GFI mail essentials 21 : Install, Configure, Manage

1
12119

Entry
This is a article where you’ll find GFI mail essentials study guide. Here is a focusing on installation, configuration, and management of it. This is the software scan the content of inbound, outbound and internal emails and result of the analysis identifies whether an email is to be blocked or allowed.

System requirements
Every software have their harware and software requirement for installation. Before installation make sure GFI mail essentials meets your hardware and software requirements.
Recommended hardware requirement are below:
Processor: 2Ghz
Available Memory (RAM): 2Gb
Free Disk space: 10Gb
Recommended software requirement are below:
Supported Operating Systems: Windows 2008 R2 and later
Supported Mail Servers: Exchange 2010 and later
Supported Internet browsers:Microsoft Internet Explorer 8 or later;Google Chrome 22 or later;Mozilla Firefox 16 or later;
Virtualization: Only supported with VMware and Hyper-V

Firewall port settings

You need to allow the ports below on your firewall:

  • 53 – DNS ; Used for IP DNS Blocklist, SpamRazer and URI DNS Blocklist;
  • 80 – HTTP for these URLs: meupdate.gfi.com; support.gfi.com; *.mailshell.net;*.rules.mailshell.net; spamrazer.gfi.com; db11.spamcatcher.net; gfi-downloader-137146314.us-east-1.elb.amazonaws.com; cdnupdate.gfi.com; cdnpatches.gfi.com;
  • 9095, 9096 – Multi-Server shoud be opened on Multi-Server network;
  • 389/636 – LDAP/LDAPS – Required to get email addresses from Active directory
  • 61000 – If the GFI Directory is used You should open this TCP port;
Antivirus and backup software

It is recommended to exclude below directories on Antivirus software. The reason is that scanning may cause GFI MailEssentials to malfunction and backup software you can schedule on non-working hours:

  • <..\Program Files (x86)\Common Files\GFI>
  • <..\Program Files (x86)\GFI\MailEssentials\
  • <..\Inetpub\mailroot> – if installed on a gateway machine.
  • TransportRoles folder located in the default Microsoft® Exchange installation path when GFI MailEssentials is installed on the same machine as Microsoft® Exchange 2010 or later.
Typical deployment scenarios
There are two type of deployment scenarios:
1. Pre-installation actions Installing directly on Microsoft® Exchange server

In this case, you can install GFI MailEssentials on the same server as Microsoft® Exchange 2010 or later and in this case no pre-install actions or configurations are required. If you use Microsoft® Exchange 2010 environments then GFI mail can only be installed on Edge transport Role or Hub Transport, and Mailbox Roles. If your Exchange mail server 2013 or later version then GFI mail can only be installed on Edge transport Role or Mailbox role.

2. Pre-installation actions Installing on an email gateway or relay/perimeter server

In this case usually, GFI mail essentials installed on the DMZ network. And uses IIS SMTP service as its SMTP Server and because of that the IIS SMTP service must be configured to act as a mail relay server. To install that You need to open Windows server manager and go to Features and select the Add Features. On that window, you need to select SMTP Server to install:

After installed SMTP server, go to Start > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager and right-click on Default SMTP Virtual Server select Properties, then select Domains and then select New > Domain. Select Remote option and click Next, Enter the domain name(for example thehackertips.com) and Finish.

Then Rightclick on New Domain and select the Properties. Select Allow the Incoming Mail to be Relayed to this Domain and Forward all mail to smart host . Specify the IP address of the server managing emails in this domain. Make sure that IP address must be this format: [172.16.171.21]. Click ok to finish the process.

To Secure your SMTP email-relay server go to Start > Control Panel > Administrative Tools > Internet Information Services (IIS) Manager and right-click on Default SMTP Virtual Server select Properties. From the Access tab, select Relay. Choose Only the list below and click Add to enter the required IP address of the internal mail server(s) that are allowed to route emails through your mail relay server.

To enable your mail server to route emails via GFI MailEssentials you need to forward your all messages to host which running GFI mail essentials.

To route, all emails from external to internal You need to update your domain MX record to point to mail relay server.

Once all finished, You must test your email relay server from internal to external and external to internal with sending emails.

Install GFI MailEssentials

Launch the GFI MailEssentials installer.

Select the language and Accept the terms and conditions and click Next.

On the License page, You can either enter Username and password which you signing up to download GFI MailEssentials or manually specify a license key in the Manually Enter a License Key field:

On User Mode Selection page You need to choose the mode which GFI mail will be used to retrieve the list of email users and after installation, you can not change that. In my case I installed GFI mail on my DMZ network(on Exchange Edge server 2013) and because of that I will select SMTP mode:

(I want to inform you that if you install GFI mail on domain joined server You will have Active Directory user mode selection as well):

