V3 ExchangeDefender™ V3 The following document helps introduce users, administrators and support staff to the features and implementation of ExchangeDefender™ SMTP Security. V3.1 Copyright © 2003 – 2007, Own Web Now Corp. ExchangeDefender™ is a trademark of Own Web Now Corp. Contents ExchangeDefender™ User Guide .................................................................................................................. 3 Overview ................................................................................................................................................... 3 Web Interface ........................................................................................................................................... 3 Main Portal ............................................................................................................................................... 4 E-Mail Addresses ....................................................................................................................................... 5 Quarantine Operations ............................................................................................................................. 6 Trusted Senders ........................................................................................................................................ 7 Settings...................................................................................................................................................... 8 Daily SPAM Reports .................................................................................................................................. 9 ExchangeDefender Administrator Guide .................................................................................................... 11 Overview ................................................................................................................................................. 11 Deployment Scenario .............................................................................................................................. 11 Web Interface ......................................................................................................................................... 11 Account Management ............................................................................................................................ 13 Find Accounts ...................................................................................................................................... 14 New Account ....................................................................................................................................... 14 SPAM and SureSPAM Policies ............................................................................................................. 15 Additional SMTP Addresses (Aliases, Forwards) ................................................................................. 16 Resend Password Reminders and Welcome Message ....................................................................... 16 Manage Daily and Intraday E-mail Reports ........................................................................................ 16 Manage User ....................................................................................................................................... 17 Policies .................................................................................................................................................... 17 Lists ......................................................................................................................................................... 18 SPAM Czar ............................................................................................................................................... 18 Settings.................................................................................................................................................... 19 2 ExchangeDefender™ User Guide The following section helps ExchangeDefender™ protected user get the most out of the service. Overview ExchangeDefender™ is an SMTP Security Service allowing your organization to be protected from Internet security threats and annoyances such as SPAM, worms, viruses, DDoS attacks and more. ExchangeDefender™ keeps the unwanted content from your mailbox by constantly monitoring and analyzing messages and detecting potential threats. Because this is an automated software system it can make mistakes. We never delete your mail and have several convenient ways for you to access anything that may have been incorrectly identified as a threat. You can access quarantined messages through a Daily SPAM Report email, Intraday SPAM Report email and in realtime via secure ExchangeDefender™ Administration web site. Web Interface ExchangeDefender™ management is primarily managed through the secure ExchangeDefender™ Admin Portal web site at: https://admin.exchangedefender.com ExchangeDefender™ Admin Portal web site is a secure web site using commercially-signed 128-bit SSL certificate to encrypt all data exchanged between your computer and our network. This is the same type of security used by major banks and e-commerce sites such as Amazon and eBay so you can feel free to enter data and know it is secure. Furthermore, data provided through the ExchangeDefender™ Admin Portal web site is completely encrypted on the server side making identity theft very difficult. What can be done through the ExchangeDefender™ Admin Portal? 