Académique Documents
Professionnel Documents
Culture Documents
Version 4.2
The User License Agreement printed below is a copy for your information only of the actual agreement embedded in the
Marshal Software product which is displayed and accepted by the user during installation of the product. In the event of
any discrepancies between these versions, the copy embedded in the product shall apply.
IMPORTANT: Do not install this software unless you accept the following terms and conditions.
Marshal Software Limited (hereafter called Marshal) licenses this Marshal Software product (the Software) only on
the condition that you accept all of the terms contained in this software license (License). Please read slowly through
the terms of this License. Read it carefully before installing the Software. By installing or using the Software, you agree
to be bound by the terms of this Agreement.
1. The License
1.1. Marshal is the exclusive owner of the Software.
1.2. This License grants you the non-exclusive, non-transferable right to use one registered copy of the Software
strictly in accordance with the terms of this agreement. You may also make one copy for backup purposes
only.
1.3. You shall only use the Software on the computer (Designated Computer) for which Marshal has issued you
the key. If you wish to use the Software on another computer, you must obtain another key and pay the
relevant fees. However, with Marshals consent, you may replace or substitute a new computer for your
Designated Computer without incurring new license fees. Marshal shall not unreasonably withhold its
consent provided the Software is compatible with such replacement or substitute computer. In such case you
must cease running the software on the original designated computer and remove it from that machine as
soon as it is installed on the replacement or substitute computer.
1.4. Except as provided in §1.3, under no circumstance shall you install the Software, or make a copy thereof, for
use on any other computer. You shall not modify the Software for use on any other computer.
1.5. You shall not exceed the number of users for which your current key was authorized by Marshal. If you
wish to add more users, you must request a modification to your License and pay the relevant fees.
2. License Fee
2.1. To use the Software, you must have paid all applicable license fees. If you do not pay such license fees,
Marshal shall revoke this License in which case you shall forthwith stop using the Software and remove all
components of it from all computers.
3. Documentation
3.1. This Agreement extends to the Software documentation, whether in electronic or print format. The
documentation may not be copied, modified or used in any way not contemplated or expressly authorized by
this Agreement.
4. Your Obligations
4.1. You shall not: (i) Copy, reproduce, translate, adapt, vary or modify the Software without the express consent
of Marshal; (ii) disassemble, decompile or unlock, reverse translate, or in any manner decode the Software
for any reason whatsoever; (iii) provide or otherwise make available the Software in any form to any person
without the written consent of Marshal; (iv) rent, lend or lease the Software; (v) transfer the Software to any
other person under any circumstances without the written consent of Marshal; (vi) attempt to bypass or
circumvent the security procedures applicable to the Software; (vii) take any action that would cause injury
to Marshals intellectual property rights in the Software or that would deprive Marshal of the license fees to
which it is entitled.
4.2. You shall supervise and control the use of the Software in accordance with the terms of this Agreement. You
shall ensure your employees, subcontractors or agents who have authorised access to the Software are made
aware of the terms of this Agreement and comply therewith. You shall maintain safe custody of the
Software.
5. Limited Warranty
5.1. Marshal has used its best endeavors to develop a stable and reliable software product. Because there is such
a diverse range of computers, operating systems and applications, Marshal can not warrant that the Software
will be compatible in every operating environment. It is your responsibility to ascertain whether the
Software is compatible with your operating environment.
5.2. The Software is sold without warranties as to its performance or merchantability. To the extent allowed by
law, Marshal disclaims all liability, whether in contract or tort, for any loss or damage arising from your use
of the Software. Such disclaimer applies to direct, indirect, special and consequential damages including loss
of profit, business revenue, goodwill, loss of production, loss of product, losses resulting from downtime of
your domain or email system, losses resulting from system crashes, loss of data or emails, or failure to
achieve anticipated savings or production efficiencies.
5.3. Marshal does not warrant that the Software is free of bugs, errors or defects. Marshal shall not be
Licensing Agreement i
responsible to you for costs or damages incurred as a result of any such bugs, errors or defects. Marshal
does not warrant that the Software is error free and the existence of such errors shall not constitute a breach
of this Agreement. Marshal does not warrant that the Software will meet your requirements. Marshal
excludes, and expressly disclaims, all express and implied warranties of merchantability or fitness for
purpose.
5.4. Notwithstanding the above, Marshal warrants that the Software media supplied directly by Marshal is free
from defects in manufacture. This warranty does not apply to Internet downloads.
5.5. Marshal will replace any defective media at no charge subject to notification of the said defect within
90 days of the date that you acquired the Software from Marshal or its authorized reseller.
5.6. If the Software fails to operate in accordance with this warranty, you may, as your sole and exclusive remedy,
return the Software media and related documentation, along with a dated proof of purchase, specifying the
problem. Marshal shall either replace the Software or give you a full refund, at Marshals discretion.
5.7. Except for the limited warranty described above there are no warranties, either expressed or implied, for the
Software or documentation, which are licensed to you, as is.
5.8. Marshals maximum liability to you shall not, under any circumstance, exceed the license fees that you paid
in respect to the Software.
5.9. Some jurisdictions do not allow the exclusion of certain implied warranties or conditions, so the above
exclusions may not apply to you. This Agreement does not exclude any implied warranties or conditions that
may not under applicable law be excluded. This Agreement gives you specific legal rights, and is in addition
to any other legal rights that you may have under the laws of your jurisdiction. This Agreement does not
affect your statutory rights.
6. Other Services Excluded
6.1. The license fees do not cover the cost of: (i) Installation services; (ii) Networking services; (iii) Software
configuration and preference setting; (iv) Technical support and troubleshooting; (v) Maintenance services;
(vi) Training; (vii) Software fixes and updates; and (viii) Software upgrades. Contact Marshal if you
require any of these services.
7. Copyright
7.1. You acknowledge that the Software and documentation are the subject of copyright. You shall not, during or
at any time after the expiry or termination of this License, permit any act that infringes that copyright. You
expressly agree that you shall not copy the Software except for back-up purposes pursuant to §1.2.
7.2. This is a License to use the Software. It is NOT an agreement for the sale of the Software. Marshal
continues to own the Software. Your rights to use the Software are specified in this Agreement, and Marshal
retains all rights not expressly granted to you in this Agreement.
8. Term of License
8.1. This Agreement commences the moment you click or press the ACCEPT button during installation of the
Software. It shall continue until terminated by either party. You may terminate this License upon 90 days
notice to Marshal Software. Marshal Software may terminate this License if you breach any clause thereof
and fail to cure such breach within 30 days after notice thereof.
8.2. Upon termination, you or your representatives shall destroy the Software and documentation or otherwise
return or dispose of such material in a manner directed by Marshal.
9. Verification of Compliance
9.1. You hereby grant Marshal the right to enter your premises and to operate any computers at your premises in
order to verify that: (a) you are complying with your obligations in relation to the operation of the Software
on Designated Computers (or any other computers approved by Marshal) in accordance with §1.3; (b) the
number of users does not exceed the number of registered users in accordance with §1.5; (c) you are not
otherwise in breach of your obligations under this Agreement. Marshal may, at its option, make use of
license authentication logic that sends information on licensing to Marshal for the sole purpose of protecting
the Software against unauthorized use.
10. Governing Law
10.1 Except as otherwise expressly mandated by the relevant law in your jurisdiction, this Agreement shall be
governed by, and construed in accordance with, the substantive laws of New Zealand whose courts shall have
jurisdiction over all disputes which may arise in respect to this Agreement.
Marshal Software Ltd. P.O. Box 97639, S.A.M.C., Auckland, New Zealand
Tel: 64-9-261 2110, Fax 64-9-261 2112
ii Licensing Agreement
Disclaimer
Important!
Read this manual before attempting to install, operate or maintain the Software.
It contains important installation, operating, maintenance and back-up
instructions. The user must strictly comply with them.
The information contained in this manual is given in good faith and is believed
to be true and correct at the time of publication. However, Marshal accepts no
liability for any errors or omissions.
Any opinions, recommendations or suggestions given do not constitute a
guarantee or warranty. The information in this manual does not constitute a
warranty of any particular benefits that the user will derive from the Software.
Information in this manual shall not be deemed a warranty, representation or
guarantee concerning the Softwares suitability or fitness for a specific purpose.
It is the users responsibility to determine the suitability of the Software for its
own use. The user must make its own independent judgment and assessment
and should not rely upon any opinions, interpretations, statements, assurances
or representations contained in this Manual.
Marshal has endeavored to provide timely information. Future Software
developments may materially change the information. Marshal reserves the
right to change the specifications of the Software, or the information in this
manual, without necessarily giving its users notice thereof.
The information in this manual is intended to provide general guidance to the
user. For specific guidance or support, contact a Marshal Software reseller.
Unless otherwise noted, a reference to brand names, product names and
trademarks constitutes the intellectual property of the owner thereof and no
right of use is granted thereby.
This manual does not grant any license to use the Software. Use of the
Software is subject to the terms and conditions in the Marshal Software
License. Read carefully the Marshal Software License before using the
Disclaimer iii
Software.
Marshal has made every effort to explain the operating procedures as clearly
and completely as possible. Nonetheless, it is not possible to anticipate, nor
address, every conceivable problem that might arise from the use of the
Software. This problem is compounded by the fact that no two operating
environments are exactly the same.
Therefore, Marshal is not able to guarantee that this manual will address every
issue or problem that might arise concerning the use of the Software.
Furthermore, Marshal cannot represent that the information in this manual is
complete.
Use of the Software shall constitute acceptance of the above conditions and
limitations.
