ESA 6.5.0 GA Getting Started Guide

IronPort AsyncOS 6.
5
GETTING STARTED GUIDE
for Email Security Appliances
COPYRIGHT
Copyright 2008 by IronPort Systems, Inc. All rights reserved.
Part Number: 421-0118
Revision Date: December 2, 2008
The IronPort logo, IronPort Systems, Messaging Gateway, Virtual Gateway, SenderBase, Mail Flow Monitor, Virus
Outbreak Filters, Context Adaptive Scanning Engine (CASE), IronPort Anti-Spam, and AsyncOS are all trademarks
or registered trademarks of IronPort Systems, Inc. Brightmail, the Brightmail logo, BLOC, BrightSig, and Probe
Network are trademarks or registered trademarks of Symantec Incorporated. McAfee and VirusScan are registered
trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. Copyright 2007
McAfee, Inc. All rights reserved. Used with permission. All other trademarks, service marks, trade names, or
company names referenced herein are used for identification only and are the property of their respective owners.
This publication and the information contained herein is furnished AS IS and is subject to change without
notice. Publication of this document should not be construed as a commitment by IronPort Systems, Inc. IronPort
Systems, Inc., assumes no responsibility or liability for any errors or inaccuracies, makes no warranty of any kind
with respect to this publication, and expressly disclaims any and all warranties of merchantability, fitness for
particular purposes and non-infringement of third-party rights.
Some software included within IronPort AsyncOS is distributed under the terms, notices, and conditions of
software license agreements of FreeBSD, Inc., Stichting Mathematisch Centrum, Corporation for National
Research Initiatives, Inc., and other third party contributors, and all such terms and conditions are incorporated
in IronPort license agreements.
The full text of these agreements can be found here:
https://support.ironport.com/3rdparty/AsyncOS_User_Guide-1-1.html.
Portions of the software within IronPort AsyncOS is based upon the RRDtool with the express written consent of Tobi Oetiker.
Portions of this document are reproduced with permission of Dell Computer Corporation. Portions of this document are
reproduced with permission of McAfee, Inc. Portions of this document are reproduced with permission of Symantec
Incorporated. Portions of this document are reproduced with permission of Sophos Plc. Brightmail Anti-Spam is protected
under U.S. Patent No. 6,052,709.
IRONPORT SYSTEMS, INC. CONTACTING IRONPORT CUSTOMER SUPPORT

IronPort Systems, Inc.
950 Elm Ave.
San Bruno, CA 94066
If you have purchased support directly from IronPort Systems, you can request
support by phone, email, or online 24 hours a day, 7 days a week. During office hours
(24 hours per day, Monday through Friday, excluding U.S. holidays), an engineer will
contact you within an hour of your request. To report a critical issue that requires
urgent assistance outside of our office hours, contact IronPort using the following
information.
U.S. toll-free:
1 (877) 641-IRON (4766)
International: www.ironport.com/support/contact_support.html
Support Portal: www.ironport.com/support
If you have purchased support through a reseller or other entity, contact the supplier
for support of your IronPort products.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Where to Go for More Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
IronPort Knowledge Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
IronPort Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Overview of IronPort Email Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Spam Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Virus Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Content Compliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2. IronPort Email Security Appliance GUI . . . . . . . . . . . . . . . . . . . . . . . 9

3. Email Security Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Task 1: Drop Positive Spam Messages by Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Dropping Spam Messages by Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Task 2: Exempt Specified Groups of Users from Spam Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Creating a Mail Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Changing the Anti-Spam Settings for a Mail Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Task 3: Quarantine Incoming Spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Configuring the IronPort Spam Quarantine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Enabling the IronPort Spam Quarantine HTTP or HTTPS Service . . . . . . . . . . . . . . . . . . . . . . . . 22
Configuring the Policy to Send Spam to the IronPort Spam Quarantine. . . . . . . . . . . . . . . . . . . . 23
iii
IRONPORT ASYNCOS GETTING STARTED GUIDE
Task 4: Configure End User Safelists and Blocklists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling the End User Safelist/Blocklist on the IronPort Spam Quarantine . . . . . . . . . . . . . . . . .
Adding Items to the Safelist for an End User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Adding Items to the Blocklist for an End User Account. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Task 5: Quarantine Incoming Virus Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling Virus Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Task 6: Strip Specified Types of Incoming Email Attachments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating a Content Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Applying a Filter to an Incoming Mail Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Testing the Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Task 7: Enforce an Outgoing Email Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating a Content Dictionary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating an Outgoing Content Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating a Content Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Applying a Filter to an Outgoing Mail Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Testing the Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Task 8: Add a Domain to Accept Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Accepting Mail for a Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating an SMTP Route for a Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Task 9: Add a Disclaimer to Outgoing Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Creating a Footer Text Resource. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Associating a Footer with a Private Listener . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Task 10: Configure a Scheduled Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring a Scheduled Report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
24
24
24
24
25
26
28
28
28
28
33
33
33
33
35
35
37
37
37
37
39
39
40
41
43
43
43
43
45
46
46
46
46
47
48
48
48
48
4. Advanced Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Task 11: Access the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Enabling the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Task 12: Use the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iv
52
52
52
52
55
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Testing Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Monitoring the IronPort Appliance and Email Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Configuring the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Task 13: Retrieve and Use Mail Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Viewing Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Searching for Content in Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Retrieving and Configuring Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Task 14: Configure Email Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Goal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Configuring Email Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Task 15: Upgrade the IronPort Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
vi
CHAPTER
Introduction
This chapter contains the following sections:
Before You Begin on page 2
About This Guide on page 3
Where to Go for More Information on page 4
Overview of IronPort Email Security on page 5
CHAPTER 1: INTRODUCTION 1
BE FO R E YOU B E G I N
Before you begin, read the Quickstart Guide for the IronPort Email Security appliance you are
installing and any release notes that were shipped with your appliance. This guide assumes
that you have unpacked the appliance, physically installed it in a rack cabinet, and turned it
on. You should also run the System Setup Wizard and accept the default configuration settings
that are appropriate to the placement of the IronPort appliance in your network.
ABOUT THIS GUIDE
A B OU T T HI S G U ID E
The IronPort Getting Started Guide provides an overview of the IronPort Email Security
appliance and introduces its features.
This guide contains the following chapters:
Chapter 1, Introduction, on page 1 - This chapter provides an introduction to this guide
and an overview of Ironport email security.
Chapter 2, IronPort Email Security Appliance GUI, on page 9 - This chapter provides a
general introduction to the IronPort appliance and the Email Security Manager.
Chapter 3, Email Security Tasks, on page 11 - This chapter provides tasks that will help
you become acquainted with your IronPort appliance.
Chapter 4, Advanced Tasks, on page 51 - This chapter provides advanced tasks that can
help you understand some of the advanced features of the IronPort appliance.
W H E R E T O G O F O R M O R E I N F O R M A TI O N
You can refer to the resources described in this section if you have questions about the
IronPort Email Security appliance.
IronPort Knowledge Base

The IronPort Knowledge Base provides answers to questions about the IronPort Email Security
appliance. In addition to providing answers to common issues, the Knowledge Base contains
key information about enhancing the functionality of the IronPort appliance. To access the
Knowledge Base, select Help > Support Portal in the GUI.
You can also access the Knowledge Base by logging in to the Customer Support website at the
following address:
http://www.ironport.com/support
IronPort Documentation
The IronPort Email Security appliance ships with the following documents which provide
in-depth feature descriptions and guidance on how to use the features and services that the
IronPort email security appliance provides:
IronPort AsyncOS for Email Quickstart Guide
IronPort AsyncOS for Email User Guide
IronPort AsyncOS for Email Advanced User Guide
IronPort AsyncOS CLI Reference Guide
Customer Support
You can request customer support by phone, email, or online 24 hours a day, 7 days a week.
During Customer Support office hours (24 hours per day, Monday through Friday, excluding
U.S. holidays), one of the engineers will contact you within an hour of your request.
To report a critical issue that requires urgent assistance, notify IronPort using the following
contact information:
U.S. toll-free:
+1 (877) 641-4766
International:
http://www.ironport.com/support/contact_support.html
Support Portal: http://www.ironport.com/support

