Manuals / Surf Control / Power Tools / Welder

Surf Control 5.2.4 manual The Directory Attack Control screen

Models: 5.2.4

1 182

Download 182 pages 55.76 Kb

Page 34

SYSTEM SETTINGS

Receive Settings

2

DIRECTORY ATTACK CONTROL

Directory Attack is used by questionable sources to gain access to internal e-mail accounts. A directory attack not only occupies large amounts of system resource but also, through the acquisition of e-mail accounts, creates spam problems for e-mail end users. RiskFilter enables you to control directory attack to limit the maximum messages and connections coming from an IP address over a given time period. Use the Directory Attack Control screen to configure this.

Figure 2 - 16 The Directory Attack Control screen

There are two levels of control within this pane. The first enables you to specify in seconds how often the limit on messages is to be applied. The second will apply the same limits but in minutes. Specifying that messages are limited by the second gives you greater control than when you limit them by the minute.

To configure directory attack control:

1Select Receive Settings > Directory Attack Control from the System Settings tab.

2Select the Limit number of messages/connections per IP every ... seconds to enable the level 1 control then set the maximum number of messages, and connections. You can also set how often the same message is allowed to pass through RiskFilter.

3Select the Limit number of messages/connections per IP every ... minutes to enable the level 2 control then set the maximum number of messages, and connections. You can also set how often the same message is allowed to pass through RiskFilter.

4If you have selected one of the directory attack control options, you can select the Drop Connection option and set a percentage. Once the invalid messages/connections exceed this percentage of the total number of invalid messages/connections, the connection will be dropped automatically.

5Click Submit to put the new settings into effect or Reset if you want to cancel the modifications made to the current settings.

