matter? Choosing Block All for a given language can lead to False Positives (Good email blocked as Spam). A Corporate decision to Block all Chinese Email will create problems with a user who is dealing with a Chinese company and exchanging email in Chinese. Choosing Allow All creates the opposite problem allowing all email in a language to get a free pass for spam filtering. USER Language Blocking Individual users also can use language to allow or block emails for their own inbox. The same rules apply for the User as it relates the different options for each language. Users can Block languages that Corporate Allow, but they can not Allow languages Corporate has blocked. Advanced Topic SonicWALL Email Security usually determines the language of an email based on the declared charset in the message header. For example, charset=gb2312" is Chinese. 13

12. RBLs Have you added RBL lists that are slowing down throughput? What to Check Email Administrators can add RBLs (Real-time Block-hole Lists) to SonicWALL Email Security. Sometimes these RBLs can slow-down email throughput. How to Check Login to SonicWALL Email Security as Admin. Go to Anti-spam and Anti- Phishing Techniques > Blocked List Services page. This will show which RBLs have been added and which are being used as shown in Figure 10. For each RBL listed and enabled, check with the provider to ensure it is operational and performing as specified. FIGURE 10 Why does this matter? The responsiveness of the RBL list could slow down the throughput of email through the SonicWALL Email Security system. This includes RBLs which are no longer in operation. Many RBL lists do not have defined levels of service (i.e. return a judgment in less than.001 second). When an RBL list is enabled, SonicWALL Email Security will make a request to the RBL provider, and then wait a short period of time for an answer. If the RBL response is delayed throughput will slow down. What does SonicWALL think of RBLs? RBLs can be valuable if they are properly checked before being used as part of judging an email as a threat. At the SonicWALL datacenters, we take input from multiple RBL lists and in real-time combine this information with input from our Smart Network. We then deliver the validated RBL information to every customer as part of our Smart Network updates every 5 minutes. This allows us to achieve the benefits provided by an RBL list without sacrificing the throughput in processing email. 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information