Support Request Page
You can also use the Support Request page in the GUI to request customer support. To access
the Support Request page, select Help > Support Request. Complete the information on the
page, and then click the Submit button. A Customer Support representative will contact you
as soon as possible.
OVERVIEW OF IRONPORT EMAIL SECURITY
OV E R V I EW O F I RO N PO R T E M A I L S E C UR I TY
The IronPort email security appliance combines several content scanning engines with
IronPort preventive security solutions, such as SenderBase Reputation Filtering and Virus
Outbreak Filters.
IronPort Consolidates Security Solutions for the Email Perimeter
A fte r Ir o n P o r t
B e fo re Iro n P o rt
Internet
Internet
Firewall
Firewall
MTAs
Anti-Spam
IronPort Email Security Appliance
Anti-Virus
Policy
Management
Mail Routing
Groupware
Groupware
Users
Users
The IronPort appliance provides unparalleled protection for corporate groupware servers, as
well as reliable inbound and outbound email delivery. It has earned its outstanding reputation
through deployments at the worlds largest Internet Service Providers and thousands of global
customers.
IronPort Email Security appliances use the proprietary IronPort AsyncOS operating system.
AsyncOS provides a high-performance, flexible platform that supports the advanced security
systems of IronPort. Unlike traditional messaging systems, the IronPort mail transfer agent
(MTA) can handle thousands of simultaneous connections. The ability to support high
volumes of simultaneous connections is critical to both large and small email sites because of
the large number of spammers and spyware systems attempting to deliver spam and virus- or
malware-infected email messages. The IronPort appliance incorporates the AsyncOS
operating system with support tools, security scanning engines, a GUI, a command line
interface (CLI), and other interfaces.
Spam Protection
For anti-spam protection, the IronPort email security appliance combines SenderBase
Reputation Filtering with traditional content filters. SenderBase is a global email-monitoring
network that tracks hundreds of parameters from thousands of contributing networks to
establish a historically accurate reputation score for IP addresses that send email on the
Internet. Because it draws on traffic data from over 25% of all worldwide email traffic,
SenderBase can help stop more than 80% of unwanted threat messages before accepting
them for content scanning. This reputation filtering system allows the IronPort email security
appliance to dramatically increase the throughput of the traditional signature-based content
scanning engines, such as Symantec Brightmail and IronPort Anti-Spam, because it can filter
email messages before the signature-based scans take place.
Virus Protection
For anti-virus protection, IronPort offers anti-virus scanning engines from McAffee and
Sophos, as well as its exclusive Virus Outbreak Filters. You can configure your IronPort
appliance to use one or both of the licensed anti-virus scanning engines. Because each engine
relies on a separate base of technology, scanning messages with both the McAffee and Sophos
scanning engines combines the benefits of both anti-virus scanning engines.
Because viruses and spyware use email as their primary distribution vector, SenderBase can
detect patterns of email messages that signal an infection outbreak before traditional contentscanning virus filter signatures can be updated and deployed. The IronPort Global Threat
Operations Center watches for emerging threats in email traffic and publishes outbreak rules
to the IronPort appliance, which quarantines possible threat messages. This protects networks
from virus threats before virus signature updates are available. As the outbreak matures and
the threat rules adapt, non-matching messages are released from quarantine, and possible
threat messages are held back until a final signature is available for the virus-scanning engine.
Over the course of a virus outbreak, you are protected from new infections coming into the
network, and you do not need to worry about possible false positive messages being dropped.
How Virus Outbreak Filters Work - Dynamic Quarantine in Action
M essages
Scanned &
D e le te d
T=0
T = 5 mins
T = 10 mins
T = 8 hours
zip (exe) files
-zip (exe) files

-Size 50 to 55 KB.
zip (exe) files

Size 50 to 55KB
Price in the
name file
Release messages
if signature
update is in place
CONTENT COMPLIANCE
Content Compliance
IronPort security solutions are powered by an advanced content filtering engine, which comes
with built-in configurations for compliance with Health Insurance Portability and
Accountability Act (HIPPA), Gramm-Leach-Bliley Act (GLBA), and Sarbanes-Oxley Act. You
can also use the content filtering engine to implement specific business-policy controls for a
variety of systems. Email archiving, attachment control, keyword scanning, and encryption
integration are all available for use in custom filtering rules.
You access this functionality with management and monitoring tools. AsyncOS provides both
an intuitive web-based GUI and a command line interface (CLI). You can use the Email
Security Manager in the GUI to set specific policies for groups of users so you can enforce
appropriate levels of security for different business units. Many standard reports are built into
the system, as well as flexible application programming interfaces (APIs) for retrieving
reporting and monitoring data. You can use these features to integrate the appliance with your
information systems infrastructure.
In addition, AsyncOS offers a unique centralized management feature that uses a peer-to-peer
architecture to avoid the need for extra hardware in the data center and to eliminate any
single point of failure.
With a multi-layer approach to spam and virus protection, IronPort provides the most
comprehensive email security solution on the market. By combining pioneering preventive
features, such as SenderBase and Virus Outbreak Filters, with best-in-class content scanning
engines, IronPort is a cost-effective solution to your email security needs.
The integrated architecture of AsyncOS provides all the necessary email protection
capabilities to secure internal networks and groupware servers. This guide demonstrates the
features of the IronPort email security appliance so you can immediately take control of your
email perimeter and solve email security problems.
CHAPTER
IronPort Email Security Appliance GUI

The graphical user interface (GUI) of the IronPort Email Security appliance provides access to
features and services to help you effectively monitor and administer your organizations email
network traffic.
Figure 2-1
IronPort GUI
1
2
CHAPTER 2: IRONPORT EMAIL SECURITY APPLIANCE GUI 9
The following table describes the GUI componenets shown in Figure 2-1.
10
Component
Description
1 - Menu bar
Click the menus to access the various areas of the GUI.
2 - Drop-down menu
The menus display task-based links. Click the links to access

pages for the tasks you want to perform.
3 - Options menu
The Options menu enables you to change your password or

log out of the IronPort appliance.
4 - Help menu
The Help menu provides access to online help information

about the current GUI page and access to the Support Portal.
In addition, you can use this menu to send a support request
and provide Customer Support with remote access to your
IronPort appliance.
5 - Commit Changes button
The Commit Changes button notifies you if changes are

pending on your appliance. When you make changes to the
appliance configuration, you must commit the changes for
them take effect on the appliance.
To commit the changes:
1. Click the Commit Changes button.
2. Optionally, enter a comment in the Comment box. Adding
comments can be useful for any future troubleshooting.
3. Click Commit Changes. You return to the originating page,
and the Commit box indicates that no changes are pending.
CHAPTER
Email Security Tasks

Task 1: Drop Positive Spam Messages by Default on page 12
Task 2: Exempt Specified Groups of Users from Spam Filtering on page 15
Task 3: Quarantine Incoming Spam on page 19
Task 4: Configure End User Safelists and Blocklists on page 24
Task 5: Quarantine Incoming Virus Messages on page 28
Task 6: Strip Specified Types of Incoming Email Attachments on page 33
Task 7: Enforce an Outgoing Email Policy on page 37
Task 8: Add a Domain to Accept Mail on page 43
Task 9: Add a Disclaimer to Outgoing Mail on page 46
Task 10: Configure a Scheduled Report on page 48
C H A P T E R 3 : E M A I L S E C U R I T Y T A S K S 11
TA SK 1 : D RO P PO S IT IV E S P A M M E S SA GE S BY D E F A U L T
The IronPort Anti-Spam engine processes email for incoming and outgoing mail based on
settings that you configure. IronPort Anti-Spam scans messages through its filtering modules
for classification. It classifies messages as positive spam, suspected spam, or not spam. You
determine the action to take on the message based on the IronPort Anti-Spam classification.
You might choose to drop, deliver, or quarantine messages based on their classification. For
example, you might decide to drop positive spam messages and quarantine suspected spam
messages.
Note If you set up your IronPort appliance using the System Setup Wizard, the IronPort
appliance drops positive spam messages by default.
Concepts
You can use the IronPort Email Security Manager to define mail filtering and security policies
for users based on their email addresses or an LDAP query. You configure settings for
incoming email in an incoming mail policy. The incoming mail policy instructs the IronPort
appliance to perform an action on a message based on the classification of the message and
mail recipient. The default mail policy applies to all incoming messages.
Goal
By default, the IronPort appliance is not configured to scan email messages for suspected
spam. In this task, you activate suspected spam scanning and configure the default policy to
drop the suspected spam. Later, you will enable the end-user spam quarantine, which allows
users to view and open email messages and release messages from the quarantine.
Dropping Spam Messages by Default

To drop spam messages by default:
1. Select Mail Policies > Incoming Mail Policies.
The Incoming Mail Policies page is displayed.
12
DROPPING SPAM MESSAGES BY DEFAULT
2. In the Anti-Spam settings for the default policy, click the link to open the mail policy.
The Mail Policies: Anti-Spam page is displayed.
3. In the Anti-Spam Settings section, select Use selected Anti-Spam service(s), and select
IronPort Anti-Spam.
4. In the Positively Identified Spam Settings section, use the following settings:
Apply this Action to the Message: Drop.
Advanced > Archive Message: Select Yes to archive or No to skip archiving.
5. In the Suspected Spam Settings section, use the following settings:
Enable Suspect Spam Scanning: Yes.
Apply This Action to Message: Deliver.
Add Text to Subject: Select Prepend or Append if you want to add text, and enter
the text in the text field. For example, enter [SUSPECTED SPAM].
6. Click Submit. The new settings are displayed for the default policy.
7. The IronPort appliance notifies you that you have pending changes.
The changes you make are not activated until you commit them.
8. Click the Commit Changes button in the top right corner of the page.
The Uncommitted Changes page is displayed.
9. Add a comment to describe the change.

10. Click Commit Changes.
See Also
For more information about the Email Security Manager, see Email Security Manager in the
IronPort AsyncOS for Email User Guide. For more information about anti-spam settings, see
Anti-Spam in the IronPort AsyncOS for Email User Guide.
14
TASK 2: EXEMPT SPECIFIED GROUPS OF USERS FROM SPAM FILTERING
TA SK 2 : E X E M P T S P E C I FI E D G R OU P S O F US E R S FR O M S P A M F I L TE R I NG
The default incoming mail policy you modified in Task 1 applies to all mail that enters the
network. However, you may want to create a new policy that applies security scanning or
content filters differently for some users. For example, you might want to ensure that
executive users receive all messages.
Concepts
With the IronPort appliance, you can use mail policies to apply different mail delivery settings
to different users. You use incoming mail policies to manage flows of incoming emails to
different addresses.
Goal
In this task, you create a new mail policy. Then, you modify the policys anti-spam settings to
deliver spam-positive messages and suspected spam with a tag in the messages subject line.
This allows you to exempt some users from spam filtering.
Creating a Mail Policy

To create a mail policy:
2. Click the Add Policy button.
The Add Incoming Mail Policy page is displayed.
3. To define the policy, enter the following information:

Policy Name: Enter a name. For example, enter Execs.
Insert Before Policy: 1 (Default Policy).

Add Users: This policy applies to the recipient of the message, so leave Recipient
selected.
Email Address(es): Add the email address that this policy applies to. For example,
enter bob@example.com. Then click the Add button. You can repeat this process
for any number of email addresses or LDAP queries.
Important Note:
The position of the
policy in the Email
Security Monitor is
important. Aliases
are matched starting
with the top policy.
4. Click Submit.
The Incoming Mail Policies page is displayed with the new mail policy.
Changing the Anti-Spam Settings for a Mail Policy

After you create a mail policy, you need to modify its anti-spam settings so that spam-positive
messages and spam-suspect messages are tagged and sent to the address that you specified in
the mail policy.
To change the anti-spam settings:
1. On the Incoming Mail Policies page for the new policy (for example, the Execs policy),
click the (use default) link in the Anti-Spam column. The Mail Policies: Anti-Spam page
is displayed.
2. In the Enable Anti-Spam Scanning for this Policy field, select Use selected Anti-Spam
service(s), and select IronPort Anti-Spam.
16
CHANGING THE ANTI-SPAM SETTINGS FOR A MAIL POLICY
3. Scroll down to the Positively-Identified Spam Settings section.
4. In the Positively-Identified Spam Settings section, enter the following information to

ensure that messages identified as spam are delivered with an identifying tag:
Add Text to Subject: Select Append or Prepend to add text to the subject, and enter
text in the text field. For example, use the default entry, [SPAM].
5. Scroll down to the Suspected Spam Settings section.
6. In the Suspected Spam Settings section, enter the following information to ensure that
messages identified as suspected spam are delivered with an identifying tag:
Enable Suspect Spam Scanning: Yes.
Add Text to Subject: Select Append or Prepend to add text to the subject, and enter
text in the text field. For example, use the default entry, [SUSPECTED SPAM].
7. Click Submit.
8. Review the Anti-Spam column.

The new mail policy delivers messages that are tagged as spam-positive and spam-suspect to
the specified accounts, and it drops spam-positive messages addressed to other accounts.
See Also
For more information about configuring anti-spam settings, see Anti-Spam in the IronPort
AsyncOS for Email User Guide.
For information about quarantining incoming spam messages, see Task 3: Quarantine
Incoming Spam on page 19.
18
TASK 3: QUARANTINE INCOMING SPAM
TA SK 3 : Q UA RA NT IN E I NC OM IN G S P A M
The IronPort Email Security appliance allows you to send spam or suspected spam messages
to the IronPort Spam Quarantine. End users can then access the quarantine to determine if the
messages are incorrectly identified as spam. You can use a local IronPort Spam Quarantine,
stored on the IronPort appliance, or you can send messages to an external IronPort Spam
Quarantine, stored on an M-Series IronPort appliance. Both AsyncOS administrators and end
users can access the IronPort Spam Quarantine.
Concepts
To use the IronPort Spam Quarantine, you work with several areas of the IronPort appliance:
IronPort Spam quarantine. The Spam Quarantine is a special quarantine designed for
mail end-user access. You can use a local quarantine or send spam to an external
quarantine (M-Series appliance).
The interface where the Spam Quarantine is enabled. You enable access to the IronPort
Spam Quarantine through an HTTP or HTTPS service.
Anti-spam options for a mail policy. You enable the spam quarantine for a particular mail
policy. That way, you can quarantine mail for specified groups of users.
Goal
In this task, you enable the IronPort Spam Quarantine and configure the default policy to send
incoming spam to the quarantine.
To use the IronPort Spam Quarantine, complete the following steps:
1. Configure the local IronPort Spam Quarantine.
2. Enable access to the IronPort Spam Quarantine through an HTTP or HTTPS service.
3. Configure the anti-spam scanning options for the policy to send spam or suspect spam to
the IronPort Spam Quarantine.
Configuring the IronPort Spam Quarantine

To configure the IronPort Spam Quarantine:
1. Select Monitor > Quarantines.
The Quarantines page is displayed.
2. Click Edit.
The Edit IronPort Spam Quarantine page is displayed.
3. Use the default settings in the Spam Quarantine Settings panel and scroll down to EndUser Quarantine Access.
4. Click Enable End-User Quarantine Access.
The End-User Quarantine Access page is displayed.
5. Select None in the End-User Authentication field.
20
CONFIGURING THE IRONPORT SPAM QUARANTINE
By selecting None, you allow users to access quarantined mail by clicking links in the
notification messages that they receive.
6. Click Enable Spam Notification.
The Enable Spam Notification page is displayed.
7. Enter an address to use in the From Address header if you want to send notifications.
8. Enter a subject (such as IronPort Spam Quarantine Notification).
9. Enter a title for the notification (such as IronPort Spam Quarantine Notification).
10. Optionally, enter a spam notification message.
11. Select a format.
12. Enter an address to deliver bounce messages to.
13. Leave the Consolidate Notifications field empty. This field consolidates email notifications
for users when the IronPort Spam Quarantine is configured for LDAP authentication.
14. In the Notification Schedule field, choose a notification schedule.
15. Click Submit.
16. Commit your changes.
Enabling the IronPort Spam Quarantine HTTP or HTTPS Service

After you enable the IronPort Spam Quarantine, you must edit the IP interface to enable the
HTTP or HTTPS service for the IronPort Spam Quarantine.
To enable the HTTP or HTTPS service:
1. On the Network > IP Interfaces page, click the interface name (this example uses the
Management interface).
The Edit IP Interface page is displayed.
2. In Services > IronPort Spam Quarantine, select HTTP, HTTPS, or both, enter the port
numbers, and optionally enable redirection of HTTP requests to HTTPS.
22
CONFIGURING THE POLICY TO SEND SPAM TO THE IRONPORT SPAM QUARANTINE
3. Enter the default URL that appears in email notifications. This example uses the hostname.
4. Click Submit.
Configuring the Policy to Send Spam to the IronPort Spam Quarantine

To send spam to the IronPort Spam quarantine:
2. Click the anti-spam settings for the default mail policy.
The Anti-Spam Settings page is displayed.
3. In Positively Identified Spam Settings > Apply this Action to Message, select IronPort Spam
Quarantine. The Positively Identified Spam Settings field expands. It displays delivery
settings for the IronPort Spam Quarantine.
4. Use the default settings in the Positively Identified Spam field.
5. Leave the Suspected Spam Settings as you configured them.
6. Use default settings for Spam Thresholds.
7. Click Submit.
See Also
For more information about working with incoming mail policies, see Configuring the
Gateway to Receive Email in the IronPort AsyncOS for Email User Guide. For more
information about working with the IronPort Spam quarantine, see Quarantines in the
IronPort AsyncOS for Email User Guide. For more information about configuring IP interfaces,
see Accessing the Appliance in the IronPort AsyncOS for Email User Guide.
TA SK 4 : C ON F IG UR E E N D U SE R SA FE L IS TS A N D BL O C K L I ST S
The IronPort appliance allows you to send spam or suspected spam messages to the IronPort
Spam Quarantine; however, an end user may want to ensure that mail from a particular
sender is never treated as spam. Conversely, an end user may want to guarantee that certain
mail is always sent to the IronPort Spam Quarantine. For example, a user may be unable to
unsubscribe from an automated mailing list, and may want to block the list servers email
address. You can enable end users to create safelists and blocklists to better control which
emails are treated as spam. The end user safelist and blocklist settings are configured from the
IronPort Spam Quarantine, so you must have enabled and configured the IronPort Spam
Quarantine to use this feature.
Note When you enable the safelist/blocklist feature, each end user maintains a safelist and
blocklist for his or her email account.
Concepts
This task introduces concepts related to end user safelists and blocklists. Safelists allow a user
to ensure that certain users or domains are not treated as spam. Blocklists ensure that certain
users or domains are always treated as spam.
Goal
In this task, you enable safelists and blocklists in the IronPort Spam Quarantine, and you
configure a safelist and a blocklist for an end user account.
Note Steps 2 and 3 require that you log into an end user account to create a safelist. Ensure
that you have created an end user account that you can access to complete this task.
Enabling the End User Safelist/Blocklist on the IronPort Spam Quarantine

You enable safelists and blocklists from the Quarantines page.
To enable safelists and blocklists on a C-Series appliance:
1. Select Monitor > Quarantines.
2. In the End-User Safelist/Blocklist section, click Edit Settings.
The Edit Safelist/Blocklist Settings page is displayed.
3. Select Enable End User Safelist/Blocklist Feature.

4. Select Quarantine or Delete for the blocklist action.
24
ADDING ITEMS TO THE SAFELIST FOR AN END USER ACCOUNT
5. Specify the maximum list items per user. This value represents the maximum number of
addresses or domains a user can list in each safelist and blocklist. For example, a value of
100 would mean that the end user could add 100 terms in the safelist and 100 terms in
the blocklist.
6. Click Submit.
Adding Items to the Safelist for an End User Account

End users can use safelists to ensure that mail from specified senders is never treated as spam.
To add items to a safelist:
1. Log in to the IronPort Spam Quarantine.
2. Select the Options drop-down menu.
3. Select Safelist.
4. In the Safelist dialog box, enter an email address, subdomain, or domain.
Entries can be added to safelists and blocklists using the following formats:
user@domain.com
server.domain.com
domain.com
5. Click Add to List.
Adding Items to the Blocklist for an End User Account

End users can use blocklists to ensure that they never receive mail from specified senders.
To add items to a blocklist:
1. In the IronPort Spam Quarantine, select the Options drop-down menu.
2. Select Blocklist.
3. Enter the domain or email address you want to blocklist.
26
ADDING ITEMS TO THE BLOCKLIST FOR AN END USER ACCOUNT
4. Click Add to List.
When the IronPort appliance receives mail from the specified email address or domain that
matches an entry in the blocklist, it treats the mail as spam. Because you configured AsyncOS
to quarantine blocklisted items, any items identified as blocklisted are quarantined.
TA SK 5 : Q UA RA N T IN E I NC OM IN G V I R U S M E S SA G E S
You can configure the IronPort appliance to quarantine incoming virus messages. The Virus
quarantine stores messages marked by the anti-virus scanning engine as not scannable, viruspositive, or encrypted. Like the anti-spam settings, you configure the IronPort appliance to
take different actions based on the results of the virus scan and the group of mail recipients.
For example, you might want to quarantine all virus-positive messages to the Technical
Support group, but drop all virus-positive messages sent to the Marketing group.
Concepts
This task presents concepts related to IronPort virus scanning and the Virus quarantine.
Unlike the IronPort Spam quarantine, the Virus quarantine can be accessed only by
administrators. The Virus quarantine is enabled by default, but you must configure anti-virus
scanning and quarantine settings in a mail policy to use the Virus quarantine. You also enable
notifications in the mail policy to allow administrators or end users to see that messages were
quarantined.
Goal
In this task, you activate IronPort virus scanning, and you configure the default mail policy to
deliver suspected virus email messages and drop confirmed virus email messages. You also
configure the default mail policy to quarantine virus messages and suspected virus messages.
Enabling Virus Settings

To enable the Virus quarantine:
2. Click the anti-virus settings for the default mail policy.
28
ENABLING VIRUS SETTINGS
The Anti-Virus Settings page is displayed.
3. Under Anti-Virus Settings, select Yes for Enable Anti-Virus Scanning for this Policy.
The anti-virus engines that you have licenses for are displayed.
4. Select an anti-virus engine.
5. Under Message Scanning, enter the following information:
Select Scan and Repair viruses from the menu.
Select Include an X-header with the Anti-Virus scanning results in messages.
6. Use the default settings for the Repaired Messages section.
7. Use the default settings for the Encrypted Messages section.
8. Scroll down to the Unscannable Messages section.
9. Enter the following information in the Unscannable Messages section:

Action Applied to Message: Quarantine.
Archive Original Message: Yes.
Modify Message Subject: Select Prepend or Append, and enter the text into the text
field. For example, [WARNING: A/V UNSCANNABLE].
Other Notification: Recipient.
10. Scroll down to the Virus Infected Messages section.
30
ENABLING VIRUS SETTINGS
11. Enter the following information in the Virus Infected Messages section:
Action Applied to Message: Quarantine.
Archive Original Message: Yes.
Modify Message Subject: Select Prepend or Append, and enter the text into the text
field. For example, [WARNING: VIRUS DETECTED].
Other Notification: Recipient.
12. Click Submit.
The Default Mail Policy displays the anti-virus settings.
See Also
For more information about configuring anti-virus settings, see Anti-Virus in the IronPort
AsyncOS for Email User Guide. For more information about quarantines, see
Quarantines in the IronPort AsyncOS for Email User Guide.
32
TASK 6: STRIP SPECIFIED TYPES OF INCOMING EMAIL ATTACHMENTS
TA SK 6 : S TR I P S P E C IF I E D TY P E S O F I N CO M I NG E M A I L A T TA C H M E N TS
In addition to spam and virus filters, the IronPort appliance allows you to apply custom
scanning and email policies to messages by using content filters. You can use content filters to
analyze incoming email messages and take action based on a variety of factors. Content filters
can be enforced on different groups of users.
Concepts
This task introduces concepts related to the content filter. The content filter applies custom
filtering to messages after the anti-spam and anti-virus engines perform scans. Like anti-spam
and anti-virus policies, you create the content filter and then apply it to a group of users via a
mail policy.
Goal
In this task, you create a new content filter to strip a specified type of media attachment from
incoming messages, and then you add this filter to the default policy in the Email Security
Manager.
Creating a Content Filter

To create a content filter:
1. Click Mail Policies > Incoming Content Filters.
The Incoming Content Filters page is displayed.
2. Click the Add Filter button.
The Add Content Filter page is displayed.
Note Content Filters are custom email rules that scan a message for specific content or
recipients and then take actions based on the results of the scan.
3. Enter the following information:

