Configure Scrollout F1 email firewall

An email gateway (a.k.a. firewall) is a machine (physical or virtual) installed between Internet and the email server.

Its primary role is to protect the email server by filtering incoming messages, via SMTP protocol, from Internet.

Secondary, an email gateway may be used as an outgoing gateway in case you want to add some new email features which are not provided by older email servers. For instance, Exchange 2000 or 2003 has no DKIM signing and verification service – a quality improvement for message delivery.

The features offered by Scrollout F1 are presented on short in About page.

After installation, the configuration is pretty easy.

In order to start using this application you need to cover only the BASIC CONFIGURATION (points 1 and 2 below).

Basic configuration:

  1. CONNECT

    Set the network connection: IP address, subnet mask, gateway and DNS.

    CONNECT

    CONNECT

  2. TRAFFIC

    You need to mention your domains and the responsible email server for each domain. Each domain must be unique, but the servers can have same value in case you are using one email server for multiple domains.

    The gateway system will become responsible for receiving emails that are addressed to all domains mentioned in this page and will forward the messages to the email servers.

    Optionally, in case you want to use the gateway for sending outgoing messages, Scrollout offers a DKIM signature and the values that are necessary to be used in your DNS server for each domain. In case that your email servers are using IP addresses different than standard intranet CIDR (10.0.0.0/8, 192.168.0.0/24, 172.16.0.0/12) you must mention the range or IP in CIDR format by clicking “OUTBOUND”.
    Note, this requires some time to process and the web interface will be provided before finishing the task in order to allow you to make other settings in the meantime.

    Now, you are ready to point your incoming SMTP traffic to Scrollout box. This can be done via an existing router (or firewall) or by modifying DNS MX records for each domain. The first method is much simpler.

    TRAFFIC Route

    TRAFFIC Route

Advanced configuration:

    1. SECURE

      SECURITY

      SECURE > Security

      SECURE > Security

        You can set the aggressiveness by clicking on a number between 1 and 10 (green is aggressive, red is permissive). Each filter is explained in the web gui.

      COUNTRIES

        Set the geographical area in which you have business, you may have business or you are 100% sure you will never have any business (contact).

      SECURE > Countries

      SECURE > Countries

    2. COLLECT

      SPAM & LEGIT has two roles:

      Quarantine role:Indicates the quarantine mailbox hosted on your email server. All spam and infected messages will be recorded in this mailbox along with a reporting email.

      Feeder role:  Scrollout F1 can learn from legit and spam messages, block sender email address and whitelist the sender domain using same Collector mailbox that is used for quarantine.
      Using an IMAP Client like MS Outlook you can easily drag & drop multiple emails into mailbox folders.In order to use the feeder feature, you need to:
      - Create two additional folders under this mailbox. Lets create a GOOD folder and a BAD folder.
      - Activate IMAP service on your email server.
      - Input the name, user & password of the mailbox, server IMAP address, and the GOOD and BAD folders.In case you created subfolders (instead of folders) under Inbox, you need to mention Inbox\GOOD and Inbox\BAD. Never use standard folders like Inbox and Sent Items. Scrollout deletes messages after reading.

      Tip 1:
      With Microsoft Office Outlook you can open multiple mailboxes simultaneously. This method allows you to easily drag & drop multiple emails from other mailboxes in GOOD & BAD folders.
      Tip 2: The Collector mailbox can be opened by multiple users via IMAP and they can share the GOOD and BAD folders. Depending on the permissions set they can read, contribute, delete etc.
      Tip 3: Never whitelist public email providers (yahoo, gmail, hotmail etc.). By doing that, you will allow a large number of spammers to send junk emails. In case you did that, find spam emails originating from those domains and drag them in BAD folder.

      Spam traps: its goal is to infect spammers’ databases with traps (alphabetically). Press “Get code” and hide the email addresses from the csv file into your web page. In approximately 1 month you will receive spam in the Collector’s Inbox which can be used to feed Scrollout F1.

