Directory Attack Control | Surf Control 5.2.4 guide

SYSTEM SETTINGS

Receive Settings

2

DIRECTORY ATTACK CONTROL

Directory Attack is used by questionable sources to gain access to internal e-mail accounts. A directory attack not only occupies large amounts of system resource but also, through the acquisition of e-mail accounts, creates spam problems for e-mail end users. RiskFilter enables you to control directory attack to limit the maximum messages and connections coming from an IP address over a given time period. Use the Directory Attack Control screen to configure this.

Figure 2 - 16 The Directory Attack Control screen

There are two levels of control within this pane. The first enables you to specify in seconds how often the limit on messages is to be applied. The second will apply the same limits but in minutes. Specifying that messages are limited by the second gives you greater control than when you limit them by the minute.

To configure directory attack control:

1Select Receive Settings > Directory Attack Control from the System Settings tab.

2Select the Limit number of messages/connections per IP every ... seconds to enable the level 1 control then set the maximum number of messages, and connections. You can also set how often the same message is allowed to pass through RiskFilter.

3Select the Limit number of messages/connections per IP every ... minutes to enable the level 2 control then set the maximum number of messages, and connections. You can also set how often the same message is allowed to pass through RiskFilter.

4If you have selected one of the directory attack control options, you can select the Drop Connection option and set a percentage. Once the invalid messages/connections exceed this percentage of the total number of invalid messages/connections, the connection will be dropped automatically.

5Click Submit to put the new settings into effect or Reset if you want to cancel the modifications made to the current settings.

SurfControl RiskFilter - E-mail V5.2.4

Administrator’s Guide 29

Image 34

Surf Control 5.2.4 manual The Directory Attack Control screen

Contents

SurfControl RiskFilter E-mail Contents Policy Manager Riskfilter System Management Console Appendix Chapter HOW Riskfilter Works Managing Your Messages with Riskfilter Control ConnectionRelay Control Load Balancing with Riskfilter Mail Exchanger IP Address MX Preference Load balancing with RiskFilter Riskfilter System Management Console Launching Surfcontrol RiskfilterHttps//hostnameoripaddress10000 Https//hostnameoripaddress/admin Riskfilter Management Console AdministratorOpening the RiskFilter Management Console Before YOU Start System Settings What can be Configured in the System Settings TAB? System Settings TABTerminology Used General ConfigurationSelect General Configuration from the System Settings tab Postmaster e-mail address Session Timeout Other SettingsAdmin Console Smtp greeting User Directories Editing User Directories Deleting a User Directory Open the User Directories screen Microsoft Active Directory Click Add in the User Directories screen IBM Ldap server Select IBM Ldap Server Generic Ldap Click Add in the User Directories screen Select Generic Ldap Validation settings Esmtp Server Information Recipient File Local Database To add a local database Click Add Secure Proxy Select General Secure Proxy from the System Settings tabLocal Database Add/Edit Address screen is displayed Select Enable Webmail Proxy Select Enable POP3 ProxySelect Enable Imap Proxy Select General Directories from the System Settings tab Setting up the storage directoriesLogs and Archives Certificate Notifications Exporting Certificates Select General Certificate from the System Settings tabImporting Certificates Certificate Signing Request Connection Settings Receive SettingsConnection Control Smtp Greeting Delay Allow Access List Directory Attack Control 16 The Directory Attack Control screen Relay Control SPF Authentication ConfigurationControlling relaying of messages Allowing relaying to specific domains Relay for Internal Senders Adding details of domains Recipient ValidationAdd validation servers Message Control 19 The Message Control screen Exception Control 20 Set what action is taken on messages To configure exception control Black List Adding an IP or subnet address to the blacklist Importing and exporting Lists Adding domain or e-mail addresses to the blacklist Adding an IP or subnet address to the White List White ListDynamic White List Receive Settings DOMAIN-BASED Delivery Send SettingsSetting up the destination domains Delivering the messages Using TLS authentication Transport Layer Security Select Forward mail to the following Smtp servers Traffic Control Advanced Delivery Send Settings User Management Account Manager Changing the Administrator Account Password Specifying Administrator Access Setting up Administrator Access Personal E-MAIL Manager Editing Administrator AccountsSelect Account Manager from the User Management menu Setting up the PEM message 31 What the user sees Personal E-mail Manager Exporting lists of users Adding usersImporting lists of users END-USER Control End-user Bypass Anti-Spam SettingSetting up End User Control User List User Authentication Authenticating PEM users Authenticating remote users License & Updates Update NOW Updating your Anti-Spam Agent Definitions AVA and ASA License Expired Select the Anti-Virus Agent Update check box Scheduled UpdateUpdating the Anti-Virus Agent Updating the Anti-Spam Agent Select the Anti-Spam Agent Update check boxLicense Status Updating Component Licenses Manually setting up a license server Update ServerViewing component licenses License Server User Number Exceeded Help Admin Guide Contact SupportSelect Help Contact Support from the System Settings tab Submitting a Support Request Firstboot Wizard Configuration Wizard KEY Points Key Points Policy Manager What can be Configured in the Policy Manager TAB? Policy Manager TAB Defining Users Creating a PolicyDefining the Action Defining the Rules Global Policy Filter List Address Group Importing and Exporting Lists Deleting Address Groups Queue Manager Adding Queues Editing a Queue Select Queue Manager from the Policy Manager tab Surfcontrol Dictionaries Dictionary ManagerEditing SurfControl Dictionary properties Adding words to the SurfControl Dictionaries Changing the value of words in the SurfControl DictionariesDeleting a word or phrase Custom Dictionaries Create a new dictionary Importing Dictionaries Importing a SurfControl Dictionary Pack Creating a unicode text file Worthlesstab space15 balancetab space10 Exporting a dictionary Importing a unicode text fileSelect Import from a Unicode text file Global Policy Creating a NEW SUB-POLICY Select Global Policy from the Policy Manager tab 15 Enter the details of the new Sub-policy Deleting a SUB-POLICY Editing a SUB-POLICYAdding Filters to the Policy Defining a Filter 18 The Global Policy Filter List screen Editing the Anti-Virus Agent Filter ANTI-VIRUS Agent FilterCreating a new filter Select Global Policy Filters from the Policy Manager tab Global Policy ANTI-SPAM Agent Filters Select Anti-Spam Agent DFP Configuring the Anti-Spam Agent Heuristics Filter Select Anti-Spam Agent Heuristics Configuring the Anti-Spam Agent LexiRules Filter Select Anti-Spam Agent LexiRules Internet Threat Database Filter 23 The Internet Threat Database Filter screen Editing the Internet Threat Database Filter Standard DisclaimerSelect the Internet Threat Database Filter and click Next Editing the Standard Disclaimer Filter Select the Standard Disclaimer Filter Editing the General Content Filter General Content FilterSelect the General Content Filter and click Next Editing the Advanced Content Filter Advanced Content FilterSelect the Advanced Content Filter and click Next Using the Expression List 27 The Expression screen Using Logical Operators RiskFilter or Gateway or Innovation Examples showing the use of OperandsRiskFilter and Gateway and Innovation Occur gateway Assume Frequency =2 Message Attachment Filter 28 Message Attachment Filter screen Editing the Message Attachment Filter Select the Message Attachment Filter and click Next Creating a new Content Guardian filter Content GuardianSelect the Internet Content Guardian Filter and click Next Adding a filtering rule Deleting a filtering rule Dictionary Threshold FilterHow the Dictionary Threshold Filter works Configuring the Dictionary Threshold Filter Select the Dictionary Threshold Filter and click Next Global Policy KEY Points Key Points Reports & Logs What can be Configured in the Reports and Logs TAB? Reports and Logs TAB Dashboard Server status monitoring Select Master Report from the Reports and Logs tab Master ReportQuerying the Master Report Select Specified date range from the Logs for list box Master Report Message Report Querying the Message Report Policy Report Querying the Policy Report Virus Report Querying the Virus Report Spam Report Querying the Spam Report Connection Report Querying the Connection Report Connection Report System Report Select Isolated Messages from the Reports and Logs tab Isolated MessagesManaging Isolated Messages Click View Messages Isolated Messages Managing the Virus Messages Virus MessagesSelect Virus Messages from the Reports and Logs tab 14 An Archived message Managing Spam Messages Spam MessagesSelect Spam Messages from the Reports and Logs tab To view a message click the subject Managing Archived Messages Archived MessagesSelect Archived Messages from the Reports and Logs tab Export Messages View Messages Reprocess MessagesClick Reprocess Messages 19 Select the check box alongside the message Querying Deferred Messages Deferred MessagesSelect Deferred Messages from the Reports and Logs tab 22 An Archived message KEY Points Key Points RiskFilter System Management Console What can be Configured with the System Management CONSOLE? Overview Accessing the Riskfilter System Management Console Rfmngr Account What can be Configured in the Webmin TAB? Webmin TAB Select Webmin Configuration from the Webmin tab Webmin ConfigurationIP access control Webmin Actions LOG Language Select Language from the Webmin Configuration screenSelect Logging from the Webmin Configuration screen Ports and Addresses Adding Webmin Servers Webmin Servers IndexProxy Servers Select Webmin Servers Index in the Webmin What can be Configured in the System TAB? System TAB Select Change Passwords in the System tab Bootup and ShutdownChange Passwords Historic System Statistics Multi Gateway Policy Routing Select Multi Gateway Policy Routing in the System tab Network Configuration Network Interfaces Setting up additional NICs Multi-NIC configuration in RiskFilterEnter an IP Address 11 The Create Bootup Interface screen Routing and Gateways Select DNS Client from the Network Configuration tab DNS Client Host Addresses 15 Host Addresses System Time Running ProcessesSelect System Time in the System tab System and Server Status Click Sync system time What can be Configured in the Riskfilter TAB? Riskfilter TAB Riskfilter Services Manager Riskfilter Backup Manager Riskfilter Cluster Wizard Click Complete Load balancing with RiskFilter 25Load balancing 26 RiskFilter in a cluster set up Riskfilter WEB Access Manager Select Web Access Manager in the RiskFilter tab Update Riskfilter E-MAIL 28 The Update RiskFilter-E-mail screen KEY Points Key Points Appendix Using the Command Line Interface # sudo /etc/init.d/smgd status Clean queues QTOOL.SH Using the Command Line Interface Using the Command Line Interface Using the Command Line Interface UNINSTALL.SH Example 6 uninstalling the RiskFilter software All items were successfully uninstalled Core / Liability Categories Internet Threat Database CategoriesInternet Theat Database Categories Productivity Categories Core / Liability Categories Productivity Categories Special Events Other Index Administrator’s Guide SurfControl RiskFilter E-mail SurfControl RiskFilter E-mail Administrator’s Guide OpenSSL Sun RPC Apache Software License, Version Expat XML Parser Toolkit SPFJava Ldap