The example companies, organizations, products, people, and events depicted in
this Manual are fictitious. No association with any real company, organization,
product, person, or event is intended or should be inferred.
iv Disclaimer
Comments or Suggestions
Telephone: 64-9-261-2110
Facsimile: 64-9-261-2112
Email: support@marshalsoftware.com or
sales@marshalsoftware.com
Comments or Suggestions v
Table of Contents
Licensing Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
Disclaimer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
Comments or Suggestions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
1. Introducing MailMarshal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
What Does MailMarshal Do? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Where is MailMarshal Installed? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
How Does MailMarshal Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Virus Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Encrypted Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
2. Pre-Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Installation Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Hardware Required for MailMarshal Server . . . . . . . . . . . . . . . . . . . 2-1
Software Required for MailMarshal Server . . . . . . . . . . . . . . . . . . . . 2-1
Software Required for Other Components . . . . . . . . . . . . . . . . . . . . . 2-2
Email Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
How MailMarshal Routes Email . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Setting up Outbound Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Setting up Inbound Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
When Installing MailMarshal on the Existing Email Server . . . . . . . 2-4
Installation Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Gathering Information Before Installation . . . . . . . . . . . . . . . . . . . 2-7
3. Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Procedures to Install MailMarshal Server . . . . . . . . . . . . . . . . . . . . . . 3-1
Installation Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Configuring an Existing Email Server . . . . . . . . . . . . . . . . . . . . . . 3-11
MailMarshal and Microsoft Proxy Server 2.0 . . . . . . . . . . . . . . . . . 3-11
MailMarshal Console Installation . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12
Table of Contents ix
Duplicating a TextCensor Script . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5
Importing a TextCensor Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5
Exporting a TextCensor Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6
Using TextCensor Effectively . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6
Constructing TextCensor Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6
Decreasing Unwanted Triggering . . . . . . . . . . . . . . . . . . . . . . . . . 12-7
x Table of Contents
Import Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-18
Server Threads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-19
Enable RTF Stamping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-20
Server Array . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-20
Blocked Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-20
Host Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-21
MAPS Lookups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-22
DNS Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-23
Header Rewrite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-24
Field Matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-26
Substitution Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-26
Substitution Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-27
Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-29
Regular Expression Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-29
Table of Contents xi
Options for Using MailMarshal Secure . . . . . . . . . . . . . . . . . . . . . . . 19-2
Installing MailMarshal Secure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-2
Setting Up S/MIME Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-4
Working with Domain Certificates . . . . . . . . . . . . . . . . . . . . . . . . 19-4
Backing Up Certificates and Keys . . . . . . . . . . . . . . . . . . . . . . . . 19-12
Protect the Certificates Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-12
Exchanging Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-13
Checking Imported Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . 19-13
Basic Security Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-13
Rule ConditionsSecurity Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 19-15
Rule ActionsSecurity Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-17
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I-1
Virus Scanning
MailMarshal invokes other vendors virus checking software to detect viruses. A
number of commercially available scanners have been tested and shown to
work with MailMarshal. For full virus protection, a licensed version of a virus
scanner should be installed and its virus definition files kept up to date.
MailMarshal can use multiple virus scanners to provide extra protection.
Information on virus scanner configuration appears in the chapter Virus
Scanners.
Because many email viruses are associated with known message text or file
types, MailMarshal can also block viruses using these criteria. Where best
security practices are followed to block suspicious files, MailMarshal can often
stop new viruses before scanner updates arrive.
Encrypted Email
MailMarshal Secure is an optional module of MailMarshal that provides for
server-based handling of encrypted messages. MailMarshal Secure uses the
S/MIME (Secure MIME) standard for Public Key Encryption. MailMarshal
Secure can communicate securely with any other encryption product that uses
Online Help
MailMarshal provides online help for assistance during installation and use of
the software. Help is accessed through the Help menu or by pressing the [F1]
key.
Extended up-to-the-minute support is available on the Marshal Software
website. The website at http://www.marshalsoftware.com features news, a
support Knowledge Base and Forum, and maintenance upgrades.
Installation Planning
MailMarshal consists of several components, which may be located on different
machines within an organizations network. The components are:
MailMarshal Server
MailMarshal Configurator
MailMarshal Console
MailMarshal Reports
The MailMarshal Server software must be installed under Windows NT 4.0 or
Windows 2000. All other components may be installed under Windows 95 or
higher, or Windows NT/2000.
Pre-Installation 2-1
installed (however, MailMarshal Secure requires 128 bit SP 6a, or Windows
2000 with the High Encryption packincluded in SP 2).
Microsoft Management Console 1.2.
Microsoft ActiveX Data Objects (ADO) 2.5.
SQL Server 7.0if not available, Microsoft Data Engine (MSDE) can be
installed. MSDE is a free runtime version of SQL Server. SQL 7.0 Service
Pack 2 is recommended for installation on either SQL Server or MSDE.
Internet Explorer (IE) 5.01 or above (IE 5.5 is included on the MailMarshal
CD-Rom).
Note
MailMarshal must be installed on a NTFS partition. MailMarshal Secure
requires SQL 7.0 or MSDE to be available on the local system. Due to the
limitations on database size in MSDE, SQL Server is recommended for sites
over 500 users in size.
Email Routing
Internet email travels from server to server using SMTP (Simple Mail Transfer
Protocol). MailMarshal functions as a SMTP relay. Logically, MailMarshal is
situated on the local network so that email entering or leaving the organization
is routed through it. Physically, MailMarshal Server can be installed in several
scenarios. It may share a computer with other software or be run on a
dedicated computer. Before installing MailMarshal it is necessary to determine
which functions MailMarshal will serve and how it will handle incoming and
outgoing email.
In general, SMTP email servers may route email in four ways:
2-2 Pre-Installation
1. By delivering a message to a local user (another user on the same
server).
2. By sending email for a specific domain (eg. wellknown.com) to a fixed
address entered by the administrator.
3. By sending all outbound email to a specific server (email relay).
4. By performing a Domain Name Service (DNS) lookup to determine the
appropriate email server for a domain, and attempting to contact that
host directly.
Pre-Installation 2-3
If the MailMarshal server will have a different IP address and server name, in
most cases the route must be changed to ensure that inbound email messages
are sent to the MailMarshal server.
Before sending email messages to your organization, an email server on the
Internet performs a DNS lookup to see which server (IP address) accepts email
for your domain. The address returned may be that of your email server,
firewall, proxy server or a downstream email relay (eg. an ISP).
If email messages were formerly sent directly to your organizations email
server (ie. the DNS MX lookup returned the email servers IP address), then the
DNS MX record should be changed to the IP address of the new MailMarshal
machine. Firewall permissions may also require modification to permit SMTP
delivery to MailMarshal.
If the DNS lookup returns the address of the firewall, and the firewall employs
address translation, the translated address for incoming email must be changed
to the address of the MailMarshal machine. If the firewall acts as an email
relay, then the address to which it forwards inbound email must be changed to
that of the MailMarshal machine.
If the DNS lookup returns the address of an upstream email relay, then the
forwarding address setting used by that email relay should be changed to that of
the new MailMarshal machine.
2-4 Pre-Installation
Installation Scenarios
MailMarshal can be installed in a variety of scenarios. More detailed
instructions and some examples are given in the chapter Installation.
1. On its own physical server, as an email relay within an organization (see
Figure 2.1). In this example, all email sent from within the organization
should be delivered to the email server. The email server forwards all
external messages to the MailMarshal server for processing and delivery.
The DNS MX record (or the firewalls relay setting) is also set to deliver
all inbound email to the MailMarshal server.
Workstation
SMTP SMTP
Port 25 Port 25
Firewall
Internet
Workstation
MailMarshal Server Email Server
Workstation
Email Admin
Pre-Installation 2-5
Workstation
SMTP Port 25
Dialup
POP3 Port 110
connection
Internet
Workstation
MailMarshal
Server
ISP
Workstation
Email Admin
MailMarshal Workstation
Port 25
Firewall
Localhost
Localhost
Port 25
Internet Port 97
Email Server
Computer
Workstation
Email Admin
Figure 2.3: MailMarshal and another email server on the same computer
2-6 Pre-Installation
4. On a separate computer in a DMZ (see Figure 2.4). The advantage of
DMZ installation is that all messages must pass through the firewall
twicethere is no direct access through the firewall.
This is a variation on scenario #1. If the administrator Console is
required to communicate with the MailMarshal server from the internal
network, TCP port 19001 must be opened in the firewall. Use of the
logging/reporting function from the internal network will require TCP
port 1433 to be opened.
Note
Direct Configurator access through a firewall is not recommended since this
would require opening additional NetBios ports. If access through a firewall
is required, use of a remote access tool such as Microsoft Terminal Server is
recommended.
Workstation
Internet Firewall
TCP Workstation
Port
25
Port Email Server
19001
Workstation
MailMarshal Server
Email Admin
Pre-Installation 2-7
The organizations Internet domain name (eg. ourcompany.com).
Names of any other local domains for which MailMarshal will process email
(eg. oursubsidiaries.com).
The IP address of the existing local email server.
The administrators email address.
The virus scanning software (with an appropriate license) to be used with
MailMarshal.
The IP addresses of DNS servers.
Who provides DNS? What is the lead time to alter settings, if necessary?
Are all prerequisites present? (If not, system restart may be required to install
them.)
Is a Firewall in use? If so, who administers it and what is the lead time to
change settings, if necessary?
What is the outbound email delivery method now in use?
What is the inbound email delivery methodwill any changes be required?
2-8 Pre-Installation
3. Installation
Installation 3-1
Note
MailMarshal must be installed on a NTFS partition. MailMarshal Secure
requires SQL 7.0 or MSDE to be available on the local system.
4. Review the information in the Start Copying Files dialog. If it is correct,
click Next to start installation.
5. When the MailMarshal Setup Complete dialog appears, choose whether or
not to launch the Configurator. You must run the Configurator to
complete the installation.
Installation Wizard
When the MailMarshal Configurator is first run, MailMarshal launches a wizard
which requests the configuration information needed to complete installation.
For more information on configuration options, please refer to the chapter
Server Properties later in this manual. The Wizard process includes the following
steps:
1. License Key
Enter your company name in the first field (see Figure 3.1). Enter your
License Key, provided by Marshal Software or your local Marshal
Software reseller, in the second field. If you do not have a License Key,
click the URL link provided to connect to the Marshal Software web site.
Complete the MailMarshal Trial Key Request form; a trial key will
immediately be emailed to the address you specify.
Click Next. An information box will report the validity details of the key
you entered.
2. Local Domains
This dialog specifies the names of local domains for which MailMarshal
will accept inbound email (see Figure 3.2). The list should include all
(and only) the domains of email addresses your organization actually
uses through this gateway. (The Local Domains list should exactly match
the DNS MX records pointing at this server.)
3-2 Installation
Figure 3.1: Installation Wizard–Key
Local domains may be of two types: Relay and POP3. Email for a relay
domain is sent on to another email server. Email for a POP3 domain is
delivered to a mailbox hosted by the MailMarshal server. Most often
there will be a single entry in this section for the local email server.
However, if the email server handles more than one domain, multiple
entries may be needed. Note that all relay servers defined here will also be
allowed to relay outbound email through MailMarshal.
Note
If POP3 service for a domain is already provided by other software (such as
Microsoft Exchange), that domain should be configured as a Relay domain in
MailMarshal.
Click New to start the New Local Domain Wizard. Choose whether
MailMarshal will host any POP3 mailboxes for the domain. In the final
screen, enter the domain name. Enter the IP address of the server to
which email should be relayed. Optionally enter a second email server
address (used only as a fail-over if the first server does not respond).