      Collector & Feeder

      Collector & Feeder

      LiteDLP can be used to:

      Lite Data Loss Prevention

      LiteDLP

      - block files using MD5 signatures. In case the file is modified, it will not be blocked. It is useful to block files that cannot be blocked by content filters and are rarely modified: e.g.  personal sensitive pictures, designs, scanned documents without text etc.

      - detect and block keywords and phrases in MS Word, Excel, PowerPoint, PDF and scanned documents containing text.
      The sensitive email must reach the score level set in Security > LiteDLP, . The score is the sum of all keywords and phrases found in the entire email content (sum of all results found in all attachments + email body). In this way, we cover the cases when the sender breaks a document in multiple pieces in order to trick the scoring.
      In order to provide the files and phrases to be blocked by Scrollout F1, you need to share a folder on a Windows PC or Server and provide write permissions for the account mentioned in LiteDLP page.
      LiteDLP is mainly addressed to managers and leaders, not to IT staff. Thus, you may provide write permission to a Management\Leadership Group (in Active Directory) for the shared folder.

      I’m an infrastructure admin and in practice the informational flow (involving data leakage) is:
      step 1: managers, chefs and team leaders are assigning tasks, in their departments, providing necessary information and documents.
      step 2: the information and documents are leaked (accidentally or not) from their departments to external emails (personal emails or, worse, to third parties).
      In response: any information and documents, that are for internal use only, should be addressed to LiteDLP too.
      IT staff can assist, but cannot decide and act in these cases.

      In addition, LiteDLP attempts to detect compressed files and files without extension type (including multimedia files).

    3. MONITOR

      LOGS- Watch traffic in action.

      Monitor > Logs

      Monitor > Logs

      STATS- See statistics.

      Graph

      Monitor > Graph

Scrollout F1 is under development. You will receive automatic updates with each improvement.

About these ads

About Marius Gologan
Author, Scrollout F1

25 Responses to Configure Scrollout F1 email firewall

  1. Rich Ringer says:

    If I have a question who do I contact?? When I connect to send email out my own email gets rejected. How do I fix it? Other that that it cut my spam down by over 90%

  2. I have answered via email.

    Marius.

    • Rich Ringer says:

      ok? I haven;t seen you reply in my email. Can you forward the response to [addr. removed] please? Thank you.

  3. Patricio says:

    Hi, I have a question, the scrollout reject mail from gmail, how can solve this? thanks

    • Hi,

      Can you please provide some logs?
      Is it blocking all emails from gmail or just some?

      Thx,
      Marius.

      • Patricio says:

        hello, thank you very much for responding.
        only eliminates some emails from gmail, I have not even log on.
        if I take the redirect reach the corresponding mailbox.

      • Go to the web GUI > Monitor > Logs.

        Type the @gmail address in order to filter the necessary transaction logs.

        What do you mean when you say “if I take the redirect reach the corresponding mailbox? Are you referring to the Spam Collector or taking out the email gateway?

        Are those gmail messages rejected back to Gmail account or they are sent to Spam Collector?

        Make sure the are not delayed. In case the Connection filter (in web GUI > Secure) is <=5 is a normal behavior to have a delay at some first attempts.

        Regards,
        Marius.

      • Patricio says:

        The problem is a filter of connections, setting this filter in 10 and pass all gmail messages.
        I come searching the optimal settings for the gateway
        you have a great work with scrollout

      • Patricio,

        I can’t help without information. I need some details.
        The emails that are blocked (rejected, delayed or redirected to Spam Collector) must have something in common. In order to identify that common element I need at least some clues from you.

        Thank you.

        Marius.

      • Patricio says:

        Hi, I continue with my problem, If I set the connection filter in 10, pass all spam.
        I can send you the log messages at your mail?
        Thanks

      • Yes, please, send me by email.

  4. Ashley Mothershaw says:

    HI

    I have just carried out a fresh install using the ISO image and am receiving the following errors in the logs

    Nov 22 12:51:32 unassigned master[7148]: fatal: master_spawn: exec /usr/lib/postfix/postscreen: No such file or directory
    Nov 22 12:51:33 unassigned postfix/master[2354]: warning: process /usr/lib/postfix/postscreen pid 7148 exit status 1
    Nov 22 12:51:33 unassigned postfix/master[2354]: warning: /usr/lib/postfix/postscreen: bad command startup — throttling

    no mail is passing through the gateway so assume something is missing from the configuration.

    I have updated the domain to be my domain and given it the IP address of my internal mail server

    • Hi Ashley,

      Can you please tell me if you inputted any IP in ROUTE > OUTBOUND > Trust my subnet?
      Is it in CIDR format, like 192.168.0.0/16 or is just a simple IP address 192.168.1.1 ?

      Note that even if is a simple IP, you have to input it as CIDR: 192.168.1.1/32.

      Regards,
      Marius.

    • I case that is not your problem I sugesst the following:

      Open a terminal:
      Edit /var/www/ver
      Run /var/www/bin/update.sh

      This will not make a real update, but during the update process will try to (re)install the latest version of postfix along with postscreen – the cause of your error.

      Is not a common error. Maybe something went wrong during the download&install process due to a proxy. It’s just an assumption.

      Marius.

  5. Ashley Mothershaw says:

    hi Marius

    Your suggestions didnt fix the issue, however I did re-install by creating a new virtual machine with a fresh install of Ubuntu then carrying out the install steps on here. It is now working perfectly.

    I shall now monitor it to see how it performs, initial thoughts are with a few minor tweeks this could be sold as a comercial product.

    Is that something you have considered?

    • I installed a host using ISO and couldn’t reproduce your error.
      The market is overwhelmed with commercial products and even services claiming same performances. Will make no difference.

  6. chris says:

    Hi marius,
    just want to bring a change in the documentation.
    It is said that the TCP port 2307 for the Razor2 service should be open, in facte this is TCP 2703..
    great job

    • I checked and you are right.Nobody noticed that. :)

      Thank you.

      Regards,
      Marius.

  7. Craig says:

    Hi. I’m trying to install your product on vmware (vsphere 5.1) but the installer does not detect a network card. Is it supported on VMware? Looks like a product we could use and I’m keen to evaluate. Thanks

    • Hi Craig,

      I need some information from you.
      Can you please open a terminal, run ifconfig and send me the results?
      Scrollout works only with 1 network and it should be named eth*, not aliases eth0:1 eth0:2.

      If there is no eth* listed, then the problem is related to Debian 6. I this case, try to change the virtual card in your virtual machine configuration. I think one of them is problematic. If I remember, you have 3 options for the network adapters.

      Regards,
      Marius.

      Regards,
      Marius.

  8. Paul says:

    Good Morning Marius,

    I have a friend whose domain is being rejected it is the only problem I have seen, his domain is one of the new .co domains (ie instead of domain.co.uk it is domain .co) is scrollout F1 seeing it as a malformed address, or can you suggest a way around this please.
    Otherwise this software has proved to be a fantastic benefit, and has cut our mail by about 90% without any other problems!!

    • Can you please provide the logs at marius.gologan@gmail.com? That might help to solve this issue.

      Regards,
      Marius.

  9. TVS says:

    Hi Marius,

    What values should I add in the CONNECT page if I’m using an Amazon virtual machine? The IP number should be the external IP or the internal (10.x.x.x) ones that the machine has?

    • I don’t think you need to change the network settings for Amazon.
      leave it as is and connect from outside:
      telnet external-IP 25
      the banner will indicate if you get connected to Scrollout.

    • Hi,

      The IP used in Connect must be internal. Amazon uses a NAT.

      Please use the forum in the future:

      https://sourceforge.net/p/scrollout/discussion/?source=navbar

      This blog is not frequently maintained.

      Regards,
      Marius.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 47 other followers

%d bloggers like this: