Configure Scrollout F1 email firewall
July 17, 2012 25 Comments
An email gateway (a.k.a. firewall) is a machine (physical or virtual) installed between Internet and the email server.
Its primary role is to protect the email server by filtering incoming messages, via SMTP protocol, from Internet.
Secondary, an email gateway may be used as an outgoing gateway in case you want to add some new email features which are not provided by older email servers. For instance, Exchange 2000 or 2003 has no DKIM signing and verification service – a quality improvement for message delivery.
The features offered by Scrollout F1 are presented on short in About page.
After installation, the configuration is pretty easy.
In order to start using this application you need to cover only the BASIC CONFIGURATION (points 1 and 2 below).
Set the network connection: IP address, subnet mask, gateway and DNS.
You need to mention your domains and the responsible email server for each domain. Each domain must be unique, but the servers can have same value in case you are using one email server for multiple domains.
The gateway system will become responsible for receiving emails that are addressed to all domains mentioned in this page and will forward the messages to the email servers.
Optionally, in case you want to use the gateway for sending outgoing messages, Scrollout offers a DKIM signature and the values that are necessary to be used in your DNS server for each domain. In case that your email servers are using IP addresses different than standard intranet CIDR (10.0.0.0/8, 192.168.0.0/24, 172.16.0.0/12) you must mention the range or IP in CIDR format by clicking “OUTBOUND”.
Note, this requires some time to process and the web interface will be provided before finishing the task in order to allow you to make other settings in the meantime.
Now, you are ready to point your incoming SMTP traffic to Scrollout box. This can be done via an existing router (or firewall) or by modifying DNS MX records for each domain. The first method is much simpler.
- You can set the aggressiveness by clicking on a number between 1 and 10 (green is aggressive, red is permissive). Each filter is explained in the web gui.
- Set the geographical area in which you have business, you may have business or you are 100% sure you will never have any business (contact).
SPAM & LEGIT has two roles:
Quarantine role:Indicates the quarantine mailbox hosted on your email server. All spam and infected messages will be recorded in this mailbox along with a reporting email.
Feeder role: Scrollout F1 can learn from legit and spam messages, block sender email address and whitelist the sender domain using same Collector mailbox that is used for quarantine.
Using an IMAP Client like MS Outlook you can easily drag & drop multiple emails into mailbox folders.In order to use the feeder feature, you need to:
- Create two additional folders under this mailbox. Lets create a GOOD folder and a BAD folder.
- Activate IMAP service on your email server.
- Input the name, user & password of the mailbox, server IMAP address, and the GOOD and BAD folders.In case you created subfolders (instead of folders) under Inbox, you need to mention Inbox\GOOD and Inbox\BAD. Never use standard folders like Inbox and Sent Items. Scrollout deletes messages after reading.
Tip 1: With Microsoft Office Outlook you can open multiple mailboxes simultaneously. This method allows you to easily drag & drop multiple emails from other mailboxes in GOOD & BAD folders.
Tip 2: The Collector mailbox can be opened by multiple users via IMAP and they can share the GOOD and BAD folders. Depending on the permissions set they can read, contribute, delete etc.
Tip 3: Never whitelist public email providers (yahoo, gmail, hotmail etc.). By doing that, you will allow a large number of spammers to send junk emails. In case you did that, find spam emails originating from those domains and drag them in BAD folder.
Spam traps: its goal is to infect spammers’ databases with traps (alphabetically). Press “Get code” and hide the email addresses from the csv file into your web page. In approximately 1 month you will receive spam in the Collector’s Inbox which can be used to feed Scrollout F1.
LiteDLP can be used to:
- block files using MD5 signatures. In case the file is modified, it will not be blocked. It is useful to block files that cannot be blocked by content filters and are rarely modified: e.g. personal sensitive pictures, designs, scanned documents without text etc.
- detect and block keywords and phrases in MS Word, Excel, PowerPoint, PDF and scanned documents containing text.
The sensitive email must reach the score level set in Security > LiteDLP, . The score is the sum of all keywords and phrases found in the entire email content (sum of all results found in all attachments + email body). In this way, we cover the cases when the sender breaks a document in multiple pieces in order to trick the scoring.
In order to provide the files and phrases to be blocked by Scrollout F1, you need to share a folder on a Windows PC or Server and provide write permissions for the account mentioned in LiteDLP page.
LiteDLP is mainly addressed to managers and leaders, not to IT staff. Thus, you may provide write permission to a Management\Leadership Group (in Active Directory) for the shared folder.
I’m an infrastructure admin and in practice the informational flow (involving data leakage) is:
step 1: managers, chefs and team leaders are assigning tasks, in their departments, providing necessary information and documents.
step 2: the information and documents are leaked (accidentally or not) from their departments to external emails (personal emails or, worse, to third parties).
In response: any information and documents, that are for internal use only, should be addressed to LiteDLP too.
IT staff can assist, but cannot decide and act in these cases.
In addition, LiteDLP attempts to detect compressed files and files without extension type (including multimedia files).
LOGS- Watch traffic in action.
STATS- See statistics.
Scrollout F1 is under development. You will receive automatic updates with each improvement.