Installation 3-3
If this is a POP3 domain, choose the action to be taken for
undeliverable messages.
Click Finish to return to the Local Domains dialog.
3-4 Installation
highlighting a domain from the list and using the up and down arrows.
Note
Ensure that local domains are matched in the correct order;
otherwise email may be misdirected. Eg. if the (incorrect) sequence is
*.example.com Relay 10.1.2.1:25
pop.example.com POP3 10.2.5.4:25
POP3 mailboxes will be ignored and all email will be delivered to the first
address, ie. 10.1.2.1 port 25, because *.example.com will match for messages
addressed to pop.example.com. In this example, to have the email correctly
delivered, pop.example.com should be the first domain in the sequence.
3. General
Administrative notifications (such as DeadLetter reports) will be sent to
the address specified in the first box (see Figure 3.3). This should be a
valid and appropriate mailbox or group alias. Administrative and user
notifications and other automated email from MailMarshal will be sent
from the address entered in the second box.
Installation 3-5
4. Delivery
3-6 Installation
5. Dial on Demand
6. Mail Batching
See Figure 3.6. MailMarshal supports batch receipt and delivery of email
messages where on-demand connection to the upstream email server is
not desired (eg. due to cost). If this feature is to be used, check the box
and fill in the appropriate information. The correct settings should be
obtainable from existing email server settings or from you ISP. For
detailed discussion of these settings see Mail Batching in Server Properties.
Installation 3-7
Figure 3.6: Installation Wizard–Mail Batching
7. Reports
See Figure 3.7. MailMarshal can log details of the processing and
delivery status of messages to a database. When logging has been
enabled, the Mail History can be viewed in the Console and a wide
variety of reports run from MailMarshal Reports.
To enable logging, check the Enable Report Logging checkbox. Check the
Log Attachment Details checkbox to enable reporting on attachments
within email messages.
3-8 Installation
Figure 3.7: Installation Wizard–Reports
Installation 3-9
Figure 3.8: Installation Wizard–Create/Select Database dialog
8. Finished
3-10 Installation
Configuring an Existing Email Server
Typically MailMarshal receives inbound email, processes it, then relays it to the
organizations internal email server as specified in the Local Domains list.
Outbound email is passed from the internal email server to MailMarshal for
processing and external delivery. See the chapter Pre-Installation for a variety of
installation scenarios.
The internal email server software must be configured to send outgoing email
to MailMarshal for processing and delivery.
Where MailMarshal is installed on the same computer as the existing email
server software, the two applications must use different ports to receive email
In this case, the following steps are typically necessary:
As the MailMarshal receiver is now accepting SMTP traffic on port 25, change
the SMTP port that the other email server uses for SMTP (port 97 is usually
available, although any free TCP port will do).
Configure the other email server software to forward all Internet email to the
local machine (use the localhost IP address 127.0.0.1, port 25).
Check that MailMarshal is configured, via its Local Domains information, to
forward all inbound email to the local machine on the alternative port (again,
use the localhost IP address and port, eg. 127.0.0.1:97).
Specific details for configuring Microsoft Exchange 5.5 and Lotus Notes 4 and
5 are given in Appendix A. For more detailed information, and to configure
other email server software, please refer to the product documentation for the
other software. The Marshal Software Knowledge Base also contains some
additional setup information.
Installation 3-11
and could replace an existing email relay or gateway, or may be installed in
parallel. If WinSock Proxy Client was used by the email server it is no longer
needed, as MailMarshal will relay messages to and from the email server.
Alternatively, MailMarshal may be installed on a separate machine with two
network cards and be used to route email from the Internet to the email server.
In this case, email is no longer routed via Microsoft Proxy Server.
MailMarshal may also be installed on a machine inside the proxy server (on
the trusted network) when the proxy server has two network cards. This
scenario will require use of WinSock Proxy Client in order to communicate
with the Internet. Ensure that an appropriate wspcfg.ini is created in the
MailMarshal installation directory to bind the MailMarshal receiver to the
external interface of the proxy server. More information on MailMarshal and
MS Proxy 2.0 is available in Marshal Software Knowledge Base article KB31.
Note
Microsoft Proxy can be configured to implement security at user level.
Where this has been done, MailMarshal should initially be configured to run
under the same user account as your existing email server, email relay or
gateway.
3-12 Installation
If the MailMarshal Server is not running on the same machine, a Change Server
dialog box will prompt for the IP Address or name of the MailMarshal Server
machine. This dialog box can be reached at any time by right-clicking on the
MailMarshal Console folder in the Console menu tree.
Configuration information for MailMarshal Console is stored in the client
machine registry.
Note
Whenever you update or upgrade the MailMarshal Server you must
also upgrade the Console on remote machines.
Installation 3-13
Server when a server install is performed. If the MailMarshal Configurator
software is to be used on any other machine it must also be installed on that
machine. It may be installed directly from the MailMarshal CD-ROM or from
an install folder copied from the CD-ROM. See the chapter Pre-Installation for a
list of software prerequisites for the Configurator.
Note
It is not recommended to connect the Configurator to the MailMarshal
Server through a firewall, as additional NetBios ports must be opened to
make this possible. If access through a firewall is required, use of a remote
access tool such as Microsoft Terminal Server is recommended.
To install the MailMarshal Configurator:
Log in with sufficient access rights to install software onto the local machine
and to access the install folder for MailMarshal.
Run the MailMarshal installation program or setup.exe to install the
MailMarshal Configurator software.
Under Setup, choose Custom/Complete, then Configurator.
Run the newly installed software.
If the MailMarshal Server is not running on the same machine, a Change Server
dialog box will prompt for the IP Address or name of the MailMarshal Server
machine. This dialog box can be reached at any time by right-clicking on the
MailMarshal Configurator element in the left pane of the Configurator.
Note
Whenever you update or upgrade the MailMarshal Server you must also
upgrade the Configurator on remote machines.
Uninstalling MailMarshal
Use the following steps to uninstall MailMarshal.
Before uninstalling, ensure that any settings changes made to the email system
(eg. the DNS MX records and email server settings) are revised to exclude
MailMarshal from email processing.
Log on to the MailMarshal Server computer with administrative rights. Stop
the MailMarshal Controller service using the Control Panel Services applet. This
should stop all other MailMarshal services.
Uninstall MailMarshal (and MailMarshal Reports, if installed) using the Control
Panel Add/Remove Programs applet. System restart may be suggested to remove
3-14 Installation
some files.
Uninstall the MailMarshal Configurator, Console and Reports software on
workstations.
If appropriate, drop the MailMarshal and MailMarshalCertStore databases using
SQL administration tools.
Start the Configurator, choose Tools|Server Properties from the menu to see the
Server Properties dialog, and choose the Advanced tab.
To display the Import Configuration dialog box, click on the Import Configuration
button. Click on Browse to select the file to import. Select Overwrite current
configuration to replace your current configuration with the imported settings.
Click on OK.
User Group information is stored in the file UserGroups.txt within the
MailMarshal install folder. To import User Groups, copy this file to the
appropriate location.
Files with known fingerprints are stored in the folder ValidFingerprints
within the MailMarshal install folder. To preserve fingerprint information, copy
this folder to the appropriate location.
Installation 3-15
4. The Configurator
The MailMarshal Configurator is used to set up and modify the Rules and rule
elements that control how email is processed by the MailMarshal Server. The
Configurator also allows advanced setup and modification of the Server
Properties, which determine how MailMarshal sends and receives email. The
Configurator is always installed on the MailMarshal Server computer during
initial setup. It may also be installed on any workstationfor installation
instructions, please see the chapter Installation.
The MailMarshal Configurator is implemented as a snap-in to the Microsoft
Management Console (MMC). For general information and tips about the
MMC, please see the chapter MailMarshal and the MMC. This manual assumes
that the MMC is displaying both the left (menu tree) and right (details) panes.
MailMarshal Configurator
When MailMarshal Configurator is selected in the left pane, the status of the
MailMarshal services is shown at the bottom of the right pane. These will
include the Engine, Receiver, and Sender. They may also include the POP3
service if this option has been configured, and the Encrypt and Decrypt
services if MailMarshal Secure is installed and enabled.
To start the MailMarshal services, click the Start icon in the toolbar. To
stop the services, click the Stop icon in the toolbar. An individual service
may also be started or stopped by selecting it then clicking the appropriate icon.
The start/stop status of these services persists through server restarts.
When changes to the Rules or rule elements have been made in the
Configurator but not yet reloaded on the Server, the caption MailMarshal
Configurator will be followed by a * (see Figure 4.1). To reload the Server, click
the Reload icon on the toolbar. Changes will take effect immediately.
Some configuration changes require the MailMarshal services to be restarted.
Where this is necessary the option to do so will be given. Restarting the
services takes only a few seconds and does not seriously affect email flow.
Server Properties
Click Tools|Server Properties in the menu to view the MailMarshal Server
Properties dialog. The various tabs of this dialog allow setup of MailMarshals
email delivery and receipt options, logging database, and Header Rewrite
function, as well as several minor options. Backup and restore of the
Rulesets
Select this item to view a list of MailMarshals Rulesets in the right pane.
Rulesets contain the Rules which determine how email messages are processed.
Rules may depend on recipient, message size, and other factors. Available
actions include content scanning, third-party virus scanning, message stamping,
and others. For detailed information on Rules and Rulesets, please see the
chapter Rulesets and Rules.
Note
When this item is selected, click the Print icon in the toolbar to view and
optionally print a list of all currently configured Rulesets and Rules.
User Groups
Select this item to view a list of MailMarshals User Groups. These Groups
may be used to apply different Rules to various email usersfor instance, to
apply different message stamps to outbound email from various departments.
User Groups may be created within MailMarshal or imported via LDAP from
any available directory server. For detailed information please see the chapter
User Groups.
POP3 Accounts
Select this item to view a list of POP3 accounts which have been set up on the
MailMarshal server. MailMarshal is effective as a POP3 server for up to 300
users. POP3 accounts may also be used to provide relay access to
MailMarshals rule processing and SMTP sending abilities for remote users,
even if inbound email is not delivered to POP3 mailboxes. For detailed
information please see the chapter POP3 Accounts.
Virus Scanners
Select this item to view a list of third-party virus scanners which have been
configured for use by MailMarshal. Scanners in the list may be used to check
message content and attachments. For more information on configuring virus
scanners, please see the chapter Virus Scanners.
Folders
Select this item to view a list of folders into which MailMarshal can place email
items. Folders may be used to quarantine items based on content, to take
copies of selected items, and to park messages for later delivery. Folder names,
subfolders, and physical locations may be changed. For more information
please see the chapter Folders.