  • Active Directory: This option is only available when installing GFI MailEssentials on a machine that is joined to an Active Directory domain. GFI MailEssentials retrieves the list of mail-enabled users from Active Directory. Selecting this option means that GFI MailEssentials is being installed behind your firewall and that it has access to the Active Directory containing ALL your email users.
  • SMTP : Select this mode if an Active Directory domain is not available or if you would like to manage the list of users manually. In this mode, GFI MailEssentials automatically populates the list of local users using the sender’s email address in outbound emails. The list of users can also be managed from the GFI MailEssentials General Settings node.
  • Remote Active Directory: Option only available when installing GFI MailEssentials on a machine that is NOT joined to an Active Directory domain. In this mode, GFI MailEssentials retrieves the list of users from a remote Active Directory domain, even though the GFI MailEssentials server is not joined to a domain. This mode can be used for example, when installing GFI MailEssentials in a DMZ, before the firewall that separates your internal and external networks. In this example, the GFI MailEssentials server is typically not joined to the internal domain. In this mode, all other features of GFI MailEssentials function similarly to when GFI MailEssentials is joined to a domain.
  • GFI Directory: Option only available when installing GFI MailEssentials on a machine that is not joined to an Active Directory domain. In this mode, GFI MailEssentials connects and fetches users from GFI Directory. This mode is best suited for installations that do not have Active Directory yet want the features and functionalities that a user directory offers.

Configure the Administrator Email Address which receive notification and the SMTP Server Configuration:

On Web server configuration page select Web server and virtual directory details:

  • IIS Website: Select the website where you want to host the GFI MailEssentials virtual directories.
  • Configuration Path: Specify a name for the GFI MailEssentials virtual directory.
  • RSS Path: Specify a name for the GFI MailEssentials Quarantine RSS feeds virtual directory.

Select a folder to install GFI MailEssentials and click Next.

Click Install to start the installation process. If you are prompted to restart the SMTP services, click Yes.

On completion, click Finish.

Post-Installation action

After installing GFI MailEssentials post-installation wizard loads automatically, Click the next on welcome page. In the DNS Server dialog, specify the DNS server to be used for domain lookups. In this case I will use DNS server which used on my server. You can test your DNS server with “Test” button:

In the Proxy Settings dialog, specify how GFI MailEssentials connects to the Internet. If the server connects through a proxy server click Configure proxy server… and specify proxy settings. Click Next.

In the Inbound email domains dialog specify all the domains to scan for viruses and spam. Any local domains that are not specified in this list will not be scanned. Click Next.

In the SMTP Servers dialog specify how the server receives external emails. If emails are routed through other servers before they are forwarded to GFI MailEssentials, add the IP address of the other servers in the list.

In the Default anti-spam action dialog select the default action to be taken when emails are detected as spam. This action applies to anti-spam filters only. Malware filters automatically quarantine blocked emails, Click Next.

Click Finish to finalize the installation. GFI MailEssentials installation is now complete and the email protection system is up and running.

Email Security

Virus Scanning Engines : GFI MailEssentials uses multiple antivirus engines to scan inbound, outbound and internal emails for the presence of viruses. GFI MailEssentials ships with Avira and BitDefender Virus Scanning Engines. You can also acquire a license for Kaspersky, Sophos & Cyren. You can also reorder the antivirus priority list from Email Security > Virus Scanning Engines Click the icon to increase or the icon to decrease the priority of the engine. Click apply.

Trojan and Executable Scanner: The Trojan and Executable Scanner analyzes and determines the function of executable files attached to emails. This scanner can subsequently quarantine any executables that perform suspicious activities

Email Exploit Engine: The Email Exploit Engine blocks exploits embedded in an email that can execute on the recipient’s machine either when the user receives or opens the email. An exploit uses known vulnerabilities in applications or operating systems to compromise the security of a system. For example, execute a program or command, or install a backdoor.

HTML Sanitizer: The HTML Sanitizer scans and removes scripting code within the email body and attachments.It scans: the email body of emails that have the MIME type set to “text/html” and all attachments of type .htm or .html.

Anti-Spam

The anti-spam filters included with GFI MailEssentials help detect and block unwanted emails (spam). GFI MailEssentials uses various scanning filters to identify spam:

  • SpamRazer: An anti-spam engine that determines if an email is spam by using email reputation, message fingerprinting and content analysis.
  • Anti-Phishing: Blocks emails that contain links in the message body pointing to known phishing sites or if they contain typical phishing keywords.
  • Director Harvesting: Directory harvesting attacks occur when spammers try to guess email addresses by attaching well known usernames to your domain. The majority of the email addresses are non-existent.
  • Email Blocklist: The Email Blocklist is a custom database of email addresses and domains from which you never want to receive emails.
  • IP Blocklist: The IP Blocklist is a custom database of IP addresses from which you never want to receive emails.
  • IP DNS Blocklist: IP DNS Blocklist checks the IP address of the sending mail server against a public list of mail servers known to send spam.
  • URI DNS Blocklist: Stops emails that contain links to domains listed on public Spam URI Blocklists.
  • Sender Policy Framework: This filter uses SPF records to stop email sent from forged IP addresses by identifying if the sender IP address is authorized.
  • Anti-Spoofing: Checks emails received with a sender email address claiming to originate from your own domain against a list of IP addresses by GFI MailEssentials. If the sender IP address is not on the list of own-domain server IP addresses, email is blocked.
  • Greylist: The Greylist filter temporarily blocks incoming emails received from unknown senders. Legitimate mail systems typically try to send the email after a few minutes; spammers simply ignore such error messages.
  • Language Detection: Determines the language of the email body text and configurable to block certain languages.
  • Header Checking: The Header Checking filter analyses the email header to identify spam emails.
  • Spam Keyword Checking: This filter enables the identification of Spam based on keywords in the email being received.
  • Bayesian analysis: An anti-spam filter that can be trained to accurately determine if an email is spam based on past experience.
  • Whitelist: The Whitelist contains lists of criteria that identify legitimate email. Emails that match these criteria are not scanned by anti-spam filters and are always delivered to the recipient.
  • New Senders: The New Senders filter identifies emails that have been received from senders to whom emails have never been sent before.