3 Main Portal - Quick overview of all SPAM and SureSPAM quarantines Search for quarantined messages, senders and subjects E-Mail Addresses - Protect additional e-mail addresses that belong to you by adding them to your account Resend or Delete any Welcome or Activation messages Manage SPAM actions: Deliver, Quarantine or Delete Delete e-mail address you do not wish to have monitored or protected Quarantine Operations - Release messages from the quarantine and deliver Trust Senders (whitelist) and deliver quarantined messages Review All messages to mark items you’ve already seen Trusted Senders - Add e-mail addresses and trust sender to send messages to one or all of your addresses Settings - Enable or disable Daily SPAM and Intraday SPAM reports Configure reporting schedule and set when your reports should arrive Set paging to limit the number of items you see per page Set your default time zone Change your ExchangeDefender™ password Main Portal ExchangeDefender™ main page is the first thing you see when you login to your ExchangeDefender™ account. This interface is designed based on user feedback and gives you quick access to your settings, search and spam quarantines. The navigation is on the very top of the screen just under the logo and allows you access to your E-mail Addresses, Trusted Senders, Settings and more. 4 The main screen has three panels: - Announcements: Important notices from your system administrator Find messages: Type in a part of the email or subject to locate a message Browse SPAM: Review your SPAM quarantines by browsing through messages E-Mail Addresses E-Mail Addresses section of the portal allows you to configure your own SPAM management policies – What should ExchangeDefender™ do with SPAM: quarantine, delete or deliver? If your system administrator has given you the right to set these settings yourself you can quickly make the changes under the Manage dropdown (click on Select one and pick the desired action). 5 You can manage multiple e-mail addresses through the same ExchangeDefender™ account. Most users have additional aliases (additional e-mail addresses) and this feature enables you to review all SPAM messages using the same login or to receive a single Daily SPAM report. Quarantine Operations If you have chosen to quarantine SPAM with ExchangeDefender™ we will never delete your e-mail. Instead, it is stored on our servers, allowing you to save bandwidth, mailbox quota and time by quickly finding or browsing for anything that may have been incorrectly identified as SPAM. ExchangeDefender™ quarantine screens (browsing messages or searching) have several components. There are three buttons on top of every message listing – Release, Trust Sender, Review All. To the left of those are links that show you how many SPAM messages are in the quarantine, ability to move back and forth through messages or show them all on the same screen (Warning: Be careful with Show All as loading thousands of SPAM messages at once can crash your browser). 6 The body of the quarantine listing shows you where the message came from, what the subject was and when it was received, respective to your time zone. On the very left of each message is a checkbox – you can check several messages and select the action – Release or Trust Sender. Clicking on Review All allows you to mark all messages as reviewed so that they do not appear on the main portal screen and give you a way to identify which messages you’ve already looked at. This action is quite useful for individuals that receive a lot of SPAM and check their quarantines several times a day. Release and Trust Sender operations are very intuitive and allow you to act on several messages at once. These actions are similar in that they both deliver the suspected SPAM message to your inbox within seconds. Trust Sender is special because in addition to releasing the message from the quarantine it also adds the sender of the message to your trusted senders list automatically. Trusted Senders Trusted Senders or whitelist allow you to make exceptions to how ExchangeDefender™ processes messages from certain senders. Whitelists allow you to provide e-mail addresses or domains you never want scanned for SPAM content. Just enter the email address or domain you wish to always receive mail 7 from regardless of the SPAM content, select an email address which these messages go to (or check box Apply to all my e-mail addresses to whitelist to all addresses). Deleting addresses from this list is easy as well because whitelists are sorted alphabetically and broken up by the email address they apply to. Settings ExchangeDefender™ settings allow you to customize the display and behavior of ExchangeDefender™ enable or disable Daily SPAM report e-mails, set default time zone, change password or limit the number of items shown when you browse message or trusted senders lists. 8 Daily SPAM Reports ExchangeDefender allows you to receive a single daily email giving you quick access to all possible SPAM messages that were quarantined during the previous day. This web page (HTML) email gives you a single-click access to deliver a message, trust sender and review entire days worth of email. 