SurfControl RiskFilter - E-mail V5.2.4

Administrator’s Guide 29

Image 34

Surf Control 5.2.4 manual The Directory Attack Control screen

Contents

SurfControl RiskFilter E-mail Contents Policy Manager Riskfilter System Management Console Appendix Chapter HOW Riskfilter Works Managing Your Messages with RiskfilterControl ConnectionRelay Control Load Balancing with Riskfilter Mail Exchanger IP Address MX PreferenceLoad balancing with RiskFilter Riskfilter System Management Console Launching Surfcontrol RiskfilterHttps//hostnameoripaddress10000 Https//hostnameoripaddress/admin Riskfilter Management Console AdministratorOpening the RiskFilter Management Console Before YOU Start System Settings What can be Configured in the System Settings TAB? System Settings TABTerminology Used General ConfigurationSelect General Configuration from the System Settings tab Postmaster e-mail addressSession Timeout Other SettingsAdmin Console Smtp greetingUser Directories Editing User DirectoriesDeleting a User Directory Open the User Directories screenMicrosoft Active Directory Click Add in the User Directories screenIBM Ldap server Select IBM Ldap ServerGeneric Ldap Click Add in the User Directories screen Select Generic LdapValidation settings Esmtp Server InformationRecipient File Local DatabaseTo add a local database Click Add Secure Proxy Select General Secure Proxy from the System Settings tabLocal Database Add/Edit Address screen is displayed Select Enable Webmail Proxy Select Enable POP3 ProxySelect Enable Imap Proxy Select General Directories from the System Settings tab Setting up the storage directoriesLogs and Archives Certificate NotificationsExporting Certificates Select General Certificate from the System Settings tabImporting Certificates Certificate Signing RequestConnection Settings Receive SettingsConnection Control Smtp Greeting Delay Allow Access ListDirectory Attack Control 16 The Directory Attack Control screenRelay Control SPF Authentication ConfigurationControlling relaying of messages Allowing relaying to specific domains Relay for Internal Senders Adding details of domains Recipient ValidationAdd validation servers Message Control 19 The Message Control screenException Control 20 Set what action is taken on messagesTo configure exception control Black List Adding an IP or subnet address to the blacklistImporting and exporting Lists Adding domain or e-mail addresses to the blacklistAdding an IP or subnet address to the White List White ListDynamic White List Receive Settings DOMAIN-BASED Delivery Send SettingsSetting up the destination domains Delivering the messagesUsing TLS authentication Transport Layer Security Select Forward mail to the following Smtp serversTraffic Control Advanced DeliverySend Settings User Management Account ManagerChanging the Administrator Account Password Specifying Administrator AccessSetting up Administrator Access Personal E-MAIL Manager Editing Administrator AccountsSelect Account Manager from the User Management menu Setting up the PEM message 31 What the user sees Personal E-mail Manager Exporting lists of users Adding usersImporting lists of users END-USER Control End-user Bypass Anti-Spam SettingSetting up End User Control User ListUser Authentication Authenticating PEM usersAuthenticating remote users License & Updates Update NOWUpdating your Anti-Spam Agent Definitions AVA and ASA License ExpiredSelect the Anti-Virus Agent Update check box Scheduled UpdateUpdating the Anti-Virus Agent Updating the Anti-Spam Agent Select the Anti-Spam Agent Update check boxLicense Status Updating Component LicensesManually setting up a license server Update ServerViewing component licenses License Server User Number ExceededHelp Admin Guide Contact SupportSelect Help Contact Support from the System Settings tab Submitting a Support RequestFirstboot Wizard Configuration WizardKEY Points Key Points Policy Manager What can be Configured in the Policy Manager TAB? Policy Manager TABDefining Users Creating a PolicyDefining the Action Defining the Rules Global Policy Filter ListAddress Group Importing and Exporting ListsDeleting Address Groups Queue Manager Adding QueuesEditing a Queue Select Queue Manager from the Policy Manager tabSurfcontrol Dictionaries Dictionary ManagerEditing SurfControl Dictionary properties Adding words to the SurfControl Dictionaries Changing the value of words in the SurfControl DictionariesDeleting a word or phrase Custom Dictionaries Create a new dictionaryImporting Dictionaries Importing a SurfControl Dictionary PackCreating a unicode text file Worthlesstab space15 balancetab space10Exporting a dictionary Importing a unicode text fileSelect Import from a Unicode text file Global Policy Creating a NEW SUB-POLICYSelect Global Policy from the Policy Manager tab 15 Enter the details of the new Sub-policyDeleting a SUB-POLICY Editing a SUB-POLICYAdding Filters to the Policy Defining a Filter 18 The Global Policy Filter List screenEditing the Anti-Virus Agent Filter ANTI-VIRUS Agent FilterCreating a new filter Select Global Policy Filters from the Policy Manager tabGlobal Policy ANTI-SPAM Agent Filters Select Anti-Spam Agent DFPConfiguring the Anti-Spam Agent Heuristics Filter Select Anti-Spam Agent HeuristicsConfiguring the Anti-Spam Agent LexiRules Filter Select Anti-Spam Agent LexiRulesInternet Threat Database Filter 23 The Internet Threat Database Filter screenEditing the Internet Threat Database Filter Standard DisclaimerSelect the Internet Threat Database Filter and click Next Editing the Standard Disclaimer Filter Select the Standard Disclaimer FilterEditing the General Content Filter General Content FilterSelect the General Content Filter and click Next Editing the Advanced Content Filter Advanced Content FilterSelect the Advanced Content Filter and click Next Using the Expression List 27 The Expression screenUsing Logical Operators RiskFilter or Gateway or Innovation Examples showing the use of OperandsRiskFilter and Gateway and Innovation Occur gateway Assume Frequency =2Message Attachment Filter 28 Message Attachment Filter screenEditing the Message Attachment Filter Select the Message Attachment Filter and click NextCreating a new Content Guardian filter Content GuardianSelect the Internet Content Guardian Filter and click Next Adding a filtering rule Deleting a filtering rule Dictionary Threshold FilterHow the Dictionary Threshold Filter works Configuring the Dictionary Threshold Filter Select the Dictionary Threshold Filter and click NextGlobal Policy KEY Points Key Points Reports & Logs What can be Configured in the Reports and Logs TAB? Reports and Logs TABDashboard Server status monitoringSelect Master Report from the Reports and Logs tab Master ReportQuerying the Master Report Select Specified date range from the Logs for list boxMaster Report Message Report Querying the Message ReportPolicy Report Querying the Policy ReportVirus Report Querying the Virus ReportSpam Report Querying the Spam ReportConnection Report Querying the Connection ReportConnection Report System Report Select Isolated Messages from the Reports and Logs tab Isolated MessagesManaging Isolated Messages Click View MessagesIsolated Messages Managing the Virus Messages Virus MessagesSelect Virus Messages from the Reports and Logs tab 14 An Archived message Managing Spam Messages Spam MessagesSelect Spam Messages from the Reports and Logs tab To view a message click the subject Managing Archived Messages Archived MessagesSelect Archived Messages from the Reports and Logs tab Export Messages View Messages Reprocess MessagesClick Reprocess Messages 19 Select the check box alongside the message Querying Deferred Messages Deferred MessagesSelect Deferred Messages from the Reports and Logs tab 22 An Archived message KEY Points Key Points RiskFilter System Management Console What can be Configured with the System Management CONSOLE? OverviewAccessing the Riskfilter System Management Console Rfmngr AccountWhat can be Configured in the Webmin TAB? Webmin TABSelect Webmin Configuration from the Webmin tab Webmin ConfigurationIP access control Webmin Actions LOGLanguage Select Language from the Webmin Configuration screenSelect Logging from the Webmin Configuration screen Ports and AddressesAdding Webmin Servers Webmin Servers IndexProxy Servers Select Webmin Servers Index in the WebminWhat can be Configured in the System TAB? System TABSelect Change Passwords in the System tab Bootup and ShutdownChange Passwords Historic System StatisticsMulti Gateway Policy Routing Select Multi Gateway Policy Routing in the System tabNetwork Configuration Network InterfacesSetting up additional NICs Multi-NIC configuration in RiskFilterEnter an IP Address 11 The Create Bootup Interface screen Routing and GatewaysSelect DNS Client from the Network Configuration tab DNS ClientHost Addresses 15 Host AddressesSystem Time Running ProcessesSelect System Time in the System tab System and Server Status Click Sync system timeWhat can be Configured in the Riskfilter TAB? Riskfilter TABRiskfilter Services Manager Riskfilter Backup ManagerRiskfilter Cluster Wizard Click CompleteLoad balancing with RiskFilter 25Load balancing26 RiskFilter in a cluster set up Riskfilter WEB Access Manager Select Web Access Manager in the RiskFilter tabUpdate Riskfilter E-MAIL 28 The Update RiskFilter-E-mail screenKEY Points Key Points Appendix Using the Command Line Interface # sudo /etc/init.d/smgd statusClean queues QTOOL.SHUsing the Command Line Interface Using the Command Line Interface Using the Command Line Interface UNINSTALL.SH Example 6 uninstalling the RiskFilter softwareAll items were successfully uninstalled Core / Liability Categories Internet Threat Database CategoriesInternet Theat Database Categories Productivity CategoriesCore / Liability Categories Productivity Categories Special Events OtherIndex Administrator’s Guide SurfControl RiskFilter E-mail SurfControl RiskFilter E-mail Administrator’s Guide OpenSSL Sun RPC Apache Software License, Version Expat XML Parser Toolkit SPFJava Ldap