Email Templates
Select this item to view a list of templates which may be used when
MailMarshal sends an automated message. Templates may contain variables
and may have attachments. They can be created and modified to suit any need.
For more information please see the chapter Email Templates.
TextCensor Scripts
Select this item to view a list of MailMarshals TextCensor Scripts. These
Scripts are used within Rules to review the content of email messages and
attachments. A number of scripts are installed by default. They may be edited
and new scripts added. For more information, please see the chapter TextCensor
Scripts.
Logging Classifications
Select this item to view a list of classifications available when message traffic is
logged by MailMarshal. Classifications may be added and modified to suit local
need. For more information, please see the chapter Logging Classifications.
LDAP Connections
Select this item to view a list of LDAP (Lightweight Directory Access Protocol)
server connections which have been configured in MailMarshal. LDAP allows
MailMarshal to populate User Groups from remote directory servers. LDAP is
also used by MailMarshal Secure to retrieve user Certificates from a remote
store. For more information on configuring LDAP connections, please see the
chapter LDAP Connections. Information on LDAP User Groups may be found
in the chapter User Groups; information on using LDAP certificate stores is
found in the chapter MailMarshal Secure.
Rules define how MailMarshal treats email messages. For convenience, all Rules
are defined within Rulesets (groups of Rules that share base User Matching
conditions). Conditions defined for a Ruleset must be satisfied before any Rule
in that Ruleset is evaluated.
An organization may have just a few Rulesets, or many. For example, one
Ruleset might apply to all messages outbound from the organization, and
another Ruleset apply to all inbound messages. Alternatively or in addition, an
organization may be divided into departments, with Rules governing email to
and from each department grouped into a separate Ruleset. While some default
Rulesets and Rules are provided with MailMarshal, changes and additions
should be made to meet local needs. A minimum of two Rulesets is
recommended: one for incoming email and one for outgoing email.
Each Rule has three parts: User Matching, Conditions, and Actions. The User
Matching and Conditions sections are used to evaluate each message. Messages
which meet the specified criteria are subjected to the specified Actions. Figure
5.1 displays an example Rule.
Best Practices
A wide variety of Rules may be created within MailMarshal. Marshal Software
recommends the following basic practices to ensure security and ease of
administration:
Keep rules simple. Simple rules are easier to debug and often faster to run.
Archive messages. Archiving gives an extra layer of backup in case of email
server or delivery problems, as well as being useful for rule testing.
Block most attached files by default (both by file extension and by file type).
MailMarshal is shipped with example Rules to accomplish this.
Block password protected attachments.
Block encrypted attachments (eg. files of type Encrypted Word Document).
Block encrypted messages which MailMarshal cannot decrypt (eg. PGP
Creating a Ruleset
To create a Ruleset, in the MailMarshal Configurator, select Rulesets in the left
pane. Then click the New Ruleset icon in the toolbar to start the New Ruleset
Wizard (see Figure 5.2).
Select the conditions under which the Ruleset should be used by checking
Clicking on the hyperlink People opens the Enter Users dialog (see Figure 5.3).
This dialog presents a list of MailMarshal User Groups. Expand any group in
the right pane of this dialog to see its members. Double-click on any user
group or individual address to add it to the list.
A new user may be added to the list by clicking the New User button. A new
User Group may be created by clicking the New User Group button. Once the
ruleset has been created the group should be populated using the functions
available in the User Groups item of the Configurator tree.
Delete a group or address from the list by clicking the Delete button. Close this
dialog and return to the New Ruleset Wizard by clicking OK.
In the final screen of the New Ruleset Wizard (Figure 5.4), give the Ruleset a
name. Choose whether to enable the ruleset, and whether to launch the New
Rule Wizard. A Ruleset must contain at least one Rule to have any effect.
Editing a Ruleset
To edit a Ruleset, in the MailMarshal Configurator, select Rulesets in the left
pane. Right click the Ruleset to be edited in the right pane and select Properties
from the context menu. The Ruleset is presented in a dialog with two tabs,
Order of Evaluation
The order in which Rulesets and Rules are evaluated is significant. Certain Rule
actions are terminal (they stop further Rule processing). This is indicated in the
Rule description.
For instance, a virus scanning rule will normally be evaluated first, and if a
virus is found the message will be quarantined immediatelyno further rules
will be evaluated.
Rulesets are evaluated in top down order as shown in the Configurator.
Copying a Rule
To copy a Rule, right-click it in the Configurator. To make a copy in the current
Ruleset, choose Duplicate from the context menu. To make a copy in another
Ruleset, choose Copy from the context menu; then right-click the target Ruleset
and choose Paste.
Note
Files may also be made known by placing them in the ValidFingerprints sub-
folder and restarting the Engine; however this must be done with care. See
the Marshal Software Knowledge Base for further information.
Strip attachment
Where the rule conditions are triggered by a specific attachment, remove this
attachment from the message. This action would typically be used to remove
attachments of specific file types or file names.
Note
When an attachment is stripped, normally the original message should be
copied for later retrieval if necessary, and stamped to inform the recipient
that an attachment has been stripped.
Note
It is only possible to skip to a rule which is evaluated after the current rule.
(The order of evaluation may be changed; see Order of Evaluation earlier in
this chapter.)
Allow relaying
If selected, this condition permits receipt of the message by MailMarshal for
delivery subject to Standard Rules. Furthermore the message may be relayed to
an address outside MailMarshals local domains. This condition is intended to
be used in conjunction with a from User Match in the parent Ruleset, to
allow relaying by specific email users.
Relaying may also be allowed by authentication of the client. See the chapter
POP3 Accounts for details.
Note
The Allow Relaying action should not be combined with a size condition.
MailMarshal User Groups are used within Rulesets and Rules to specify to
whom the Rules apply. MailMarshal uses SMTP email addresses to perform
user matching. User Groups may be created and populated within MailMarshal
by entering email addresses manually (wildcards may be used). User Groups
may also be imported from an LDAP server (such as Microsoft Exchange or
Lotus Notes), in which case their membership is updated automatically on a
defined schedule.
To create and maintain User Groups, in the Configurator, expand the element
User Groups.
MailMarshal will then query the server for a list of available user groups, and
display the results in a list (see Figure 6.2). (If MailMarshal is unable to
connect to the server no groups will be shown.) Select an LDAP group from
the list. This group will appear in the list of User Groups. The group name
will consist of the LDAP Connection name and the group name as retrieved
from the server. Repeat this action to add other user groups. When done, click
OK.
Initially, an LDAP group will be empty of users; it will be populated at the next
scheduled update. An LDAP user group can immediately be specified in any
MailMarshal rules; however, such rules should not be made effective (ie. the
server should not be reloaded) until the group has been populated.
Note
Although MailMarshal does not prohibit adding and deleting members from
LDAP groups, such changes will not be sent to the LDAP server, and they
will be lost during the next scheduled update from the LDAP server.
Any changes to membership of these groups must be made at the LDAP
server.
MailMarshal can function as a POP3 server for local domains (as specified
during setup or in Server Properties). A POP3 login must be created for each
mailbox that will be hosted by MailMarshal.
If MailMarshal receives an email message addressed to the POP3 domain but
no matching account has been created, the message will be dealt with
(forwarded or refused) according to the options set up for the domain. See
Local Domains in the chapter Server Properties for more information on POP3
domains.
If a POP3 domain exists, MailMarshal automatically starts an additional service
to respond to POP3 requests. This POP3 service appears in the list of services
in the Configurator and Console.
POP3 accounts also permit email relaying. Since the MailMarshal server
functions as an email gateway, it is likely to be available from anywhere on the
Internet. Traveling email users who wish to send email from their business
address, using the scanning and stamping features of MailMarshal, can do so if
they have MailMarshal POP3 accounts. See POP3 Accounts for Relaying
Authentication below.
Note
The relaying authentication feature may be used regardless of where
MailMarshal delivers messages for an address, and without any POP3 local
domains being configured. See POP3 Accounts for Relaying Authentication below.
If the password fields are left blank, MailMarshal will use Windows NT
authentication to determine access for this account. In this case, ensure that
the account name matches the name of a valid Windows NT user account
permitting access to files on the MailMarshal server computer.
Click Add to add the account. When all accounts have been added, click Close.
Best Practices
Marshal Software recommends the following basic practices to ensure security
with respect to viruses and virus scanning:
Block messages and attachments which MailMarshal cannot scan, such as
password protected attachments and encrypted attachments (eg. files of type
Encrypted Word Document).
Block encrypted messages which MailMarshal cannot decrypt, such as PGP
and S/MIME messages.
Block executable and script files by type and name. This helps to ensure that
unknown viruses will not be passed through.
Subscribe to email notification lists for virus outbreaks (such lists are offered
by many anti-virus software companies). When an outbreak occurs, block the
offending messages by subject line or other identifying features.
The Name is MailMarshals friendly name for this scanner. The Command Line
refers to the location of the executable or DLL file. The Parameters box allows
entry of any necessary additional command line parameters to ensure operation
Enter a name for the external command. Type the path for the executable file
(or browse to it using the button provided). In the Parameters box, enter any
Folders 10-1
Standard Folders
See Figure 10.1. A time limit may be set for message retention in the folder.
This option is typically used for quarantine folders where the message may be
released on request to an administrator. Messages will be deleted automatically
after the set time.
Subdirectories may be created periodically within the folder This option is
typically used where a substantial volume of email is expected, so that messages
are easier to find.
Check the box folder is used for message archiving to create an Archive
folder. Within the MailMarshal Console, messages in Archive folders are
assumed to be stored: they may be viewed and forwarded but not deleted.
Messages in other Standard folders are assumed to be in process and they
may be reprocessed or deleted, among other actions. See the chapter The
Console for further information.
Click on OK to create the folder, or Cancel to lose any changes.
Parking Folders
When a Rule moves a message to this type of folder, it will be parked if the
time is within the blue schedule block and released (or sent immediately) when
the time is outside the blue schedule block (see Figure 10.2).
Use the checkbox Continue processing rules on release to determine what happens to
parked messages when they are released from this Folder for delivery. If the
box is checked, the message will be evaluated against all rules after the Rule
which placed the message in this Folder.
Alter the schedule block if desired:
Drag using the left mouse button to add to the blue parking area.
Drag using the right mouse button to erase from the blue parking area.
To reset the schedule to the default time block, click on Set Default Schedule.
Choose to snap the schedule times to the nearest full, half or quarter hour
using the drop down box.
Click on OK to create the folder, or Cancel to lose any changes.
10-2 Folders
Editing an Existing Folder
To edit the properties of an existing Folder, double-click its name in the right
hand pane of the configurator. Make any required changes, then click OK.