9 In addition to the Daily SPAM Report you can also enable an Intraday SPAM Report. This is an additional daily email that can be helpful if it is critical that you review SPAM messages received during the day. Keep in mind that you have real-time access to all messages through the ExchangeDefender™ Admin Portal web site at any time. 10 ExchangeDefender Administrator Guide The following section helps ExchangeDefender™ administrator configure and manage security for the protected domain and its users. Overview ExchangeDefender™ Admin Portal web site allows you to quickly establish a security policy for your domains, manage users, search quarantines and provide overall management for all mail coming in or out of your mail server. ExchangeDefender™ is a secure managed SMTP service provided out of 14 data centers spanning hundreds of servers dedicated to enforcing your organizations messaging security policies. ExchangeDefender™ also provides advanced archiving, business continuity, failover, routing and selective delivery services without installing server software or hooking directly into your network at all. This secure deployment “in the cloud” (over the Internet) allows ExchangeDefender™ to provide the ultimate security solution without compromising corporate privacy policies. Deployment Scenario ExchangeDefender™ is deployed in two stages. Your mail server should first be instructed to route all outbound SMTP mail through our ExchangeDefender™ outbound network. This is accomplished through the smarthost mechanism which is present in all modern SMTP servers. The second step is to protect inbound mail by pointing the MX records at the ExchangeDefender™ inbound network. Finally, IP restrictions are put in place to restrict which systems are allowed to relay messages out of your network and which addresses ExchangeDefender™ will relay messages into your network. Firewall, smarthost and IP restriction configuration is device/service dependant and is beyond the scope of this document. However, we do have whitepapers and webcasts on our web site that can assist you with configuration or you can just give us a call. Web Interface ExchangeDefender™ management is primarily managed through the secure ExchangeDefender™ Admin Portal web site at: https://admin.exchangedefender.com ExchangeDefender™ Admin Portal web site is a secure web site using commercially-signed 128-bit SSL certificate to encrypt all data exchanged between your computer and our network. This is the same type of security used by major banks and e-commerce sites such as Amazon and eBay so you can feel free to enter data and know it is secure. Furthermore, data provided through the ExchangeDefender™ Admin Portal web site is completely encrypted on the server side making identity theft very difficult. 11 What can be done through the ExchangeDefender Admin Portal? Account Management - Create a new account Add e-mail address aliases (additional SMTP addresses) to the account Change account password, time zone, paging, report settings Customize account’s SPAM management policies: Deliver, Quarantine or Delete Enable and schedule Daily and Intraday SPAM reports Resend password reminders and welcome messages Manage users account on their behalf Policies - Establish complex & granular policies per user, domain or organization Manage archiving settings for government and regulatory compliance 12 - Manage virus scanning preferences and ExchangeDefender™ confidence levels Set organizational tolerance for SPAM Manage multiple levels of SPAM to reduce users review time Lists - Easilly manage per-user blacklists and whitelists (banned users, trusted senders) Manage global per-domain or organization-wide whitelists and blacklists SPAM Czar - Delegate SPAM management functions to the individual or department Empower individual user to review SPAM and SureSPAM for the entire organization Allow Spam Czar to manage, search, add, trust and release messages for the entire company Allow limited priviledge (no administrative rights) access to quarantines and whitelists Search all quarantined messages in realtime across all accounts Settings - Set paging to limit the number of items you see per page Set your default time zone Change your ExchangeDefender™ password Account Management Account Management section of the ExchangeDefender Admin Portal allows you to control every aspect of your organizations mail security. You can create accounts, manage SPAM settings, search quarantine in realtime, establish domain policies and control everything that the user can control. This functionality enables you to reduce the time required to troubleshoot any issues your users may encounter because you see what they see. 13 Find Accounts Find Accounts section allows you to quickly locate the user by typing just a part of their email address. New Account New account section allows you to provide ExchangeDefender™ security to a user that is new to your organization. This process is quick and easy with recommended settings set by default, leaving plenty of room to completely customize and lock down a user as needed. This section completely creates new users ExchangeDefender™ profile so they can log into the ExchangeDefender™ Administrative Portal, opens up mail forwarding to your mail server, establishes SPAM tolerance and allows you to determine which daily e-mail reports the user should receive. 