Name: Enter a name to identify the filter. For example, Remove_MP3.
Description: Briefly describe the filter.
Conditions: Leave this section blank. This ensures that this filter is applied to all
messages analyzed by the mail policy.
4. Click Add Action.
5. Select Strip Attachment by File Info.
The Strip Attachment by File Info page is displayed.
6. Specify the action that the appliance takes when it encounters a flagged email message.
Select File type is.
In the drop-down menu, select -- mp3.
Enter a replacement message that is displayed to the recipient if an MP3
attachment is stripped from an email message. For example, [MP3 FILE
DROPPED].
Click OK. The Edit Content Filter page displays the rule drop-attachments-byfiletype("mp3", "[MP3 FILE DROPPED]") in the Actions section of the
page.
7. Click Submit.
34
APPLYING A FILTER TO AN INCOMING MAIL POLICY
The Incoming Content Filters page displays the Remove_MP3 filter.
Applying a Filter to an Incoming Mail Policy

You apply the content filter to incoming messages by associating it with an incoming mail
policy.
To apply a content filter to an incoming mail policy:
When you associate the content filter with a mail policy, it is applied to the appropriate
end users.
2. Click the Disabled link in the Content Filters column. The Mail Policies: Content Filters
page displays the content filter that you created.
3. Click Yes to enable content filtering on the policy. Verify that the Enable check box is
selected for the Remove_MP3 filter.
4. Click Submit.
The Incoming Mail Policies page displays a success message.
Testing the Filter

After you have created the filter and applied it to the default mail policy, test the filter by
sending an email message with an MP3 attachment from an Internet email address (such as
Yahoo! Mail) to an alias in your network.
You can use the Trace page (and trace CLI command) to test and troubleshoot the filter. The
Trace page emulates a message that is accepted by a listener, and it prints a summary of
features that would have been triggered or affected by the current configuration of the
system. You can also run the tail command against mail logs to view the most recent mail
logs in real time. For more information on mail flow monitoring, see Email Security
Manager in the IronPort AsyncOS for Email User Guide.
See Also
For more information about content filters and the Email Security Manager, see Email
Security Manager in the IronPort AsyncOS for Email User Guide.
36
TASK 7: ENFORCE AN OUTGOING EMAIL POLICY
TA SK 7 : E N F OR CE A N O UT GO I NG E M A I L PO L I CY
The IronPort appliance allows you to enforce a policy for outgoing mail that would quarantine
messages that may contain sensitive information or violate your companys email policies. For
example, you can quarantine all messages that contain Social Security numbers. Content
filters can analyze outgoing messages for particular data patterns and take action based on the
scanned content.
Concepts
This task introduces concepts related to the content dictionary and smart identifiers. Content
dictionaries are a list of terms you define to scan messages, message headers, and message
attachments in order to take action in accordance with your companys email policies. You
can also add smart identifiers to a content dictionary. Smart identifiers are algorithms that
search for patterns in data that correspond to common numeric patterns, such as Social
Security numbers and credit card numbers. Smart identifiers work more effectively than
regular expressions because they use mathematical calculations to ensure the validity of the
smart identifiers per the issuing authority.
For each term or smart identifier, you can specify a weight so that terms or smart identifiers
can trigger filter actions more easily. When AsyncOS scans messages for the dictionary terms
or smart identifiers, it scores the message by multiplying the number of instances by the
weight of the term or identifier.
Then, when you add filter rules that search for patterns in content, you specify a minimum
threshold value for triggering the filter action. When you search for both smart identifiers and
content dictionary terms, the scanning engine combines the scores of the identifiers and
dictionary terms to create the total weight. If the minimum threshold is met, the filter action is
triggered. If the threshold is not met, the expression does not evaluate to true.
Goal
In this task, you create a new content filter that uses content dictionary terms and smart
identifiers to identify outgoing emails that violate PCI compliance guidelines. You configure
the content filter to quarantine emails that show patterns in data corresponding to credit card
numbers and that include terms related to credit cards. After you create the content dictionary
and content filter, you add the content filter to the default outgoing mail policy.
Creating a Content Dictionary

To create a content dictionary:
1. Select Mail Policies > Dictionaries.
The Dictionaries page is displayed.
2. Click Add Dictionary.
The Add Dictionary page is displayed.
3. In the Dictionary Properties section, enter the name PCI_Compliance.

4. Leave the default settings in the Advanced Matching field.
5. In the Smart Identifiers field, select Credit Card Numbers and specify a weight of 10.
6. In the Dictionary section, add the following dictionary terms in the Add Terms field, and
specify the following weight for each term:
Term
Weight
Credit Card Number
10
PIN
CCN
When you specify a weight for a dictionary term, consider the threshold value you will
configure to trigger the content filter action. For example, if you configure the threshold
38
CREATING AN OUTGOING CONTENT FILTER
value as 10, you might specify a weight of 10 for terms that always trigger the filter action,
and specify a weight of 5 for terms that do not trigger the filter action by themselves. For
example, a message that contains the terms PIN and CCN would cause the message to be
quarantined, but a message containing only one of these terms would not cause the
message to be quarantined.
7. Click Submit.
Creating an Outgoing Content Filter

After you have defined the dictionary terms, smart identifiers, and their weights, you need to
create a content filter that queries the content dictionary to determine actions to take on
outgoing mail. You will create a content filter that quarantines messages that meet a score
of 10 or higher using the PCI_Compliance dictionary you created.
Creating a Content Filter

To create a content filter:
1. Select Mail Policies > Outgoing Content Filters.
The Outgoing Content Filter page is displayed.
2. Click Add Filters.
The Add Content Filters page is displayed.
Name: Enter PCI_Compliance.
Description: Detects messages that are non-PCI compliant.
4. Click Add Condition.
5. Select Message Body or Attachment.
The Message Body or Attachment condition is displayed.
6. Select Contains term in content dictionary, and choose the PCI_Compliance content
dictionary you created.
7. In the Number of matches required field, enter 10.
The number of matches is based on the weight of the term. If you enter 10 in the number
of matches field, one dictionary term with a weight of 10 will trigger the filter condition,
or two dictionary terms with a weight of 5 each will trigger the filter condition.
8. Click OK.
9. Click Add Action.
The Add Action page is displayed.
10. Select Quarantine.
11. In the Send Message to the Quarantine field select the Policy quarantine.
12. Click OK.
13. Click Submit.
The Outgoing Content Filters page displays the PCI_Compliance content filter.
Applying a Filter to an Outgoing Mail Policy

By default, the filter is not applied to outgoing messages. You apply the content filter by
associating it with an outgoing mail policy.
40
TESTING THE FILTER
To associate the content filter with a mail policy:

1. Select Mail Policies > Outgoing Mail Policies.
The Outgoing Mail Policies page is displayed.
You associate the content filter with a mail policy so that it is applied to the appropriate
end users. In this example, the content filter is applied to the Default policy.
2. On the default policy, click the Disabled link in the Content Filters column. The Mail
Policies: Content Filters page displays a list of available content filters. The
PCI_Compliance filter appears in this list.
3. Click Yes to enable content filtering for the policy. Verify that the Enable check box is
selected for the PCI_Compliance filter.
4. Click Submit.
The Outgoing Mail Policies page displays a success message.
Testing the Filter

After you have created the filter and applied it to the default outgoing mail policy, you can test
the filter by sending an outbound email message with dictionary terms in a message body or
attachment. For example, send a message with the terms PIN and CCN, and then send a
message with each of these terms separately. Messages that contain both of these terms are
quarantined, but messages that contain only one of the terms do not trigger the filter action.
See Also
For more information about content dictionaries, see Text Resources in the IronPort
AsyncOS for Email User Guide. For more information about smart identifiers, see Policy
Enforcement in the IronPort AsyncOS for Email User Guide.
42
TASK 8: ADD A DOMAIN TO ACCEPT MAIL
TA S K 8 : A D D A D O M A I N T O A C C E P T M A I L
In this task, you configure the IronPort appliance to receive mail for another domain. Many
enterprise gateways are configured to receive messages for several local domains. For
example, if your company changes its name, it needs to receive mail for the old domain name
and the new domain name.
Concepts
Incoming and outgoing mail is received through a listener, an email processing service that is
configured on a particular IP interface. When you add accessibility for a new domain to the
IronPort appliance, you must add entries to two tables. One table, the Recipient Access Table
(RAT), specifies the mail recipients for the domain. It defines which recipients will be
accepted by a public listener. The table specifies the address (which may be a partial address
or host name) and whether to accept or reject it. The other table, the Host Access Table
(HAT), maintains a set of rules that control incoming connections from remote hosts for a
listener. You add an SMTP route to enable email for the new domain to be routed to the
correct mail exchange host. SMTP routes allow you to redirect all email for a particular
domain to a different mail exchange (MX) host.
Goal
In this task, you add accessibility to the IronPort appliance for a new domain. You do this by
adding an entry for the domain in the RAT, the HAT, and the SMTP Routes table.
Accepting Mail for a Domain

To accept mail for a domain:
1. Select Network > Listeners.
The Listeners page is displayed.
2. Click the RAT link.
The Recipient Access Table Overview page is displayed.
3. Click the Add Recipient button.