In GFI MailEssentials, the order in which the anti-spam checks are applied to inbound messages can be customized. Go to Anti-Spam > Filter Priority and Select a filter and click (up) button to assign a higher priority or click (down) button to assign a lower priority. And click Apply.

The spam digest is a short report sent to an administrator or user via email. This report lists the total number of emails processed by GFI MailEssentials and the number of spam emails blocked over a specific period of time (since the last spam digest).

The GFI MailEssentials SpamTag Plugin is an addon for Microsoft Outlook that installs a toolbar on end users’ machines, giving some control to users in management of spam emails. The plugin also synchronizes Microsoft Outlook Junk settings with GFI MailEssentials.

Content Filtering

Content Filtering engines enable administrators to control the content of emails. These engines scan the content of emails and attachments, and block emails containing content matching the content filtering rules.

  • Keyword Filtering enables you to set up rules that filter emails with particular keywords or a combination of keywords in the body or subject of the email. A rule is composed of: Keywords to block in the email body, subject or attachment, Actions to take when a keyword is found and The users to which a rule applies. To configure content rules, navigate to Content Filtering > Keyword Filtering. This page allows you to view, create, enable, disable or delete rules.
  • Attachment Filtering allows you to set up rules to filter what types of email attachments to allow and block on the mail server. A rule is composed of: Attachment types to block, Actions to take when a matching attachment is found and The users to which a rule applies. To configure attachment rules, navigate to Content Filtering > Attachment Filtering. This page allows you to view, create, enable, disable or delete rules.
  • The Decompression engine extracts and analyzes archives (compressed files) attached to an email.

Advanced Content filtering enables scanning of email header data and content using advanced configurable search conditions and regular expressions (regex). To configure advanced content rules, go to Content Filtering > Advanced Content Filtering. This page allows you to view, create, enable, disable or delete rules. The following is a list of checks performed by the decompression engine:

  • Password protected archives
  • Corrupted archives
  • Recursive archives
  • Size of decompressed files in archives
  • Amount of files in archives
  • Scan within archives

Email Management

  • List Server: List servers enable the creation of two types of distributions lists:Newsletter and Discussion. Newsletter – Used for creating subscription lists for company or product newsletters, to which users can either subscribe or unsubscribe. Discussion – Enables groups of people to hold discussions via email, with each member of the list receiving the email that a user sends to it.
  • Disclaimers are standard content added to the bottom or top of outbound email for legal and/or marketing reasons. These assist companies in protecting themselves from potential legal threats resulting from the contents of an email and to add descriptions about the products/services offered.
  • Mail monitoring enables copying emails sent to or from a particular local email address to another email address. This enables the creation of central store of email communications for particular persons or departments.
  • Auto-replies enable the sending of automated replies to specific inbound emails. A different auto- reply for each email address or subject can be specified. Variables can also be used in an auto-reply to personalize emails. To enable auto-replies, go to Email Management > Auto-Replies and select Enable Auto-Replies.

Quarantine

The GFI MailEssentials Quarantine feature provides a central store where all emails detected as spam or malware are retained. This ensures that users do not receive spam and malware in their mailbox and processing on the mail server is reduced. Administrators and mail users can review quarantined emails by accessing the quarantine interface from a web browser. GFI MailEssentials can also send regular email reports to email users to review their blocked emails.

Managing local users

If you remembered I installed GFI MailEssentials in SMTP mode. To populate and manage the user list when GFI MailEssentials is installed in SMTP mode, go to General > Settings and select the User Manager tab. The User Manager tab displays the list of local users and allows you to add or remove local users. The list of local users is used when configuring user-based rules, such as Attachment Filtering rules and Content Filtering rules. In this case GFI MailEssentials automatically populates the list of local users using the sender’s email address in outbound emails.

Upgrade to Latest version

To determine your current version number open the GFI MailEssentials web interface and navigate to General Settings > About:

Before upgrading make sure that:

  • Your server meets the system requirements.
  • You need to know that upgrade is not reversible and you cannot downgrade to the previous version after upgrading.
  • Backup the system in case the upgrade fails.
  • Save any pending work and close all open applications on the machine before starting the upgrade.
  • Log on to your current GFI MailEssentials server as an Administrator or using an account with administrative privileges.

If all above OK, Then You can download latest version and start the installation process. Follow the wizard steps to start the upgrade installation. The new version of GFI MailEssentials is automatically installed in the same directory as the previously installed version. After upgrade completed, test mail flow and mail filtering.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here