14 SPAM and SureSPAM Policies There are several actions you can use to handle SPAM and SureSPAM messages before they reach your server. These actions are Deliver, Quarantine or Delete: Deliver – Automatically deliver all SPAM or SureSPAM to this user but modify the subject ([SPAM] prefix) and add an SMTP header: X-ExchangeDefender-SPAM: Yes. Quarantine – Do not deliver possible SPAM or SureSPAM message to the user, quarantine it on the ExchangeDefender network instead. User can still access the message through the 15 ExchangeDefender™ Admin Portal in real-time, through the daily and intraday SPAM reports or by the administrator or Spam Czar. Delete – The ultimate no to SPAM, automatically and permanently deletes the message without quarantining, logging or delivering the message. Note: ExchangeDefender™ is configured to quarantine possible SPAM or SureSPAM messages by default. This setting immediately makes the user more productive by keeping messages out of users mailbox but still provides for an opportunity to review and retrieve the messages that may be incorrectly identified as SPAM. We believe that best practices configuration is to Quarantine SPAM messages and Delete SureSPAM messages when you are comfortable with ExchangeDefender™ performance and trust its ability to correctly identify SPAM. Additional SMTP Addresses (Aliases, Forwards) ExchangeDefender™ administrators and users can add multiple email addresses to a single account. Most users tend to have multiple email addresses associated with their email accounts and ExchangeDefender can consolidate those reports and streamline search and daily e-mail reports. Resend Password Reminders and Welcome Message Users frequently lose or accidentally delete their welcome messages, passwords and other information. ExchangeDefender™ allows you automatically resend welcome and password reminder messages for any user. Manage Daily and Intraday E-mail Reports Daily reports provide a convenient way to alert the user that some of their messages may have been quarantined. This system is highly efficient because it does not require any additional software to be installed. E-mail reports give the user a single daily e-mail containing the list of all quarantined messages and allow single-click Release or Trust Sender (whitelist) without the need to authenticate to the ExchangeDefender™ web site. It makes the entire organization immediately productive by reducing the amount of clicks required to review messages, reduces the quota and system impact because instead of a few hundred SPAM messages your user will only receive one daily report containing them all. There are two actions associated with the daily SPAM report: Deliver – Release message from the quarantine and deliver to users mailbox. Trust Sender – Release message from quarantine, deliver to users mailbox and add the original sender to the Trusted Sender (whitelist) so no future messages from that sender are ever caught in the SPAM quarantine. 16 Manage User The ultimate in user management – select this action to be automatically logged in as the user and make all the changes on their behalf. See what they see! Policies ExchangeDefender™ policy engine is the system that enforces the rules you have set to manage your messaging hygiene. This powerful system controls which rules are applied to each message going through ExchangeDefender™ and considers everything from security to encryption and spam handling. Note: Be careful when making modifications to the policy engine. By default we enforce the optimal configuration, making changes to the policy engine behavior can affect your organization’s security and privacy so seek management approval before making significant changes to the system. 17 Lists Lists section of the ExchangeDefender™ Admin Portal manages exceptions ExchangeDefender makes in processing messages. Whitelists allow you to provide email addresses or domains you never want scanned for SPAM content. Conversely, Blacklists allow you to specify which email addresses, domains or network addresses you always want considered as SPAM so they can never send mail to your users. Managing blacklists and whitelists is quite simple: just enter the sender and recipients email addresses and select whether messages matching that criteria should be whitelisted or blacklisted. Additionally you can enter entire domains, countries or IP address blocks. SPAM Czar SPAM Czar role allows you to delegate spam management functions of the entire organization to an individual or department. Some organizations choose to designate a single person or department as the main reviewer of all ExchangeDefender™ quarantined mail because they believe their staff is not 18 technical enough to manage SPAM or too busy to be bothered with managing their own junk mail. Whatever the reason, ExchangeDefender™ SPAM Czar role is a limited-privilege account that only allows the designated user to review other users messages and act on them. What can SPAM Czar do? SPAM Czar has the same power over quarantined messages as every other user protected by ExchangeDefender™; they can search the quarantine, release messages, trust senders, and review messages for the entire organization. Note: SPAM Czar has no administrative power. Even though SPAM Czar can manage all SPAM and trust lists there is no way for them to view users messages, adjust system policies, change passwords or affect the behavior of ExchangeDefender™. Settings ExchangeDefender™ administrative settings allow you to customize the way ExchangeDefender™ presents the information on the web site. For example, you can set your time zone so that all message timestamps match your locale. You can also change the number of items shown per page or change the password used to access the portal. 19 Note: It is important to note that ExchangeDefender™ settings are for display purposes only. Actual ExchangeDefender™ management is defined by the policies you set for each individual domain or user. 20