Mail Gateway

From Halon Security
Jump to: navigation, search

This document is about the Web Administration's Mail Gateway sections. The mail gateway sections are available in both the SPG and VSP, since they are per definition; mail gateways.

Contents

Block chart overview

The SPG/VSP are specialized mail (SMTP) gateway products, which focuses around the problem of assuring that every genuine e-mail is delivered, while preventing attacks, spam and viruses. Below is a chart that outlines which part of the H/OS 2 operating system is involved during each stage of an SMTP session.

Sections of the Mail Gateway administration

The following sections describe each of the mail gateway sections, found in the Web Administration.

Go-next.png Incoming SMTP Listeners

The section incoming allows users to configure mail listeners (recievers), and display the incoming queue. The incoming queue lists messages that are awaiting processing by the mailscanner process. A mail listener is essentially a mail server, listening to a port (usually 25).

An incoming SMTP listener is a server object, bound to listen (accept connections on) either all addresses configured on an appliance, or just a few addresses. They are pre-configured to listen on port 25, since it is the mail delivery (SMTP) port by definition. A listener only accepts a message if it's recipient address' domain is configured on the appliance, and assigned to that specific listener.

Direct processing

Normally, a message is scanned "inline", in order for you to reject it (give an error message like "550 We think this is spam" response). However, by disabling direct processing, messages can be placed in the incoming queue, available at Mail Gateway → Activity → Incoming tab. The incoming queue is continuously processed by the mailscanner, according to the assigned mail content flow.

Connection-level protection

If a IP Policy is used, a connection must be allowed by the IP Policy flow before it's accepted; providing connection-level filtering. IP Policies are configured on Security → IP Policy, providing lots of features such as rate control, black and white list, DNSBL and GlobalView.

GlobalView is a subscription service, that typically stop more that 80% spam on connection level. This means that the spammer does not even get to talk to the appliance; it is instantly blocked. GlobalView also protects against botnets and other threats.

SSL/TLS Support

To activate TLS, goto Mail Gateway → Incoming and activate the advanced option "Support TLS" for your incoming listener. Read more about the use of TLS and PKI.

You may also use TLS for outgoing traffic, see TLS Certificates Section.

SASL Authentication

Mail Gateway SASL documentation.

X-office-address-book.png Domains

In order for an incoming SMTP listener to know which domains to relay for, domain objects needs to be defined and associated with a listener. Even when using LDAP or a text file as recipient database for the incoming listener, domains are still required since the mailscanner (employing the process flows) needs to know which one to use. A so-called "any" domain is available, if no domain-related associations shall be made.

X-office-address-book.png Domains Tab

A domain is the core of the mail configuration, it connects all parts together (incoming, flow, transport) in a unique combination of incoming and domain. That means that you can have the same domain defined multiple times on different incoming listeners. The search of the domain to use is narrowed down by searching for the most specific listeners and then domain to use; a defined IP is matched before "any", same goes for domains, a defined domain is matched before "any" (just like an IP routing table).

Recipient Flows

In the recipient flow, you may at an early stage check SPF record, lookup users against LDAP etc. If no "Recipient Flow" has been configured for a listener, it accepts mail messages to all users on the domains assigned to it. The appliance can however look up specific users on a domain, by issuing either LDAP or a text file or Mail Recipient flow. Recipient flows are chosen per domain; but the default "SPF and Recipient" flow is very good, and can usually be chosen for all domains.

X-office-address-book.png Domain Alias Tab

The relationship between domain alias and parent domain is that the domain alias inherit all settings from the parent domain. Also, quarantine users with equal names will be automatically joined between the alias and parent domain.

Edit-find-replace.png Mail Content Flows

Mail Content Flows are selected per domain, on the "Domains" section. They process the mail, once the mail data (the SMTP command "DATA") is available. Hence, mail content flows have more parameters available than for example IP Policy Flows, which only has a IP packet object to operate on.

Objects (modules) in a mail content flow can be added, removed or re-ordered. If the pre-defined objects prove insufficient, you can use the "Script" module to write your own HSL code, with the commands available in the Core and Mail Content extension.

Custom Icon on Script Blocks

In the first comment specify an icon using --webui-icon=http://url.

// My first block --webui-icon=http://example.org/images/internet-mail.png

echo "Hello World";

Quarantine.png Quarantine

The quarantine temporary store messages in order for end-users to release them.

LDAP

LDAP documentation.

Logging and History

Mail Gateway logging documentation.

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox