Creating a Policy, Defining Users | Surf Control 5.2.4 specification

POLICY MANAGER

Creating a Policy

3

CREATING A POLICY

There are three steps to creating a policy:

Step 1 - Defining users – Add the users, and groups of users, that you want to filter.

Step 2 - Defining actions – Define what should be done with a message that triggers a filter.

Step 3 - Defining the rules – Create filters to find messages of a specific type. You can filter virus/spam messages by adding one or more types of filter to the policy.

Note: RiskFilter supports multi-layered policies: global policy and sub-policy. If a filter is writable, it can be overwritten by a sub-policy (its child or grandchild). A read-only policy cannot be overwritten by a sub-policy.

STEP 1 - DEFINING USERS

RiskFilter enables you to apply different filtering solutions to messages from specific address groups, according to different routing paths. There are three ways to add an e-mail address:

•Add the address/es manually

•Import the address/es from a file

•Import the address/es from an LDAP connection

See Address Group on page 69 for more details on how to add addresses.

STEP 2 - DEFINING THE ACTION

Filter action determines how the message is finally processed. RiskFilter scans the messages and their attachments then takes action according to the settings in the different filters. The action is set when you create a new filter, within that filter’s configuration screen.

Figure 3 - 2 The Action if filter triggered section

These actions include:

•Modify Subject – Modify the original subject, by adding specific content in front of the original subject.

•X Header – Add a specified X-Header to all messages which triggered the filter.

•Copy to – Send a copy of the original message to a specified e-mail account. This would generally be the e-mail system administrator, the recipient will have no knowledge of this action.