Folders 10-3
Folder Security
Permission to use the MailMarshal Console (to view and take action on
messages in folders) is controlled by setting user permissions on the
MailMarshal.key file. See Console Security Issues in the chapter The Console for
details.
In some cases it may be desirable to set different access permissions for
different folders (for instance, if archived messages are to be available to the
users who sent them). Such permissions may be set using standard Windows
NT security procedures for the physical folder.
10-4 Folders
11. Email Templates
Note
When sending a notification to the original sender of an email message, use
the %ReturnPath% variable in the To: field to reduce the chance of looped
messages.
TextCensor scripts are used to check for the presence of particular lexical
content in an email message. The check may include all parts of the message,
including the message headers, message body, and any attachments that can be
lexically scanned. It may also be limited to one or more of these areas.
A script may include many conditions based on text combined with Boolean
and proximity operators. Triggering of the script is based on the weighted
result of all conditions.
TextCensor scripts are invoked by Standard Rules.
To work with TextCensor Scripts, select TextCensor Scripts in the left pane of the
Configurator.
TextCensor Syntax
TextCensor scripts contain one or more lines, each consisting of a word or
phrase.
The wildcard character * may be used at the end of a word only (eg. be*
matches being and behave).
Parentheses may be used to clarify the order of evaluation and for grouping.
Each line may include Boolean and proximity operators. The operators must
be entered in capital letters. The six supported operators are:
Default settings
INSTANCES has no defaulta value must be specified.
If FOLLOWEDBY has no argument, the default is 5.
If NEAR has no argument, the default is 5.
Note
The INSTANCES operator is provided for compatibility with earlier
TextCensor scripts, but its use is discouraged. The use of appropriate
weighting (see below) will produce the same result with improved
performance.
Negative weighting levels and trigger levels can be used to allow for the number
of times a word may appear in an inoffensive message. For instance: if
breast is given a positive weighting in an offensive words script, cancer
could be assigned a negative weighting (since the presence of this word
suggests the use of breast is medical/descriptive).
Note
TextCensor items are case insensitive by default. However, quoted content
is case sensitive. Eg. textcensor would not trigger on the caption of
Figure 12.1.
Click on Add (or press <Enter>) to add the item to this script. The dialog box
remains open and additional items may be created.
When all items have been entered, click on Close to return to the New TextCensor
Script dialog.
Select a Weighting Trigger Level. If the total score of the script reaches or
exceeds this level, the script will be triggered. The total score is determined by
evaluation of the individual lines of the script.
Message stamps are short blocks of text which may be applied to the top or
bottom of an email message body. MailMarshal message stamps may include a
plain text and an HTML version. The appropriate stamp format will be applied
to the body text of the same type in the message.
Message stamps are typically used for corporate disclaimers or advertising on
outgoing email. Message stamps can also be used by MailMarshal to notify the
recipient that a message has been processed (eg. by having an offending
attachment stripped).
To work with message stamps in the Configurator, select Message Stamps in the
left pane. Message stamps may also be created and edited from the stamp
selection dialog during Rule creation.
What is LDAP?
LDAP (Lightweight Directory Access Protocol) is a system for retrieving
directory information, such as lists of users, from a remote source. The source
may be public (available for anonymous use) or private. Servers providing
LDAP support include:
Lotus Notes
Microsoft Exchange
Microsoft Active Directory
Novell GroupWise
Many Sendmail systems
Within MailMarshal, LDAP connections are used to import user and group
information for User Groups. MailMarshal Secure can use LDAP to retrieve
Security Certificates for use in S/MIME encryption. See the appropriate
chapters of this manual for further information.
Before LDAP can be used to retrieve information, a connection to the remote
LDAP server must be established.
Select an LDAP Search Root, if necessary, in the next dialog. The Search Root
If the type is Certificates, MailMarshal will request an email address for which
to seek a certificate, and state whether one was found (see Figure 15.4).
Note
If you enter an email address for which the LDAP server holds no certificate,
MailMarshal will report that no certificate was found. However, this result
means that the server name, logon, password and port number are correct.
Other messages are less specific. The information given (eg. no groups
found) may not necessarily pinpoint the problem entry, so all information
entered must be checked. If necessary contact the LDAP server
administrator.
Note
If MailMarshal must perform DNS lookups through a firewall, the firewall
must permit both TCP and UDP based lookups.
By default MailMarshal will attempt to deliver outbound email directly, using
Dial-Up
If outbound email is to be delivered over a dial-up connection, check the box
and fill in the appropriate information. Select a RAS entry from the drop-down
list, or click on New Phonebook Entry to add the appropriate information. Fill in
Mail Batching
MailMarshal supports batch receipt and sending of email messages where on-
demand connection to the downstream email server is not desired. Normally
this option will be used with a dial-up connection. It may also be used with
Drag using the left mouse button to add to the blue business hours area.
Drag using the right mouse button to erase from the blue business hours
area.
To reset the schedule to the default time block, click on Set Default Schedule.
Choose to snap the schedule times to the nearest whole, half or quarter
hour using the drop down box.
Select the frequency of connection for inbound and outbound email for
business and out-of-business hours.
Note
When MailMarshal delivers outgoing email it will always poll the server for
inbound email unless the Never option is selected in the Check for incoming
mail every drop-down list.
Local Domains
This tab specifies the names of local domains for which MailMarshal will
accept inbound email. The list should include all (and only) the domains of
email addresses your organization actually uses through this gateway. Each
entry in this list should be matched by DNS MX records (and firewall relay
settings, if necessary) so that email for these domains is passed to MailMarshal
for delivery.
Wildcards
Local domains may be entered using several wildcard characters. The same
characters are used in User and Group matching for standard and receiver rules.
The following syntax is supported:
Reports
See Figure 16.8. To enable logging of MailMarshals message processing, check
the box. When logging has been enabled, the Mail History can be viewed in
the Console and a wide variety of reports run from MailMarshal Reports. For
maximum detail, check the Log Attachment Details checkbox. Choose the period
for retention of data (the default is 100 days).
Click Create/Select Database to choose the location of the SQL database where
the information will be stored. In the Create/Select Database dialog, enter the
name of the SQL Server (or MSDE) computer in the first box. Browse the
network if necessary using the button provided. Enter the name of the
database to use, and the SQL user name and password. (The default user sa
does not normally require a password.)
The option Connect using TCP may be chosen where the database is behind a
firewall. TCP port 1433 must be opened through the firewall in this case.
If you believe that a MailMarshal database has previously been installed in the
given location and you do not wish to use it, check the box to recreate the
database.
Note
The database password may be changed using SQL administration tools or
command-line SQL entry. However this procedure must be used with
caution if other applications may be using the database. For further
information please see Marshal Software Knowledge Base article KB203.
Anti-Relaying
This tab is used to control SMTP Relaying through MailMarshal. Relaying is
the passing of messages to another server for delivery. If an email server
allows open relaying, anyone (including bulk and spam senders) can use the
name and resources of that server. Best practices require relaying to be tightly
controlled.
MailMarshal relaying control may be configured in three locations and by three
different methods: POP3 accounts (see the chapter POP3 Accounts), Receiver
License Info
See Figure 16.10. This tab displays the details of the current Product License
Key. It also allows enabling of the MailMarshal Secure S/MIME module (if
this module is licensed) and allows configuration of the S/MIME certificate
database.
A new key must be requested if the local domain names are changed. A key
may also be requested to increase the licensed user count, or to purchase the
product (if it is running as a free trial).
To request a new key click the Request Key button. Enter the appropriate
contact information in the form (see Figure 16.11). MailMarshal automatically
appends the current local domain list and key details. Enter any additional
Note
Changing or adding a local domain name will invalidate the license key.
When invalidated for this reason, the key reverts to a 14 day trial. This allows
ample time to contact Marshal Software for a new permanent key. There is
no charge for this service.
If the trial license expires, MailMarshal continues to operate as a SMTP relay
but no rules or limits will be applied. The administrator will be notified daily
by email if a key is due to expire or has expired.
To enter a key click the Enter Key button, type or paste the key provided by
Marshal Software, then click OK. An information box will report the validity
details of the key you entered.
To enable MailMarshal Secure S/MIME support, check the appropriate box.
This box will be grayed out if the license key does not support MailMarshal
Secure.
When MailMarshal Secure is enabled, the public Certificate database may be
selected (or created) using the Configure Database button. In the Create/Select
Database dialog, enter the location of the SQL Server or MSDE computer
where the database will reside. It is strongly recommended for speed and
security reasons that the database be created on the MailMarshal server.
The option Connect using TCP may be chosen if the database must be located
behind a firewall. TCP port 1433 must be opened through the firewall in this
case. However this configuration should be avoided.
If a database exists in the location selected, check recreate database to delete it.
Advanced
Several options are available on this tab.
Change Folders
Locations of the folders used by MailMarshal may be altered. Stop all
MailMarshal services using the Configurator before changing locations.
Before changing folder locations here, the new locations should be planned.
MailMarshal will create the folders, if necessary, during the change process.
Export Configuration
The MailMarshal configuration data, including server properties, Rulesets, and
Rule elements, is stored in the Windows Registry (with the exception of user
group information, which is found in the file UserGroups.txt in the
MailMarshal install folder, and files with known fingerprints, which are stored in
the subfolder ValidFingerprints of the MailMarshal install folder).
To export configuration data, click the Export Configuration button. Enter an
appropriate file name and location. To save User Group information, copy
UserGroups.txt. To save fingerprint information, copy the folder
ValidFingerprints and its contents.
Import Configuration
MailMarshal Registry information can be imported, either to restore a
previously created configuration or to merge a partial configuration.
Warning
Export configuration data safely before performing an import. The Merge
function requires a specially created file, and should be used only on advice
from Marshal Software Support.
To import configuration data, click the Import Configuration button. Enter or
browse to the appropriate file name. Choose to overwrite or merge
configurations using the radio buttons. Click OK to perform the import. If
User Group information is needed, copy UserGroups.txt to the MailMarshal
install folder. If attachment fingerprint information is needed, copy the
Server Threads
Click on the button Server Threads to modify MailMarshals usage of processing
threads (see Figure 16.13).
Click on a radio button to select the appropriate size site. The thread settings
selected will be displayed, grayed out, in the spinner boxes.
If a custom setup is required, click the appropriate radio button to enable the
spinner boxes. The four choices available for configuration are:
Total Sender Threads - the maximum number of simultaneous threads which
will be used by MailMarshal Sender to deliver messages.
Local Domain Threads - the maximum number of sender threads used to
deliver messages to local domains.