The Add to Recipient Access Table page is displayed.

Order: Enter 2 to place the domain second in the list.
Recipient Address: Enter the domain address. For example, acquisition.com.
Action: Accept.
Bypass LDAP Accept Queries for this Recipient: Leave as is.
Custom SMTP Response: No.
Bypass Receiving Control: No.
5. Click Submit.
The Recipient Access Table Overview page is refreshed with the new domain listed in
position 2. At this point, your appliance is configured to accept mail for the new domain.
44
CREATING AN SMTP ROUTE FOR A DOMAIN
Creating an SMTP Route for a Domain

To create an SMTP route for a domain:
1. Select Network > SMTP Routes.
The SMTP Routes page is displayed.
2. Click the Add Route button.
The Add SMTP Route page is displayed.
3. Enter the settings for the SMTP route:

Receiving Domain: Enter the Receiving Domain. For example, enter
acquisition.com.
Destination Hosts: Enter the IP address or host name of the MUA that will receive
the mail for the receiving domain. For example, enter exchange.company.com.
Outgoing SMTP Authentication: Use default settings.
4. Click Submit.
The SMTP Routes page displays the new SMTP route.
See Also
For more information about configuring listeners amd working with the RAT and the HAT, see
Configuring the Gateway to Receive Email in the IronPort AsyncOS for Email User Guide.
TA S K 9 : A D D A D IS C L A I M E R T O O UT G O I N G M A I L
You can use the IronPort appliance to add footer text to outgoing or incoming messages. For
example, you can append a copyright statement, promotional statement, or disclaimer to
messages sent from your network.
Concepts
To add an outgoing disclaimer, you create a disclaimer text resource and associate it with a
private listener.
IronPort AsyncOS differentiates between public listeners which, by default, can receive
email from the Internet and private listeners that accept email only from internal systems
such as groupware, POP and IMAP, and other message generation systems.
Goal
To add an outgoing disclaimer, you first create a text resource and then associate the text
resource with the private (outgoing) listener.
Creating a Footer Text Resource

To create a footer text resource:
1. Select Mail Policies >Text Resources.
The Text Resources page is displayed.
2. Click the Add Text Resource button.
The Add Text Resource page is displayed.
Enter the following information:

Name: Name of the text resource. For example, enter Confidential.
Type: Disclaimer.
Text: Enter the text to display as the disclaimer. Do not use variables.
3. Click Submit.
46
ASSOCIATING A FOOTER WITH A PRIVATE LISTENER
The Text Resources page is displayed with the disclaimer text resource.
Associating a Footer with a Private Listener

After creating the disclaimer, you need to associate it with the private (outgoing) listener. The
listener inserts the disclaimer text resource into every email message that the listener handles.
To associate the disclaimer with a private listener:
1. Select Network > Listeners.
2. Click the OutgoingMail link in the Listener Name column.
The Edit Listener page is displayed.
3. Select Confidential from the Disclaimer Below menu to display the disclaimer at the
bottom of messages.
4. Click Submit.
See Also
For more information about working with message stamping, see Text Resources in the
IronPort AsyncOS for Email User Guide.
TA SK 1 0: CO N FI GU R E A S C HE DU L E D R E P O R T
You can run a variety of reports to track activity on your IronPort appliance. You can track the
flow of mail using incoming and outgoing mail summary reports, outgoing destinations,
outgoing senders domains, and sender groups. You can track virus activity using the Virus
Types report and the Virus Outbreak report. You can also track user activity using the Internal
Users Summary report and the Content Filters report. You can also track system activity using
an Executive Summary report and track system health using the System Capacity report.
Concepts
The IronPort appliance allows you to track activity by using reports. You can also use reports
to monitor the effectiveness of the appliance and view trends in the mail flow.
This task introduces the TLS Connections report. This report shows the overall usage of TLS
connections for sent and received mail. The report also shows details for each domain
sending mail using TLS connections.
Goal
In this task, you schedule a daily TLS Connections report.
Configuring a Scheduled Report

To configure a scheduled report:
1. Select Monitor > Scheduled Reports.
The Scheduled Reports page is displayed.
The Available Reports section displays the scheduled reports.
2. Click the Add Scheduled Report button.
The Add Scheduled Report page is displayed.
3. Select a Report type from the menu. For example, you might use the TLS Connections
report to view the overall usage of TLS connections for emails sent to your network.
48
CONFIGURING A SCHEDULED REPORT
4. Enter a title for the report.

5. Under Time Range to Include, select Previous calendar day.
6. Under Format, leave PDF selected.
7. Under Schedule, select Daily, and leave the default time.
8. Enter the email address where you want to send the report.
9. Click Submit.
Note If you used the System Setup Wizard to configure the IronPort appliance, some
reports are enabled by default.
See Also
For more information about generating and managing reports, see the section about reporting
in Using the Email Security Monitor in the IronPort AsyncOS for Email User Guide.
50
CHAPTER
Advanced Tasks
Task 11: Access the Command Line Interface on page 52
Task 12: Use the CLI on page 55
Task 13: Retrieve and Use Mail Logs on page 60
Task 14: Configure Email Alerts on page 63
Task 15: Upgrade the IronPort Appliance on page 65
C H A P T E R 4 : A D V A N C E D T A S K S 51
TA S K 1 1: A C CE SS T H E C O MMA N D L I N E I N TE RF A C E
The IronPort AsyncOS Command Line Interface (CLI) provides a set of management
commands through a text-based interactive interface. You connect to the CLI using telnet or
Secure Shell (SSH). SSH is encrypted and provides better security.
Concepts
The CLI and the GUI contain many of the same functions, but some advanced tasks are
available only in the CLI. To use the CLI, you must first enable it from the GUI.
Note Do not run multiple concurrent CLI or GUI sessions. Doing so will cause unexpected
behavior and is not supported.
Goal
In this task, you enable and access the CLI. To use the CLI, you need to:
Enable the CLI to use SSH or telnet.
Connect to the configured IP address using telnet or SSH.
Enabling the CLI

You can enable the CLI on any IP interface. In this example, the CLI is enabled in the
Management interface.
To enable the CLI:
1. Select Network > IP Interfaces, and click the Management link.
52
ENABLING THE CLI
The Edit IP Interface dialog box is displayed.
2. In the Services field, select SSH and Telnet, and enter port numbers.
Telnet uses port 25. SSH uses port 22. When you select both options, you can connect to
the IP address using either telnet or SSH.
3. Use telnet or SSH to connect to the Management interface.
Initially, only the admin user account has access to the CLI. You can add other users when
you access the CLI through the admin account.
4.
In the CLI, enter your username and password to log in to the appliance.
See Also
For more information about the CLI, see the IronPort AsyncOS CLI Reference Guide.
54
TASK 12: USE THE CLI
TA S K 1 2 : U S E T H E C L I
You can perform many advanced tasks in the CLI, such as testing connectivity, viewing system
status, and controlling services.
Concepts
You can use the CLI to complete the following types of tasks:
Connectivity. You can test connectivity using the telnet command. You can use the
traceroute command to test connectivity to a network host from the appliance and
debug routing issues with network hops.
System status. You can use the status command to determine the status of the IronPort
appliance. You use the tophosts command to view information about the email queue
and determine if a particular recipient host has delivery problems, such as a queue
buildup.
Control services. Use the suspendlistener and resumelistener commands to stop
and restart listeners if you need to troubleshoot a mail processing problem.
Goal
In this task, you run commands to test connectivity, review system status details, and suspend
and resume listeners.
Testing Connectivity
The IronPort appliance allows you to use several common network diagnostic tools, such as
telnet, ping, and traceroute. You can use telnet to connect to a remote host. You can
use ping to test whether a particular host is reachable across an IP network. You can use
traceroute to display a network route to a remote host.
Use these commands to debug network connectivity from the IronPort appliance. For
example, you can ensure that your diagnostics are not affected by firewalls or other rules that
may treat the IronPort appliance differently from a workstation.
Ping a Network Host
To ping a network host:

1. Use telnet or SSH to connect to the Management interface, and enter your username and
password.
2. Enter ping and the host name for an address on your network.
3. Allow the IronPort appliance to ping the address several times.
4. Press Ctrl+C to stop the IronPort appliance from pinging the host.
5. Review the ping statistics.

Table 4-1 CLI ping Command
mga.company.com> ping mail.example.com

Press Ctrl-C to stop.
PING mail.example.com (69.18.55.191): 56 data bytes
64 bytes from 69.18.55.191: icmp_seq=0 ttl=63 time=46.078 ms
^C
--- mail.example.com ping statistics --3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 37.616/41.878/46.078/3.455 ms
Use the traceroute Command
Use the traceroute command to test connectivity to a network host from the appliance and
debug routing issues with network hops.
1. From the CLI, enter traceroute <network host name>.
2. Press Ctrl+C to stop the trace.
3. Review the traceroute statistics.
Table 4-2 Example of the traceroute Command
mga.company.com> traceroute mail.example.com

traceroute to mail.example.com (69.18.55.191), 64 hops max, 44 byte
packets
1 er1.sfo1.speakeasy.net(66.93.133.1)35.199 ms 30.697 ms 31.543
ms
2 * * *
^C
Use the telnet Command
Use telnet to establish a telnet connection or other interactive TCP connection.

To establish a telnet connection:
1. From the CLI, enter telnet <host name><port number>.
The IronPort appliance opens a connection to the remote host.
56
MONITORING THE IRONPORT APPLIANCE AND EMAIL TRAFFIC
2. Press Ctrl+C to close the connection.

Table 4-3 Example of the telnet Command
mga.company.com> telnet mail.example.com 25

Trying 69.18.55.191...
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
EHLO mga.company.com
250-mail.example.com
250-PIPELINING
250-SIZE 102400000
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME
^]
telnet> quit
Connection closed.
Monitoring the IronPort Appliance and Email Traffic

You can use the CLI to monitor the IronPort appliance and traffic flowing through it. You can
use the status command to view a broad range of information about the IronPort appliance,
such as the anti-spam and anti-virus features that are enabled and the last date you started the
appliance. Use the detail subcommand to return more specific information.
Using the status Command
From the CLI, enter status detail to retrieve detailed status of the IronPort appliance.
Table 4-4 Example of the status Command
mga.company.com> status detail

Status as of:
Thu Mar 30 13:22:24 2006 PST
Up since: Tue Mar 21 07:24:41 2006 PST (9d 5h 57m 43s)
Last counter reset:
Never
System status:
Online
Oldest Message:
No Messages
Feature - Virus Outbreak Filters: 50 days
Feature - IronPort Anti-Spam: 205 days
Feature - Receiving:
50 days
Feature - Brightmail:
50 days
Feature - Sophos:
50 days
Counters:
Receiving
Reset Uptime
Lifetime
Table 4-4 Example of the status Command (Continued)
Messages Received
Recipients Received
Gen. Bounce Recipients
22,119 1,267
22,651 1,324
81 7
22,119
22,651
81
For more information about counters, see the IronPort AsyncOS for Email User Guide.
Using the tophosts Command
To view immediate information about the email queue and determine if a particular recipient
host has delivery problems such as a queue buildup use the tophosts command. The
tophosts command returns a list of the top 20 recipient hosts in the queue. The list can be
sorted by a number of statistics, including active recipients, connections out, delivered
recipients, soft bounced events, and hard bounced recipients.
To use the tophosts command:
1. From the CLI, enter tophosts.
The CLI displays a list of sorting options.
2. Sort the hosts by connections out.
The CLI returns a list of hosts in order of the connections out.
Table 4-5 Example of the tophosts Command
mga.company.com> tophosts
Sort results by:
1. Active Recipients
2. Connections Out
3. Delivered Recipients
4. Hard Bounced Recipients
5. Soft Bounced Events
[1]> 2
Status as of:
Thu Mar 30 13:23:42 2006 PST
Hosts marked with '*' were down as of the last delivery attempt.
Active
Conn.
Deliv.
Soft
Hard
#
Recipient Host
Recip.
Out
Recip.
Bounced
Bounced
1
2
3
yahoo.com
hotmail.com
mail.example.com
0
0
0
0
0
0
2
128
889
0
76
0
You can retrieve the information from these commands in an XML format by using a GUI
request. For example, you can retrieve the information from the status command with the
URL http://<hostname>/xml/status. Other useful commands for gathering email
58
0
5
0
CONFIGURING THE APPLIANCE
monitoring statistics include hoststatus and topin. For information on using XML pages to
gather email monitoring statistics, see Gathering XML Status from the GUI in the IronPort
AsyncOS User Guide.
Configuring the Appliance

You can control the operation of your IronPort appliance directly from the CLI. The
suspendlistener and resumelistener commands allow you to stop and restart listeners
if you need to troubleshoot a mail processing problem.
Use the syntax in Table 4-6 to suspend a listener.
Table 4-6 Suspending and Resuming a Listener
mga.company.com> suspendlistener
Enter the number of seconds to wait before abruptly closing
connections.
[30]>
Waiting for listeners to exit...
Receiving suspended for External.
mga.company.com> resumelistener
Mail delivery resumed.
Other useful commands for stopping mail delivery from the appliance include suspenddel
and resumedel.
TA S K 1 3: R E T R I E V E A N D U S E M A I L L O G S
AsyncOS offers extensive logging capabilities, and it makes these logs available through a
variety of interfaces. Logs record information about mail flow, operation of various software
systems on the appliance, CLI and GUI usage, and the AsyncOS system itself. By default,
AsyncOS records, archives, and purges old log files. You can view and search the logs,
change the options for how much detail is recorded to the logs, and how the files themselves
are handled on disk.
Concepts
This task introduces the tail command, which allows you to view log details in real time. It
also introduces the grep command, which allows you to search through logs for specific
details. In addition, it introduces methods for retrieving logs.
Goal
In this task, you view the logs in real time through the CLI, search logs for information, and
retrieve logs using different formats.
Viewing Logs
To view the logs in real-time as they are written to the log files, use the syntax in Table 4-7.
Table 4-7 Example of tail Command
mga.company.com> tail bounces

Wed Mar 29 22:25:24 2006 Info: Delayed: DCID 12949 MID
From:<rob@main.example.net> To:<bob@company.com> RID 0
Unknown address error ('450', ['<rob@main.example.net>:
rejected: Domain not found'])
Wed Mar 29 23:25:26 2006 Info: Delayed: DCID 12951 MID
From:<rob@main.example.net> To:<bob@company.com> RID 0
Unknown address error ('450', ['<rob@main.example.net>:
rejected: Domain not found'])
23365
- 4.1.0 Sender address
23365
- 4.1.0 Sender address
Searching for Content in Logs

You can search for content in the logs by using the grep command. For example, the
following grep query searches for mail logs for bob@company.com and then retrieves the
details of a message sent to that address by searching for the message ID.
Table 4-8 Example of the grep Command
mga.company.com> grep -e bob@company.com mail_logs