SurfControl RiskFilter - E-mail V5.2.4

Administrator’s Guide 67

Image 72

Surf Control 5.2.4 manual Creating a Policy, Defining Users, Defining the Action

Contents

SurfControl RiskFilter E-mail Contents Policy Manager Riskfilter System Management Console Appendix Chapter HOW Riskfilter Works Managing Your Messages with Riskfilter Connection ControlRelay Control Load Balancing with Riskfilter Mail Exchanger IP Address MX Preference Load balancing with RiskFilter Launching Surfcontrol Riskfilter Riskfilter System Management ConsoleHttps//hostnameoripaddress10000 Riskfilter Management Console Administrator Https//hostnameoripaddress/adminOpening the RiskFilter Management Console Before YOU Start System Settings System Settings TAB What can be Configured in the System Settings TAB?Terminology Used Configuration Select General Configuration from the System Settings tabGeneral Postmaster e-mail address Other Settings Admin ConsoleSession Timeout Smtp greeting User Directories Editing User Directories Deleting a User Directory Open the User Directories screen Microsoft Active Directory Click Add in the User Directories screen IBM Ldap server Select IBM Ldap Server Generic Ldap Click Add in the User Directories screen Select Generic Ldap Validation settings Esmtp Server Information Recipient File Local Database To add a local database Click Add Select General Secure Proxy from the System Settings tab Secure ProxyLocal Database Add/Edit Address screen is displayed Select Enable POP3 Proxy Select Enable Webmail ProxySelect Enable Imap Proxy Setting up the storage directories Select General Directories from the System Settings tabLogs and Archives Certificate Notifications Select General Certificate from the System Settings tab Importing CertificatesExporting Certificates Certificate Signing Request Receive Settings Connection SettingsConnection Control Smtp Greeting Delay Allow Access List Directory Attack Control 16 The Directory Attack Control screen SPF Authentication Configuration Relay ControlControlling relaying of messages Allowing relaying to specific domains Relay for Internal Senders Recipient Validation Adding details of domainsAdd validation servers Message Control 19 The Message Control screen Exception Control 20 Set what action is taken on messages To configure exception control Black List Adding an IP or subnet address to the blacklist Importing and exporting Lists Adding domain or e-mail addresses to the blacklist White List Adding an IP or subnet address to the White ListDynamic White List Receive Settings Send Settings Setting up the destination domainsDOMAIN-BASED Delivery Delivering the messages Using TLS authentication Transport Layer Security Select Forward mail to the following Smtp servers Traffic Control Advanced Delivery Send Settings User Management Account Manager Changing the Administrator Account Password Specifying Administrator Access Setting up Administrator Access Editing Administrator Accounts Personal E-MAIL ManagerSelect Account Manager from the User Management menu Setting up the PEM message 31 What the user sees Personal E-mail Manager Adding users Exporting lists of usersImporting lists of users End-user Bypass Anti-Spam Setting Setting up End User ControlEND-USER Control User List User Authentication Authenticating PEM users Authenticating remote users License & Updates Update NOW Updating your Anti-Spam Agent Definitions AVA and ASA License Expired Scheduled Update Select the Anti-Virus Agent Update check boxUpdating the Anti-Virus Agent Select the Anti-Spam Agent Update check box License StatusUpdating the Anti-Spam Agent Updating Component Licenses Update Server Manually setting up a license serverViewing component licenses License Server User Number Exceeded Admin Guide Contact Support Select Help Contact Support from the System Settings tabHelp Submitting a Support Request Firstboot Wizard Configuration Wizard KEY Points Key Points Policy Manager What can be Configured in the Policy Manager TAB? Policy Manager TAB Creating a Policy Defining UsersDefining the Action Defining the Rules Global Policy Filter List Address Group Importing and Exporting Lists Deleting Address Groups Queue Manager Adding Queues Editing a Queue Select Queue Manager from the Policy Manager tab Dictionary Manager Surfcontrol DictionariesEditing SurfControl Dictionary properties Changing the value of words in the SurfControl Dictionaries Adding words to the SurfControl DictionariesDeleting a word or phrase Custom Dictionaries Create a new dictionary Importing Dictionaries Importing a SurfControl Dictionary Pack Creating a unicode text file Worthlesstab space15 balancetab space10 Importing a unicode text file Exporting a dictionarySelect Import from a Unicode text file Global Policy Creating a NEW SUB-POLICY Select Global Policy from the Policy Manager tab 15 Enter the details of the new Sub-policy Editing a SUB-POLICY Deleting a SUB-POLICYAdding Filters to the Policy Defining a Filter 18 The Global Policy Filter List screen ANTI-VIRUS Agent Filter Creating a new filterEditing the Anti-Virus Agent Filter Select Global Policy Filters from the Policy Manager tab Global Policy ANTI-SPAM Agent Filters Select Anti-Spam Agent DFP Configuring the Anti-Spam Agent Heuristics Filter Select Anti-Spam Agent Heuristics Configuring the Anti-Spam Agent LexiRules Filter Select Anti-Spam Agent LexiRules Internet Threat Database Filter 23 The Internet Threat Database Filter screen Standard Disclaimer Editing the Internet Threat Database FilterSelect the Internet Threat Database Filter and click Next Editing the Standard Disclaimer Filter Select the Standard Disclaimer Filter General Content Filter Editing the General Content FilterSelect the General Content Filter and click Next Advanced Content Filter Editing the Advanced Content FilterSelect the Advanced Content Filter and click Next Using the Expression List 27 The Expression screen Using Logical Operators Examples showing the use of Operands RiskFilter and Gateway and InnovationRiskFilter or Gateway or Innovation Occur gateway Assume Frequency =2 Message Attachment Filter 28 Message Attachment Filter screen Editing the Message Attachment Filter Select the Message Attachment Filter and click Next Content Guardian Creating a new Content Guardian filterSelect the Internet Content Guardian Filter and click Next Adding a filtering rule Dictionary Threshold Filter Deleting a filtering ruleHow the Dictionary Threshold Filter works Configuring the Dictionary Threshold Filter Select the Dictionary Threshold Filter and click Next Global Policy KEY Points Key Points Reports & Logs What can be Configured in the Reports and Logs TAB? Reports and Logs TAB Dashboard Server status monitoring Master Report Querying the Master ReportSelect Master Report from the Reports and Logs tab Select Specified date range from the Logs for list box Master Report Message Report Querying the Message Report Policy Report Querying the Policy Report Virus Report Querying the Virus Report Spam Report Querying the Spam Report Connection Report Querying the Connection Report Connection Report System Report Isolated Messages Managing Isolated MessagesSelect Isolated Messages from the Reports and Logs tab Click View Messages Isolated Messages Virus Messages Managing the Virus MessagesSelect Virus Messages from the Reports and Logs tab 14 An Archived message Spam Messages Managing Spam MessagesSelect Spam Messages from the Reports and Logs tab To view a message click the subject Archived Messages Managing Archived MessagesSelect Archived Messages from the Reports and Logs tab Export Messages Reprocess Messages View MessagesClick Reprocess Messages 19 Select the check box alongside the message Deferred Messages Querying Deferred MessagesSelect Deferred Messages from the Reports and Logs tab 22 An Archived message KEY Points Key Points RiskFilter System Management Console What can be Configured with the System Management CONSOLE? Overview Accessing the Riskfilter System Management Console Rfmngr Account What can be Configured in the Webmin TAB? Webmin TAB Webmin Configuration IP access controlSelect Webmin Configuration from the Webmin tab Webmin Actions LOG Select Language from the Webmin Configuration screen Select Logging from the Webmin Configuration screenLanguage Ports and Addresses Webmin Servers Index Proxy ServersAdding Webmin Servers Select Webmin Servers Index in the Webmin What can be Configured in the System TAB? System TAB Bootup and Shutdown Change PasswordsSelect Change Passwords in the System tab Historic System Statistics Multi Gateway Policy Routing Select Multi Gateway Policy Routing in the System tab Network Configuration Network Interfaces Multi-NIC configuration in RiskFilter Setting up additional NICsEnter an IP Address 11 The Create Bootup Interface screen Routing and Gateways Select DNS Client from the Network Configuration tab DNS Client Host Addresses 15 Host Addresses Running Processes System TimeSelect System Time in the System tab System and Server Status Click Sync system time What can be Configured in the Riskfilter TAB? Riskfilter TAB Riskfilter Services Manager Riskfilter Backup Manager Riskfilter Cluster Wizard Click Complete Load balancing with RiskFilter 25Load balancing 26 RiskFilter in a cluster set up Riskfilter WEB Access Manager Select Web Access Manager in the RiskFilter tab Update Riskfilter E-MAIL 28 The Update RiskFilter-E-mail screen KEY Points Key Points Appendix Using the Command Line Interface # sudo /etc/init.d/smgd status Clean queues QTOOL.SH Using the Command Line Interface Using the Command Line Interface Using the Command Line Interface UNINSTALL.SH Example 6 uninstalling the RiskFilter software All items were successfully uninstalled Internet Threat Database Categories Internet Theat Database CategoriesCore / Liability Categories Productivity Categories Core / Liability Categories Productivity Categories Special Events Other Index Administrator’s Guide SurfControl RiskFilter E-mail SurfControl RiskFilter E-mail Administrator’s Guide OpenSSL Sun RPC Apache Software License, Version Expat XML Parser Toolkit SPFJava Ldap