External Domain Threads - the maximum number of sender threads used to
deliver messages to any one non-local domain.
Total Receiver Threads - the maximum number of simultaneous connections
that will be accepted by the MailMarshal Receiver.
Click on OK to return to the Advanced tab.
Server Array
MailMarshal can be configured into an array of servers, typically for load
balancing purposes. All MailMarshal servers can log reporting information to
the same SQL database. To allow identification of the individual MailMarshal
server logs, each MailMarshal instance (up to 26) may be identified by a letter.
To enable array logging, click the checkbox MailMarshal is used in an array.
Choose an identifying letter from the drop-down box.
Blocked Hosts
This tab is used to enter the names or IP addresses of SMTP servers which are
not allowed to deliver email to MailMarshal. MailMarshal will refuse SMTP
connections from these servers.
To activate host blocking, click the checkbox then click the New button. Enter
a host name or IP address in the field provided. Wildcard entries are not
supportedeach host name or address must be entered in full.
To edit an entry in the list, double-click to enable editing.
To delete an entry, select it then click the Delete button.
Host Validation
This tab is used to configure email blocking based on domain name
information. Messages may be blocked outright, or logged, if they come from
a host listed in a MAPS or MAPS compatible database. These databases list
open email relays and other Spam related hosts.
Messages may also be blocked based on reverse DNS lookups to confirm the
identity of the sending host.
Note
These features intentionally refuse email messages from sites that fail the
MAPS Lookups
To enable checking of the MAPS database (and compatibles), check the
appropriate box. Individual databases must also be enabled using the Edit
process (below).
To add a new MAPS-compatible database for checking, click the New button to
see the New MAPS RBL Compatible Validator dialog (Figure 16.16).
The checkbox Enable this validator specifies whether the service will be used.
The checkbox Block email if address is listed specifies how the service is used. If
the box is not checked, email from hosts in the database will be logged to the
Windows NT event log, but not refused. This option is useful for what if
testing purposes.
In the first text box, enter a name by which the service will be known within
MailMarshal.
In the second text box, enter the domain name of the service (eg.
blackholes.mail-abuse.org).
In the third text box, enter a message to return to the external SMTP server if
no message is returned by the MAPS service.
Click OK to return to the Host Validation tab.
To edit a MAPS-compatible database listing, select it and click the Edit button.
To delete a listing entirely, select it and click the Delete button.
DNS Validation
To validate hosts sending incoming email against DNS information, click on
the appropriate checkbox. MailMarshal will perform a reverse DNS lookup on
the IP address from which email is being sent.
Select an option using the radio buttons.
Header Rewrite
MailMarshal can modify email header and envelope detail (eg. to allow email
aliasing). Modification is performed by the MailMarshal Receiver during email
message receipt and is controlled by a series of user-configurable header
rewriting rules that are created under the Header Rewrite tab (see Figure 16.17).
The rewriting rules use a regular expression engine to perform the matching
and substitution. Regular expressions are extremely powerful but somewhat
difficult to construct. Great care should be taken to ensure that the rules
perform only the changes required. Some examples of actions that can be
performed are
Address modification - for example, changing user@host.domain.com to
user@domain.com.
Field removal - for example, stripping out the received: lines from outbound
messages.
Alias substitution - for example, replacing addresses via a lookup table, as
in user1@olddomain.com being replaced by user2@newdomain.com.
Domain masquerading - for example, replacing all addresses in
thisdomain.com with identical addresses in thatdomain.com.
Note
Please note that this is an advanced option and most sites will not need to
use this facility. Test any rules thoroughly, as errors may cause all affected
Field Matching
Most standard email header fields can be rewritten. For instance, to modify the
appearance of internal email addresses to outside recipients you would select a
combination of the fields From:, Envelope return path and Reply-to:.
The following table shows the field data that is passed to the substitution
engine for the various parsing methods.
Domain domain.com
domain2.com
When modifying address fields in the email header you would usually select the
field parsing method Email Address. Each email address in the field is then
passed to the substitution engine, while no other characters will be changed.
Substitution Options
An optional exclusion filter allows you to specify an expression that, if
matched, will prevent the field being substituted. This is provided since it can
be difficult to express exclusions in regular expressions.
The field search expression is a regular expression that is used to select the data
that will be substituted. For instance, the expression
Substitution Actions
Three actions are available to be taken on the data matched.
Substitute into field using expression allows the matched data to be replaced using a
sed or Perl-like syntax. Using the example given above, the substitution
expression
$1@$2.co.uk.eu
Testing
The final dialog of the Header Rewrite Wizard (see figure 16.19) allows the new
rule to be named, and provides for a comment which should explain the
purpose of the rule. To test the rule, enter a sample string in the Source box
and click Test. If the result is not as expected, go back and modify the rule.
When satisfied, click Finish to return to the Header Rewrite tab. If several rules
are in use, adjust the order of evaluation using the arrows.
Reserved Characters
The following characters are reserved as operators:
*.?+(){}[]$\|^
To match any of these characters literally, precede it with \
To match marshalsoftware.com enter marshalsoftware\.com
Wildcard Character .
The dot character . matches any single character.
Repeat Operators * + ? {}
A repeat is an expression that occurs an arbitrary number of times.
An expression followed by * can be present any number of times, including
zero. An expression followed by + can be present any number of times, but
must occur at least once. An expression followed by ? may occur zero times or
once only. A precise range of repeated occurrences may be specified as a
comma-separated pair of numbers within {}. For instance,
ba* will match b, ba, baaa, etc.
ba+ will match ba or baaaa for example but not b.
ba? will match b or ba.
ba{2,4} will match baa, baaa and baaaa.
Parentheses ( )
Alternatives
Alternatives occur when the expression can match either one sub-expression or
another. In this case, each alternative is separated by a |. Each alternative is
the largest possible previous sub-expression (this is the opposite to repetition
operator behavior).
a(b|c) could match ab or ac
abc|def could match abc or def
Reports 17-1
machine from the drop-down list (or enter its name or IP address if necessary).
Select the option SQL Server authentication. Check the box to require login. Use
the login and password configured when the database was created. For MSDE
and many SQL installations, the default login sa with no password will work.
The Client Configuration button is used to select a protocol for communication
with the database. If the logging database is on the other side of a firewall
from the Reports computer, use Client Configuration to choose TCP/IP
connection and port 1433, then click OK. Ensure that the firewall is configured
to allow traffic on this port.
Click Next to continue to the next screen. Check the box to change the default
database; select the MailMarshal database from the list. On the next screen,
click Finish.
In the Reports database, enter the appropriate data source name, user name,
and password if required, then click Connect to establish the connection. The
connection will be remembered when Reports is run again.
To Produce Reports
Run the Reports application from the Start menu.
17-2 Reports
To view the list of available reports, expand the various branches of the left
pane menu tree.
Select a report by clicking on it in the left pane. Information about the report
is shown in the lower right pane. Any options for the report type are given in
the upper right pane.
Choose the appropriate options. To choose an arbitrary range of dates, select
the Other radio button, then use the drop down menus to see a date picker.
When all options are chosen, click Preview to view the report on screen.
To print a report, use File|Print from the Access menu. To send the report via
email, use File|Send To and select an appropriate format, such as Rich Text.
Reports 17-3
18. The Console
The top section displays the status, version number, and number of messages
processed for each MailMarshal Service. Click the button View Detailed Status to
see details in the MailMarshal Services screen.
The middle section displays recent Service Alerts. Click the button View Alert
History to see a complete list in the Alert History screen.
The bottom section displays information on Remote Access (dial-up
connectivity) and Mail Batching, including the next scheduled send and polling
times. Click the button Send/Receive Now to initiate an immediate check and
dispatch of queued messages.
Receiver State
The following information about the Receiver is available:
Internal Msgs: the number of messages, addressed to recipients in
MailMarshals local domains, which have been processed today.
External Msgs: the number of messages, addressed to recipients outside
MailMarshals local domains, which have been processed today.
Message details: a pane shows details of each message being processed by the
Sender State
The following information about the Sender is available:
Internal Msgs: the number of messages, addressed to recipients in
MailMarshals local domains, which have been processed today.
External Msgs: the number of messages, addressed to recipients outside
MailMarshals local domains, which have been processed today.
Message details: a pane shows details of each message being processed by the
Sender, and its status.
Active Threads: the number of messages currently being processed by the
Sender service.
Msgs Queued: the number of messages waiting to be sent.
Domains Queued: the number of unique Internet domains to which messages
are waiting to be sent.
Sender Actions
A message visible in the detailed Sender list can be killed (deleted) by selecting
it and clicking the Kill Message button.
A detailed list of information about domains for which email is queued (waiting
to be sent) can be viewed by clicking the button View Domains (or the menu tree
Domain Detail
Double-click on a domain record in the Queued Domains screen to view details in
the Domain dialog (see Figure 18.4). The upper pane of this dialog shows a list
of MX records found for the domain. The lower pane shows details of each
message awaiting delivery to this domain.
Highlight one or more messages in the lower pane then click Kill Message to
delete the messages. Click the Retry Domain Now icon in the toolbar to force an
immediate attempt to deliver messages to this domain.
Note
These actions will be grayed out if the user does not have sufficient
permissions.
Message Folders
To view a list of MailMarshals message folders, expand the menu item Mail
Folders. These Folders include the Archive, Parking and regular folders into
Forwarding a Message
To forward a message, select it then click the Forward icon on the toolbar (or
open it then click the Forward icon on the message window toolbar). To forward
to multiple addresses, enter them separated by semi-colons (eg.
RichardN@example.com; GeraldF@example.com).
Deleting a Message
To delete a message, select it then click the Delete icon. This option deletes the
Processing a Message
One or more messages may be selected for processing. Clicking the Process
Message(s) icon raises the Process Message dialog box (see Figure 18.6). The
following actions are available:
Mail History
Mail History is a record of recent messages processed by MailMarshal. By
default no more than 1000 items will be retrieved. This number may be
adjusted by choosing Tools|Options from the menu.
This information is derived from the report logging database, so logging must
be enabled to view the history.
To view the history, select Mail History in the console tree.
Messages which were successfully sent display a yellow envelope icon and Sent
To: information in the Status column.
Messages which passed the Rule processing but could not be sent display an
icon with a red x and the failure reason in the Status column.
If a message triggers a rule which generates a logging classification, the icon
will be blue and the Status column will display the text associated with the
classification. In addition, the Class Code column shows the numerical logging
Alert History
To view a historical list of service alerts, select Alert History in the menu tree.
What is S/MIME?
S/MIME is an industry standard method of protecting email privacy using the
Public Key Infrastructure (PKI). MailMarshal Secure interoperates with other
S/MIME aware products, whether server-based or workstation-based.
PKI begins with two digital Keys, known as the Public and Private Key. Public
Keys are made freely available, while Private Keys are kept secret and secure.
The Public Key is contained in a digital certificate. A Certificate may be
generated within MailMarshal, or issued by a trusted authority. The Keys are
known as an asymmetric pair; messages encrypted using the Public Key can
be read with the Private Key.
Public Certificates are maintained in a database such as MailMarshals
Certificate Database. A Certificate may be exported into a file which is made
available to sites with which S/MIME email will be exchanged.
PKI allows email to be processed in two ways, known as Encryption and
Signing. They are often used togethera message may be both encrypted and
signed.
Encryption is the scrambling of a message so that it is illegible until
decrypted. Typically email sent to a site will be encrypted with the recipients
Public Key (which any sender may have); such messages can only be decrypted
by the recipient using their Private Key.
Signing involves processing a message using a Private Key, to generate a unique
block of data known as the signature. The sender signs a message using
her Private Key. This signature is sent with the original message. The recipient
can determine that the message is unchanged and that it originated from the
sender, by testing it using the senders Public Key.
Note
The Import button for Certificates is available on the first four tabs. It will
import the certificate to the appropriate location based on certificate type,
regardless of which tab is showing. Eg. a personal certificate will be placed in
the other people list even if import is invoked while the our domains tab
Select a key strength using the radio buttons. Stronger keys are more secure but
require more processing time when used. 1024 bits is the standard key strength
in common use.
If desired, check the box to generate two certificates, one for signing and one
for encryption. The appropriate settings will be entered into the database for
each certificate.
Select a validity period using the radio buttons. Shorter validity periods require
more administration (as new certificates must be created and exchanged), but
may enhance security by becoming outdated more quickly.
Choose the source of the certificate using the radio buttons. Self-signed
certificates are typically adequate for encryption and signing between partner
Edit Settings: Select a Certificate from the list, then click Edit Settings to bring up
the Edit Certificate Details dialog (see Figure 19.5).
Import Certificate: Click on Import and choose the name of a certificate file to be
imported. MailMarshal recognizes several common certificate file types.
Delete Certificate: Select a Certificate from the list and click on Delete.
Export Certificate: Select a Certificate from the list. Click on Export, then choose
the file format to be used. Enter the file name and location, and save the file.
This file may be sent to another site if appropriate for use in transmitting
encrypted email.
View Details: Select a Certificate from the list, then click View Details to see the
information it contains including validity dates. In the Details dialog, select the
Certification Path tab to see the details of all certifying authorities.
Edit Settings: Select a Certificate from the list, then click Edit Settings to bring up
the Edit Certificate Details dialog (see Figure 19.5).
If this Certificate is to be used to process email to or from more than one
email domain, add the appropriate names to the list in the top pane. Ask the
certificate holder for a list of valid domains. Enter one domain name per line.
Wildcards are not allowed.
Choose the level of trust for the certificate. Explicitly Trust This Certificate, the
default, allows the certificate to be used. Explicitly Dont Trust This Certificate will
CRLs tab
This tab is used to import and manage Certificate Revocation Lists, which are
issued by Certificate issuers to invalidate Certificates before their expiration
date.
Import from File: Click this button and select a file containing the CRL to be
Delete: Select a CRL from the list and click this button to delete it. MailMarshal
will no longer have access to the revocation information from this source.
Note
Automatic CRL updating requires MailMarshal to access remote websites.
The Internet connection and proxy settings should be configured within
Internet Explorer on the MailMarshal Server computer.
2. The next two rules check that incoming messages are validly encrypted
and signed, and warn the user (or other appropriate person) if they are
not. Warning could be by stamping or by email notification.
Note
A more restrictive option would be to quarantine such messages in a Folder.
When a message arrives
Where addressed from othercompany.com
Where message is not encrypted
Send a Not Encrypted notification message
and pass the message to the next rule for processing
3. The next rule blocks any email that MailMarshal cant decrypt. If
MailMarshal cannot decrypt the message it will be unable to check the
contents.
When a message arrives
Where addressed from othercompany.com
Where message is encrypted and cannot be decrypted
Send a Can’t Decrypt notification message
and move the message to Encrypt Problems
A number of sub-conditions are available within this condition. More than one
Rule could be implemented to inform administrators and recipients about the
various outcomes.
Message was signed and verified: The message has a valid signature. This
option might be used to stamp validly signed messages to assure the user of
this fact.
Not signed: The message has no signature. This option is used to check that
email is signed.
Signing certificate has expired: The message has no valid signatureeither
the signing certificate, or a certificate in the chain of trust, has expired.
Signing certificate is not trusted: The certificate, or a certificate in the chain
of trust, has been marked as distrusted by the administrator (using the
MailMarshal Certificate Manager).
Signing certificate could not be verified: MailMarshal has been unable to
check the trust of the certificate (eg. the certificate or its root are not in the
database, or the email address for the sender does not match the address set up
for the certificate).
Click the Add button beside the LDAP servers list. Select an LDAP connection
to be added to the list. If more than one connection is specified, MailMarshal
will query the servers in order from top to bottom. To configure LDAP
connections for certificates, see the chapter LDAP Connections.
Note
Use this feature only as a backup, or where certificates are known to be
available for the addresses affectedfor example, where a company stores
certificates for all employees on the LDAP server. If a certificate is not
available, the email message will be deadlettered (unless a Rule overrides this
behaviorsee the condition Where message cannot be encrypted).
SmartCo
SmartCo is a merchandise marketing company with about 200 employees.
These employees use email for a number of different business-related purposes.
SmartCo has deployed MailMarshal to support its Acceptable Email Use Policy.
The Policy has several goals:
1. to protect the companys systems against virus infection.
2. to ensure the efficient use of network resources (bandwidth and file
storage).
3. to ensure that internet email is used in ways appropriate to employees
responsibilities.
4. to address legal liability and intellectual property issues.
To implement its Acceptable Use Policy, SmartCo has implemented several of
the Rulesets which are provided with MailMarshal. Most of the elements have
simply been turned on, although some have been customized slightly. Policy
compliance is monitored using MailMarshal Reports to report on triggered
rules.
All of the Rules discussed below are found in three MailMarshal Rulesets which
Script-based viruses and viruses associated with known message text are
blocked using using three Rules: Block VBScript, Block JavaScript, and Block
Known Worms. These Rules invoke TextCensor scripts to scan the content of
the messages and attachments.
Viruses and other malicious code are further limited by two additional Rules,
Block Dangerous Attachments and Block Executable Files. These rules check the
actual file extensions and the internal file types of attached files. Because the
Messages from known junk mail sites are blocked using the Block Junk Mailers
Rule. To support this Rule, a list of problem addresses has been added to the
user group JunkMailers.
Outbound mass mailings are deferred until after business hours using the Park
large files Rule. This helps to maximize the network bandwidth available
during the day.
Reports
SmartCo tracks compliance with its Acceptable Use Policy using the
MailMarshal Reports. The primary report used is the detailed report Logging
Rule by Local Domain. This report shows the number and size of messages
which triggered each Rule, by user name.
The graphical bandwidth usage report is also used for planning purposes.
Encrypted Email
The Basic Security Rules section in the chapter MailMarshal Secure contains a set of
rules which implements encrypted email from gateway to gateway.
Two enhancements to this ruleset are suggested to cover additional cases:
multiple gateway-to-gateway partners, and gateway-to-desktop encryption for
2. The next two rules check that incoming messages are validly encrypted
and signed, and warn the user (or other appropriate person) if they are
not. Warning could be by stamping or by email notification.
When a message arrives
Where addressed from Gateway Encryption Partners; Desktop
Encryption Partners
Where message is not encrypted
Send a Not Encrypted notification message
and pass the message to the next rule for processing
3. The next rule blocks any email that MailMarshal cant decrypt. If
MailMarshal cannot decrypt the message it will be unable to check the
contents.
When a message arrives
Where addressed from Gateway Encryption Partners; Desktop
Encryption Partners
Where message is encrypted and cannot be decrypted
Send a Can’t Decrypt notification message
and move the message to Encrypt Problems
Blocking Spam
MailMarshal provides several resources for blocking Unsolicited Commercial
Email and other forms of Spam.
Two anti-Spam Rules are present in the default Inbound ruleset and should be
enabled.
Block Junk Mailers checks for email addresses associated with unwanted
email. The addresses are contained in the User Group Junk Mailers, which
Email Aliasing
MailMarshals Header Rewrite facility can be used to allow email aliases for an
organization. Aliasing may be useful where internal email is addressed to many
servers but outside users use a single domain name for all recipients.
An example of rewriting of outbound message headers (to control the visibility
of internal servers and addresses) is provided in the Header Rewrite section of
the chapter Server Properties.
An example of rewriting of incoming message envelope details (to direct each
recipients messages to the appropriate internal server) may be found in the
Knowledge Base on the Marshal Software website.
A number of problems may arise when using email systems that can interfere
with MailMarshal operation. Therefore, if a problem occurs it may be that
MailMarshal is reflecting an external or internal email or network problem.
When analyzing problems, the following resources may be useful.
MailMarshal Console
Check to see that the MailMarshal services are running. The Alert History
shows stop and start information for each service. If necessary, restart the
services using the Configurator.
Note
If the MailMarshal Controller service is stopped, the other services cannot
continue and the Console and Configurator will indicate Failed to Connect.
Restart the MailMarshal Controller using the Windows Control Panel Services
applet.
Check the Console Services screen to see whether email is being processed.
Check the Mail History screen to see whether email has being sent, and any
errors that the Sender may have encountered. If there are many Failed to
connect or Unable to resolve domain messages this usually indicates a
downstream network, SMTP, or DNS problem.
Troubleshooting 21-1
control the rejection of messages at this point. The Receiver places each
accepted message in a file in the Incoming directory. The Engine then retrieves
each message file from the Incoming directory, unpacks it and processes it
according to the Standard Rules. A message which is not blocked or moved by a
Rule is placed into the ProcessedOK directory. The Sender then takes the message
file from that directory and places it in the Sending directory for delivery.
Note
If MailMarshal Secure is installed and Security Rules are in use, files from the
Incoming folder are processed by the MMDecrypt service which places the
files in the Decryption folder for the Engine. Messages to be sent are placed in
the Encryption folder for processing by MMEncrypt.
Email queued in the Incoming directory indicates a problem with the Engine
serviceeither the engine has stopped or the rules are incorrectly configured.
Email queued in the Sending directory points to a problem with the sender
service.