Sat Jan 21 02:43:05 2006 Info: MID 13276 ICID 23441 RID 0 To:
<bob@company.com>
mga.company.com> grep -e MID 13276 -e ICID 23441 mail_logs
60
RETRIEVING AND CONFIGURING LOGS
Table 4-8 Example of the grep Command (Continued)
Sat Jan 21 02:43:03 2006 Info: New SMTP ICID 23441 interface External
(66.39.133.191) address 86.203.229.163 reverse dns host alagny-154-170-163.w86-203.abo.wanadoo.fr verified yes
Sat Jan 21 02:43:03 2006 Info: ICID 23441 ACCEPT SG SUSPECTLIST match
sbrs[-4.0:-1.0] SBRS -2.2
Sat Jan 21 02:43:04 2006 Info: Start MID 13276 ICID 23441
Sat Jan 21 02:43:04 2006 Info: MID 13276 ICID 23441 From:
<mduffm@309s.com>
Sat Jan 21 02:43:05 2006 Info: MID 13276 ICID 23441 RID 0 To:
<bob@company.com>
Sat Jan 21 02:43:17 2006 Info: MID 13276 Message-ID
'<000001c61ea1$2ec70280$0100007f@localhost>'
Sat Jan 21 02:43:17 2006 Info: MID 13276 Subject 'Hey bro, check out
the huge sale these guys are offering'
Sat Jan 21 02:43:17 2006 Info: MID 13276 ready 9637 bytes from
<mduffm@309s.com>
Sat Jan 21 02:43:17 2006 Info: MID 13276 matched all recipients for
per-recipient policy EUQ Testers in the inbound table
Sat Jan 21 02:43:17 2006 Info: MID 13276 using engine: CASE spam
positive
Sat Jan 21 02:43:17 2006 Info: EUQ: Tagging MID 13276 for quarantine
Sat Jan 21 02:43:17 2006 Info: MID 13276 antivirus negative
Sat Jan 21 02:43:17 2006 Info: MID 13276 queued for delivery
Sat Jan 21 02:43:18 2006 Info: Start delivery of MID 13276 over RPC
connection 8572
Sat Jan 21 02:43:18 2006 Info: EUQ: Quarantined MID 13276
Sat Jan 21 02:43:18 2006 Info: Delivery of MID 13276 over RPC completed
on connection 8572
Sat Jan 21 02:43:18 2006 Info: Message finished MID 13276 done
Sat Jan 21 02:43:19 2006 Info: ICID 23441 close
Retrieving and Configuring Logs

Log data rolls over to a new file when the file size reaches a specified limit. (The default is 95
MB.) By default, the appliance stores up to 10 files for each log, and it deletes the oldest file
when it rolls over data to a new file.
You can use FTP or SCP to retrieve archived log files on demand, or you can configure the
appliance to push rolled-over log files to an FTP or SCP server.
Retrieving Logs Using FTP or SCP
You can retrieve log files directly from the appliance using either an FTP or an SCP client. On
the Network > IP Interfaces page, you can enable both the FTP and the SSH (for SCP) services.
After you enable the service, you can connect to the IronPort appliance using the FTP or SCP
client to browse and retrieve log files.
Other types of files are available for download, including saved configuration files, archive
mailboxes created by different filter commands, and saved reports.
Configuring Log Subscriptions
By default, the appliance is configured to roll over the log files when they reach a specified
size, and it stores up to 10 old log files. You can configure the log settings to reduce or
increase the number and size of the log files. You can also configure the appliance to push
logs to a remote server for further archiving and processing.
Log subscriptions can be managed through the logconfig CLI command and through the
GUI on the System Administration > Log Subscriptions page.
See Also
For more information, see Logging in the IronPort AsyncOS for Email Advanced User
Guide.
62
TASK 14: CONFIGURE EMAIL ALERTS
TA SK 1 4: CO N FI GU R E E M A I L A L E R T S
You can configure the IronPort appliance to send email-based alerts when errors and other
types of events occur.
Concepts
The IronPort appliance can send informational and error alerts. You can configure these alerts
based on the information you want to receive and the users who need to receive the
information. Different levels of alerts can be delivered to different recipients.
Goal
In this task, you view email alerts and add a recipient for the email alerts.
Configuring Email Alerts

You configure alerts through the GUI on the System Administration > Alerts page.
Figure 4-1
Alerts Page
Figure 4-1 shows the default configuration for email alerts. You can configure the system to
deliver a different set of alerts to another email address. To do this, click Add Recipient.
Figure 4-2
Add Alert Recipient Page
On this page, you choose the recipient to receive alerts and the level and type of alert
messages to send to that recipient. After select the alerts, click the Submit button and commit
your changes.
See Also
For more information about alerts, see System Administration in the IronPort AsyncOS for
Email User Guide.
64
TASK 15: UPGRADE THE IRONPORT APPLIANCE
TA S K 1 5: U P G R A D E T H E I R O N POR T A P P L I A N C E
You can use either the CLI or the GUI to perform system upgrades. In the CLI, use the
upgrade command. In the GUI, select System Administration > System Upgrades. The
system checks for available upgrades and provides a choice of upgrade versions. While the
IronPort appliance performs the upgrade, it continues to process mail. The upgrade requires a
reboot, which you can perform at a convenient time.
Note that upgrades require download of a significant amount of data. Depending on the
speed of your Internet connection, the download can take from several minutes to over an
hour. For some sites, it is easier to perform upgrades from the CLI. This allows you to watch
the upgrade events more closely than when you perform the upgrade from the GUI.
See also
For more information about upgrading the IronPort appliance, see System Administration in
the IronPort AsyncOS for Email User Guide.
For information about upgrading IronPort appliances that belong to a centralized
management cluster, see System Administration in the IronPort AsyncOS for Email User
Guide.
66

ESA 6.5.0 GA Getting Started Guide

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

ESA 6.5.0 GA Getting Started Guide

Încărcat de

Drepturi de autor:

Formate disponibile

IronPort AsyncOS 6.

IRONPORT SYSTEMS, INC. CONTACTING IRONPORT CUSTOMER SUPPORT

2. IronPort Email Security Appliance GUI . . . . . . . . . . . . . . . . . . . . . . . 9

IRONPORT ASYNCOS GETTING STARTED GUIDE

Task 4: Configure End User Safelists and Blocklists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

IRONPORT ASYNCOS GETTING STARTED GUIDE

IRONPORT ASYNCOS GETTING STARTED GUIDE

ABOUT THIS GUIDE

IRONPORT ASYNCOS GETTING STARTED GUIDE

IronPort Knowledge Base

Support Portal: http://www.ironport.com/support

OVERVIEW OF IRONPORT EMAIL SECURITY

IRONPORT ASYNCOS GETTING STARTED GUIDE

zip (exe) files

-zip (exe) files

zip (exe) files

IRONPORT ASYNCOS GETTING STARTED GUIDE

IronPort Email Security Appliance GUI

CHAPTER 2: IRONPORT EMAIL SECURITY APPLIANCE GUI 9

IRONPORT ASYNCOS GETTING STARTED GUIDE

Click the menus to access the various areas of the GUI.

The menus display task-based links. Click the links to access

The Options menu enables you to change your password or

The Help menu provides access to online help information

5 - Commit Changes button

The Commit Changes button notifies you if changes are

Email Security Tasks

IRONPORT ASYNCOS GETTING STARTED GUIDE

Dropping Spam Messages by Default

DROPPING SPAM MESSAGES BY DEFAULT

IRONPORT ASYNCOS GETTING STARTED GUIDE

9. Add a comment to describe the change.

TASK 2: EXEMPT SPECIFIED GROUPS OF USERS FROM SPAM FILTERING

Creating a Mail Policy

3. To define the policy, enter the following information:

IRONPORT ASYNCOS GETTING STARTED GUIDE

Insert Before Policy: 1 (Default Policy).

Changing the Anti-Spam Settings for a Mail Policy

CHANGING THE ANTI-SPAM SETTINGS FOR A MAIL POLICY

3. Scroll down to the Positively-Identified Spam Settings section.

4. In the Positively-Identified Spam Settings section, enter the following information to

IRONPORT ASYNCOS GETTING STARTED GUIDE

The Incoming Mail Policies page is displayed.

8. Review the Anti-Spam column.

TASK 3: QUARANTINE INCOMING SPAM

Configuring the IronPort Spam Quarantine

IRONPORT ASYNCOS GETTING STARTED GUIDE

The Quarantines page is displayed.

5. Select None in the End-User Authentication field.

CONFIGURING THE IRONPORT SPAM QUARANTINE

IRONPORT ASYNCOS GETTING STARTED GUIDE

Enabling the IronPort Spam Quarantine HTTP or HTTPS Service

CONFIGURING THE POLICY TO SEND SPAM TO THE IRONPORT SPAM QUARANTINE

Configuring the Policy to Send Spam to the IronPort Spam Quarantine

IRONPORT ASYNCOS GETTING STARTED GUIDE

Enabling the End User Safelist/Blocklist on the IronPort Spam Quarantine

3. Select Enable End User Safelist/Blocklist Feature.

ADDING ITEMS TO THE SAFELIST FOR AN END USER ACCOUNT

Adding Items to the Safelist for an End User Account

IRONPORT ASYNCOS GETTING STARTED GUIDE

5. Click Add to List.

Adding Items to the Blocklist for an End User Account

ADDING ITEMS TO THE BLOCKLIST FOR AN END USER ACCOUNT

4. Click Add to List.