21-2 Troubleshooting
Running MailMarshal in Debug Mode
MailMarshal services can also be run in debug mode from a command prompt.
Using this facility, the user can see the results of the system logging in real
timewhich is particularly useful for resolving problems, testing new rules, or
determining why a service fails to start.
To use this facility, ensure that the service(s) to be debugged are stopped. Then
go to the MailMarshal directory and enter one or more of the following:
mmengine -debug
mmreceiver -debug
mmsender -debug
For example, to test the passage of a particular email message, run the Receiver
and Engine services in debug mode. Use an email client (such as Outlook
Express) to send email and monitor its progress through the Receiver and
Engine.
Troubleshooting 21-3
(in the Control Panel under System|Network Identification|Properties|More).
In Windows NT, this information should be entered as a Domain (in the
Control Panel under Network|Protocols|TCP/IP Protocol properties, DNS
tab).
Further Help
For any problems not listed here, please see the FAQs, Knowledge Base and
Forum on the Marshal Software website. If these resources do not resolve the
issue please contact your Marshal Software Distributor or Marshals support
desk.
Email: support@marshalsoftware.com
21-4 Troubleshooting
22. MailMarshal and
the MMC
The MailMarshal Configurator and Console are implemented as snap-ins to the
Microsoft Management Console (MMC). Users of other MMC applications
(such as WebMarshal 2.x Console and Microsoft SQL Server) will be familiar
with this interface.
By default, the MMC features a tool bar, a menu, and two main panes. The left
pane contains a menu tree, while detailed information appears in the right pane.
To expand an element (branch) of the menu tree, click on the associated +
symbol. This will show the elements contained within this branch.
To select an item in either pane, click on it to highlight it.
Selecting an item in the left pane will display the associated detail information
in the right pane.
To collapse an expanded menu element click on the associated - symbol.
If the left pane is not visible, click the Show/Hide Console Tree icon in the
toolbar. It should appear pushed in.
Note
The tool bar and menu bar of MMC are context dependent. The available
icons and choices depend on which item is selected in the main panes. If an
icon referred to is not visible, ensure that the appropriate item is selected.
For instance, the arrow icons, which allow rules to be moved up or down in
order of evaluation, are only visible when a rule is selected in the right pane.
While this manual usually refers to choices from the tool bar, in many cases the
MMC also provides equivalent choices from pop-up context menus, which are
made available by right-clicking on the selected item.
Stop and start the Microsoft Exchange Internet Mail Service from the Services
Control Panel applet.
Comment out the line by prefixing it with the # character, and add the new
material:
# smtp 25/tcp mail
# Change default smtp port to 97 to allow both Microsoft
# Exchange and MailMarshal to exist on same machine
smtp 97/tcp mail
Save the Services file and close Notepad. Stop and start the Microsoft Exchange
Internet Mail Service from the Services Control Panel applet.
Note
This example uses port 97, but any available port number may be chosen as
long as it does not conflict with any other service on the same machine.
Change the Relay host field to the IP address of the MailMarshal machine, eg.
192.168.2.218. This will ensure that out-going messages are passed to the
MailMarshal machine.
Restart the SMTPMTA.
1. Select the Domino Server for which the mail relay setting must be
changed.
2. Click on the Configuration Tab.
3. Select Messaging, Messaging Settings.
4. On the Basics Tab find the entry for Relay hosts leaving the local
Internet Domain; enter the IP address of the MailMarshal server, eg.
10.2.1.7.
From the server console or a remote session from the Domino Administrator
type the following
>Tell SMTP quit
Once the message that the SMTP service has stopped has appeared on screen
type the following
>load SMTP
The new settings should now be active. The SMTP listening ports can be
checked by typing
>sh tasks
1. Select the Domino Server for which the mail relay setting must be
changed.
2. Click on the Configuration Tab.
3. Select Messaging, Messaging Settings.
4. On the Basics Tab find the entry for Relay hosts leaving the local
Internet Domain; enter 127.0.0.1.
From the server console or a remote session from the Domino Administrator
type the following
>Tell SMTP quit
Once the message that the SMTP service has stopped has appeared on screen
type the following
>load SMTP
The new settings should now be active. The SMTP listening ports can be
checked by typing
>sh tasks
Index I-1
Exchange, see Microsoft Exchange L
Exporting configuration, 12-6, 16-18 LDAP, 6-1, 15-1 to 15-5, 19-19
External Commands, 5-14, 5-16, 9-1 License Key, see Keys
Licensing, 16-14 to 16-17
F Licensing Agreement, i
Filtering, 1-2, 5-3, 16-26 Local Domains, 2-3, 3-2 to 3-5, 3-11,
Fingerprints, see Valid Fingerprints 5-9, 5-20, 16-8 to 16-10
Firewall, 2-3, 2-4, 2-8, 3-6, 3-13, 3-14, Localhost, 2-4, 3-11, A-1
16-3, 16-11, 17-2 Logging, 3-8, 4-2, 16-11, 17-2, 18-11,
Folder Actions, Console, 18-7 21-2
Folders, 10-1 to 10-4, 16-17, 18-6 to Logging Classifications, 13-1, 13-2
18-7 Logs (message), 18-8 to 18-10
Archive, 18-7 Lotus Notes, A-4 to A-7
DeadLetter, 8-4, 9-2
Parking, 10-2 M
Standard, 10-2 Mail, see also Email
Batching, 3-7, 16-5 to 16-8
G History, 3-8, 18-11, 21-1
Gateway-to-Gateway encryption, 19-2, MAPS, 16-22, 16-23
19-4, 19-20, 20-6 Message Folders, see Folders
Goto action, 5-5, 5-18 Message log, 12-7, 18-9 to 18-11
Message names, 18-7, 21-2
H Message parking, 10-2, 5-18, 18-6
Hardware requirements, 2-1 Message Stamp, 5-17, 14-1, 14-2,
Header Rewrite, 16-24 to 16-31 16-20, 19-2
Help, 1-4 Microsoft Active Directory Server,
History, see Alert History, Mail History 15-2, 15-3
Host Validation, 16-21 to 16-24 Microsoft Management Console
(MMC), 22-1
I Microsoft Exchange, A-1 to A-3
Importing configuration, 12-5, 16-18 Microsoft Proxy Server 2.0, 3-11
Importing Certificates, 19-7, 19-9 Moving MailMarshal, 21-4
Installation, 3-1 to 3-15, 17-1, 19-2 MSDE, 2-2, 3-2, 19-2
Internet Explorer, 2-2, 19-12 MX record, 2-4, 3-2, 3-14, 16-8, 18-6
ISP, 2-3 to 2-5, 3-6, 16-3, 16-7
N
K News and Support, 4-5
Keys, MailMarshal license, 3-2, 3-4, Notes, see Lotus Notes
16-15, 16-16, 19-2 Notifications, 3-5, 5-17, 8-4, 9-2, 11-1,
S/MIME enabled, 16-16, 19-2 16-2, 21-2
Keys, PKI, 19-1 to 19-15
Knowledge Base, 1-4 O
ODBC, 17-1
Online Help, 1-4
I-2 Index
Order of Evaluation, 5-5, 5-18, 12-1, Rule User Matching, 5-8 to 5-10
16-10, 16-26 Rules, 5-5 to 5-19, 19-13 to 19-21
P Header Rewrite, 16-24 to 16-31
Pass message to rule, 5-5, 5-18 Rulesets, 5-1 to 5-6
Permanent Key, 16-14 to 16-16 Enabling, 5-4
POP3, 2-3, 3-3, 7-1, 16-7, 16-9 Printing, 5-2
Ports, see TCP ports
Prerequisites, 2-1, 16-20, 17-1, 19-2 S
Process message, 18-8 Scanners, see Virus scanners
Proxy Certificate, 19-2, 19-9, 19-13, Schedules, 5-18, 6-2, 10-3, 15-4, 16-6,
19-17 18-3
Proxy server, 3-11 Security issues, 10-4, 15-5, 16-16, 18-2
Proxy settings, HTTP, 19-12 Sender, MailMarshal, 1-2, 16-19, 18-5,
21-1 to 21-3
Q Server Array, 16-20
Quarantine folders, see Folders Server Properties, 16-1 to 16-31
Quarantined messages, 10-2, 18-2, Server Threads, 16-19
18-8 Service Alerts, 18-3, 18-12
Queued Domains, 18-2, 18-5, 18-6 Services, MailMarshal, 1-2, 4-2, 16-7,
Queues, message, 18-5, 18-6, 21-2 18-4, 21-1
Signing, message, 19-1, 19-15, 19-17
R S/MIME, 19-1
RAS, 16-4 SMTP, 2-2, 2-4, 3-11
Receiver, MailMarshal, 1-2, 3-11, 5-6, Software requirements, 2-1, 2-2, 16-20,
16-19, 18-4, 21-1, 21-3 17-1, 19-2
Regular Expressions, 16-24 to 16-31 Spam, 5-15, 16-12, 16-21, 20-8
Relay Domains, 3-3, 16-9 SQL Server 7.0, 2-2, 16-11, 17-2
Relaying, 2-3, 5-20, 7-2, 16-12 Subject line, 12-3, 12-5
See also Anti-Relaying Support, 21-4
POP3 Authentication, 7-2
Release message, 18-8 T
Reload Rules, 4-2 TCP ports
Reports, 3-8, 16-11, 17-1 to 17-3 110, 2-6
Restoring configuration, 12-5, 16-18 1433, 2-7, 16-11, 16-16, 17-2
Routing, email, 2-2, 2-3, 21-4 19001, 2-7, 18-1, 18-2
RTF message stamping, 14-1, 16-20 25, 2-4 to 2-7, 3-11, A-1
Rule Actions 97, 2-4, 2-6, 3-11, A-1
Receiver, 5-19, 5-20 Templates (email notification), 5-17,
Security, 19-17 to 19-21 11-1 to 11-3
Standard, 5-15 to 5-19 TextCensor Scripts, 12-1 to 12-7
Rule Conditions Troubleshooting, 21-1 to 21-4
Receiver, 5-19
Security, 19-15 to 19-17 U
Standard, 5-10 to 5-15 Uninstalling MailMarshal, 3-14
Index I-3
User Groups, 5-3, 6-1 to 6-3, 15-1,
16-8
User Matching, see Rule User Matching
V
Valid fingerprints, 5-2, 5-17, 16-18,
18-9, 21-4
Virus Scanners, 5-14, 8-1 to 8-6, 9-2
W
Website, Marshal Software, 1-4
Wildcards, 16-10, 16-11
Working directories, 21-2
I-4 Index